|
|||||||
| Malware Removal Discussion about Trojans, viruses, hoaxes, firewalls, spyware, and general Security issues. If you suspect your PC is infected with a virus, trojan or spyware app please include any supporting documentation or logs |
 |
|
|
Topic Tools |
|
#1
January 13th, 2007, 11:48 PM
|
||||
|
||||
|
mozilla opens up with explorer pop ups
hello. every time i open mozilla there opens a pop up explorer page. what on earth could be the problem?
 here is the hijackthis log please check it out. thanks.. Logfile of HijackThis v1.99.1 Scan saved at 00:38:33, on 14.01.2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\Program Files\HPQ\IAM\bin\asghost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\LEXPPS.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\HPQ\HP ProtectTools Security Manager\PTHOSTTR.EXE C:\WINDOWS\System32\DLA\DLACTRLW.EXE C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe C:\WINDOWS\VM303_STI.EXE C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe C:\PROGRA~1\mcafee.com\agent\mcagent.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Winamp\winampa.exe C:\Program Files\AOL\Active Security Monitor\ASMonitor.exe C:\Program Files\AOL\Active Virus Shield\avp.exe C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe C:\Program Files\Picasa2\PicasaMediaDetector.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\Program Files\Google\Google Talk\googletalk.exe C:\Program Files\Save\Save.exe C:\Program Files\Microsoft ActiveSync\Wcescomm.exe C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe c:\progra~1\intern~1\iexplore.exe C:\PROGRA~1\MI3AA1~1\rapimgr.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\AOL\Active Virus Shield\avp.exe C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe C:\WINDOWS\system32\cisvc.exe C:\Program Files\ewido anti-spyware 4.0\guard.exe c:\program files\mcafee.com\agent\mcdetect.exe c:\PROGRA~1\mcafee.com\agent\mctskshd.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe C:\Program Files\PC Connectivity Solution\ServiceLayer.exe C:\Program Files\PC Connectivity Solution\NclBTHandler.exe C:\PROGRA~1\HPQ\SHARED\HPQTOA~1.EXE C:\Program Files\HPQ\Shared\hpqwmi.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\cidaemon.exe C:\Program Files\Winamp\winamp.exe C:\Program Files\Last.fm\LastFM.exe C:\Program Files\HijackThis 1.99.1\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.hp.com R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Bağlantılar O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: XBTP06568 - {311F9DE8-6126-4EEE-B15F-65CBB3B4F9F6} - C:\Program Files\AOL Security Toolbar\tbu31\AOL_security_toolbar.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FlashGet\jccatch.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: HP Credential Manager for ProtectTools - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Program Files\HPQ\IAM\Bin\ItIeAddIN.dll O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: AOL Security Toolbar - {3BB63FD4-3C00-44D7-94A9-5DE211900DEF} - C:\Program Files\AOL Security Toolbar\tbu31\AOL_security_toolbar.dll O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe" O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" O4 - HKLM\..\Run: [PTHOSTTR] C:\Program Files\HPQ\HP ProtectTools Security Manager\PTHOSTTR.EXE /Start O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start O4 - HKLM\..\Run: [CognizanceTS] rundll32.exe C:\PROGRA~1\HPQ\IAM\Bin\AsTsVcc.dll,RegisterModule O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe O4 - HKLM\..\Run: [WatchDog] C:\Program Files\InterVideo\DVD Check\DVDCheck.exe O4 - HKLM\..\Run: [BigDog303] C:\WINDOWS\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH) O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe O4 - HKLM\..\Run: [ASM] "C:\Program Files\AOL\Active Security Monitor\ASMonitor.exe" HIDEMAIN O4 - HKLM\..\Run: [aol] "C:\Program Files\AOL\Active Virus Shield\avp.exe" O4 - HKLM\..\Run: [ELSE TRUST 64 FRAG] C:\Documents and Settings\All Users\Application Data\FirstCakeElseTrust\Third Hole.exe O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [googletalk] "C:\Program Files\Google\Google Talk\googletalk.exe" /autostart O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1 O4 - HKCU\..\Run: [WhenUSave] "C:\Program Files\Save\Save.exe" O4 - HKCU\..\Run: [Meowpile] C:\DOCUME~1\Sema\APPLIC~1\AXISTR~1\16 BOOB BORE.exe O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\Wcescomm.exe" O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Bluetooth.lnk = ? O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present O8 - Extra context menu item: FlashGet'i kullanarak indir - C:\Program Files\FlashGet\jc_link.htm O8 - Extra context menu item: Microsoft Excel'e Gö&nder - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O8 - Extra context menu item: Tümünü FlashGet'i kullanarak indir - C:\Program Files\FlashGet\jc_all.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra button: Araştır - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://kharmian.spaces.msn.com//Phot...d/MsnPUpld.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{26EACE68-1E48-432A-8FC1-E71B13351D20}: NameServer = 144.122.199.20,144.122.199.90 O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll O20 - Winlogon Notify: OneCard - C:\Program Files\HPQ\IAM\Bin\AsWlnPkg.dll O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Active Virus Shield (AVP) - Unknown owner - C:\Program Files\AOL\Active Virus Shield\avp.exe" -r (file missing) O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\Shared\hpqwmi.exe O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe 
|
|
#2
January 14th, 2007, 10:42 PM
|
|||
|
|||
|
Hello laptopaddict,
There is infection showing and also signs of Lop infection which usually accompanies Messenger Plus! Did you install this program? Go Here and download ATF cleaner. Click on the downloaded file to run it, and select "Select All", then click Empty Selected (and close ATF). If you have them, also click on Firefox/Opera at the top and repeat the steps (and close ATF). Firefox/Opera will need to be closed first for the cleaning to be effective. ------------------------------------------- Download the trial version of AVG Anti-Spyware from here and install it. I see you have an exisiting copy of Ewido (which this software replaces), agree to the uninstall notification and uninstall Ewido. Reboot after. Then click the AVG download file again to install the software. (If you have a paid version of Ewido installed, go here to follow the steps to upgrade that now.) After installation, double-click the icon on your Desktop to launch AVG. On the top of the main screen click Shield. Then click the word Active to change it to Inactive. You will need to also update AVG to the latest definition files. On the top of the main screen click Update. Then click on Start Update. The update will start and a progress bar will show the updates being installed. Now close AVG (don't scan just yet). ~~~~~~~~~~~~~~ Go to Start> Control Panel> Add or Remove Programs and uninstall the following if there. Window Search You will be given a security code to insert, do so and reboot when done. If the entry is not there, run the below uninstallers (If your AV queries the download, allow it. It's not malicious). http://lop.com/new_uninstall.exe http://lop.com/toolbar_uninstall.exe ~~~~~~~~~~~~~ Reboot into Safe Mode. At startup start tapping the F8 key and select Safe Mode (see here). Make sure all windows are closed and run AVG. Click Scanner, then click on the Scan tab. Click Complete System Scan to begin scanning. When the scan is complete click Recommended Action and change it to Quarantine. Then click Apply all actions. Once the scan has finished, click the Save report button, then click Save Report As. This will create a text file. Make sure you know where to find this file again. Then reboot back to Normal Mode. ~~~~~~~~~~~~~~ I would also like to see another kind of scan, go here and download Silent Runners to your desktop. Run it, and post back here the log it creates. If your AV queries the script, allow it to run. It's not malicious. It will create a file named Startup Programs, and will notify when the scan is complete. Copy the log from the Startup Programs file back here. Run HijackThis and post back the new log along with the Silent Runners log and the AVG report please.
|
|
#3
January 15th, 2007, 11:05 AM
|
||||
|
||||
|
This is the silent runners log
"Silent Runners.vbs", revision 46, http://www.silentrunners.org/ Operating System: Windows XP SP2 Output limited to non-default values, except where indicated by "{++}" Startup items buried in registry: --------------------------------- HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run \ {++} "CTFMON.EXE" = "C:\WINDOWS\system32\ctfmon.exe" [MS] "MsnMsgr" = ""C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background" [MS] "googletalk" = ""C:\Program Files\Google\Google Talk\googletalk.exe" /autostart" ["Google"] "updateMgr" = ""C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1" ["Adobe Systems Incorporated"] "WhenUSave" = ""C:\Program Files\Save\Save.exe"" ["WhenU.com, Inc."] "H/PC Connection Agent" = ""C:\Program Files\Microsoft ActiveSync\Wcescomm.exe"" [MS] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run \ {++} "SunJavaUpdateSched" = ""C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"" ["Sun Microsystems, Inc."] "ATIPTA" = ""C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"" ["ATI Technologies, Inc."] "PTHOSTTR" = "C:\Program Files\HPQ\HP ProtectTools Security Manager\PTHOSTTR.EXE /Start" ["Hewlett-Packard Development Company, L.P."] "UpdateManager" = ""C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r" ["Sonic Solutions"] "DLA" = "C:\WINDOWS\System32\DLA\DLACTRLW.EXE" ["Sonic Solutions"] "SynTPEnh" = "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" ["Synaptics, Inc."] "hpWirelessAssistant" = "C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" ["Hewlett-Packard Development Company, L.P."] "eabconfg.cpl" = "C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start" ["Hewlett-Packard "] "CognizanceTS" = "rundll32.exe C:\PROGRA~1\HPQ\IAM\Bin\AsTsVcc.dll,RegisterModule " [MS] "Cpqset" = "C:\Program Files\HPQ\Default Settings\cpqset.exe" [null data] "WatchDog" = "C:\Program Files\InterVideo\DVD Check\DVDCheck.exe" ["InterVideo Inc."] "BigDog303" = "C:\WINDOWS\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH)" ["Vimicro"] "MPFExe" = "C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe" ["McAfee Security"] "MCAgentExe" = "c:\PROGRA~1\mcafee.com\agent\mcagent.exe" ["McAfee, Inc"] "MCUpdateExe" = "c:\PROGRA~1\mcafee.com\agent\mcupdate.exe" ["McAfee, Inc"] "TkBellExe" = ""C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot" ["RealNetworks, Inc."] "WinampAgent" = "C:\Program Files\Winamp\winampa.exe" [null data] "ASM" = ""C:\Program Files\AOL\Active Security Monitor\ASMonitor.exe" HIDEMAIN" ["AOL LLC"] "aol" = ""C:\Program Files\AOL\Active Virus Shield\avp.exe"" ["AOL"] "(Default)" = (empty string) "PCSuiteTrayApplication" = "C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup" ["Nokia"] "Picasa Media Detector" = "C:\Program Files\Picasa2\PicasaMediaDetector.exe" ["Google Inc."] HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects\ {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided) -> {HKLM...CLSID} = "Adobe PDF Reader Link Helper" \InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"] {311F9DE8-6126-4EEE-B15F-65CBB3B4F9F6}\(Default) = "XBTP06568" -> {HKLM...CLSID} = "XBTP06568 Class" \InProcServer32\(Default) = "C:\Program Files\AOL Security Toolbar\tbu31\AOL_security_toolbar.dll" [null data] {5CA3D70E-1895-11CF-8E15-001234567890}\(Default) = "*_" (unwritable string) -> {HKLM...CLSID} = "DriveLetterAccess" \InProcServer32\(Default) = "C:\WINDOWS\System32\DLA\DLASHX_W.DLL" ["Sonic Solutions"] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided) -> {HKLM...CLSID} = "SSVHelper Class" \InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll" ["Sun Microsystems, Inc."] {9030D464-4C02-4ABF-8ECC-5164760863C6}\(Default) = (no title provided) -> {HKLM...CLSID} = "Windows Live Sign-in Helper" \InProcServer32\(Default) = "C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll" [MS] {A5366673-E8CA-11D3-9CD9-0090271D075B}\(Default) = (no title provided) -> {HKLM...CLSID} = "IeCatch2 Class" \InProcServer32\(Default) = "C:\PROGRA~1\FlashGet\jccatch.dll" ["Amaze Soft"] {AA58ED58-01DD-4d91-8333-CF10577473F7}\(Default) = (no title provided) -> {HKLM...CLSID} = "Google Toolbar Helper" \InProcServer32\(Default) = "c:\program files\google\googletoolbar1.dll" ["Google Inc."] {DF21F1DB-80C6-11D3-9483-B03D0EC10000}\(Default) = "HP Credential Manager for ProtectTools" -> {HKLM...CLSID} = "HP Credential Manager for ProtectTools" \InProcServer32\(Default) = "C:\Program Files\HPQ\IAM\Bin\ItIeAddIN.dll" ["Infineon Technologies AG"] HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved\ "{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Görüntü Paneli CPL Uzantısı" -> {HKLM...CLSID} = "Görüntü Paneli CPL Uzantısı" \InProcServer32\(Default) = "deskpan.dll" [file not found] "{88895560-9AA2-1069-930E-00AA0030EBC8}" = "HyperTerminal Icon Ext" -> {HKLM...CLSID} = "HyperTerminal Icon Ext" \InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."] "{DEE12703-6333-4D4E-8F34-738C4DCC2E04}" = "RecordNow! SendToExt" -> {HKLM...CLSID} = "RecordNow! SendToExt" \InProcServer32\(Default) = "C:\Program Files\Sonic\RecordNow!