Logfile of HijackThis v1.99.1
Scan saved at 00:36:14, on 31/07/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\csrss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\NavNT\defwatch.exe
D:\Program Files\ewido\security suite\ewidoctrl.exe
D:\Program Files\ewido\security suite\ewidoguard.exe
D:\PROGRA~1\MSREMO~1\NetCfgSv.EXE
D:\Program Files\NavNT\rtvscan.exe
D:\WINDOWS\System32\nvsvc32.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\wdfmgr.exe
D:\WINDOWS\System32\alg.exe
D:\WINDOWS\Explorer.exe
D:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe
D:\WINDOWS\system32\wuauclt.exe
D:\WINDOWS\SOUNDMAN.EXE
D:\Program Files\NavNT\vptray.exe
D:\Program Files\QuickTime\qttask.exe
D:\Program Files\iTunes\iTunesHelper.exe
D:\Program Files\iPod\bin\iPodService.exe
D:\WINDOWS\System32\wbem\wmiprvse.exe
C:\Program Files\Winamp\winampa.exe
D:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
D:\Program Files\Java\jre1.5.0_01\bin\jucheck.exe
D:\WINDOWS\system32\ctfmon.exe
D:\Program Files\Messenger\msmsgs.exe
D:\WINDOWS\system32\RUNDLL32.EXE
D:\Program Files\Skype\Phone\Skype.exe
D:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
D:\Program Files\palmOne\HOTSYNC.EXE
D:\Documents and Settings\Dieter\My Documents\Software\HJT\Hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bloomberg.com/news/top.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.bloomberg...ons/europe.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://mcontrol.ms.c...proxyconfig.cgi
R3 - URLSearchHook: (no name) - - (no file)
F2 - REG:system.ini: Shell=Explorer.exe D:\WINDOWS\Nail.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - d:\program files\google\googletoolbar1.dll
O3 - Toolbar: (no name) - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - d:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "D:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [Microsoft Inet Xp..] teekids.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [www.hidro.4t.com ] enbiei.exe
O4 - HKLM\..\Run: [vptray] D:\Program Files\NavNT\vptray.exe
O4 - HKLM\..\Run: [Configuration Loader] filename.exe
O4 - HKLM\..\Run: [Windows Update Process] wmiprvsc.exe
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] D:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] D:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
O4 - HKLM\..\Run: [qscyir] d:\windows\system32\uqtwwj.exe r
O4 - HKLM\..\Run: [THGuard] "D:\Program Files\TrojanHunter 4.2\THGuard.exe"
O4 - HKLM\..\RunServices: [Windows Update Process] wmiprvsc.exe
O4 - HKLM\..\RunServices: [Microsoft Update] wumgrd.exe
O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "D:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Windows Update Process] wmiprvsc.exe
O4 - HKCU\..\Run: [Microsoft Update] wumgrd.exe
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [Spyware-Cop] "D:\PROGRA~1\SPYWAR~1\Spyware-Cop.exe" /s
O4 - HKCU\..\Run: [Skype] "D:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - Startup: HotSync Manager.lnk = D:\Program Files\palmOne\HOTSYNC.EXE
O4 - Global Startup: Acrobat Assistant.lnk = D:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = D:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Google Search - res://d:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://d:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://d:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://d:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://d:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - D:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - D:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - D:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: D:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {4CC35DAD-40EA-4640-ACC2-A1A3B6FB3E06} (NeoterisSetup Control) - https://access.morga...oterisSetup.cab
O16 - DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} - http://www.smgradio....abasetup144.cab
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = ms.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = ms.com
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = ms.com
O20 - Winlogon Notify: NavLogon - D:\WINDOWS\System32\NavLogon.dll
O23 - Service: DefWatch - Symantec Corporation - D:\Program Files\NavNT\defwatch.exe
O23 - Service: ewido security suite control - ewido networks - D:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - D:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - D:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Network Configuration Service (NetCfgSvr) - AT&T - D:\PROGRA~1\MSREMO~1\NetCfgSv.EXE
