 Spyware plz help me :( |
Lavasoft Support Forums > Archived Topics > Archives: Resolved/Inactive Topics > Resolved/Inactive General Support Issues  |
  Feb 12 2007, 10:09 PM
Post
#1
|
|
|
Newbie  Group: Members Posts: 2 Joined: 12-February 07 Member No.: 21,204  |
Hello,
My computer is infected with spyware. I ran spywaredoctor and it detected 3 types of spyware: winfixer, instant access, trojan.mailskinner. I would really appreciate if somebody could help me for it drives me crazy!!! Thank you very much in advance Manolis |
 |
 
|
 Feb 13 2007, 04:41 AM
Post
#2
|
|
 Advanced Member Group: Volunteer Security Advisor Posts: 4,076 Joined: 17-July 06 Member No.: 6,745 |
Hello,manolis & Welcome
Start by having a look at the links in the quote box at the bottom of my page then come back here, with an updated Ad-Aware Se logfile and a HijackThis logfile. Gogo 
-------------------- Die Hijacker Die
Member of ALLIANCE OF SECURITY ANALYSIS PROFESSIONALS Since 2004 Warning My killer dog at work. QUOTE |
|
|
|
|
Feb 14 2007, 09:46 PM
Post
#3
|
|
|
Newbie Group: Members Posts: 2 Joined: 12-February 07 Member No.: 21,204 |
Thank you very much Gogo for your help.
Here are the logfiles: Ad-Aware SE Build 1.06r1 Logfile Created on:mardi 13 février 2007 12:54:29 Created with Ad-Aware SE Personal, free for private use. Using definitions file:SE1R151 12.02.2007 »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» References detected during the scan: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» MRU List(TAC index:0):5 total references Tracking Cookie(TAC index:3):2 total references Windows(TAC index:3):2 total references »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Ad-Aware SE Settings =========================== Set : Search for negligible risk entries Set : Safe mode (always request confirmation) Set : Scan active processes Set : Scan registry Set : Deep-scan registry Set : Scan my IE Favorites for banned URLs Set : Scan my Hosts file Extended Ad-Aware SE Settings =========================== Set : Unload recognized processes & modules during scan Set : Scan registry for all users instead of current user only Set : Always try to unload modules before deletion Set : During removal, unload Explorer and IE if necessary Set : Let Windows remove files in use at next reboot Set : Delete quarantined objects after restoring Set : Include basic Ad-Aware settings in log file Set : Include additional Ad-Aware settings in log file Set : Include reference summary in log file Set : Include alternate data stream details in log file Set : Play sound at scan completion if scan locates critical objects 13-02-2007 12:54:29 - Scan started. (Full System Scan) MRU List Object Recognized! Location: : C:\Documents and Settings\MAISON\recent Description : list of recently opened documents MRU List Object Recognized! Location: : software\microsoft\directdraw\mostrecentapplication Description : most recent application to use microsoft directdraw MRU List Object Recognized! Location: : .DEFAULT\software\microsoft\windows media\wmsdk\general Description : windows media sdk MRU List Object Recognized! Location: : S-1-5-18\software\microsoft\windows media\wmsdk\general Description : windows media sdk MRU List Object Recognized! Location: : S-1-5-21-823518204-2146997017-682003330-1004\software\microsoft\windows media\wmsdk\general Description : windows media sdk Listing running processes »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» #:1 [smss.exe] FilePath : \SystemRoot\System32\ ProcessID : 772 ThreadCreationTime : 13-02-2007 11:42:29 BasePriority : Normal #:2 [csrss.exe] FilePath : \??\C:\WINDOWS\system32\ ProcessID : 832 ThreadCreationTime : 13-02-2007 11:42:31 BasePriority : Normal #:3 [winlogon.exe] FilePath : \??\C:\WINDOWS\system32\ ProcessID : 856 ThreadCreationTime : 13-02-2007 11:42:32 BasePriority : High #:4 [services.