\shlext.dll" [null data] "{5CA3D70E-1895-11CF-8E15-001234567890}" = "DriveLetterAccess" -> {HKLM...CLSID} = "DriveLetterAccess" \InProcServer32\(Default) = "C:\WINDOWS\System32\DLA\DLASHX_W.DLL" ["Sonic Solutions"] "{2F603045-309F-11CF-9774-0020AFD0CFF6}" = "Synaptics Control Panel" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\Program Files\Synaptics\SynTP\SynTPCpl.dll" ["Synaptics, Inc."] "{640167b4-59b0-47a6-b335-a6b3c0695aea}" = "Portable Media Devices" -> {HKLM...CLSID} = "Portable Media Devices" \InProcServer32\(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS] "{cc86590a-b60a-48e6-996b-41d25ed39a1e}" = "Portable Media Devices Menu" -> {HKLM...CLSID} = "Portable Media Devices Menu" \InProcServer32\(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS] "{666C7831-A9B6-4AB4-94ED-DC238C81E925}" = "Document Manager (Context Menu)" -> {HKLM...CLSID} = "Document Manager (Shell Context Menu)" \InProcServer32\(Default) = "C:\Program Files\HPQ\IAM\Bin\SFSShell.dll" ["Cognizance Corporation"] "{666C7832-A9B6-4AB4-94ED-DC238C81E925}" = "Document Manager (File Properties)" -> {HKLM...CLSID} = "Document Manager (Shell File Properties)" \InProcServer32\(Default) = "C:\Program Files\HPQ\IAM\Bin\SFSShell.dll" ["Cognizance Corporation"] "{666C7835-A9B6-4AB4-94ED-DC238C81E925}" = "Document Manager (Drive Properties)" -> {HKLM...CLSID} = "Document Manager (Shell Drive Properties)" \InProcServer32\(Default) = "C:\Program Files\HPQ\IAM\Bin\SFSShell.dll" ["Cognizance Corporation"] "{6af09ec9-b429-11d4-a1fb-0090960218cb}" = "My Bluetooth Places" -> {HKLM...CLSID} = "My Bluetooth Places" \InProcServer32\(Default) = "C:\WINDOWS\system32\btneighborhood.dll" ["Broadcom Corporation."] "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data] "{FC9FB64A-1EB2-4CCF-AF5E-1A497A9B5C2D}" = "Messenger Sharing Folders" -> {HKLM...CLSID} = "Paylaşım Klasörlerim" \InProcServer32\(Default) = "C:\Program Files\MSN Messenger\fsshext.8.0.0812.00.dll" [MS] "{21569614-B795-46b1-85F4-E737A8DC09AD}" = "Shell Search Band" -> {HKLM...CLSID} = "Shell Search Band" \InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" [MS] "{00020D75-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Desktop Icon Handler" -> {HKLM...CLSID} = "Microsoft Office Outlook" \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~3\OFFICE11\MLSHEXT.DLL" [MS] "{0006F045-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Custom Icon Handler" -> {HKLM...CLSID} = "Outlook Dosya Simge Uzantısı" \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~3\OFFICE11\OLKFSTUB.DLL" [MS] "{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\Program Files\Microsoft Office\OFFICE11\msohev.dll" [MS] "{B327765E-D724-4347-8B16-78AE18552FC3}" = "NeroDigitalIconHandler" -> {HKLM...CLSID} = "NeroDigitalIconHandler Class" \InProcServer32\(Default) = "C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll" [file not found] "{7F1CF152-04F8-453A-B34C-E609530A9DC8}" = "NeroDigitalPropSheetHandler" -> {HKLM...CLSID} = "NeroDigitalPropSheetHandler Class" \InProcServer32\(Default) = "C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll" [file not found] "{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}" = "Shell Extensions for RealOne Player" -> {HKLM...CLSID} = "RealOne Player Context Menu Class" \InProcServer32\(Default) = "C:\Program Files\Real\RealPlayer\rpshell.dll" ["RealNetworks, Inc."] "{416651E4-9C3C-11D9-8BDE-F66BAD1E3F3A}" = "PhoneBrowser" -> {HKLM...CLSID} = "Nokia Phone Browser" \InProcServer32\(Default) = "C:\Program Files\Nokia\Nokia PC Suite 6\PhoneBrowser.dll" ["Nokia"] "{49BF5420-FA7F-11cf-8011-00A0C90A8F78}" = "Mobile Device" -> {HKLM...CLSID} = "Mobile Device" \InProcServer32\(Default) = "C:\PROGRA~1\MI3AA1~1\Wcesview.dll" [MS] HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\ShellExecuteHooks\ INFECTION WARNING! "{57B86673-276A-48B2-BAE7-C6DBB3020EB8}" = "AVG Anti-Spyware 7.5" -> {HKLM...CLSID} = "CShellExecuteHookImpl Object" \InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll" ["Anti-Malware Development a.s."] HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ INFECTION WARNING! AtiExtEvent\DLLName = "Ati2evxx.dll" ["ATI Technologies Inc."] INFECTION WARNING! klogon\DLLName = "C:\WINDOWS\system32\klogon.dll" ["Kaspersky Lab"] INFECTION WARNING! OneCard\DLLName = "C:\Program Files\HPQ\IAM\Bin\AsWlnPkg.dll" ["Cognizance Corporation"] HKLM\Software\Classes\PROTOCOLS\Filter\ INFECTION WARNING! text/xml\CLSID = "{807553E5-5146-11D5-A672-00B0D022E945}" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL" [MS] HKLM\Software\Classes\Folder\shellex\ColumnHandler s\ {7D4D6379-F301-4311-BEBA-E26EB0561882}\(Default) = "NeroDigitalExt.NeroDigitalColumnHandler" -> {HKLM...CLSID} = "NeroDigitalColumnHandler Class" \InProcServer32\(Default) = "C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll" [file not found] {F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info" -> {HKLM...CLSID} = "PDF Shell Extension" \InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."] HKLM\Software\Classes\*\shellex\ContextMenuHandler s\ AVG Anti-Spyware\(Default) = "{8934FCEF-F5B8-468f-951F-78A921CD3920}" -> {HKLM...CLSID} = "CContextScan Object" \InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\context.dll" ["Anti-Malware Development a.s."] Document Manager\(Default) = "{666C7831-A9B6-4AB4-94ED-DC238C81E925}" -> {HKLM...CLSID} = "Document Manager (Shell Context Menu)" \InProcServer32\(Default) = "C:\Program Files\HPQ\IAM\Bin\SFSShell.dll" ["Cognizance Corporation"] Kaspersky Anti-Virus\(Default) = "{dd230880-495a-11d1-b064-008048ec2fc5}" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\Program Files\AOL\Active Virus Shield\shellex.dll" ["Kaspersky Lab"] WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data] HKLM\Software\Classes\Directory\shellex\ContextMen uHandlers\ AVG Anti-Spyware\(Default) = "{8934FCEF-F5B8-468f-951F-78A921CD3920}" -> {HKLM...CLSID} = "CContextScan Object" \InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\context.dll" ["Anti-Malware Development a.s."] Document Manager\(Default) = "{666C7831-A9B6-4AB4-94ED-DC238C81E925}" -> {HKLM...CLSID} = "Document Manager (Shell Context Menu)" \InProcServer32\(Default) = "C:\Program Files\HPQ\IAM\Bin\SFSShell.dll" ["Cognizance Corporation"] WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data] HKLM\Software\Classes\Folder\shellex\ContextMenuHa ndlers\ Kaspersky Anti-Virus\(Default) = "{dd230880-495a-11d1-b064-008048ec2fc5}" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\Program Files\AOL\Active Virus Shield\shellex.dll" ["Kaspersky Lab"] WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data] Active Desktop and Wallpaper: ----------------------------- Active Desktop is disabled at this entry: HKCU\Software\Microsoft\Windows\CurrentVersion\Exp lorer\ShellState HKCU\Control Panel\Desktop\ "Wallpaper" = "C:\Documents and Settings\Sema\Local Settings\Application Data\Microsoft\Wallpaper1.bmp" Enabled Screen Saver: --------------------- HKCU\Control Panel\Desktop\ "SCRNSAVE.EXE" = "C:\WINDOWS\system32\sstext3d.scr" [MS] Startup items in "Sema" & "All Users" startup folders: ------------------------------------------------------ C:\Documents and Settings\All Users\Start Menu\Programlar\Başlangıç "Adobe Reader Speed Launch" -> shortcut to: "C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe" ["Adobe Systems Incorporated"] "Bluetooth" -> shortcut to: "C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe" ["Broadcom Corporation."] Winsock2 Service Provider DLLs: ------------------------------- Namespace Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Pa rameters\NameSpace_Catalog5\Catalog_Entries\ {++} 000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS] 000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS] 000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS] Transport Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Pa rameters\Protocol_Catalog9\Catalog_Entries\ {++} 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range: %SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 23 %SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05 Toolbars, Explorer Bars, Extensions: ------------------------------------ Toolbars HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\ "{2318C2B1-4965-11D4-9B18-009027A5CD4F}" -> {HKLM...CLSID} = "&Google" \InProcServer32\(Default) = "c:\program files\google\googletoolbar1.dll" ["Google Inc."] "{3BB63FD4-3C00-44D7-94A9-5DE211900DEF}" -> {HKLM...CLSID} = "AOL Security Toolbar" \InProcServer32\(Default) = "C:\Program Files\AOL Security Toolbar\tbu31\AOL_security_toolbar.dll" [null data] HKLM\Software\Microsoft\Internet Explorer\Toolbar\ "{E0E899AB-F487-11D5-8D29-0050BA6940E3}" = "FlashGet Bar" -> {HKLM...CLSID} = "FlashGet Bar" \InProcServer32\(Default) = "C:\PROGRA~1\FlashGet\fgiebar.dll" ["Amaze Soft"] "{2318C2B1-4965-11D4-9B18-009027A5CD4F}" = (no title provided) -> {HKLM...CLSID} = "&Google" \InProcServer32\(Default) = "c:\program files\google\googletoolbar1.dll" ["Google Inc."] "{3BB63FD4-3C00-44D7-94A9-5DE211900DEF}" = (no title provided) -> {HKLM...CLSID} = "AOL Security Toolbar" \InProcServer32\(Default) = "C:\Program Files\AOL Security Toolbar\tbu31\AOL_security_toolbar.dll" [null data] Explorer Bars HKCU\Software\Microsoft\Internet Explorer\Explorer Bars\ {21569614-B795-46B1-85F4-E737A8DC09AD}\(Default) = (no title provided) -> {HKLM...CLSID} = "Shell Search Band" \InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" [MS]
|
|
#4
January 15th, 2007, 11:05 AM
|
||||
|
||||
|
Extensions (Tools menu items, main toolbar menu buttons)
