 Spyware plz help me :( |
Lavasoft Support Forums > Archived Topics > Archives: Resolved/Inactive Topics > Resolved/Inactive General Support Issues  |
  Feb 12 2007, 10:09 PM
Post
#1
|
|
|
Newbie  Group: Members Posts: 2 Joined: 12-February 07 Member No.: 21,204  |
Hello,
My computer is infected with spyware. I ran spywaredoctor and it detected 3 types of spyware: winfixer, instant access, trojan.mailskinner. I would really appreciate if somebody could help me for it drives me crazy!!! Thank you very much in advance Manolis |
 |
 
|
 Feb 13 2007, 04:41 AM
Post
#2
|
|
 Advanced Member Group: Volunteer Security Advisor Posts: 4,076 Joined: 17-July 06 Member No.: 6,745 |
Hello,manolis & Welcome
Start by having a look at the links in the quote box at the bottom of my page then come back here, with an updated Ad-Aware Se logfile and a HijackThis logfile. Gogo 
-------------------- Die Hijacker Die
Member of ALLIANCE OF SECURITY ANALYSIS PROFESSIONALS Since 2004 Warning My killer dog at work. QUOTE |
|
|
|
|
Feb 14 2007, 09:46 PM
Post
#3
|
|
|
Newbie Group: Members Posts: 2 Joined: 12-February 07 Member No.: 21,204 |
Thank you very much Gogo for your help.
Here are the logfiles: Ad-Aware SE Build 1.06r1 Logfile Created on:mardi 13 février 2007 12:54:29 Created with Ad-Aware SE Personal, free for private use. Using definitions file:SE1R151 12.02.2007 »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» References detected during the scan: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» MRU List(TAC index:0):5 total references Tracking Cookie(TAC index:3):2 total references Windows(TAC index:3):2 total references »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Ad-Aware SE Settings =========================== Set : Search for negligible risk entries Set : Safe mode (always request confirmation) Set : Scan active processes Set : Scan registry Set : Deep-scan registry Set : Scan my IE Favorites for banned URLs Set : Scan my Hosts file Extended Ad-Aware SE Settings =========================== Set : Unload recognized processes & modules during scan Set : Scan registry for all users instead of current user only Set : Always try to unload modules before deletion Set : During removal, unload Explorer and IE if necessary Set : Let Windows remove files in use at next reboot Set : Delete quarantined objects after restoring Set : Include basic Ad-Aware settings in log file Set : Include additional Ad-Aware settings in log file Set : Include reference summary in log file Set : Include alternate data stream details in log file Set : Play sound at scan completion if scan locates critical objects 13-02-2007 12:54:29 - Scan started. (Full System Scan) MRU List Object Recognized! Location: : C:\Documents and Settings\MAISON\recent Description : list of recently opened documents MRU List Object Recognized! Location: : software\microsoft\directdraw\mostrecentapplication Description : most recent application to use microsoft directdraw MRU List Object Recognized! Location: : .DEFAULT\software\microsoft\windows media\wmsdk\general Description : windows media sdk MRU List Object Recognized! Location: : S-1-5-18\software\microsoft\windows media\wmsdk\general Description : windows media sdk MRU List Object Recognized! Location: : S-1-5-21-823518204-2146997017-682003330-1004\software\microsoft\windows media\wmsdk\general Description : windows media sdk Listing running processes »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» #:1 [smss.exe] FilePath : \SystemRoot\System32\ ProcessID : 772 ThreadCreationTime : 13-02-2007 11:42:29 BasePriority : Normal #:2 [csrss.exe] FilePath : \??\C:\WINDOWS\system32\ ProcessID : 832 ThreadCreationTime : 13-02-2007 11:42:31 BasePriority : Normal #:3 [winlogon.exe] FilePath : \??\C:\WINDOWS\system32\ ProcessID : 856 ThreadCreationTime : 13-02-2007 11:42:32 BasePriority : High #:4 [services.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 900 ThreadCreationTime : 13-02-2007 11:42:33 BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Système d'exploitation Microsoft® Windows® CompanyName : Microsoft Corporation FileDescription : Applications Services et Contrôleur InternalName : services.exe LegalCopyright : © Microsoft Corporation. Tous droits réservés. OriginalFilename : services.exe #:5 [lsass.