O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - D:\Program Files\NavNT\rtvscan.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\System32\nvsvc32.exe
O23 - Service: System Startup Service (SvcProc) - Unknown owner - D:\WINDOWS\svcproc.exe
---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------
+ Created on: 22:22:24, 30/07/2005
+ Report-Checksum: 990AE567
+ Scan result:
HKLM\SOFTWARE\Classes\CLSID\{014DA6C9-189F-421a-88CD-07CFE51CFF10} -> Spyware.MySearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{0494D0D1-F8E0-41ad-92A3-14154ECE70AC} -> Spyware.MyWay : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{0494D0D9-F8E0-41ad-92A3-14154ECE70AC} -> Spyware.MyWay : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Bargain Buddy -> Spyware.BargainBuddy : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0494D0D1-F8E0-41ad-92A3-14154ECE70AC} -> Spyware.MyWay : Cleaned with backup
HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors\ZepMon -> Spyware.BetterInternet : Cleaned with backup
HKU\S-1-5-21-73586283-299502267-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-F09C-02B4-6EC2-AD0300000000} -> Spyware.Transponder : Cleaned with backup
HKU\S-1-5-21-73586283-299502267-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000049-8F91-4D9C-9573-F016E7626484} -> Spyware.BetterInternet : Cleaned with backup
HKU\S-1-5-21-73586283-299502267-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{000006B1-19B5-414A-849F-2A3C64AE6939} -> Spyware.VX2 : Cleaned with backup
HKU\S-1-5-21-73586283-299502267-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{04079851-5845-4DEA-848C-3ECD647AA554} -> Spyware.MySearchBar : Cleaned with backup
HKU\S-1-5-21-73586283-299502267-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0494D0D1-F8E0-41AD-92A3-14154ECE70AC} -> Spyware.MyWay : Cleaned with backup
HKU\S-1-5-21-73586283-299502267-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0494D0D9-F8E0-41AD-92A3-14154ECE70AC} -> Spyware.MyWay : Cleaned with backup
HKU\S-1-5-21-73586283-299502267-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} -> Spyware.PopularScreensavers : Cleaned with backup
HKU\S-1-5-21-73586283-299502267-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{205FF73B-CA67-11D5-99DD-444553540006} -> Spyware.CnsMin : Cleaned with backup
HKU\S-1-5-21-73586283-299502267-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{30CE93AE-4987-483C-9ABE-F2BD5301AB70} -> Spyware.KeenValue : Cleaned with backup
HKU\S-1-5-21-73586283-299502267-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4A2AACF3-ADF6-11D5-98A9-00E018981B9E} -> Spyware.NewDotNet : Cleaned with backup
HKU\S-1-5-21-73586283-299502267-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5F1ABCDB-A875-46C1-8345-B72A4567E486} -> Spyware.ISTBar : Cleaned with backup
HKU\S-1-5-21-73586283-299502267-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{71ED4FBA-4024-4BBE-91DC-9704C93F453E} -> Spyware.BlazeFind : Cleaned with backup
HKU\S-1-5-21-73586283-299502267-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{83DE62E0-5805-11D8-9B25-00E04C60FAF2} -> Spyware.BlazeFind : Cleaned with backup
HKU\S-1-5-21-73586283-299502267-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AEECBFDA-12FA-4881-BDCE-8C3E1CE4B344} -> Spyware.BargainBuddy : Cleaned with backup
HKU\S-1-5-21-73586283-299502267-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C1E58A84-95B3-4630-B8C2-D06B77B7A0FC} -> Spyware.NavExcel : Cleaned with backup
HKU\S-1-5-21-73586283-299502267-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CE188402-6EE7-4022-8868-AB25173A3E14} -> Spyware.BargainBuddy : Cleaned with backup
HKU\S-1-5-21-73586283-299502267-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CE31A1F7-3D90-4874-8FBE-A5D97F8BC8F1} -> Spyware.BargainBuddy : Cleaned with backup
HKU\S-1-5-21-73586283-299502267-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F4E04583-354E-4076-BE7D-ED6A80FD66DA} -> Spyware.BargainBuddy : Cleaned with backup
HKU\S-1-5-21-73586283-299502267-725345543-1003\Software\PowerScan -> Spyware.PowerScan : Cleaned with backup
[712] D:\WINDOWS\system32\DrPMon.dll -> Adware.BetterInternet : Error during cleaning
[1776] VM_01100000 -> Adware.BetterInternet : Error during cleaning
C:\124788.exe -> Not-A-Virus.Pornware.Downloader.Tibsystems.a : Cleaned with backup
C:\Dokumente und Einstellungen\Dieter\Cookies\dieter@ivwbox[1].txt -> Spyware.Cookie.Ivwbox : Cleaned with backup
