Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 93099 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

HijackThis log


  • This topic is locked This topic is locked
9 replies to this topic

#1 Amihavingfunorwat

Amihavingfunorwat

    New Member

  • New Member
  • Pip
  • 6 posts

Posted 22 May 2006 - 10:54 AM

Thanks for your help. :D

Logfile of HijackThis v1.99.1
Scan saved at 12:50:09, on 2006-05-22
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\LEXMAR~1\ACMonitor_X73.exe
C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X73.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Fichiers communs\Ulead Systems\DVD\USISrv.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Fichiers communs\Network Associates\TalkBack\TBMon.exe
C:\defender21.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\Linksys\Wireless-B PCI Adapter\OdHost.exe
C:\Program Files\Linksys\Wireless-B PCI Adapter\WMP11Cfg.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Documents and Settings\Charles Roy\Bureau\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://www.yahoo.com"); (C:\Documents and Settings\Charles Roy\Application Data\Mozilla\Profiles\default\e2hmaudj.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Charles Roy\Application Data\Mozilla\Profiles\default\e2hmaudj.slt\prefs.js)
O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
O4 - HKLM\..\Run: [Lexmark X73 Button Monitor] C:\PROGRA~1\LEXMAR~1\ACMonitor_X73.exe
O4 - HKLM\..\Run: [Lexmark X73 Button Manager] C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X73.exe
O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [USIUDF_Eject_Monitor] C:\Program Files\Fichiers communs\Ulead Systems\DVD\USISrv.exe
O4 - HKLM\..\Run: [Ulead Quick-Drop] "d:\Ulead DVD MovieFactory 4.0 Disc Creator TBYB\Ulead Quick-Drop 1.0\Quick-Drop.exe" WINDOWCALL
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Fichiers communs\Network Associates\TalkBack\TBMon.exe"
O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
O4 - HKLM\..\Run: [defender] C:\\defender21.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Wireless-B Notebook Adapter Utility.lnk = C:\Program Files\Linksys\Wireless-B PCI Adapter\Startup.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Run DAP - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - C:\PROGRA~1\DAP\DAP.EXE
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zon...er.cab31267.cab
O16 - DPF: {32305793-C19A-48E7-AD2F-D87FF7B264A4} (TenebrilSpywareScanner Control) - http://www.tenebril....wareScanner.ocx
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O20 - Winlogon Notify: ModuleUsage - C:\WINDOWS\system32\n84s0ih7e84.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: NICSer_WMP11 - Unknown owner - C:\Program Files\Linksys\Wireless-B PCI Adapter\NICServ.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

    Advertisements

Register to Remove


#2 Siggyx

Siggyx

    SuperHelper

  • Authentic Member
  • PipPipPipPipPipPip
  • 6,776 posts

Posted 22 May 2006 - 11:06 AM

Please download Look2Me-Destroyer.exe to your desktop.
  • Close all windows before continuing.
  • Double-click Look2Me-Destroyer.exe to run it.
  • Put a check next to Run this program as a task .
  • You will receive a message saying Look2Me-Destroyer will close and re-open in approximately 10 seconds. Click OK
  • When Look2Me-Destroyer re-opens, click the Scan for L2M button , your desktop icons will disappear, this is normal.
  • Once it's done scanning, click the Remove L2M button .
  • You will receive a Done Scanning message, click OK .
  • When completed, you will receive this message: Done removing infected files! Look2Me-Destroyer will now shutdown your computer, click OK .
  • Your computer will then shutdown.
  • Turn your computer back on.
  • Please post the contents of C:\Look2Me-Destroyer.txt.
If you receive a message from your firewall about this program accessing the internet please allow it.

If you receive a runtime error '339'. please download MSWINSCK.OCX from the link below and place it in your C:\Windows\System32. Directory
http://www.ascentive...ib/MSWINSCK.OCX


NEXT

Please download the trial version of Ewido Security Suite here:

http://www.ewido.net/en/

Install it, and update the definitions to the newest files.

Next, please reboot your computer in Safe Mode by doing the following:
1) Restart your computer
2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3) Instead of Windows loading as normal, a menu should appear
4) Select the first option, to run Windows in Safe Mode.

Then please run Ewido, and run a full scan. Save the logfile from the scan.

Restart your computer in normal mode and please post a new HijackThis log, as well as the log from the Ewido scan.

#3 Amihavingfunorwat

Amihavingfunorwat

    New Member

  • New Member
  • Pip
  • 6 posts

Posted 22 May 2006 - 12:03 PM

Thanks for the reply.

I already eradicated Look2Me thx to another post. Now i only have to get rid of Command Services.

I'm downloading ewido right now.

Here's the latest Hijack log.