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 912 ThreadCreationTime : 13-02-2007 11:42:33 BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : LSA Shell (Export Version) InternalName : lsass.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : lsass.exe #:6 [svchost.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 1056 ThreadCreationTime : 13-02-2007 11:42:33 BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:7 [svchost.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 1112 ThreadCreationTime : 13-02-2007 11:42:34 BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:8 [msmpeng.exe] FilePath : C:\Program Files\Windows Defender\ ProcessID : 1148 ThreadCreationTime : 13-02-2007 11:42:34 BasePriority : Normal FileVersion : 1.1.1593.0 ProductVersion : 1.1.1593.0 ProductName : Windows Defender CompanyName : Microsoft Corporation FileDescription : Service Executable InternalName : MsMpEng.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : MsMpEng.exe #:9 [svchost.exe] FilePath : C:\WINDOWS\System32\ ProcessID : 1192 ThreadCreationTime : 13-02-2007 11:42:34 BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:10 [svchost.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 1236 ThreadCreationTime : 13-02-2007 11:42:34 BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:11 [svchost.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 1316 ThreadCreationTime : 13-02-2007 11:42:34 BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:12 [spoolsv.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 1796 ThreadCreationTime : 13-02-2007 11:42:35 BasePriority : Normal FileVersion : 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519) ProductVersion : 5.1.2600.2696 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Spooler SubSystem App InternalName : spoolsv.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : spoolsv.exe #:13 [avkproxy.exe] FilePath : C:\Program Files\Fichiers communs\G DATA\AVKProxy\ ProcessID : 1900 ThreadCreationTime : 13-02-2007 11:42:35 BasePriority : Normal FileVersion : 1, 2, 5, 0 ProductVersion : 1, 2, 5, 0 ProductName : AVKProxy Module CompanyName : G DATA Software AG FileDescription : G DATA AntiVirus Proxy Service InternalName : AVKProxy LegalCopyright : Copyright 2005-2006 OriginalFilename : AVKProxy.EXE #:14 [avkservice.exe] FilePath : C:\Program Files\AVK InternetSecurity\AVK\ ProcessID : 1912 ThreadCreationTime : 13-02-2007 11:42:36 BasePriority : Normal FileVersion : 1, 0, 1, 5 ProductVersion : 11, 0, 0, 0 ProductName : AVKService Module FileDescription : AVKService Module InternalName : AVKService LegalCopyright : Copyright G DATA Software AG 2001-2003 OriginalFilename : AVKService.EXE #:15 [avkwctl.exe] FilePath : C:\Program Files\AVK InternetSecurity\AVK\ ProcessID : 1936 ThreadCreationTime : 13-02-2007 11:42:36 BasePriority : Normal FileVersion : 21, 0, 0, 9 ProductVersion : 14, 0, 0, 0 ProductName : AVK FileDescription : AVKWCtl Monitor Service InternalName : AVKWCtl OriginalFilename : AVKWCtl.EXE #:16 [wlservice.exe] FilePath : C:\Program Files\Belkin\F5D7051\ ProcessID : 1964 ThreadCreationTime : 13-02-2007 11:42:36 BasePriority : Normal #:17 [wlancfgg.exe] FilePath : C:\Program Files\Belkin\F5D7051\ ProcessID : 1996 ThreadCreationTime : 13-02-2007 11:42:36 BasePriority : Normal FileVersion : 1, 0, 7, 4 ProductVersion : 1, 0, 7, 4 ProductName : Wireless Monitor Application FileDescription : Wireless Monitor Application InternalName : WLanCfg LegalCopyright : Copyright © 2002.08 OriginalFilename : WLanCfg.EXE #:18 [guard.exe] FilePath : C:\Program Files\ewido anti-spyware 4.0\ ProcessID : 2016 ThreadCreationTime : 13-02-2007 11:42:36 BasePriority : Normal FileVersion : 4, 0, 0, 172 ProductVersion : 4, 0, 0, 172 ProductName : ewido anti-spyware CompanyName : Anti-Malware Development a.s. FileDescription : ewido anti-spyware guard InternalName : ewido anti-spywareguard LegalCopyright : Copyright © 2005 Anti-Malware Development a.s. OriginalFilename : guard.exe #:19 [iolosgctrl.exe] FilePath : C:\Program Files\iolo\System Mechanic 6\ ProcessID : 2032 ThreadCreationTime : 13-02-2007 11:42:36 BasePriority : Normal #:20 [nvsvc32.