C:\Dokumente und Einstellungen\Dieter\Lokale Einstellungen\Temp\msbb.exe -> Spyware.Zango : Cleaned with backup
C:\Dokumente und Einstellungen\Doris\Cookies\doris@71i[1].txt -> Spyware.Cookie.71i : Cleaned with backup
C:\Dokumente und Einstellungen\Doris\Cookies\[email protected][1].txt -> Spyware.Cookie.Bpath : Cleaned with backup
C:\Dokumente und Einstellungen\Doris\Cookies\[email protected][1].txt -> Spyware.Cookie.Itrack : Cleaned with backup
C:\Dokumente und Einstellungen\Doris\Cookies\doris@ivwbox[1].txt -> Spyware.Cookie.Ivwbox : Cleaned with backup
C:\Dokumente und Einstellungen\Doris\Cookies\[email protected][1].txt -> Spyware.Cookie.Oewabox : Cleaned with backup
C:\Dokumente und Einstellungen\Doris\Cookies\[email protected][1].txt -> Spyware.Cookie.Liveperson : Cleaned with backup
C:\Dokumente und Einstellungen\Doris\Cookies\[email protected][1].txt -> Spyware.Cookie.Hightrafficads : Cleaned with backup
C:\Dokumente und Einstellungen\Doris\Lokale Einstellungen\Temp\msbb.exe -> Spyware.Zango : Cleaned with backup
C:\Dokumente und Einstellungen\Doris\Lokale Einstellungen\Temp\Patch221.exe -> TrojanDropper.Agent.r : Cleaned with backup
C:\Programme\Bargain Buddy\bbchk.exe -> Spyware.BargainBuddy : Cleaned with backup
C:\Programme\pl.exe -> TrojanDownloader.Small.Fo : Cleaned with backup
C:\Programme\TimeSink\AdGateway\tsadbot.exe -> Spyware.TimeSink : Cleaned with backup
C:\Programme\WebSiteViewer\124788.exe -> Not-A-Virus.Pornware.Downloader.Tibsystems.a : Cleaned with backup
C:\Programme\WindowsSA\axuninstall.exe -> Spyware.BlazeFind : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\ieatgpc.dll -> Spyware.WebEx : Cleaned with backup
C:\WINDOWS\system32\124788.exe/inst.EXE -> TrojanDropper.Small.mf : Cleaned with backup
C:\WINDOWS\system32\124788.exe/124788.exe -> Not-A-Virus.Pornware.Downloader.Tibsystems.a : Cleaned with backup
C:\WINDOWS\system32\casino.exe -> Dialer.Generic : Cleaned with backup
C:\WINDOWS\system32\consys98.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\WINDOWS\system32\in10b6.dll -> Adware.eZula : Cleaned with backup
C:\WINDOWS\system32\msbb321.dll -> Spyware.BargainBuddy : Cleaned with backup
C:\WINDOWS\system32\secupd0312.exe -> TrojanDownloader.Esepor.i : Cleaned with backup
C:\WINDOWS\system32\secupd050104.exe -> TrojanDownloader.Esepor.m : Cleaned with backup
C:\WINDOWS\system32\secupdcl.exe -> TrojanDownloader.Esepor.h : Cleaned with backup
C:\WINDOWS\system32\siae3123.exe -> Spyware.F1Organizer : Cleaned with backup
C:\WINDOWS\system32\supd130404.exe -> TrojanDownloader.Esepor.m : Cleaned with backup
C:\WINDOWS\system32\t239478.exe -> TrojanDownloader.Esepor.i : Cleaned with backup
C:\WINDOWS\Temp\Adware\BSaveInst.exe -> Adware.SaveNow : Cleaned with backup
:mozilla.11:D:\Documents and Settings\Dieter\Application Data\Mozilla\Firefox\Profiles\g91jrkyl.default\cookies.txt -> Spyware.Cookie.Valueclick : Cleaned with backup
:mozilla.12:D:\Documents and Settings\Dieter\Application Data\Mozilla\Firefox\Profiles\g91jrkyl.default\cookies.txt -> Spyware.Cookie.Valueclick : Cleaned with backup
D:\Documents and Settings\Dieter\Cookies\dieter@abetterinternet[1].txt -> Spyware.Cookie.Abetterinternet : Cleaned with backup
D:\Documents and Settings\Dieter\Local Settings\Temp\8.tmp\thnall1ac.exe -> Adware.BetterInternet : Cleaned with backup
D:\Program Files\MyWay\myBar\1.bin\MY2NS.EXE -> Spyware.MyWay : Cleaned with backup
D:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL -> Spyware.MyWay : Cleaned with backup
D:\Program Files\MyWay\myBar\1.bin\MYWAYPLUGINPROXY.CLASS -> Spyware.MyWay : Cleaned with backup
D:\Program Files\MyWay\myBar\1.bin\NPMYWAY.DLL -> Spyware.MyWay : Cleaned with backup
D:\RECYCLER\S-1-5-21-4103935507-3581506895-1790521817-1007\Dd1\start.exe -> TrojanDownloader.Small.gl : Cleaned with backup
D:\WINDOWS\bbchk.exe -> Spyware.BargainBuddy : Cleaned with backup
D:\WINDOWS\Bewerbung.exe.exe -> Dialer.Generic : Cleaned with backup
D:\WINDOWS\Downloaded Program Files\gvx143u0s14m_wall.exe -> Dialer.Generic : Cleaned with backup
D:\WINDOWS\Nail.exe -> Adware.BetterInternet : Cleaned with backup
D:\WINDOWS\NDNuninstall4_85.exe -> Spyware.NewDotNet : Cleaned with backup
D:\WINDOWS\NDNuninstall6_38.exe -> Spyware.NewDotNet : Cleaned with backup
D:\WINDOWS\system32\TFTP3176 -> Worm.Lovesan.a : Cleaned with backup
D:\WINDOWS\system32\__delete_on_reboot__DrPMon.dll -> Adware.BetterInternet : Cleaned with backup
D:\WINDOWS\unlzdcy.exe -> Adware.BetterInternet : Cleaned with backup
::Report End