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 900 ThreadCreationTime : 13-02-2007 11:42:33 BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Système d'exploitation Microsoft® Windows® CompanyName : Microsoft Corporation FileDescription : Applications Services et Contrôleur InternalName : services.exe LegalCopyright : © Microsoft Corporation. Tous droits réservés. OriginalFilename : services.exe #:5 [lsass.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 912 ThreadCreationTime : 13-02-2007 11:42:33 BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : LSA Shell (Export Version) InternalName : lsass.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : lsass.exe #:6 [svchost.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 1056 ThreadCreationTime : 13-02-2007 11:42:33 BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:7 [svchost.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 1112 ThreadCreationTime : 13-02-2007 11:42:34 BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:8 [msmpeng.exe] FilePath : C:\Program Files\Windows Defender\ ProcessID : 1148 ThreadCreationTime : 13-02-2007 11:42:34 BasePriority : Normal FileVersion : 1.1.1593.0 ProductVersion : 1.1.1593.0 ProductName : Windows Defender CompanyName : Microsoft Corporation FileDescription : Service Executable InternalName : MsMpEng.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : MsMpEng.exe #:9 [svchost.exe] FilePath : C:\WINDOWS\System32\ ProcessID : 1192 ThreadCreationTime : 13-02-2007 11:42:34 BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:10 [svchost.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 1236 ThreadCreationTime : 13-02-2007 11:42:34 BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:11 [svchost.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 1316 ThreadCreationTime : 13-02-2007 11:42:34 BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:12 [spoolsv.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 1796 ThreadCreationTime : 13-02-2007 11:42:35 BasePriority : Normal FileVersion : 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519) ProductVersion : 5.1.2600.2696 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Spooler SubSystem App InternalName : spoolsv.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : spoolsv.exe #:13 [avkproxy.exe] FilePath : C:\Program Files\Fichiers communs\G DATA\AVKProxy\ ProcessID : 1900 ThreadCreationTime : 13-02-2007 11:42:35 BasePriority : Normal FileVersion : 1, 2, 5, 0 ProductVersion : 1, 2, 5, 0 ProductName : AVKProxy Module CompanyName : G DATA Software AG FileDescription : G DATA AntiVirus Proxy Service InternalName : AVKProxy LegalCopyright : Copyright 2005-2006 OriginalFilename : AVKProxy.EXE #:14 [avkservice.exe] FilePath : C:\Program Files\AVK InternetSecurity\AVK\ ProcessID : 1912 ThreadCreationTime : 13-02-2007 11:42:36 BasePriority : Normal FileVersion : 1, 0, 1, 5 ProductVersion : 11, 0, 0, 0 ProductName : AVKService Module FileDescription : AVKService Module InternalName : AVKService LegalCopyright : Copyright G DATA Software AG 2001-2003 OriginalFilename : AVKService.EXE #:15 [avkwctl.exe] FilePath : C:\Program Files\AVK InternetSecurity\AVK\ ProcessID : 1936 ThreadCreationTime : 13-02-2007 11:42:36 BasePriority : Normal FileVersion : 21, 0, 0, 9 ProductVersion : 14, 0, 0, 0 ProductName : AVK FileDescription : AVKWCtl Monitor Service InternalName : AVKWCtl OriginalFilename : AVKWCtl.EXE #:16 [wlservice.exe] FilePath : C:\Program Files\Belkin\F5D7051\ ProcessID : 1964 ThreadCreationTime : 13-02-2007 11:42:36 BasePriority : Normal #:17 [wlancfgg.exe] FilePath : C:\Program Files\Belkin\F5D7051\ ProcessID : 1996 ThreadCreationTime : 13-02-2007 11:42:36 BasePriority : Normal FileVersion : 1, 0, 7, 4 ProductVersion : 1, 0, 7, 4 ProductName : Wireless Monitor Application FileDescription : Wireless Monitor Application InternalName : WLanCfg LegalCopyright : Copyright © 2002.08 OriginalFilename : WLanCfg.EXE #:18 [guard.exe] FilePath : C:\Program Files\ewido anti-spyware 4.0\ ProcessID : 2016 ThreadCreationTime : 13-02-2007 11:42:36 BasePriority : Normal FileVersion : 4, 0, 0, 172 ProductVersion : 4, 0, 0, 172 ProductName : ewido anti-spyware CompanyName : Anti-Malware Development a.s. FileDescription : ewido anti-spyware guard InternalName : ewido anti-spywareguard LegalCopyright : Copyright © 2005 Anti-Malware Development a.s. OriginalFilename : guard.exe #:19 [iolosgctrl.exe] FilePath : C:\Program Files\iolo\System Mechanic 6\ ProcessID : 2032 ThreadCreationTime : 13-02-2007 11:42:36 BasePriority : Normal #:20 [nvsvc32.