HKLM\Software\Microsoft\Internet Explorer\Extensions\ {08B0E5C0-4FCB-11CF-AAA5-00401C608501}\ "MenuText" = "Sun Java Console" "CLSIDExtension" = "{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBC}" -> {HKCU...CLSID} = "Java Plug-in 1.5.0_10" \InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll" ["Sun Microsystems, Inc."] -> {HKLM...CLSID} = "Java Plug-in 1.5.0_10" \InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_10\bin\npjpi150_10.dll" ["Sun Microsystems, Inc."] {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F}\ "ButtonText" = "Create Mobile Favorite" "CLSIDExtension" = "{2EAF5BB0-070F-11D3-9307-00C04FAE2D4F}" -> {HKLM...CLSID} = "Create Mobile Favorite" \InProcServer32\(Default) = "C:\PROGRA~1\MI3AA1~1\INetRepl.dll" [MS] {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F}\ "MenuText" = "Create Mobile Favorite..." "CLSIDExtension" = "{2EAF5BB0-070F-11D3-9307-00C04FAE2D4F}" -> {HKLM...CLSID} = "Create Mobile Favorite" \InProcServer32\(Default) = "C:\PROGRA~1\MI3AA1~1\INetRepl.dll" [MS] {92780B25-18CC-41C8-B9BE-3C9C571A8263}\ "ButtonText" = "Araştır" {D6E814A0-E0C5-11D4-8D29-0050BA6940E3}\ "ButtonText" = "FlashGet" "MenuText" = "&FlashGet" "Exec" = "C:\PROGRA~1\FlashGet\flashget.exe" ["Amaze Soft"] {FB5F1910-F110-11D2-BB9E-00C04F795683}\ "ButtonText" = "Messenger" "MenuText" = "Windows Messenger" "Exec" = "C:\Program Files\Messenger\msmsgs.exe" [MS] Miscellaneous IE Hijack Points ------------------------------ C:\WINDOWS\INF\IERESET.INF (used to "Reset Web Settings") Added lines (compared with English-language version): [Strings]: START_PAGE_URL=http://www.hp.com [Strings]: SAFESITE_VALUE="örneğin search.msn.com" Missing lines (compared with English-language version): [Strings]: 2 lines Running Services (Display Name, Service Name, Path {Service DLL}): ------------------------------------------------------------------ Active Virus Shield, AVP, ""C:\Program Files\AOL\Active Virus Shield\avp.exe" -r" ["AOL"] Ati HotKey Poller, Ati HotKey Poller, "C:\WINDOWS\system32\Ati2evxx.exe" ["ATI Technologies Inc."] AVG Anti-Spyware Guard, AVG Anti-Spyware Guard, "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe" ["Anti-Malware Development a.s."] Bluetooth Service, btwdins, "C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe" ["Broadcom Corporation."] HP WMI Interface, hpqwmi, "C:\Program Files\HPQ\Shared\hpqwmi.exe" ["Hewlett-Packard Development Company, L.P."] hpqwmiex, hpqwmiex, "C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe" ["Hewlett-Packard Development Company, L.P."] LexBce Server, LexBceS, "C:\WINDOWS\system32\LEXBCES.EXE" ["Lexmark International, Inc."] Local Communication Channel, ASChannel, "C:\WINDOWS\System32\svchost.exe -k Cognizance" {"C:\Program Files\HPQ\IAM\Bin\ASChnl.dll" ["Cognizance Corporation"]} Machine Debug Manager, MDM, ""C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE"" [MS] McAfee Personal Firewall Service, MpfService, "C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.ex e" ["McAfee Corporation"] McAfee Task Scheduler, McTskshd.exe, "c:\PROGRA~1\mcafee.com\agent\mctskshd.exe" ["McAfee, Inc"] McAfee WSC Integration, McDetect.exe, "c:\program files\mcafee.com\agent\mcdetect.exe" ["McAfee, Inc"] Messenger Paylaşım USN Günlük Okuyucu hizmeti, usnsvc, "C:\WINDOWS\system32\svchost.exe -k usnsvc" {"C:\Program Files\MSN Messenger\usnsvc.dll" [MS]} ServiceLayer, ServiceLayer, ""C:\Program Files\PC Connectivity Solution\ServiceLayer.exe"" ["Nokia."] Windows Driver Foundation - User-mode Driver Framework, WudfSvc, "C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup" {"C:\WINDOWS\System32\WUDFSvc.dll" [MS]} Windows User Mode Driver Framework, UMWdf, "C:\WINDOWS\system32\wdfmgr.exe" [MS] Print Monitors: --------------- HKLM\System\CurrentControlSet\Control\Print\Monito rs\ Bluetooth Printer Port\Driver = "bthcrp.dll" ["Broadcom Corporation."] HP Master Monitor\Driver = "HPBMMON.DLL" ["Hewlett-Packard"] HP Mobile Printing Monitor\Driver = "HPMPMW.DLL" ["Hewlett-Packard"] Lexmark Network Port\Driver = "LEXLMPM.DLL" ["Lexmark International, Inc."] Microsoft Document Imaging Writer Monitor\Driver = "mdimon.dll" [MS] ---------- + This report excludes default entries except where indicated. + To see *everywhere* the script checks and *everything* it finds, launch it from a command prompt or a shortcut with the -all parameter. + To search all directories of local fixed drives for DESKTOP.INI DLL launch points and all Registry CLSIDs for dormant Explorer Bars, use the -supp parameter or answer "No" at the first message box. ---------- (total run time: 26 seconds, including 3 seconds for message boxes)
|
|
#5
January 15th, 2007, 11:07 AM
|
||||
|
||||
|
and this is the avg report
--------------------------------------------------------- AVG Anti-Spyware - Scan Report --------------------------------------------------------- + Created at: 11:33:57 15.01.2007 + Scan result: C:\Documents and Settings\Sema\Belgelerim\Set up\BSplayer_WhenUSave_InstallerInstRe.exe -> Adware.SaveNow : No action taken. C:\Documents and Settings\Sema\Start Menu\Programlar\WhenU -> Adware.SaveNow : No action taken. C:\Documents and Settings\Sema\Start Menu\Programlar\WhenU\Customer Support.lnk -> Adware.SaveNow : No action taken. C:\Documents and Settings\Sema\Start Menu\Programlar\WhenU\Learn More About WhenU Save.url -> Adware.SaveNow : No action taken. C:\Documents and Settings\Sema\Start Menu\Programlar\WhenU\Learn More About WhenU SaveNow.url -> Adware.SaveNow : No action taken. C:\Documents and Settings\Sema\Start Menu\Programlar\WhenU\Uninstall Instructions.lnk -> Adware.SaveNow : No action taken. C:\Documents and Settings\Sema\Start Menu\Programlar\WhenU\WhenU.com Website.url -> Adware.SaveNow : No action taken. C:\Downloads\BSplayer_WhenUSave_InstallerInstRe.ex e -> Adware.SaveNow : No action taken. C:\Program Files\Mozilla Firefox\extensions\{BEE3E87E-E1C6-4bfe-BE9D-48E84271AB34}\components\whenu_ff.dll -> Adware.SaveNow : No action taken. C:\Program Files\Save -> Adware.SaveNow : No action taken. C:\Program Files\Save\ACM.dll -> Adware.SaveNow : No action taken. C:\Program Files\Save\Save.exe -> Adware.SaveNow : No action taken. C:\Program Files\Save\SaveUninst.exe -> Adware.SaveNow : No action taken. C:\Program Files\Save\ffext.mod -> Adware.SaveNow : No action taken. C:\Program Files\Save\save.db -> Adware.SaveNow : No action taken. C:\Program Files\Save\save.htm -> Adware.SaveNow : No action taken. C:\Program Files\Save\store.db -> Adware.SaveNow : No action taken. C:\System Volume Information\_restore{211D61E6-18E6-4138-B348-99F69C9B7B0D}\RP47\A0024943.dll -> Adware.SaveNow : No action taken. C:\System Volume Information\_restore{211D61E6-18E6-4138-B348-99F69C9B7B0D}\RP47\A0024946.exe/ffext.mod/{BEE3E87E-E1C6-4bfe-BE9D-48E84271AB34}\components\whenu_ff.dll -> Adware.SaveNow : No action taken. HKLM\SOFTWARE\Classes\WUSN.1 -> Adware.SaveNow : No action taken. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uni nstall\WhenUSaveMsg -> Adware.SaveNow : No action taken. HKLM\SOFTWARE\WhenUSave -> Adware.SaveNow : No action taken. HKLM\SOFTWARE\WhenUSave\Partners -> Adware.SaveNow : No action taken. HKLM\SOFTWARE\WhenUSave\Partners\BSPL -> Adware.SaveNow : No action taken. HKU\S-1-5-21-81231591-4238545490-1346418133-1006\Software\Microsoft\Windows\CurrentVersion\Run \\WhenUSave -> Adware.SaveNow : No action taken. :mozilla.366:C:\Documents and Settings\Sema\Application Data\Mozilla\Firefox\Profiles\d3cq3svn.default\coo kies.txt -> TrackingCookie.2o7 : No action taken. :mozilla.372:C:\Documents and Settings\Sema\Application Data\Mozilla\Firefox\Profiles\d3cq3svn.default\coo kies.txt -> TrackingCookie.2o7 : No action taken. :mozilla.333:C:\Documents and Settings\Sema\Application Data\Mozilla\Firefox\Profiles\d3cq3svn.default\coo kies.txt -> TrackingCookie.Adbrite : No action taken. :mozilla.334:C:\Documents and Settings\Sema\Application Data\Mozilla\Firefox\Profiles\d3cq3svn.default\coo kies.txt -> TrackingCookie.Adbrite : No action taken. :mozilla.401:C:\Documents and Settings\Sema\Application Data\Mozilla\Firefox\Profiles\d3cq3svn.default\coo kies.txt -> TrackingCookie.Advertising : No action taken. :mozilla.403:C:\Documents and Settings\Sema\Application Data\Mozilla\Firefox\Profiles\d3cq3svn.default\coo kies.txt -> TrackingCookie.Advertising : No action taken. :mozilla.404:C:\Documents and Settings\Sema\Application Data\Mozilla\Firefox\Profiles\d3cq3svn.default\coo kies.txt -> TrackingCookie.Advertising : No action taken. :mozilla.168:C:\Documents and Settings\Sema\Application Data\Mozilla\Firefox\Profiles\d3cq3svn.default\coo kies.txt -> TrackingCookie.Atdmt : No action taken. C:\Documents and Settings\Sema\Cookies\sema@atdmt[2].txt -> TrackingCookie.Atdmt : No action taken. :mozilla.69:C:\Documents and Settings\Sema\Application Data\Mozilla\Firefox\Profiles\d3cq3svn.default\coo kies.txt -> TrackingCookie.Burstnet : No action taken. :mozilla.310:C:\Documents and Settings\Sema\Application Data\Mozilla\Firefox\Profiles\d3cq3svn.default\coo kies.txt -> TrackingCookie.Casalemedia : No action taken. :mozilla.311:C:\Documents and Settings\Sema\Application Data\Mozilla\Firefox\Profiles\d3cq3svn.default\coo kies.txt -> TrackingCookie.Casalemedia : No action taken. :mozilla.312:C:\Documents and Settings\Sema\Application Data\Mozilla\Firefox\Profiles\d3cq3svn.default\coo kies.txt -> TrackingCookie.Casalemedia : No action taken. :mozilla.198:C:\Documents and Settings\Sema\Application Data\Mozilla\Firefox\Profiles\d3cq3svn.default\coo kies.txt -> TrackingCookie.Com : No action taken. :mozilla.63:C:\Documents and Settings\Sema\Application Data\Mozilla\Firefox\Profiles\d3cq3svn.default\coo kies.txt -> TrackingCookie.Doubleclick : No action taken. C:\Documents and Settings\Sema\Cookies\sema@doubleclick[1].txt -> TrackingCookie.Doubleclick : No action taken. :mozilla.307:C:\Documents and Settings\Sema\Application Data\Mozilla\Firefox\Profiles\d3cq3svn.default\coo kies.txt -> TrackingCookie.Fastclick : No action taken. :mozilla.389:C:\Documents and Settings\Sema\Application Data\Mozilla\Firefox\Profiles\d3cq3svn.default\coo kies.txt -> TrackingCookie.Hitbox : No action taken. :mozilla.390:C:\Documents and Settings\Sema\Application Data\Mozilla\Firefox\Profiles\d3cq3svn.default\coo kies.txt -> TrackingCookie.Hitbox : No action taken. :mozilla.406:C:\Documents and Settings\Sema\Application Data\Mozilla\Firefox\Profiles\d3cq3svn.default\coo kies.txt -> TrackingCookie.Hitbox : No action taken. :mozilla.316:C:\Documents and Settings\Sema\Application Data\Mozilla\Firefox\Profiles\d3cq3svn.default\coo kies.txt -> TrackingCookie.Information : No action taken. :mozilla.18:C:\Documents and Settings\Sema\Application Data\Mozilla\Firefox\Profiles\d3cq3svn.default\coo kies.txt -> TrackingCookie.Lop : No action taken. :mozilla.72:C:\Documents and Settings\Sema\Application Data\Mozilla\Firefox\Profiles\d3cq3svn.default\coo kies.txt -> TrackingCookie.Masterstats : No action taken. :mozilla.224:C:\Documents and Settings\Sema\Application Data\Mozilla\Firefox\Profiles\d3cq3svn.default\coo kies.txt -> TrackingCookie.Mediaplex : No action taken. :mozilla.207:C:\Documents and Settings\Sema\Application Data\Mozilla\Firefox\Profiles\d3cq3svn.default\coo kies.txt -> TrackingCookie.Pointroll : No action taken. :mozilla.208:C:\Documents and Settings\Sema\Application Data\Mozilla\Firefox\Profiles\d3cq3svn.default\coo kies.txt -> TrackingCookie.Pointroll : No action taken. :mozilla.209:C:\Documents and Settings\Sema\Application Data\Mozilla\Firefox\Profiles\d3cq3svn.default\coo kies.txt -> TrackingCookie.Pointroll : No action taken. :mozilla.210:C:\Documents and Settings\Sema\Application Data\Mozilla\Firefox\Profiles\d3cq3svn.default\coo kies.txt -> TrackingCookie.Pointroll : No action taken. :mozilla.315:C:\Documents and Settings\Sema\Application Data\Mozilla\Firefox\Profiles\d3cq3svn.default\coo kies.txt -> TrackingCookie.Revenue : No action taken. :mozilla.242:C:\Documents and Settings\Sema\Application Data\Mozilla\Firefox\Profiles\d3cq3svn.default\coo kies.txt -> TrackingCookie.Statcounter : No action taken. :mozilla.243:C:\Documents and Settings\Sema\Application Data\Mozilla\Firefox\Profiles\d3cq3svn.default\coo kies.txt -> TrackingCookie.Statcounter : No action taken. :mozilla.244:C:\Documents and Settings\Sema\Application Data\Mozilla\Firefox\Profiles\d3cq3svn.default\coo kies.txt -> TrackingCookie.Statcounter : No action taken. :mozilla.245:C:\Documents and Settings\Sema\Application Data\Mozilla\Firefox\Profiles\d3cq3svn.default\coo kies.txt -> TrackingCookie.Statcounter : No action taken. :mozilla.383:C:\Documents and Settings\Sema\Application Data\Mozilla\Firefox\Profiles\d3cq3svn.default\coo kies.txt -> TrackingCookie.Tacoda : No action taken. :mozilla.384:C:\Documents and Settings\Sema\Application Data\Mozilla\Firefox\Profiles\d3cq3svn.default\coo kies.txt -> TrackingCookie.Tacoda : No action taken. :mozilla.70:C:\Documents and Settings\Sema\Application Data\Mozilla\Firefox\Profiles\d3cq3svn.default\coo kies.txt -> TrackingCookie.Trafic : No action taken. :mozilla.138:C:\Documents and Settings\Sema\Application Data\Mozilla\Firefox\Profiles\d3cq3svn.default\coo kies.txt -> TrackingCookie.Tribalfusion : No action taken. :mozilla.20:C:\Documents and Settings\Sema\Application Data\Mozilla\Firefox\Profiles\d3cq3svn.default\coo kies.txt -> TrackingCookie.Yieldmanager : No action taken. :mozilla.21:C:\Documents and Settings\Sema\Application Data\Mozilla\Firefox\Profiles\d3cq3svn.default\coo kies.txt -> TrackingCookie.Yieldmanager : No action taken. :mozilla.22:C:\Documents and Settings\Sema\Application Data\Mozilla\Firefox\Profiles\d3cq3svn.default\coo kies.txt -> TrackingCookie.Yieldmanager : No action taken. :mozilla.25:C:\Documents and Settings\Sema\Application Data\Mozilla\Firefox\Profiles\d3cq3svn.default\coo kies.txt -> TrackingCookie.Yieldmanager : No action taken. :mozilla.26:C:\Documents and Settings\Sema\Application Data\Mozilla\Firefox\Profiles\d3cq3svn.default\coo kies.txt -> TrackingCookie.Yieldmanager : No action taken. :mozilla.27:C:\Documents and Settings\Sema\Application Data\Mozilla\Firefox\Profiles\d3cq3svn.default\coo kies.txt -> TrackingCookie.Yieldmanager : No action taken. :mozilla.28:C:\Documents and Settings\Sema\Application Data\Mozilla\Firefox\Profiles\d3cq3svn.default\coo kies.txt -> TrackingCookie.Yieldmanager : No action taken. :mozilla.29:C:\Documents and Settings\Sema\Application Data\Mozilla\Firefox\Profiles\d3cq3svn.default\coo kies.txt -> TrackingCookie.Yieldmanager : No action taken. :mozilla.30:C:\Documents and Settings\Sema\Application Data\Mozilla\Firefox\Profiles\d3cq3svn.default\coo kies.txt -> TrackingCookie.Yieldmanager : No action taken. :mozilla.31:C:\Documents and Settings\Sema\Application Data\Mozilla\Firefox\Profiles\d3cq3svn.default\coo kies.txt -> TrackingCookie.Yieldmanager : No action taken. C:\Documents and Settings\Sema\Cookies\sema@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : No action taken. C:\Documents and Settings\Sema\Belgelerim\Bluetooth Exchange Folder\hoi0nfw.sis -> Worm.Comwar.a : No action taken. C:\Documents and Settings\Sema\Belgelerim\Bluetooth Exchange Folder\mz012vk16bg.sis -> Worm.Comwar.c : No action taken. C:\Documents and Settings\Sema\Belgelerim\Bluetooth Exchange Folder\nkdu3cxu.sis -> Worm.Comwar.c : No action taken. C:\Documents and Settings\Sema\Belgelerim\Bluetooth Exchange Folder\t2rkpy74d2.sis -> Worm.Comwar.c : No action taken. C:\Documents and Settings\Sema\Belgelerim\Bluetooth Exchange Folder\tq7cle701u.sis -> Worm.Comwar.c : No action taken. C:\Documents and Settings\Sema\Belgelerim\Bluetooth Exchange Folder\tyzc12j816.sis -> Worm.Comwar.c : No action taken. ::Report end
|
|
#6
January 15th, 2007, 11:16 AM
|
||||
|
||||
|
this is the hjt log
Logfile of HijackThis v1.99.1 Scan saved at 12:14:11, on 15.01.2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\Program Files\HPQ\IAM\bin\asghost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\LEXPPS.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\Program Files\AOL\Active Virus Shield\avp.exe C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe C:\WINDOWS\system32\cisvc.exe c:\program files\mcafee.com\agent\mcdetect.exe c:\PROGRA~1\mcafee.com\agent\mctskshd.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\HPQ\HP ProtectTools Security Manager\PTHOSTTR.EXE C:\WINDOWS\System32\DLA\DLACTRLW.EXE C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe C:\WINDOWS\VM303_STI.EXE C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe C:\PROGRA~1\mcafee.com\agent\mcagent.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Winamp\winampa.exe C:\Program Files\AOL\Active Security Monitor\ASMonitor.exe C:\Program Files\AOL\Active Virus Shield\avp.exe C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe C:\Program Files\Picasa2\PicasaMediaDetector.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\Program Files\Google\Google Talk\googletalk.exe C:\Program Files\Save\Save.exe C:\Program Files\Microsoft ActiveSync\Wcescomm.exe C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe C:\PROGRA~1\MI3AA1~1\rapimgr.exe C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE C:\Program Files\PC Connectivity Solution\ServiceLayer.exe C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe C:\PROGRA~1\HPQ\SHARED\HPQTOA~1.EXE C:\Program Files\HPQ\Shared\hpqwmi.exe C:\Program Files\PC Connectivity Solution\NclBTHandler.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\cidaemon.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\Program Files\HijackThis 1.99.1\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.hp.com R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Bağlantılar O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: XBTP06568 - {311F9DE8-6126-4EEE-B15F-65CBB3B4F9F6} - C:\Program Files\AOL Security Toolbar\tbu31\AOL_security_toolbar.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FlashGet\jccatch.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: HP Credential Manager for ProtectTools - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Program Files\HPQ\IAM\Bin\ItIeAddIN.dll O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: AOL Security Toolbar - {3BB63FD4-3C00-44D7-94A9-5DE211900DEF} - C:\Program Files\AOL Security Toolbar\tbu31\AOL_security_toolbar.dll O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe" O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" O4 - HKLM\..\Run: [PTHOSTTR] C:\Program Files\HPQ\HP ProtectTools Security Manager\PTHOSTTR.EXE /Start O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start O4 - HKLM\..\Run: [CognizanceTS] rundll32.exe C:\PROGRA~1\HPQ\IAM\Bin\AsTsVcc.dll,RegisterModule O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe O4 - HKLM\..\Run: [WatchDog] C:\Program Files\InterVideo\DVD Check\DVDCheck.exe O4 - HKLM\..\Run: [BigDog303] C:\WINDOWS\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH) O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe O4 - HKLM\..\Run: [ASM] "C:\Program Files\AOL\Active Security Monitor\ASMonitor.exe" HIDEMAIN O4 - HKLM\..\Run: [aol] "C:\Program Files\AOL\Active Virus Shield\avp.exe" O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [googletalk] "C:\Program Files\Google\Google Talk\googletalk.exe" /autostart O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1 O4 - HKCU\..\Run: [WhenUSave] "C:\Program Files\Save\Save.exe" O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\Wcescomm.exe" O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Bluetooth.lnk = ? O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present O8 - Extra context menu item: FlashGet'i kullanarak indir - C:\Program Files\FlashGet\jc_link.htm O8 - Extra context menu item: Microsoft Excel'e Gö&nder - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O8 - Extra context menu item: Tümünü FlashGet'i kullanarak indir - C:\Program Files\FlashGet\jc_all.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra button: Araştır - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://kharmian.spaces.msn.com//Phot...d/MsnPUpld.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{26EACE68-1E48-432A-8FC1-E71B13351D20}: NameServer = 144.122.199.20,144.122.199.90 O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll O20 - Winlogon Notify: OneCard - C:\Program Files\HPQ\IAM\Bin\AsWlnPkg.dll O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: Active Virus Shield (AVP) - Unknown owner - C:\Program Files\AOL\Active Virus Shield\avp.exe" -r (file missing) O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\Shared\hpqwmi.exe O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
|
|
#7
January 15th, 2007, 04:00 PM
|
|||
|
|||
|
Hello laptopaddict,
Besides the adware that is installed, AVG also found a worm which addresses mobile phones and propagates itself via MMS and BlueTooth. My suggestion is to shut down your mobile phone and take it to your local Nokia shop, tell them what happened and ask to reinstall the firmware. Contact all your contacts in your phone and let them know. Let's get back to your computer now. In your AVG report it shows "No action taken." That means that it found them but didn't quarantine them. Run a new scan in Safe Mode, when the scan is complete click Recommended Action and change it to Quarantine. Then click Apply all actions. Save the new log. Reboot back into Normal Mode. ~~~~~~~~~~ Download combofix.exe. Double click combofix.exe & follow the prompts. A window will open with a warning. Type "Y" (and Enter) to start the fix. When the scan completes it will open a text window. Please copy/paste that log back here together with a new HijackThis log. A caution - do not touch your mouse/keyboard until the scan has completed. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Run HijackThis and post back the new log please, along with a new Silent Runners log, the Combofix log and the AVG report.
|
|
#8
January 15th, 2007, 06:50 PM
|
|||
|
|||
|
A few more suggestions,
Don't connect your phone to your computer until it has been corrected by the shop and until we are done cleaning your system. Don't connect any flash drives or any other portable devices and keep your BlueTooth software deactivated in your computer.
|
|
#9
January 16th, 2007, 10:52 AM
|
||||
|
||||
|
This is the ComboFix log
"Sema" - 07-01-16 11:44:28 Service Pack 2 ComboFix 07-01-15 - Running from: "C:\Documents and Settings\Sema\Desktop" ((((((((((((((((((((((((((((((( Files Created from 2006-12-16 to 2007-01-16 )))))))))))))))))))))))))))))))))) 2007-01-15 02:57 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys 2007-01-15 02:57 <DIR> d-------- C:\Program Files\Grisoft 2007-01-11 21:43 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\Windows Genuine Advantage 2006-12-22 00:41 <DIR> d-------- C:\Program Files\Common Files\Skype 2006-12-17 23:10 <DIR> d-------- C:\Program Files\Picasa2 2006-12-17 22:08 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF 2006-12-17 21:04 30,592 --------- C:\WINDOWS\system32\drivers\rndismpx.sys 2006-12-17 21:04 12,800 --------- C:\WINDOWS\system32\drivers\usb8023x.sys 2006-12-17 21:03 <DIR> d-------- C:\Program Files\Microsoft ActiveSync 2006-12-16 17:58 <DIR> d-------- C:\DOCUME~1\Sema\Application Data\Nokia Multimedia Player (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))) 2007-01-16 11:41 -------- d-------- C:\Program Files\mozilla firefox 2007-01-15 12:14 -------- d-------- C:\Program Files\hijackthis 1.99.1 2007-01-15 03:01 -------- d-------- C:\Program Files\ewido anti-spyware 4.0 2007-01-11 21:29 -------- d--h----- C:\Program Files\zero g registry 2006-12-31 00:50 -------- d-------- C:\DOCUME~1\Sema\Application Data\bsplayer 2006-12-29 00:57 -------- d---s---- C:\DOCUME~1\Sema\Application Data\microsoft 2006-12-27 23:40 -------- d-------- C:\Program Files\flashget 2006-12-22 01:42 -------- d-------- C:\DOCUME~1\Sema\Application Data\skype 2006-12-22 01:40 -------- d-------- C:\Program Files\skype 2006-12-21 23:04 -------- d-------- C:\Program Files\java 2006-12-21 21:04 -------- d-------- C:\Program Files\last.fm 2006-12-20 20:50 -------- d-------- C:\DOCUME~1\Sema\Application Data\pc suite 2006-12-17 23:10 -------- d-------- C:\Program Files\google 2006-12-17 21:05 2528 --a------ C:\DOCUME~1\Sema\Application Data\$_hpcst$.hpc 2006-12-17 20:49 110652 --a------ C:\DOCUME~1\Sema\Application Data\nmm-metadata.db 2006-12-15 20:57 -------- d-------- C:\Program Files\nokia 2006-12-15 20:57 -------- d-------- C:\Program Files\Common Files\pcsuite 2006-12-15 20:57 -------- d-------- C:\Program Files\Common Files\nokia 2006-12-15 20:57 -------- d-------- C:\DOCUME~1\Sema\Application Data\nokia 2006-12-15 20:55 -------- d-------- C:\Program Files\pc connectivity solution 2006-12-15 20:34 -------- d--h----- C:\Program Files\installshield installation information 2006-12-15 00:32 -------- d-------- C:\Program Files\msn messenger 2006-12-15 00:32 -------- d-------- C:\Program Files\messenger plus! live 2006-12-15 00:32 -------- d-------- C:\Program Files\adverts 2006-12-07 08:40 2362184 --a------ C:\WINDOWS\system32\wmvcore.dll 2006-12-05 20:56 -------- d-------- C:\Program Files\aol security toolbar 2006-11-29 21:49 -------- d-------- C:\DOCUME~1\Sema\Application Data\uniblue 2006-11-26 21:02 -------- d-------- C:\Program Files\Common Files\symantec shared 2006-11-26 20:59 -------- d-------- C:\Program Files\aol 2006-11-26 20:58 -------- d-------- C:\Program Files\norton antivirus 2006-11-26 20:44 -------- d-------- C:\DOCUME~1\Sema\Application Data\sereniti 2006-11-26 20:39 -------- d-------- C:\Program Files\winamp 2006-11-19 17:08 -------- d-------- C:\Program Files\sozluk 2006-11-18 01:02 -------- d-------- C:\Program Files\msxml 4.0 2006-11-08 07:07 679424 --a------ C:\WINDOWS\system32\inetcomm.dll 2006-11-04 14:14 1245696 --a------ C:\WINDOWS\system32\msxml4.dll 2006-10-20 03:38 714240 --a------ C:\WINDOWS\system32\sxs.dll 2006-10-19 20:38 831048 --a------ C:\WINDOWS\system32\wudfupdate_01005.dll 2006-10-17 11:20 737280 --a------ C:\WINDOWS\iun6002.exe (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\run] "CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.ex e" "MsnMsgr"="\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background" "googletalk"="\"C:\\Program Files\\Google\\Google Talk\\googletalk.exe\" /autostart" "updateMgr"="\"C:\\Program Files\\Adobe\\Acrobat 7.0\\Reader\\AdobeUpdateManager.exe\" AcRdB7_0_7 -reboot 1" "H/PC Connection Agent"="\"C:\\Program Files\\Microsoft ActiveSync\\Wcescomm.exe\"" [HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\run] "SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_10\\bin\\jusched.exe\"" "ATIPTA"="\"C:\\Program Files\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe\"" "PTHOSTTR"="C:\\Program Files\\HPQ\\HP ProtectTools Security Manager\\PTHOSTTR.EXE /Start" "UpdateManager"="\"C:\\Program Files\\Common Files\\Sonic\\Update Manager\\sgtray.exe\" /r" "DLA"="C:\\WINDOWS\\System32\\DLA\\DLACTRLW.EX E" "SynTPEnh"="C:\\Program Files\\Synaptics\\SynTP\\SynTPEnh.exe" "hpWirelessAssistant"="C:\\Program Files\\hpq\\HP Wireless Assistant\\HP Wireless Assistant.exe" "eabconfg.cpl"="C:\\Program Files\\HPQ\\Quick Launch Buttons\\EabServr.exe /Start" "CognizanceTS"="rundll32.exe C:\\PROGRA~1\\HPQ\\IAM\\Bin\\AsTsVcc.dll,RegisterM odule" "Cpqset"="C:\\Program Files\\HPQ\\Default Settings\\cpqset.exe" "WatchDog"="C:\\Program Files\\InterVideo\\DVD Check\\DVDCheck.exe" "BigDog303"="C:\\WINDOWS\\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH)" "MPFExe"="C:\\PROGRA~1\\McAfee.com\\PERSON~1\\MpfT ray.exe" "MCAgentExe"="c:\\PROGRA~1\\mcafee.com\\agent\\mca gent.exe" "MCUpdateExe"="c:\\PROGRA~1\\mcafee.com\\agent\\mc update.exe" "TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot" "WinampAgent"="C:\\Program Files\\Winamp\\winampa.exe" "ASM"="\"C:\\Program Files\\AOL\\Active Security Monitor\\ASMonitor.exe\" HIDEMAIN" "aol"="\"C:\\Program Files\\AOL\\Active Virus Shield\\avp.exe\"" @="" "PCSuiteTrayApplication"="C:\\Program Files\\Nokia\\Nokia PC Suite 6\\LaunchApplication.exe -startup" "Picasa Media Detector"="C:\\Program Files\\Picasa2\\PicasaMediaDetector.exe" [HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\run\OptionalComponents] [HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\run\OptionalComponents\IMAIL] "Installed"="1" [HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\run\OptionalComponents\MAPI] "Installed"="1" "NoChange"="1" [HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\run\OptionalComponents\MSFS] "Installed"="1" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programlar^Başlangıç^Adobe Reader Speed Launch.lnk] "path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programlar\\Başlangıç\\Adobe Reader Speed Launch.lnk" "backup"="C:\\WINDOWS\\pss\\Adobe Reader Speed Launch.lnkCommon Startup" "location"="Common Startup" "command"="C:\\PROGRA~1\\Adobe\\ACROBA~2.0\\Reader \\READER~1.EXE " "item"="Adobe Reader Speed Launch" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programlar^Başlangıç^TurboNote.lnk] "path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programlar\\Başlangıç\\TurboNote.lnk" "backup"="C:\\WINDOWS\\pss\\TurboNote.lnkCommo n Startup" "location"="Common Startup" "command"="C:\\PROGRA~1\\TURBON~1\\tbnote.exe " "item"="TurboNote" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersio n\\Run" "item"="apdproxy" "hkey"="HKLM" "command"="\"C:\\Program Files\\Adobe\\Photoshop Album Starter Edition\\3.0\\Apps\\apdproxy.exe\"" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersio n\\Run" "item"="GoogleDesktop" "hkey"="HKLM" "command"="\"C:\\Program Files\\Google\\Google Desktop Search\\GoogleDesktop.exe\" /startup" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersio n\\Run" "item"="NeroCheck" "hkey"="HKLM" "command"="C:\\Program Files\\Common Files\\Ahead\\Lib\\NeroCheck.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersio n\\Run" "item"="LaunchApplication" "hkey"="HKLM" "command"="C:\\Program Files\\Nokia\\Nokia PC Suite 6\\LaunchApplication.exe -onlytray" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PcSync] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersio n\\Run" "item"="PcSync2" "hkey"="HKCU" "command"="C:\\Program Files\\Nokia\\Nokia PC Suite 6\\PcSync2.exe /NoDialog" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersio n\\Run" "item"="qttask" "hkey"="HKLM" "command"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersio n\\Run" "item"="Skype" "hkey"="HKCU" "command"="\"C:\\Program Files\\Skype\\Phone\\Skype.exe\" /nosplash /minimized" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersio n\\Run" "item"="winampa" "hkey"="HKLM" "command"="C:\\Program Files\\Winamp\\winampa.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\explorer\shellexecutehooks] "{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5" [HKEY_USERS\.default\software\microsoft\windows\cur rentversion\run] "PcSync"="C:\\Program Files\\Nokia\\Nokia PC Suite 6\\PcSync2.exe /NoDialog" [HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run] "PcSync"="C:\\Program Files\\Nokia\\Nokia PC Suite 6\\PcSync2.exe /NoDialog" [HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\policies\system] "DisableCMD"=dword:00000000 [HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\policies\explorer] "NoFolderOptions"=dword:00000000 [HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\policies\explorer\Run] HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OneCard [HKEY_LOCAL_MACHINE\system\currentcontrolset\contro l\securityproviders] "SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll" [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost] HTTPFilter REG_MULTI_SZ HTTPFilter\0\0 LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnph ost\0SSDPSRV\0\0 NetworkService REG_MULTI_SZ DnsCache\0\0 DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0 rpcss REG_MULTI_SZ RpcSs\0\0 imgsvc REG_MULTI_SZ StiSvc\0\0 termsvcs REG_MULTI_SZ TermService\0\0 Cognizance REG_MULTI_SZ ASChannel\0\0 Usnsvc REG_MULTI_SZ usnsvc\0\0 WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0 Completion time: 07-01-16 11:47:41
|
|
#10
January 16th, 2007, 10:55 AM
|
||||
|
||||
|
I saved the report before I applied all actions, so the report showed no actions taken. This is the new AVG report.
--------------------------------------------------------- AVG Anti-Spyware - Scan Report --------------------------------------------------------- + Created at: 11:22:00 16.01.2007 + Scan result: C:\Documents and Settings\Sema\Belgelerim\Set up\BSplayer_WhenUSave_InstallerInstRe.exe -> Adware.SaveNow : Cleaned with backup (quarantined). C:\Documents and Settings\Sema\Start Menu\Programlar\WhenU -> Adware.SaveNow : Cleaned with backup (quarantined). C:\Documents and Settings\Sema\Start Menu\Programlar\WhenU\Customer Support.lnk -> Adware.SaveNow : Cleaned with backup (quarantined). C:\Documents and Settings\Sema\Start Menu\Programlar\WhenU\Learn More About WhenU Save.url -> Adware.SaveNow : Cleaned with backup (quarantined). C:\Documents and Settings\Sema\Start Menu\Programlar\WhenU\Learn More About WhenU SaveNow.url -> Adware.SaveNow : Cleaned with backup (quarantined). C:\Documents and Settings\Sema\Start Menu\Programlar\WhenU\Uninstall Instructions.lnk -> Adware.SaveNow : Cleaned with backup (quarantined). C:\Documents and Settings\Sema\Start Menu\Programlar\WhenU\WhenU.com Website.url -> Adware.SaveNow : Cleaned with backup (quarantined). C:\Downloads\BSplayer_WhenUSave_InstallerInstRe.ex e -> Adware.SaveNow : Cleaned with backup (quarantined). C:\Program Files\Mozilla Firefox\extensions\{BEE3E87E-E1C6-4bfe-BE9D-48E84271AB34}\components\whenu_ff.dll -> Adware.SaveNow : Cleaned with backup (quarantined). C:\Program Files\Save -> Adware.SaveNow : Cleaned with backup (quarantined). C:\Program Files\Save\ACM.dll -> Adware.SaveNow : Cleaned with backup (quarantined). C:\Program Files\Save\Save.exe -> Adware.SaveNow : Cleaned with backup (quarantined). C:\Program Files\Save\SaveUninst.exe -> Adware.SaveNow : Cleaned with backup (quarantined). C:\Program Files\Save\ffext.mod -> Adware.SaveNow : Cleaned with backup (quarantined). C:\Program Files\Save\save.db -> Adware.SaveNow : Cleaned with backup (quarantined). C:\Program Files\Save\save.htm -> Adware.SaveNow : Cleaned with backup (quarantined). C:\Program Files\Save\store.db -> Adware.SaveNow : Cleaned with backup (quarantined). C:\System Volume Information\_restore{211D61E6-18E6-4138-B348-99F69C9B7B0D}\RP47\A0024943.dll -> Adware.SaveNow : Cleaned with backup (quarantined). C:\System Volume Information\_restore{211D61E6-18E6-4138-B348-99F69C9B7B0D}\RP47\A0024946.exe/ffext.mod/{BEE3E87E-E1C6-4bfe-BE9D-48E84271AB34}\components\whenu_ff.dll -> Adware.SaveNow : Cleaned with backup (quarantined). HKLM\SOFTWARE\Classes\WUSN.1 -> Adware.SaveNow : Cleaned with backup (quarantined). HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uni nstall\WhenUSaveMsg -> Adware.SaveNow : Cleaned with backup (quarantined). HKLM\SOFTWARE\WhenUSave -> Adware.SaveNow : Cleaned with backup (quarantined). HKLM\SOFTWARE\WhenUSave\Partners -> Adware.SaveNow : Cleaned with backup (quarantined). HKLM\SOFTWARE\WhenUSave\Partners\BSPL -> Adware.SaveNow : Cleaned with backup (quarantined). HKU\S-1-5-21-81231591-4238545490-1346418133-1006\Software\Microsoft\Windows\CurrentVersion\Run \\WhenUSave -> Adware.SaveNow : Error during cleaning. C:\Documents and Settings\Sema\Cookies\sema@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned. :mozilla.100:C:\Documents and Settings\Sema\Application Data\Mozilla\Firefox\Profiles\d3cq3svn.default\coo kies.txt -> TrackingCookie.Casalemedia : Cleaned. :mozilla.101:C:\Documents and Settings\Sema\Application Data\Mozilla\Firefox\Profiles\d3cq3svn.default\coo kies.txt -> TrackingCookie.Casalemedia : Cleaned. :mozilla.102:C:\Documents and Settings\Sema\Application Data\Mozilla\Firefox\Profiles\d3cq3svn.default\coo kies.txt -> TrackingCookie.Casalemedia : Cleaned. :mozilla.98:C:\Documents and Settings\Sema\Application Data\Mozilla\Firefox\Profiles\d3cq3svn.default\coo kies.txt -> TrackingCookie.Casalemedia : Cleaned. :mozilla.99:C:\Documents and Settings\Sema\Application Data\Mozilla\Firefox\Profiles\d3cq3svn.default\coo kies.txt -> TrackingCookie.Casalemedia : Cleaned. :mozilla.50:C:\Documents and Settings\Sema\Application Data\Mozilla\Firefox\Profiles\d3cq3svn.default\coo kies.txt -> TrackingCookie.Doubleclick : Cleaned. C:\Documents and Settings\Sema\Cookies\sema@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned. C:\Documents and Settings\Sema\Cookies\sema@adopt.euroclick[1].txt -> TrackingCookie.Euroclick : Cleaned. :mozilla.95:C:\Documents and Settings\Sema\Application Data\Mozilla\Firefox\Profiles\d3cq3svn.default\coo kies.txt -> TrackingCookie.Fastclick : Cleaned. :mozilla.96:C:\Documents and Settings\Sema\Application Data\Mozilla\Firefox\Profiles\d3cq3svn.default\coo kies.txt -> TrackingCookie.Fastclick : Cleaned. :mozilla.97:C:\Documents and Settings\Sema\Application Data\Mozilla\Firefox\Profiles\d3cq3svn.default\coo kies.txt -> TrackingCookie.Fastclick : Cleaned. C:\Documents and Settings\Sema\Cookies\sema@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned. :mozilla.54:C:\Documents and Settings\Sema\Application Data\Mozilla\Firefox\Profiles\d3cq3svn.default\coo kies.txt -> TrackingCookie.Statcounter : Cleaned. :mozilla.72:C:\Documents and Settings\Sema\Application Data\Mozilla\Firefox\Profiles\d3cq3svn.default\coo kies.txt -> TrackingCookie.Tracking101 : Cleaned. :mozilla.73:C:\Documents and Settings\Sema\Application Data\Mozilla\Firefox\Profiles\d3cq3svn.default\coo kies.txt -> TrackingCookie.Tracking101 : Cleaned. :mozilla.56:C:\Documents and Settings\Sema\Application Data\Mozilla\Firefox\Profiles\d3cq3svn.default\coo kies.txt -> TrackingCookie.Yieldmanager : Cleaned. :mozilla.57:C:\Documents and Settings\Sema\Application Data\Mozilla\Firefox\Profiles\d3cq3svn.default\coo kies.txt -> TrackingCookie.Yieldmanager : Cleaned. :mozilla.58:C:\Documents and Settings\Sema\Application Data\Mozilla\Firefox\Profiles\d3cq3svn.default\coo kies.txt -> TrackingCookie.Yieldmanager : Cleaned. ::Report end
|
|
#11
January 16th, 2007, 10:57 AM
|
||||
|
||||
|
Here is the HJT Log.