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 208 ThreadCreationTime : 13-02-2007 11:42:37 BasePriority : Normal FileVersion : 6.14.10.4716 ProductVersion : 6.14.10.4716 ProductName : NVIDIA Driver Helper Service, Version 47.16 CompanyName : NVIDIA Corporation FileDescription : NVIDIA Driver Helper Service, Version 47.16 InternalName : NVSVC LegalCopyright : © NVIDIA Corporation. All rights reserved. OriginalFilename : nvsvc32.exe #:21 [sdhelp.exe] FilePath : C:\Program Files\Spyware Doctor\ ProcessID : 244 ThreadCreationTime : 13-02-2007 11:42:37 BasePriority : Normal FileVersion : 3.6.0.2026 ProductVersion : 3.6 ProductName : Spyware Doctor CompanyName : PC Tools Research Pty Ltd #:22 [smagent.exe] FilePath : C:\Program Files\Analog Devices\SoundMAX\ ProcessID : 664 ThreadCreationTime : 13-02-2007 11:42:40 BasePriority : Normal FileVersion : 3, 2, 6, 0 ProductVersion : 3, 2, 6, 0 ProductName : SoundMAX service agent CompanyName : Analog Devices, Inc. FileDescription : SoundMAX service agent component InternalName : SMAgent LegalCopyright : Copyright © 2002 OriginalFilename : SMAgent.exe #:23 [svchost.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 812 ThreadCreationTime : 13-02-2007 11:42:40 BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:24 [gdfwsvc.exe] FilePath : C:\Program Files\AVK InternetSecurity\Firewall\ ProcessID : 1524 ThreadCreationTime : 13-02-2007 11:42:41 BasePriority : Normal FileVersion : 1, 0, 2, 0 ProductVersion : 1, 0, 0, 1 FileDescription : G DATA Personal Firewall InternalName : GDFwSvc LegalCopyright : Copyright G DATA Software AG 2004 OriginalFilename : GDFwSvc.EXE #:25 [alg.exe] FilePath : C:\WINDOWS\System32\ ProcessID : 1632 ThreadCreationTime : 13-02-2007 11:42:45 BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Application Layer Gateway Service InternalName : ALG.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : ALG.exe #:26 [wuauclt.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 3064 ThreadCreationTime : 13-02-2007 11:43:26 BasePriority : Normal FileVersion : 5.8.0.2469 built by: lab01_n(wmbla) ProductVersion : 5.8.0.2469 ProductName : Système d'exploitation Microsoft® Windows® CompanyName : Microsoft Corporation FileDescription : Mises à jour automatiques InternalName : wuauclt.exe LegalCopyright : © Microsoft Corporation. Tous droits réservés. OriginalFilename : wuauclt.exe #:27 [explorer.exe] FilePath : C:\WINDOWS\ ProcessID : 3392 ThreadCreationTime : 13-02-2007 11:43:38 BasePriority : Normal FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 6.00.2900.2180 ProductName : Système d'exploitation Microsoft® Windows® CompanyName : Microsoft Corporation FileDescription : Explorateur Windows InternalName : explorer LegalCopyright : © Microsoft Corporation. Tous droits réservés. OriginalFilename : EXPLORER.EXE #:28 [apoint.exe] FilePath : C:\Program Files\Apoint2K\ ProcessID : 3752 ThreadCreationTime : 13-02-2007 11:43:46 BasePriority : Normal FileVersion : 5.3.10.177 ProductVersion : 5.3.10.177 ProductName : Alps Pointing-device Driver CompanyName : Alps Electric Co., Ltd. FileDescription : Alps Pointing-device Driver InternalName : Alps Pointing-device Driver LegalCopyright : Copyright © 1999-2003 Alps Electric Co., Ltd. OriginalFilename : Apoint.exe #:29 [agrsmmsg.exe] FilePath : C:\WINDOWS\ ProcessID : 3860 ThreadCreationTime : 13-02-2007 11:43:47 BasePriority : Normal FileVersion : 2.1.36 2.1.36 11/19/2003 15:41:01 ProductVersion : 2.1.36 2.1.36 11/19/2003 15:41:01 ProductName : Agere SoftModem Messaging Applet CompanyName : Agere Systems FileDescription : SoftModem Messaging Applet InternalName : smdmstat.exe LegalCopyright : Copyright © Agere Systems 1998-2000 OriginalFilename : smdmstat.exe #:30 [wuauclt.