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 208 ThreadCreationTime : 13-02-2007 11:42:37 BasePriority : Normal FileVersion : 6.14.10.4716 ProductVersion : 6.14.10.4716 ProductName : NVIDIA Driver Helper Service, Version 47.16 CompanyName : NVIDIA Corporation FileDescription : NVIDIA Driver Helper Service, Version 47.16 InternalName : NVSVC LegalCopyright : © NVIDIA Corporation. All rights reserved. OriginalFilename : nvsvc32.exe #:21 [sdhelp.exe] FilePath : C:\Program Files\Spyware Doctor\ ProcessID : 244 ThreadCreationTime : 13-02-2007 11:42:37 BasePriority : Normal FileVersion : 3.6.0.2026 ProductVersion : 3.6 ProductName : Spyware Doctor CompanyName : PC Tools Research Pty Ltd #:22 [smagent.exe] FilePath : C:\Program Files\Analog Devices\SoundMAX\ ProcessID : 664 ThreadCreationTime : 13-02-2007 11:42:40 BasePriority : Normal FileVersion : 3, 2, 6, 0 ProductVersion : 3, 2, 6, 0 ProductName : SoundMAX service agent CompanyName : Analog Devices, Inc. FileDescription : SoundMAX service agent component InternalName : SMAgent LegalCopyright : Copyright © 2002 OriginalFilename : SMAgent.exe #:23 [svchost.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 812 ThreadCreationTime : 13-02-2007 11:42:40 BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:24 [gdfwsvc.exe] FilePath : C:\Program Files\AVK InternetSecurity\Firewall\ ProcessID : 1524 ThreadCreationTime : 13-02-2007 11:42:41 BasePriority : Normal FileVersion : 1, 0, 2, 0 ProductVersion : 1, 0, 0, 1 FileDescription : G DATA Personal Firewall InternalName : GDFwSvc LegalCopyright : Copyright G DATA Software AG 2004 OriginalFilename : GDFwSvc.EXE #:25 [alg.exe] FilePath : C:\WINDOWS\System32\ ProcessID : 1632 ThreadCreationTime : 13-02-2007 11:42:45 BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Application Layer Gateway Service InternalName : ALG.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : ALG.exe #:26 [wuauclt.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 3064 ThreadCreationTime : 13-02-2007 11:43:26 BasePriority : Normal FileVersion : 5.8.0.2469 built by: lab01_n(wmbla) ProductVersion : 5.8.0.2469 ProductName : Système d'exploitation Microsoft® Windows® CompanyName : Microsoft Corporation FileDescription : Mises à jour automatiques InternalName : wuauclt.exe LegalCopyright : © Microsoft Corporation. Tous droits réservés. OriginalFilename : wuauclt.exe #:27 [explorer.exe] FilePath : C:\WINDOWS\ ProcessID : 3392 ThreadCreationTime : 13-02-2007 11:43:38 BasePriority : Normal FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 6.00.2900.2180 ProductName : Système d'exploitation Microsoft® Windows® CompanyName : Microsoft Corporation FileDescription : Explorateur Windows InternalName : explorer LegalCopyright : © Microsoft Corporation. Tous droits réservés. OriginalFilename : EXPLORER.EXE #:28 [apoint.exe] FilePath : C:\Program Files\Apoint2K\ ProcessID : 3752 ThreadCreationTime : 13-02-2007 11:43:46 BasePriority : Normal FileVersion : 5.3.10.177 ProductVersion : 5.3.10.177 ProductName : Alps Pointing-device Driver CompanyName : Alps Electric Co., Ltd. FileDescription : Alps Pointing-device Driver InternalName : Alps Pointing-device Driver LegalCopyright : Copyright © 1999-2003 Alps Electric Co., Ltd. OriginalFilename : Apoint.exe #:29 [agrsmmsg.exe] FilePath : C:\WINDOWS\ ProcessID : 3860 ThreadCreationTime : 13-02-2007 11:43:47 BasePriority : Normal FileVersion : 2.1.36 2.1.36 11/19/2003 15:41:01 ProductVersion : 2.1.36 2.1.36 11/19/2003 15:41:01 ProductName : Agere SoftModem Messaging Applet CompanyName : Agere Systems FileDescription : SoftModem Messaging Applet InternalName : smdmstat.exe LegalCopyright : Copyright © Agere Systems 1998-2000 OriginalFilename : smdmstat.exe #:30 [wuauclt.