Logfile of HijackThis v1.99.1 Scan saved at 11:54:55, on 16.01.2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\Program Files\HPQ\IAM\bin\asghost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\LEXPPS.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\HPQ\HP ProtectTools Security Manager\PTHOSTTR.EXE C:\WINDOWS\System32\DLA\DLACTRLW.EXE C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe C:\WINDOWS\VM303_STI.EXE C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe C:\PROGRA~1\mcafee.com\agent\mcagent.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Winamp\winampa.exe C:\Program Files\AOL\Active Security Monitor\ASMonitor.exe C:\Program Files\AOL\Active Virus Shield\avp.exe C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe C:\Program Files\Picasa2\PicasaMediaDetector.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\Program Files\Google\Google Talk\googletalk.exe C:\Program Files\Microsoft ActiveSync\Wcescomm.exe C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe C:\PROGRA~1\MI3AA1~1\rapimgr.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\Program Files\AOL\Active Virus Shield\avp.exe C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe C:\WINDOWS\system32\cisvc.exe C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe c:\program files\mcafee.com\agent\mcdetect.exe c:\PROGRA~1\mcafee.com\agent\mctskshd.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe C:\Program Files\PC Connectivity Solution\ServiceLayer.exe C:\Program Files\PC Connectivity Solution\NclBTHandler.exe C:\PROGRA~1\HPQ\SHARED\HPQTOA~1.EXE C:\Program Files\HPQ\Shared\hpqwmi.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\cidaemon.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Program Files\HijackThis 1.99.1\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.hp.com R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Bağlantılar O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: XBTP06568 - {311F9DE8-6126-4EEE-B15F-65CBB3B4F9F6} - C:\Program Files\AOL Security Toolbar\tbu31\AOL_security_toolbar.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FlashGet\jccatch.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: HP Credential Manager for ProtectTools - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Program Files\HPQ\IAM\Bin\ItIeAddIN.dll O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: AOL Security Toolbar - {3BB63FD4-3C00-44D7-94A9-5DE211900DEF} - C:\Program Files\AOL Security Toolbar\tbu31\AOL_security_toolbar.dll O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe" O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" O4 - HKLM\..\Run: [PTHOSTTR] C:\Program Files\HPQ\HP ProtectTools Security Manager\PTHOSTTR.EXE /Start O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start O4 - HKLM\..\Run: [CognizanceTS] rundll32.exe C:\PROGRA~1\HPQ\IAM\Bin\AsTsVcc.dll,RegisterModule O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe O4 - HKLM\..\Run: [WatchDog] C:\Program Files\InterVideo\DVD Check\DVDCheck.exe O4 - HKLM\..\Run: [BigDog303] C:\WINDOWS\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH) O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe O4 - HKLM\..\Run: [ASM] "C:\Program Files\AOL\Active Security Monitor\ASMonitor.exe" HIDEMAIN O4 - HKLM\..\Run: [aol] "C:\Program Files\AOL\Active Virus Shield\avp.exe" O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [googletalk] "C:\Program Files\Google\Google Talk\googletalk.exe" /autostart O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1 O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\Wcescomm.exe" O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Bluetooth.lnk = ? O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present O8 - Extra context menu item: FlashGet'i kullanarak indir - C:\Program Files\FlashGet\jc_link.htm O8 - Extra context menu item: Microsoft Excel'e Gö&nder - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O8 - Extra context menu item: Tümünü FlashGet'i kullanarak indir - C:\Program Files\FlashGet\jc_all.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra button: Araştır - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://kharmian.spaces.msn.com//Phot...d/MsnPUpld.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{26EACE68-1E48-432A-8FC1-E71B13351D20}: NameServer = 144.122.199.20,144.122.199.90 O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll O20 - Winlogon Notify: OneCard - C:\Program Files\HPQ\IAM\Bin\AsWlnPkg.dll O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: Active Virus Shield (AVP) - Unknown owner - C:\Program Files\AOL\Active Virus Shield\avp.exe" -r (file missing) O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\Shared\hpqwmi.exe O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
|
|
#12
January 16th, 2007, 10:59 AM
|
||||
|
||||
|
Here is the silent runners log.
"Silent Runners.vbs", revision 46, http://www.silentrunners.org/ Operating System: Windows XP SP2 Output limited to non-default values, except where indicated by "{++}" Startup items buried in registry: --------------------------------- HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run \ {++} "CTFMON.EXE" = "C:\WINDOWS\system32\ctfmon.exe" [MS] "MsnMsgr" = ""C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background" [MS] "googletalk" = ""C:\Program Files\Google\Google Talk\googletalk.exe" /autostart" ["Google"] "updateMgr" = ""C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1" ["Adobe Systems Incorporated"] "H/PC Connection Agent" = ""C:\Program Files\Microsoft ActiveSync\Wcescomm.exe"" [MS] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run \ {++} "SunJavaUpdateSched" = ""C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"" ["Sun Microsystems, Inc."] "ATIPTA" = ""C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"" ["ATI Technologies, Inc."] "PTHOSTTR" = "C:\Program Files\HPQ\HP ProtectTools Security Manager\PTHOSTTR.EXE /Start" ["Hewlett-Packard Development Company, L.P."] "UpdateManager" = ""C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r" ["Sonic Solutions"] "DLA" = "C:\WINDOWS\System32\DLA\DLACTRLW.EXE" ["Sonic Solutions"] "SynTPEnh" = "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" ["Synaptics, Inc."] "hpWirelessAssistant" = "C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" ["Hewlett-Packard Development Company, L.P."] "eabconfg.cpl" = "C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start" ["Hewlett-Packard "] "CognizanceTS" = "rundll32.exe C:\PROGRA~1\HPQ\IAM\Bin\AsTsVcc.dll,RegisterModule " [MS] "Cpqset" = "C:\Program Files\HPQ\Default Settings\cpqset.exe" [null data] "WatchDog" = "C:\Program Files\InterVideo\DVD Check\DVDCheck.exe" ["InterVideo Inc."] "BigDog303" = "C:\WINDOWS\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH)" ["Vimicro"] "MPFExe" = "C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe" ["McAfee Security"] "MCAgentExe" = "c:\PROGRA~1\mcafee.com\agent\mcagent.exe" ["McAfee, Inc"] "MCUpdateExe" = "c:\PROGRA~1\mcafee.com\agent\mcupdate.exe" ["McAfee, Inc"] "TkBellExe" = ""C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot" ["RealNetworks, Inc."] "WinampAgent" = "C:\Program Files\Winamp\winampa.exe" [null data] "ASM" = ""C:\Program Files\AOL\Active Security Monitor\ASMonitor.exe" HIDEMAIN" ["AOL LLC"] "aol" = ""C:\Program Files\AOL\Active Virus Shield\avp.exe"" ["AOL"] "(Default)" = (empty string) "PCSuiteTrayApplication" = "C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup" ["Nokia"] "Picasa Media Detector" = "C:\Program Files\Picasa2\PicasaMediaDetector.exe" ["Google Inc."] HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects\ {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided) -> {HKLM...CLSID} = "Adobe PDF Reader Link Helper" \InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"] {311F9DE8-6126-4EEE-B15F-65CBB3B4F9F6}\(Default) = "XBTP06568" -> {HKLM...CLSID} = "XBTP06568 Class" \InProcServer32\(Default) = "C:\Program Files\AOL Security Toolbar\tbu31\AOL_security_toolbar.dll" [null data] {5CA3D70E-1895-11CF-8E15-001234567890}\(Default) = "*_" (unwritable string) -> {HKLM...CLSID} = "DriveLetterAccess" \InProcServer32\(Default) = "C:\WINDOWS\System32\DLA\DLASHX_W.DLL" ["Sonic Solutions"] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided) -> {HKLM...CLSID} = "SSVHelper Class" \InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll" ["Sun Microsystems, Inc."] {9030D464-4C02-4ABF-8ECC-5164760863C6}\(Default) = (no title provided) -> {HKLM...CLSID} = "Windows Live Sign-in Helper" \InProcServer32\(Default) = "C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll" [MS] {A5366673-E8CA-11D3-9CD9-0090271D075B}\(Default) = (no title provided) -> {HKLM...CLSID} = "IeCatch2 Class" \InProcServer32\(Default) = "C:\PROGRA~1\FlashGet\jccatch.dll" ["Amaze Soft"] {AA58ED58-01DD-4d91-8333-CF10577473F7}\(Default) = (no title provided) -> {HKLM...CLSID} = "Google Toolbar Helper" \InProcServer32\(Default) = "c:\program files\google\googletoolbar1.dll" ["Google Inc."] {DF21F1DB-80C6-11D3-9483-B03D0EC10000}\(Default) = "HP Credential Manager for ProtectTools" -> {HKLM...CLSID} = "HP Credential Manager for ProtectTools" \InProcServer32\(Default) = "C:\Program Files\HPQ\IAM\Bin\ItIeAddIN.dll" ["Infineon Technologies AG"] HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved\ "{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Görüntü Paneli CPL Uzantısı" -> {HKLM...CLSID} = "Görüntü Paneli CPL Uzantısı" \InProcServer32\(Default) = "deskpan.dll" [file not found] "{88895560-9AA2-1069-930E-00AA0030EBC8}" = "HyperTerminal Icon Ext" -> {HKLM...CLSID} = "HyperTerminal Icon Ext" \InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."] "{DEE12703-6333-4D4E-8F34-738C4DCC2E04}" = "RecordNow! SendToExt" -> {HKLM...CLSID} = "RecordNow! SendToExt" \InProcServer32\(Default) = "C:\Program Files\Sonic\RecordNow!\shlext.dll" [null data] "{5CA3D70E-1895-11CF-8E15-001234567890}" = "DriveLetterAccess" -> {HKLM...CLSID} = "DriveLetterAccess" \InProcServer32\(Default) = "C:\WINDOWS\System32\DLA\DLASHX_W.DLL" ["Sonic Solutions"] "{2F603045-309F-11CF-9774-0020AFD0CFF6}" = "Synaptics Control Panel" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\Program Files\Synaptics\SynTP\SynTPCpl.dll" ["Synaptics, Inc."] "{640167b4-59b0-47a6-b335-a6b3c0695aea}" = "Portable Media Devices" -> {HKLM...CLSID} = "Portable Media Devices" \InProcServer32\(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS] "{cc86590a-b60a-48e6-996b-41d25ed39a1e}" = "Portable Media Devices Menu" -> {HKLM...CLSID} = "Portable Media Devices Menu" \InProcServer32\(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS] "{666C7831-A9B6-4AB4-94ED-DC238C81E925}" = "Document Manager (Context Menu)" -> {HKLM...CLSID} = "Document Manager (Shell Context Menu)" \InProcServer32\(Default) = "C:\Program Files\HPQ\IAM\Bin\SFSShell.dll" ["Cognizance Corporation"] "{666C7832-A9B6-4AB4-94ED-DC238C81E925}" = "Document Manager (File Properties)" -> {HKLM...CLSID} = "Document Manager (Shell File Properties)" \InProcServer32\(Default) = "C:\Program Files\HPQ\IAM\Bin\SFSShell.dll" ["Cognizance Corporation"] "{666C7835-A9B6-4AB4-94ED-DC238C81E925}" = "Document Manager (Drive Properties)" -> {HKLM...CLSID} = "Document Manager (Shell Drive Properties)" \InProcServer32\(Default) = "C:\Program Files\HPQ\IAM\Bin\SFSShell.dll" ["Cognizance Corporation"] "{6af09ec9-b429-11d4-a1fb-0090960218cb}" = "My Bluetooth Places" -> {HKLM...CLSID} = "My Bluetooth Places" \InProcServer32\(Default) = "C:\WINDOWS\system32\btneighborhood.dll" ["Broadcom Corporation."] "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data] "{FC9FB64A-1EB2-4CCF-AF5E-1A497A9B5C2D}" = "Messenger Sharing Folders" -> {HKLM...CLSID} = "Paylaşım Klasörlerim" \InProcServer32\(Default) = "C:\Program Files\MSN Messenger\fsshext.8.0.0812.00.dll" [MS] "{21569614-B795-46b1-85F4-E737A8DC09AD}" = "Shell Search Band" -> {HKLM...CLSID} = "Shell Search Band" \InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" [MS] "{00020D75-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Desktop Icon Handler" -> {HKLM...CLSID} = "Microsoft Office Outlook" \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~3\OFFICE11\MLSHEXT.DLL" [MS] "{0006F045-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Custom Icon Handler" -> {HKLM...CLSID} = "Outlook Dosya Simge Uzantısı" \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~3\OFFICE11\OLKFSTUB.DLL" [MS] "{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\Program Files\Microsoft Office\OFFICE11\msohev.dll" [MS] "{B327765E-D724-4347-8B16-78AE18552FC3}" = "NeroDigitalIconHandler" -> {HKLM...CLSID} = "NeroDigitalIconHandler