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 4060 ThreadCreationTime : 13-02-2007 11:43:50 BasePriority : Normal FileVersion : 5.8.0.2469 built by: lab01_n(wmbla) ProductVersion : 5.8.0.2469 ProductName : Système d'exploitation Microsoft® Windows® CompanyName : Microsoft Corporation FileDescription : Mises à jour automatiques InternalName : wuauclt.exe LegalCopyright : © Microsoft Corporation. Tous droits réservés. OriginalFilename : wuauclt.exe #:31 [eabservr.exe] FilePath : C:\Program Files\HPQ\Quick Launch Buttons\ ProcessID : 204 ThreadCreationTime : 13-02-2007 11:43:56 BasePriority : Normal FileVersion : 5, 0, 2, 3 ProductVersion : 5, 0, 2, 3 ProductName : Quick Launch Buttons CompanyName : Hewlett-Packard FileDescription : Quick Launch Buttons InternalName : eabsrvr LegalCopyright : Copyright © 2001-2003 Hewlett-Packard Company OriginalFilename : eabsrvr.exe #:32 [apntex.exe] FilePath : C:\Program Files\Apoint2K\ ProcessID : 500 ThreadCreationTime : 13-02-2007 11:43:58 BasePriority : Normal FileVersion : 5.0.1.15 ProductVersion : 5.0.1.15 ProductName : Alps Pointing-device Driver for Windows NT/2000/XP CompanyName : Alps Electric Co., Ltd. FileDescription : Alps Pointing-device Driver for Windows NT/2000/XP InternalName : Alps Pointing-device Driver for Windows NT/2000/XP LegalCopyright : Copyright © 1998-2003 Alps Electric Co., Ltd. OriginalFilename : ApntEx.exe #:33 [hpwuschd.exe] FilePath : C:\Program Files\Hewlett-Packard\HP Software Update\ ProcessID : 520 ThreadCreationTime : 13-02-2007 11:43:59 BasePriority : Normal #:34 [avktray.exe] FilePath : C:\Program Files\AVK InternetSecurity\AVKTray\ ProcessID : 584 ThreadCreationTime : 13-02-2007 11:43:59 BasePriority : Normal #:35 [systemguardalerter.exe] FilePath : C:\Program Files\iolo\System Mechanic 6\ ProcessID : 700 ThreadCreationTime : 13-02-2007 11:44:01 BasePriority : Normal #:36 [msascui.exe] FilePath : C:\Program Files\Windows Defender\ ProcessID : 764 ThreadCreationTime : 13-02-2007 11:44:02 BasePriority : Normal FileVersion : 1.1.1593.0 ProductVersion : 1.1.1593.0 ProductName : Windows Defender CompanyName : Microsoft Corporation FileDescription : Windows Defender User Interface InternalName : MSASCUI LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : MSASCUI.exe #:37 [smsystemanalyzer.exe] FilePath : C:\Program Files\iolo\System Mechanic 6\ ProcessID : 1364 ThreadCreationTime : 13-02-2007 11:44:06 BasePriority : Normal #:38 [vistastartmenu.exe] FilePath : C:\Program Files\Vista Start Menu\ ProcessID : 1292 ThreadCreationTime : 13-02-2007 11:44:08 BasePriority : Normal FileVersion : 2.1.0.0 ProductVersion : 2.1 ProductName : Vista Start menu CompanyName : OrdinarySoft FileDescription : Vista Start Menu program LegalCopyright : OrdinarySoft #:39 [msnmsgr.exe] FilePath : C:\Program Files\MSN Messenger\ ProcessID : 1616 ThreadCreationTime : 13-02-2007 11:44:09 BasePriority : Normal FileVersion : 8.1.0178.00 ProductVersion : 8.1.0178 ProductName : Messenger CompanyName : Microsoft Corporation FileDescription : Messenger InternalName : msnmsgr.exe LegalCopyright : Copyright © Microsoft Corporation. All rights reserved. OriginalFilename : msnmsgr.exe #:40 [ctfmon.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 1644 ThreadCreationTime : 13-02-2007 11:44:09 BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : CTF Loader InternalName : CTFMON LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : CTFMON.EXE #:41 [gdfirewalltray.exe] FilePath : C:\Program Files\AVK InternetSecurity\Firewall\ ProcessID : 2148 ThreadCreationTime : 13-02-2007 11:44:17 BasePriority : Normal FileVersion : 1, 0, 0, 8 ProductVersion : 1, 0, 0, 1 FileDescription : G DATA Personal Firewall InternalName : GDFirewallTray LegalCopyright : Copyright G DATA Software AG 2004 #:42 [cnab4rpk.