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 4060 ThreadCreationTime : 13-02-2007 11:43:50 BasePriority : Normal FileVersion : 5.8.0.2469 built by: lab01_n(wmbla) ProductVersion : 5.8.0.2469 ProductName : Système d'exploitation Microsoft® Windows® CompanyName : Microsoft Corporation FileDescription : Mises à jour automatiques InternalName : wuauclt.exe LegalCopyright : © Microsoft Corporation. Tous droits réservés. OriginalFilename : wuauclt.exe #:31 [eabservr.exe] FilePath : C:\Program Files\HPQ\Quick Launch Buttons\ ProcessID : 204 ThreadCreationTime : 13-02-2007 11:43:56 BasePriority : Normal FileVersion : 5, 0, 2, 3 ProductVersion : 5, 0, 2, 3 ProductName : Quick Launch Buttons CompanyName : Hewlett-Packard FileDescription : Quick Launch Buttons InternalName : eabsrvr LegalCopyright : Copyright © 2001-2003 Hewlett-Packard Company OriginalFilename : eabsrvr.exe #:32 [apntex.exe] FilePath : C:\Program Files\Apoint2K\ ProcessID : 500 ThreadCreationTime : 13-02-2007 11:43:58 BasePriority : Normal FileVersion : 5.0.1.15 ProductVersion : 5.0.1.15 ProductName : Alps Pointing-device Driver for Windows NT/2000/XP CompanyName : Alps Electric Co., Ltd. FileDescription : Alps Pointing-device Driver for Windows NT/2000/XP InternalName : Alps Pointing-device Driver for Windows NT/2000/XP LegalCopyright : Copyright © 1998-2003 Alps Electric Co., Ltd. OriginalFilename : ApntEx.exe #:33 [hpwuschd.exe] FilePath : C:\Program Files\Hewlett-Packard\HP Software Update\ ProcessID : 520 ThreadCreationTime : 13-02-2007 11:43:59 BasePriority : Normal #:34 [avktray.exe] FilePath : C:\Program Files\AVK InternetSecurity\AVKTray\ ProcessID : 584 ThreadCreationTime : 13-02-2007 11:43:59 BasePriority : Normal #:35 [systemguardalerter.exe] FilePath : C:\Program Files\iolo\System Mechanic 6\ ProcessID : 700 ThreadCreationTime : 13-02-2007 11:44:01 BasePriority : Normal #:36 [msascui.exe] FilePath : C:\Program Files\Windows Defender\ ProcessID : 764 ThreadCreationTime : 13-02-2007 11:44:02 BasePriority : Normal FileVersion : 1.1.1593.0 ProductVersion : 1.1.1593.0 ProductName : Windows Defender CompanyName : Microsoft Corporation FileDescription : Windows Defender User Interface InternalName : MSASCUI LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : MSASCUI.exe #:37 [smsystemanalyzer.exe] FilePath : C:\Program Files\iolo\System Mechanic 6\ ProcessID : 1364 ThreadCreationTime : 13-02-2007 11:44:06 BasePriority : Normal #:38 [vistastartmenu.exe] FilePath : C:\Program Files\Vista Start Menu\ ProcessID : 1292 ThreadCreationTime : 13-02-2007 11:44:08 BasePriority : Normal FileVersion : 2.1.0.0 ProductVersion : 2.1 ProductName : Vista Start menu CompanyName : OrdinarySoft FileDescription : Vista Start Menu program LegalCopyright : OrdinarySoft #:39 [msnmsgr.exe] FilePath : C:\Program Files\MSN Messenger\ ProcessID : 1616 ThreadCreationTime : 13-02-2007 11:44:09 BasePriority : Normal FileVersion : 8.1.0178.00 ProductVersion : 8.1.0178 ProductName : Messenger CompanyName : Microsoft Corporation FileDescription : Messenger InternalName : msnmsgr.exe LegalCopyright : Copyright © Microsoft Corporation. All rights reserved. OriginalFilename : msnmsgr.exe #:40 [ctfmon.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 1644 ThreadCreationTime : 13-02-2007 11:44:09 BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : CTF Loader InternalName : CTFMON LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : CTFMON.EXE #:41 [gdfirewalltray.exe] FilePath : C:\Program Files\AVK InternetSecurity\Firewall\ ProcessID : 2148 ThreadCreationTime : 13-02-2007 11:44:17 BasePriority : Normal FileVersion : 1, 0, 0, 8 ProductVersion : 1, 0, 0, 1 FileDescription : G DATA Personal Firewall InternalName : GDFirewallTray LegalCopyright : Copyright G DATA Software AG 2004 #:42 [cnab4rpk.