Class" \InProcServer32\(Default) = "C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll" [file not found] "{7F1CF152-04F8-453A-B34C-E609530A9DC8}" = "NeroDigitalPropSheetHandler" -> {HKLM...CLSID} = "NeroDigitalPropSheetHandler Class" \InProcServer32\(Default) = "C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll" [file not found] "{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}" = "Shell Extensions for RealOne Player" -> {HKLM...CLSID} = "RealOne Player Context Menu Class" \InProcServer32\(Default) = "C:\Program Files\Real\RealPlayer\rpshell.dll" ["RealNetworks, Inc."] "{416651E4-9C3C-11D9-8BDE-F66BAD1E3F3A}" = "PhoneBrowser" -> {HKLM...CLSID} = "Nokia Phone Browser" \InProcServer32\(Default) = "C:\Program Files\Nokia\Nokia PC Suite 6\PhoneBrowser.dll" ["Nokia"] "{49BF5420-FA7F-11cf-8011-00A0C90A8F78}" = "Mobile Device" -> {HKLM...CLSID} = "Mobile Device" \InProcServer32\(Default) = "C:\PROGRA~1\MI3AA1~1\Wcesview.dll" [MS] HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\ShellExecuteHooks\ INFECTION WARNING! "{57B86673-276A-48B2-BAE7-C6DBB3020EB8}" = "AVG Anti-Spyware 7.5" -> {HKLM...CLSID} = "CShellExecuteHookImpl Object" \InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll" ["Anti-Malware Development a.s."] HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ INFECTION WARNING! AtiExtEvent\DLLName = "Ati2evxx.dll" ["ATI Technologies Inc."] INFECTION WARNING! klogon\DLLName = "C:\WINDOWS\system32\klogon.dll" ["Kaspersky Lab"] INFECTION WARNING! OneCard\DLLName = "C:\Program Files\HPQ\IAM\Bin\AsWlnPkg.dll" ["Cognizance Corporation"] HKLM\Software\Classes\PROTOCOLS\Filter\ INFECTION WARNING! text/xml\CLSID = "{807553E5-5146-11D5-A672-00B0D022E945}" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL" [MS] HKLM\Software\Classes\Folder\shellex\ColumnHandler s\ {7D4D6379-F301-4311-BEBA-E26EB0561882}\(Default) = "NeroDigitalExt.NeroDigitalColumnHandler" -> {HKLM...CLSID} = "NeroDigitalColumnHandler Class" \InProcServer32\(Default) = "C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll" [file not found] {F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info" -> {HKLM...CLSID} = "PDF Shell Extension" \InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."] HKLM\Software\Classes\*\shellex\ContextMenuHandler s\ AVG Anti-Spyware\(Default) = "{8934FCEF-F5B8-468f-951F-78A921CD3920}" -> {HKLM...CLSID} = "CContextScan Object" \InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\context.dll" ["Anti-Malware Development a.s."] Document Manager\(Default) = "{666C7831-A9B6-4AB4-94ED-DC238C81E925}" -> {HKLM...CLSID} = "Document Manager (Shell Context Menu)" \InProcServer32\(Default) = "C:\Program Files\HPQ\IAM\Bin\SFSShell.dll" ["Cognizance Corporation"] Kaspersky Anti-Virus\(Default) = "{dd230880-495a-11d1-b064-008048ec2fc5}" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\Program Files\AOL\Active Virus Shield\shellex.dll" ["Kaspersky Lab"] WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data] HKLM\Software\Classes\Directory\shellex\ContextMen uHandlers\ AVG Anti-Spyware\(Default) = "{8934FCEF-F5B8-468f-951F-78A921CD3920}" -> {HKLM...CLSID} = "CContextScan Object" \InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\context.dll" ["Anti-Malware Development a.s."] Document Manager\(Default) = "{666C7831-A9B6-4AB4-94ED-DC238C81E925}" -> {HKLM...CLSID} = "Document Manager (Shell Context Menu)" \InProcServer32\(Default) = "C:\Program Files\HPQ\IAM\Bin\SFSShell.dll" ["Cognizance Corporation"] WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data] HKLM\Software\Classes\Folder\shellex\ContextMenuHa ndlers\ Kaspersky Anti-Virus\(Default) = "{dd230880-495a-11d1-b064-008048ec2fc5}" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\Program Files\AOL\Active Virus Shield\shellex.dll" ["Kaspersky Lab"] WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data] Active Desktop and Wallpaper: ----------------------------- Active Desktop is disabled at this entry: HKCU\Software\Microsoft\Windows\CurrentVersion\Exp lorer\ShellState HKCU\Control Panel\Desktop\ "Wallpaper" = "C:\Documents and Settings\Sema\Local Settings\Application Data\Microsoft\Wallpaper1.bmp" Startup items in "Sema" & "All Users" startup folders: ------------------------------------------------------ C:\Documents and Settings\All Users\Start Menu\Programlar\Başlangıç "Adobe Reader Speed Launch" -> shortcut to: "C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe" ["Adobe Systems Incorporated"] "Bluetooth" -> shortcut to: "C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe" ["Broadcom Corporation."] Winsock2 Service Provider DLLs: ------------------------------- Namespace Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Pa rameters\NameSpace_Catalog5\Catalog_Entries\ {++} 000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS] 000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS] 000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS] Transport Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Pa rameters\Protocol_Catalog9\Catalog_Entries\ {++} 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range: %SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 23 %SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05 Toolbars, Explorer Bars, Extensions: ------------------------------------ Toolbars HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\ "{2318C2B1-4965-11D4-9B18-009027A5CD4F}" -> {HKLM...CLSID} = "&Google" \InProcServer32\(Default) = "c:\program files\google\googletoolbar1.dll" ["Google Inc."] "{3BB63FD4-3C00-44D7-94A9-5DE211900DEF}" -> {HKLM...CLSID} = "AOL Security Toolbar" \InProcServer32\(Default) = "C:\Program Files\AOL Security Toolbar\tbu31\AOL_security_toolbar.dll" [null data] HKLM\Software\Microsoft\Internet Explorer\Toolbar\ "{E0E899AB-F487-11D5-8D29-0050BA6940E3}" = "FlashGet Bar" -> {HKLM...CLSID} = "FlashGet Bar" \InProcServer32\(Default) = "C:\PROGRA~1\FlashGet\fgiebar.dll" ["Amaze Soft"] "{2318C2B1-4965-11D4-9B18-009027A5CD4F}" = (no title provided) -> {HKLM...CLSID} = "&Google" \InProcServer32\(Default) = "c:\program files\google\googletoolbar1.dll" ["Google Inc."] "{3BB63FD4-3C00-44D7-94A9-5DE211900DEF}" = (no title provided) -> {HKLM...CLSID} = "AOL Security Toolbar" \InProcServer32\(Default) = "C:\Program Files\AOL Security Toolbar\tbu31\AOL_security_toolbar.dll" [null data] Explorer Bars HKCU\Software\Microsoft\Internet Explorer\Explorer Bars\ {21569614-B795-46B1-85F4-E737A8DC09AD}\(Default) = (no title provided) -> {HKLM...CLSID} = "Shell Search Band" \InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" [MS] Extensions (Tools menu items, main toolbar menu buttons) HKLM\Software\Microsoft\Internet Explorer\Extensions\ {08B0E5C0-4FCB-11CF-AAA5-00401C608501}\ "MenuText" = "Sun Java Console" "CLSIDExtension" = "{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBC}" -> {HKCU...CLSID} = "Java Plug-in 1.5.0_10" \InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll" ["Sun Microsystems, Inc."] -> {HKLM...CLSID} = "Java Plug-in 1.5.0_10" \InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_10\bin\npjpi150_10.dll" ["Sun Microsystems, Inc."] {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F}\ "ButtonText" = "Create Mobile Favorite" "CLSIDExtension" = "{2EAF5BB0-070F-11D3-9307-00C04FAE2D4F}" -> {HKLM...CLSID} = "Create Mobile Favorite" \InProcServer32\(Default) = "C:\PROGRA~1\MI3AA1~1\INetRepl.dll" [MS] {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F}\ "MenuText" = "Create Mobile Favorite..." "CLSIDExtension" = "{2EAF5BB0-070F-11D3-9307-00C04FAE2D4F}" -> {HKLM...CLSID} = "Create Mobile Favorite" \InProcServer32\(Default) = "C:\PROGRA~1\MI3AA1~1\INetRepl.dll" [MS] {92780B25-18CC-41C8-B9BE-3C9C571A8263}\ "ButtonText" = "Araştır" {D6E814A0-E0C5-11D4-8D29-0050BA6940E3}\ "ButtonText" = "FlashGet" "MenuText" = "&FlashGet" "Exec" = "C:\PROGRA~1\FlashGet\flashget.exe" ["Amaze Soft"] {FB5F1910-F110-11D2-BB9E-00C04F795683}\ "ButtonText" = "Messenger" "MenuText" = "Windows Messenger" "Exec" = "C:\Program Files\Messenger\msmsgs.exe" [MS] Miscellaneous IE Hijack Points ------------------------------ C:\WINDOWS\INF\IERESET.INF (used to "Reset Web Settings") Added lines (compared with English-language version): [Strings]: START_PAGE_URL=http://www.hp.com [Strings]: SAFESITE_VALUE="örneğin search.msn.com" Missing lines (compared with English-language version): [Strings]: 2 lines
|
|
#13
January 16th, 2007, 10:59 AM
|
||||
|
||||
|
Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------ Active Virus Shield, AVP, ""C:\Program Files\AOL\Active Virus Shield\avp.exe" -r" ["AOL"] Ati HotKey Poller, Ati HotKey Poller, "C:\WINDOWS\system32\Ati2evxx.exe" ["ATI Technologies Inc."] AVG Anti-Spyware Guard, AVG Anti-Spyware Guard, "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe" ["Anti-Malware Development a.s."] Bluetooth Service, btwdins, "C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe" ["Broadcom Corporation."] HP WMI Interface, hpqwmi, "C:\Program Files\HPQ\Shared\hpqwmi.exe" ["Hewlett-Packard Development Company, L.P."] hpqwmiex, hpqwmiex, "C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe" ["Hewlett-Packard Development Company, L.P."] LexBce Server, LexBceS, "C:\WINDOWS\system32\LEXBCES.EXE" ["Lexmark International, Inc."] Local Communication Channel, ASChannel, "C:\WINDOWS\System32\svchost.exe -k Cognizance" {"C:\Program Files\HPQ\IAM\Bin\ASChnl.dll" ["Cognizance Corporation"]} Machine Debug Manager, MDM, ""C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE"" [MS] McAfee Personal Firewall Service, MpfService, "C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.ex e" ["McAfee Corporation"] McAfee Task Scheduler, McTskshd.exe, "c:\PROGRA~1\mcafee.com\agent\mctskshd.exe" ["McAfee, Inc"] McAfee WSC Integration, McDetect.exe, "c:\program files\mcafee.com\agent\mcdetect.exe" ["McAfee, Inc"] Messenger Paylaşım USN Günlük Okuyucu hizmeti, usnsvc, "C:\WINDOWS\system32\svchost.exe -k usnsvc" {"C:\Program Files\MSN Messenger\usnsvc.dll" [MS]} ServiceLayer, ServiceLayer, ""C:\Program Files\PC Connectivity Solution\ServiceLayer.exe"" ["Nokia."] Windows Driver Foundation - User-mode Driver Framework, WudfSvc, "C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup" {"C:\WINDOWS\System32\WUDFSvc.dll" [MS]} Windows User Mode Driver Framework, UMWdf, "C:\WINDOWS\system32\wdfmgr.exe" [MS] Print Monitors: --------------- HKLM\System\CurrentControlSet\Control\Print\Monito rs\ Bluetooth Printer Port\Driver = "bthcrp.dll" ["Broadcom Corporation."] HP Master Monitor\Driver = "HPBMMON.DLL" ["Hewlett-Packard"] HP Mobile Printing Monitor\Driver = "HPMPMW.DLL" ["Hewlett-Packard"] Lexmark Network Port\Driver = "LEXLMPM.DLL" ["Lexmark International, Inc."] Microsoft Document Imaging Writer Monitor\Driver = "mdimon.dll" [MS] ---------- + This report excludes default entries except where indicated. + To see *everywhere* the script checks and *everything* it finds, launch it from a command prompt or a shortcut with the -all parameter. + To search all directories of local fixed drives for DESKTOP.INI DLL launch points and all Registry CLSIDs for dormant Explorer Bars, use the -supp parameter or answer "No" at the first message box. ---------- (total run time: 28 seconds, including 3 seconds for message boxes)
|
|
#14
January 16th, 2007, 07:24 PM
|
|||
|
|||
|
Hello laptopaddict,
Go here and run the Kaspersky online scan, and post back the log it creates (it requires IE). To use the scan, once the download has completed click Scan Settings, then make sure the "extended option" is checked (leave all others as they are) and click OK. Then click My Computer to begin the scan. Save the Report as a text file and post that back here. ~~~~~~~~~~~ Your Silent Runners version is outdated, please remove that one and go here and download Silent Runners to your desktop. Run it, and post back here the log it creates. If your AV queries the script, allow it to run. It's not malicious. It will create a file named Startup Programs, and will notify when the scan is complete. Copy the log from the Startup Programs file back here. ~~~~~~~~~~~ Open HijackThis and select "None of the above, just start the program", click "Config...", select "Misc Tools" and click on "Open Uninstall Manager". Now click on "Save list". This will create a textfile called "uninstall_list.txt". Please post that back in your next reply. ~~~~~~~~~~~ Make sure you can View Hidden Files and Folders and navigate to the following folders, post back what they are if you know or what is inside please. C:\Program Files\zero g registry C:\Program Files\sozluk Please post back the new Silent Runners log, the Startup list log, the Kaspersky report and what those folders are.