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 2216 ThreadCreationTime : 13-02-2007 11:44:19 BasePriority : Normal #:43 [usnsvc.exe] FilePath : C:\Program Files\MSN Messenger\ ProcessID : 1468 ThreadCreationTime : 13-02-2007 11:45:27 BasePriority : Normal FileVersion : 8.1.0178.00 ProductVersion : 8.1.0178 ProductName : Messenger CompanyName : Microsoft Corporation FileDescription : Messenger Sharing USN Journal Reader Service InternalName : usnsvc.exe LegalCopyright : Copyright © Microsoft Corporation. All rights reserved. OriginalFilename : usnsvc.exe #:44 [iexplore.exe] FilePath : C:\Program Files\Internet Explorer\ ProcessID : 2496 ThreadCreationTime : 13-02-2007 11:47:47 BasePriority : Normal FileVersion : 7.00.5730.11 (winmain(wmbla).061017-1135) ProductVersion : 7.00.5730.11 ProductName : Windows® Internet Explorer CompanyName : Microsoft Corporation FileDescription : Internet Explorer InternalName : iexplore LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : IEXPLORE.EXE #:45 [ad-aware.exe] FilePath : C:\Program Files\Lavasoft\Ad-Aware SE Personal\ ProcessID : 1212 ThreadCreationTime : 13-02-2007 11:53:22 BasePriority : Normal FileVersion : 6.2.0.236 ProductVersion : SE 106 ProductName : Lavasoft Ad-Aware SE CompanyName : Lavasoft Sweden FileDescription : Ad-Aware SE Core application InternalName : Ad-Aware.exe LegalCopyright : Copyright © Lavasoft AB Sweden OriginalFilename : Ad-Aware.exe Comments : All Rights Reserved Memory scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 5 Started registry scan »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Windows Object Recognized! Type : RegData Data : notepad.exe %1 TAC Rating : 3 Category : Vulnerability Comment : Rootkey : HKEY_CLASSES_ROOT Object : regfile\shell\open\command Value : Data : notepad.exe %1 Windows Object Recognized! Type : RegData Data : notepad.exe %1 TAC Rating : 3 Category : Vulnerability Comment : Rootkey : HKEY_CLASSES_ROOT Object : scrfile\shell\open\command Value : Data : notepad.exe %1 Registry Scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 2 Objects found so far: 7 Started deep registry scan »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Deep registry scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 7 Started Tracking Cookie scan »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Tracking Cookie Object Recognized! Type : IECache Entry Data : maison@www.smartadserver[1].txt TAC Rating : 3 Category : Data Miner Comment : Hits:1 Value : Cookie:maison@www.smartadserver.com/ Expires : 27-11-2010 LastSync : Hits:1 UseCount : 0 Hits : 1 Tracking Cookie Object Recognized! Type : IECache Entry Data : maison@atdmt[1].txt TAC Rating : 3 Category : Data Miner Comment : Hits:1 Value : Cookie:maison@atdmt.com/ Expires : 12-02-2012 01:00:00 LastSync : Hits:1 UseCount : 0 Hits : 1 Tracking cookie scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 2 Objects found so far: 9 Deep scanning and examining files (C:) »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Disk Scan Result for C:\ »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 9 Scanning Hosts file...... Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts". »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Hosts file scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» 1 entries scanned. New critical objects:0 Objects found so far: 9 Performing conditional scans... »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Conditional scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 9 13:11:38 Scan Complete Summary Of This Scan »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Total scanning time:00:17:09.656 Objects scanned:131022 Objects identified:4 Objects ignored:0 New critical objects:4 L ogfile of HijackThis v1.99.1 Scan saved at 21:43:04, on 14/02/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.5730.0011) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Fichiers communs\G DATA\AVKProxy\AVKProxy.exe C:\Program Files\AVK InternetSecurity\AVK\AVKService.exe C:\Program Files\AVK InternetSecurity\AVK\AVKWCtl.exe C:\Program Files\Belkin\F5D7051\WLService.exe C:\Program Files\Belkin\F5D7051\WLanCfgG.exe C:\Program Files\ewido anti-spyware 4.0\guard.exe C:\Program Files\iolo\System Mechanic 6\IoloSGCtrl.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Spyware Doctor\sdhelp.exe C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\AVK InternetSecurity\Firewall\GDFwSvc.