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 2216 ThreadCreationTime : 13-02-2007 11:44:19 BasePriority : Normal #:43 [usnsvc.exe] FilePath : C:\Program Files\MSN Messenger\ ProcessID : 1468 ThreadCreationTime : 13-02-2007 11:45:27 BasePriority : Normal FileVersion : 8.1.0178.00 ProductVersion : 8.1.0178 ProductName : Messenger CompanyName : Microsoft Corporation FileDescription : Messenger Sharing USN Journal Reader Service InternalName : usnsvc.exe LegalCopyright : Copyright © Microsoft Corporation. All rights reserved. OriginalFilename : usnsvc.exe #:44 [iexplore.exe] FilePath : C:\Program Files\Internet Explorer\ ProcessID : 2496 ThreadCreationTime : 13-02-2007 11:47:47 BasePriority : Normal FileVersion : 7.00.5730.11 (winmain(wmbla).061017-1135) ProductVersion : 7.00.5730.11 ProductName : Windows® Internet Explorer CompanyName : Microsoft Corporation FileDescription : Internet Explorer InternalName : iexplore LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : IEXPLORE.EXE #:45 [ad-aware.exe] FilePath : C:\Program Files\Lavasoft\Ad-Aware SE Personal\ ProcessID : 1212 ThreadCreationTime : 13-02-2007 11:53:22 BasePriority : Normal FileVersion : 6.2.0.236 ProductVersion : SE 106 ProductName : Lavasoft Ad-Aware SE CompanyName : Lavasoft Sweden FileDescription : Ad-Aware SE Core application InternalName : Ad-Aware.exe LegalCopyright : Copyright © Lavasoft AB Sweden OriginalFilename : Ad-Aware.exe Comments : All Rights Reserved Memory scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 5 Started registry scan »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Windows Object Recognized! Type : RegData Data : notepad.exe %1 TAC Rating : 3 Category : Vulnerability Comment : Rootkey : HKEY_CLASSES_ROOT Object : regfile\shell\open\command Value : Data : notepad.exe %1 Windows Object Recognized! Type : RegData Data : notepad.exe %1 TAC Rating : 3 Category : Vulnerability Comment : Rootkey : HKEY_CLASSES_ROOT Object : scrfile\shell\open\command Value : Data : notepad.exe %1 Registry Scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 2 Objects found so far: 7 Started deep registry scan »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Deep registry scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 7 Started Tracking Cookie scan »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Tracking Cookie Object Recognized! Type : IECache Entry Data : maison@www.smartadserver[1].txt TAC Rating : 3 Category : Data Miner Comment : Hits:1 Value : Cookie:maison@www.smartadserver.com/ Expires : 27-11-2010 LastSync : Hits:1 UseCount : 0 Hits : 1 Tracking Cookie Object Recognized! Type : IECache Entry Data : maison@atdmt[1].txt TAC Rating : 3 Category : Data Miner Comment : Hits:1 Value : Cookie:maison@atdmt.com/ Expires : 12-02-2012 01:00:00 LastSync : Hits:1 UseCount : 0 Hits : 1 Tracking cookie scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 2 Objects found so far: 9 Deep scanning and examining files (C:) »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Disk Scan Result for C:\ »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 9 Scanning Hosts file...... Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts". »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Hosts file scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» 1 entries scanned. New critical objects:0 Objects found so far: 9 Performing conditional scans... »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Conditional scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 9 13:11:38 Scan Complete Summary Of This Scan »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Total scanning time:00:17:09.656 Objects scanned:131022 Objects identified:4 Objects ignored:0 New critical objects:4 L ogfile of HijackThis v1.99.1 Scan saved at 21:43:04, on 14/02/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.5730.0011) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Fichiers communs\G DATA\AVKProxy\AVKProxy.exe C:\Program Files\AVK InternetSecurity\AVK\AVKService.exe C:\Program Files\AVK InternetSecurity\AVK\AVKWCtl.exe C:\Program Files\Belkin\F5D7051\WLService.exe C:\Program Files\Belkin\F5D7051\WLanCfgG.exe C:\Program Files\ewido anti-spyware 4.0\guard.exe C:\Program Files\iolo\System Mechanic 6\IoloSGCtrl.