|
|
#15
January 16th, 2007, 10:57 PM
|
||||
|
||||
|
KASPERSKY ONLINE SCANNER REPORT
Tuesday, January 16, 2007 11:52:40 PM Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600) Kaspersky Online Scanner version: 5.0.83.0 Kaspersky Anti-Virus database last update: 16/01/2007 Kaspersky Anti-Virus database records: 258945 Scan Settings Scan using the following antivirus database extended Scan Archives true Scan Mail Bases true Scan Target My Computer C:\ D:\ Scan Statistics Total number of scanned objects 78081 Number of viruses found 5 Number of infected objects 14 / 0 Number of suspicious objects 0 Duration of the scan process 01:42:50 Infected Object Name Virus Name Last Action C:\Documents and Settings\All Users\Application Data\AOL\AVP6\Report\0657_File_Monitoring_eventlog .rpt Object is locked skipped C:\Documents and Settings\All Users\Application Data\AOL\AVP6\Report\detected.idx Object is locked skipped C:\Documents and Settings\All Users\Application Data\AOL\AVP6\Report\detected.rpt Object is locked skipped C:\Documents and Settings\All Users\Application Data\AOL\AVP6\Report\eventlog.rpt Object is locked skipped C:\Documents and Settings\All Users\Application Data\AOL\AVP6\Report\report.rpt Object is locked skipped C:\Documents and Settings\All Users\Application Data\McAfee.com\Agent\Logs\TaskScheduler\McTskshd0 02.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\Sema\Application Data\$_hpcst$.hpc Object is locked skipped C:\Documents and Settings\Sema\Application Data\Mozilla\Firefox\Profiles\d3cq3svn.default\cer t8.db Object is locked skipped C:\Documents and Settings\Sema\Application Data\Mozilla\Firefox\Profiles\d3cq3svn.default\fla shgot.log Object is locked skipped C:\Documents and Settings\Sema\Application Data\Mozilla\Firefox\Profiles\d3cq3svn.default\goo glesafebrowsing.db Object is locked skipped C:\Documents and Settings\Sema\Application Data\Mozilla\Firefox\Profiles\d3cq3svn.default\his tory.dat Object is locked skipped C:\Documents and Settings\Sema\Application Data\Mozilla\Firefox\Profiles\d3cq3svn.default\key 3.db Object is locked skipped C:\Documents and Settings\Sema\Application Data\Mozilla\Firefox\Profiles\d3cq3svn.default\par ent.lock Object is locked skipped C:\Documents and Settings\Sema\Belgelerim\My Chat Logs\Ocak 2007\ufoozgur@hotmail.com.html Object is locked skipped C:\Documents and Settings\Sema\Belgelerim\Set up\mirc617.exe/data0001.bin Infected: not-a-virus:Client-IRC.Win32.mIRC.617 skipped C:\Documents and Settings\Sema\Belgelerim\Set up\mirc617.exe mIRC: infected - 1 skipped C:\Documents and Settings\Sema\Cookies\index.dat Object is locked skipped C:\Documents and Settings\Sema\Local Settings\Application Data\Microsoft\Messenger\semasackesen@hotmail.com\ SharingMetadata\Logs\Dfsr.log Object is locked skipped C:\Documents and Settings\Sema\Local Settings\Application Data\Microsoft\Messenger\semasackesen@hotmail.com\ SharingMetadata\pending.dat Object is locked skipped C:\Documents and Settings\Sema\Local Settings\Application Data\Microsoft\Messenger\semasackesen@hotmail.com\ SharingMetadata\Working\database_3D21_2D9E_4701_B2 8D\dfsr.db Object is locked skipped C:\Documents and Settings\Sema\Local Settings\Application Data\Microsoft\Messenger\semasackesen@hotmail.com\ SharingMetadata\Working\database_3D21_2D9E_4701_B2 8D\fsr.log Object is locked skipped C:\Documents and Settings\Sema\Local Settings\Application Data\Microsoft\Messenger\semasackesen@hotmail.com\ SharingMetadata\Working\database_3D21_2D9E_4701_B2 8D\fsrtmp.log Object is locked skipped C:\Documents and Settings\Sema\Local Settings\Application Data\Microsoft\Messenger\semasackesen@hotmail.com\ SharingMetadata\Working\database_3D21_2D9E_4701_B2 8D\tmp.edb Object is locked skipped C:\Documents and Settings\Sema\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\Sema\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\Sema\Local Settings\Application Data\Microsoft\Windows Live Contacts\semasackesen@hotmail.com\real\members.stg Object is locked skipped C:\Documents and Settings\Sema\Local Settings\Application Data\Microsoft\Windows Live Contacts\semasackesen@hotmail.com\shadow\members.s tg Object is locked skipped C:\Documents and Settings\Sema\Local Settings\Application Data\Mozilla\Firefox\Profiles\d3cq3svn.default\Cac he\_CACHE_001_ Object is locked skipped C:\Documents and Settings\Sema\Local Settings\Application Data\Mozilla\Firefox\Profiles\d3cq3svn.default\Cac he\_CACHE_002_ Object is locked skipped C:\Documents and Settings\Sema\Local Settings\Application Data\Mozilla\Firefox\Profiles\d3cq3svn.default\Cac he\_CACHE_003_ Object is locked skipped C:\Documents and Settings\Sema\Local Settings\Application Data\Mozilla\Firefox\Profiles\d3cq3svn.default\Cac he\_CACHE_MAP_ Object is locked skipped C:\Documents and Settings\Sema\Local Settings\History\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\Sema\Local Settings\History\History.IE5\MSHist012007011620070 117\index.dat Object is locked skipped C:\Documents and Settings\Sema\Local Settings\Temp\Perflib_Perfdata_cb8.dat Object is locked skipped C:\Documents and Settings\Sema\Local Settings\Temp\WCESLog.log Object is locked skipped C:\Documents and Settings\Sema\Local Settings\Temp\~DF8261.tmp Object is locked skipped C:\Documents and Settings\Sema\Local Settings\Temp\~DF850B.tmp Object is locked skipped C:\Documents and Settings\Sema\Local Settings\Temp\~DF8E93.tmp Object is locked skipped C:\Documents and Settings\Sema\Local Settings\Temp\~DF915B.tmp Object is locked skipped C:\Documents and Settings\Sema\Local Settings\Temp\~DFE233.tmp Object is locked skipped C:\Documents and Settings\Sema\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\Sema\NTUSER.DAT Object is locked skipped C:\Documents and Settings\Sema\ntuser.dat.LOG Object is locked skipped C:\Program Files\HijackThis 1.99.1\backups\backup-20060701-154502-330.dll Infected: not-a-virus:AdTool.Win32.MyWebSearch.ak skipped C:\Program Files\Mozilla Firefox\plugins\NPMyGlSh.dll Infected: not-a-virus:AdTool.Win32.MyWebSearch.i skipped C:\Program Files\Winamp\Plugins\AudioScrobbler.log.txt Object is locked skipped C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped C:\System Volume Information\_restore{211D61E6-18E6-4138-B348-99F69C9B7B0D}\RP47\A0024944.dll Infected: not-a-virus:AdTool.Win32.WhenU.i skipped C:\System Volume Information\_restore{211D61E6-18E6-4138-B348-99F69C9B7B0D}\RP47\A0024945.exe Infected: not-a-virus:AdTool.Win32.WhenU.i skipped C:\System Volume Information\_restore{211D61E6-18E6-4138-B348-99F69C9B7B0D}\RP47\A0024946.exe/Acm.dll Infected: not-a-virus:AdTool.Win32.WhenU.i skipped C:\System Volume Information\_restore{211D61E6-18E6-4138-B348-99F69C9B7B0D}\RP47\A0024946.exe/Save.exe Infected: not-a-virus:AdTool.Win32.WhenU.i skipped C:\System Volume Information\_restore{211D61E6-18E6-4138-B348-99F69C9B7B0D}\RP47\A0024946.exe CAB: infected - 2 skipped C:\System Volume Information\_restore{211D61E6-18E6-4138-B348-99F69C9B7B0D}\RP79\A0031556.exe/data0011 Infected: not-a-virus:AdTool.Win32.WhenU.a skipped C:\System Volume Information\_restore{211D61E6-18E6-4138-B348-99F69C9B7B0D}\RP79\A0031556.exe NSIS: infected - 1 skipped C:\System Volume Information\_restore{211D61E6-18E6-4138-B348-99F69C9B7B0D}\RP82\A0032358.exe Infected: not-a-virus:AdTool.Win32.WhenU.a skipped C:\System Volume Information\_restore{211D61E6-18E6-4138-B348-99F69C9B7B0D}\RP82\A0032360.dll Infected: not-a-virus:AdTool.Win32.WhenU.i skipped C:\System Volume Information\_restore{211D61E6-18E6-4138-B348-99F69C9B7B0D}\RP82\A0032361.exe Infected: not-a-virus:AdTool.Win32.WhenU.i skipped C:\System Volume Information\_restore{211D61E6-18E6-4138-B348-99F69C9B7B0D}\RP82\change.log Object is locked skipped C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped C:\WINDOWS\SchedLgU.Txt Object is locked skipped C:\WINDOWS\SoftwareDistribution\ReportingEvents.lo g Object is locked skipped C:\WINDOWS\Sti_Trace.log Object is locked skipped C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\Credenti.evt Object is locked skipped C:\WINDOWS\system32\config\default Object is locked skipped C:\WINDOWS\system32\config\default.LOG Object is locked skipped C:\WINDOWS\system32\config\SAM Object is locked skipped C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\SECURITY Object is locked skipped C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped C:\WINDOWS\system32\config\software Object is locked skipped C:\WINDOWS\system32\config\software.LOG Object is locked skipped C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\system Object is locked skipped C:\WINDOWS\system32\config\system.LOG Object is locked skipped C:\WINDOWS\system32\drivers\fidbox.dat Object is locked skipped C:\WINDOWS\system32\drivers\fidbox.idx Object is locked skipped C:\WINDOWS\system32\drivers\fidbox2.dat Object is locked skipped C:\WINDOWS\system32\drivers\fidbox2.idx Object is locked skipped C:\WINDOWS\system32\h323log.txt Object is locked skipped C:\WINDOWS\system32\LogFiles\WUDF\WUDFTrace.etl Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MA P Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MA P Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DAT A Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped C:\WINDOWS\Temp\~DF4341.tmp Object is locked skipped C:\WINDOWS\wiadebug.log Object is locked skipped C:\WINDOWS\wiaservc.log Object is locked skipped C:\WINDOWS\WindowsUpdate.log Object is locked skipped Scan process completed.
|
|
| Bookmarks |
«
Previous Topic
|
Next Topic
»
| Topic Tools | |
|
|
Similar Topics
|
||||
| Topic | Topic Starter | Forum | Replies | Last Post |
| explorer opens by itself | emilio68 | Malware Removal | 1 | October 14th, 2008 01:12 AM |
| explorer opens by itself | gardooney | Malware Removal | 53 | May 11th, 2007 03:19 AM |
| why my gmail is not opens in mozilla even after enabling cookies? | ramraja22 | Internet / Browsers | 2 | April 20th, 2007 08:28 PM |
| mozilla opens up with explorer pop ups | laptopaddict | Internet / Browsers | 2 | January 13th, 2007 11:41 PM |
| Internet Explorer opens by itself | truckchick4 | Windows XP | 6 | March 18th, 2006 11:34 PM |
All times are GMT +1. The time now is 08:35 AM.