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\system32\CNAB4RPK.EXE C:\WINDOWS\Explorer.EXE C:\Program Files\Apoint2K\Apoint.exe C:\WINDOWS\AGRSMMSG.exe C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe C:\Program Files\AVK InternetSecurity\AVKTray\AVKTray.exe C:\Program Files\iolo\System Mechanic 6\SystemGuardAlerter.exe C:\Program Files\Apoint2K\Apntex.exe C:\Program Files\iolo\System Mechanic 6\SMSystemAnalyzer.exe C:\Program Files\Vista Start Menu\VistaStartMenu.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\AVK InternetSecurity\Firewall\GDFirewallTray.exe C:\Program Files\MSN Messenger\usnsvc.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\WINDOWS\system32\NOTEPAD.EXE C:\DOCUME~1\MAISON\LOCALS~1\Temp\Répertoire temporaire 1 pour hijackthis.zip\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...o&pf=laptop R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: G DATA WebFilter Class - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Program Files\AVK InternetSecurity\Webfilter\AvkWebIE.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll O3 - Toolbar: G DATA WebFilter - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Program Files\AVK InternetSecurity\Webfilter\AvkWebIE.dll O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [HP Software Update] "c:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe" O4 - HKLM\..\Run: [AVKTray] "C:\Program Files\AVK InternetSecurity\AVKTray\AVKTray.exe" O4 - HKLM\..\Run: [SystemGuardAlerter] SystemGuardAlerter.exe O4 - HKLM\..\Run: [zhdpvimsec] c:\windows\system32\zhdpvimsec.exe zhdpvimsec O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKCU\..\Run: [SMSystemAnalyzer] "C:\Program Files\iolo\System Mechanic 6\SMSystemAnalyzer.exe" O4 - HKCU\..\Run: [VistaStartMenu] "C:\Program Files\Vista Start Menu\VistaStartMenu.exe" O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - Global Startup: G DATA Firewall Tray.lnk = ? O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O11 - Options group: [INTERNATIONAL] International* O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1159898521781 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1169392929515 O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game07.zylom.servicesalacarte.orang...gamesplayer.cab O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL O23 - Service: AVKProxy - G DATA Software AG - C:\Program Files\Fichiers communs\G DATA\AVKProxy\AVKProxy.exe O23 - Service: AVK Service (AVKService) - Unknown owner - C:\Program Files\AVK InternetSecurity\AVK\AVKService.exe O23 - Service: Gardien d'AVK (AVKWCtl) - Unknown owner - C:\Program Files\AVK InternetSecurity\AVK\AVKWCtl.exe O23 - Service: Belkin High-Speed Mode Wireless G USB Driver (Belkin High-Speed Mode Wireless G USB Network Adapter Service) - Unknown owner - C:\Program Files\Belkin\F5D7051\WLService.exe O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe O23 - Service: Pare-feu personnel G DATA (GDFwSvc) - Unknown owner - C:\Program Files\AVK InternetSecurity\Firewall\GDFwSvc.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe O23 - Service: iolo System Guard (IOLO_SRV) - Unknown owner - C:\Program Files\iolo\System Mechanic 6\IoloSGCtrl.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe Best regards Manolis QUOTE(HJThis @ Feb 13 2007, 04:41 AM)  Hello,manolis & Welcome
Start by having a look at the links in the quote box at the bottom of my page then come back here, with an updated Ad-Aware Se logfile and a HijackThis logfile. Gogo |
|
|
|
|
Feb 19 2007, 01:49 AM
Post
#4
|
|
|
Advanced Member Group: Members Posts: 1,372 Joined: 10-August 06 Member No.: 9,088 |
submit
c:\windows\system32\zhdpvimsec.exe to http://www.virustotal.com/en/indexx.html and post the results here. |
|
|
|
|
1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)
0 Members:
|
Lo-Fi Version | Time is now: 9th September 2010 - 08:24 AM |
Need Expert Help?
Get Ad-Aware Pro and
- Get immediate support by chat or e-mail
- Direct, in-product access to help 24/7
- Enhance your protection against online threats
or
Premium Services
Get immediate help to solve your computer problems. Just sit back and relax, our security experts can help you.
Use of Lavasoft Premium Services constitutes an acceptance of SupportSpace Terms of Service & Privacy Policy