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Spyware Doctor\sdhelp.exe C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\AVK InternetSecurity\Firewall\GDFwSvc.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\system32\CNAB4RPK.EXE C:\WINDOWS\Explorer.EXE C:\Program Files\Apoint2K\Apoint.exe C:\WINDOWS\AGRSMMSG.exe C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe C:\Program Files\AVK InternetSecurity\AVKTray\AVKTray.exe C:\Program Files\iolo\System Mechanic 6\SystemGuardAlerter.exe C:\Program Files\Apoint2K\Apntex.exe C:\Program Files\iolo\System Mechanic 6\SMSystemAnalyzer.exe C:\Program Files\Vista Start Menu\VistaStartMenu.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\AVK InternetSecurity\Firewall\GDFirewallTray.exe C:\Program Files\MSN Messenger\usnsvc.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\WINDOWS\system32\NOTEPAD.EXE C:\DOCUME~1\MAISON\LOCALS~1\Temp\Répertoire temporaire 1 pour hijackthis.zip\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...o&pf=laptop R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: G DATA WebFilter Class - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Program Files\AVK InternetSecurity\Webfilter\AvkWebIE.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll O3 - Toolbar: G DATA WebFilter - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Program Files\AVK InternetSecurity\Webfilter\AvkWebIE.dll O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [HP Software Update] "c:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe" O4 - HKLM\..\Run: [AVKTray] "C:\Program Files\AVK InternetSecurity\AVKTray\AVKTray.exe" O4 - HKLM\..\Run: [SystemGuardAlerter] SystemGuardAlerter.exe O4 - HKLM\..\Run: [zhdpvimsec] c:\windows\system32\zhdpvimsec.exe zhdpvimsec O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKCU\..\Run: [SMSystemAnalyzer] "C:\Program Files\iolo\System Mechanic 6\SMSystemAnalyzer.exe" O4 - HKCU\..\Run: [VistaStartMenu] "C:\Program Files\Vista Start Menu\VistaStartMenu.exe" O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - Global Startup: G DATA Firewall Tray.lnk = ? O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O11 - Options group: [INTERNATIONAL] International* O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1159898521781 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1169392929515 O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game07.zylom.servicesalacarte.orang...gamesplayer.cab O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL O23 - Service: AVKProxy - G DATA Software AG - C:\Program Files\Fichiers communs\G DATA\AVKProxy\AVKProxy.exe O23 - Service: AVK Service (AVKService) - Unknown owner - C:\Program Files\AVK InternetSecurity\AVK\AVKService.exe O23 - Service: Gardien d'AVK (AVKWCtl) - Unknown owner - C:\Program Files\AVK InternetSecurity\AVK\AVKWCtl.exe O23 - Service: Belkin High-Speed Mode Wireless G USB Driver (Belkin High-Speed Mode Wireless G USB Network Adapter Service) - Unknown owner - C:\Program Files\Belkin\F5D7051\WLService.exe O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe O23 - Service: Pare-feu personnel G DATA (GDFwSvc) - Unknown owner - C:\Program Files\AVK InternetSecurity\Firewall\GDFwSvc.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe O23 - Service: iolo System Guard (IOLO_SRV) - Unknown owner - C:\Program Files\iolo\System Mechanic 6\IoloSGCtrl.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe Best regards Manolis QUOTE(HJThis @ Feb 13 2007, 04:41 AM)  Hello,manolis & Welcome
Start by having a look at the links in the quote box at the bottom of my page then come back here, with an updated Ad-Aware Se logfile and a HijackThis logfile. Gogo |
|
|
|
|
Feb 19 2007, 01:49 AM
Post
#4
|
|
|
Advanced Member Group: Members Posts: 1,372 Joined: 10-August 06 Member No.: 9,088 |
submit
c:\windows\system32\zhdpvimsec.exe to http://www.virustotal.com/en/indexx.html and post the results here. |
|
|
|
|
1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)
0 Members:
|
Lo-Fi Version | Time is now: 9th February 2010 - 01:41 PM |