Scan saved at 13:54:48, on 2006-05-22
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\LEXMAR~1\ACMonitor_X73.exe
C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X73.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Fichiers communs\Ulead Systems\DVD\USISrv.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Fichiers communs\Network Associates\TalkBack\TBMon.exe
C:\defender21.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\Linksys\Wireless-B PCI Adapter\OdHost.exe
C:\Program Files\Linksys\Wireless-B PCI Adapter\WMP11Cfg.exe
C:\Documents and Settings\Charles Roy\Bureau\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://www.yahoo.com"); (C:\Documents and Settings\Charles Roy\Application Data\Mozilla\Profiles\default\e2hmaudj.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Charles Roy\Application Data\Mozilla\Profiles\default\e2hmaudj.slt\prefs.js)
O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
O4 - HKLM\..\Run: [Lexmark X73 Button Monitor] C:\PROGRA~1\LEXMAR~1\ACMonitor_X73.exe
O4 - HKLM\..\Run: [Lexmark X73 Button Manager] C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X73.exe
O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [USIUDF_Eject_Monitor] C:\Program Files\Fichiers communs\Ulead Systems\DVD\USISrv.exe
O4 - HKLM\..\Run: [Ulead Quick-Drop] "d:\Ulead DVD MovieFactory 4.0 Disc Creator TBYB\Ulead Quick-Drop 1.0\Quick-Drop.exe" WINDOWCALL
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Fichiers communs\Network Associates\TalkBack\TBMon.exe"
O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
O4 - HKLM\..\Run: [defender] C:\\defender21.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Wireless-B Notebook Adapter Utility.lnk = C:\Program Files\Linksys\Wireless-B PCI Adapter\Startup.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Run DAP - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - C:\PROGRA~1\DAP\DAP.EXE
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zon...er.cab31267.cab
O16 - DPF: {32305793-C19A-48E7-AD2F-D87FF7B264A4} (TenebrilSpywareScanner Control) - http://www.tenebril....wareScanner.ocx
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: NICSer_WMP11 - Unknown owner - C:\Program Files\Linksys\Wireless-B PCI Adapter\NICServ.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

#4 Amihavingfunorwat

Amihavingfunorwat

    New Member

  • New Member
  • Pip
  • 6 posts

Posted 22 May 2006 - 12:06 PM

Here's the log of the Look2Me Destroyer Look2Me-Destroyer V1.0.12 Scanning for infected files..... Scan started at 2006-05-22 13:38:11 Infected! C:\WINDOWS\system32\r08slal71dq.dll Infected! C:\System Volume Information\_restore{0FC18D51-1237-4A93-B469-5F3FE853CF64}\RP250\A0075712.dll Infected! C:\System Volume Information\_restore{0FC18D51-1237-4A93-B469-5F3FE853CF64}\RP250\A0075719.dll Infected! C:\System Volume Information\_restore{0FC18D51-1237-4A93-B469-5F3FE853CF64}\RP250\A0075725.dll Infected! C:\System Volume Information\_restore{0FC18D51-1237-4A93-B469-5F3FE853CF64}\RP250\A0075738.dll Infected! C:\System Volume Information\_restore{0FC18D51-1237-4A93-B469-5F3FE853CF64}\RP251\A0075784.dll Infected! C:\System Volume Information\_restore{0FC18D51-1237-4A93-B469-5F3FE853CF64}\RP251\A0075874.dll Infected! C:\System Volume Information\_restore{0FC18D51-1237-4A93-B469-5F3FE853CF64}\RP251\A0075888.dll Infected! C:\System Volume Information\_restore{0FC18D51-1237-4A93-B469-5F3FE853CF64}\RP251\A0075899.dll Infected! C:\System Volume Information\_restore{0FC18D51-1237-4A93-B469-5F3FE853CF64}\RP251\A0075908.dll Infected! C:\System Volume Information\_restore{0FC18D51-1237-4A93-B469-5F3FE853CF64}\RP251\A0075919.dll Infected! C:\WINDOWS\system32\irpql5751.dll Infected! C:\WINDOWS\system32\r08slal71dq.dll Infected! C:\WINDOWS\system32\guard.tmp Attempting to delete infected files... Attempting to delete: C:\WINDOWS\system32\r08slal71dq.dll C:\WINDOWS\system32\r08slal71dq.dll Deleted successfully! Attempting to delete: C:\System Volume Information\_restore{0FC18D51-1237-4A93-B469-5F3FE853CF64}\RP250\A0075712.dll C:\System Volume Information\_restore{0FC18D51-1237-4A93-B469-5F3FE853CF64}\RP250\A0075712.dll Deleted successfully! Attempting to delete: C:\System Volume Information\_restore{0FC18D51-1237-4A93-B469-5F3FE853CF64}\RP250\A0075719.dll C:\System Volume Information\_restore{0FC18D51-1237-4A93-B469-5F3FE853CF64}\RP250\A0075719.dll Deleted successfully! Attempting to delete: C:\System Volume Information\_restore{0FC18D51-1237-4A93-B469-5F3FE853CF64}\RP250\A0075725.dll C:\System Volume Information\_restore{0FC18D51-1237-4A93-B469-5F3FE853CF64}\RP250\A0075725.dll Deleted successfully! Attempting to delete: C:\System Volume Information\_restore{0FC18D51-1237-4A93-B469-5F3FE853CF64}\RP250\A0075738.dll C:\System Volume Information\_restore{0FC18D51-1237-4A93-B469-5F3FE853CF64}\RP250\A0075738.dll Deleted successfully! Attempting to delete: C:\System Volume Information\_restore{0FC18D51-1237-4A93-B469-5F3FE853CF64}\RP251\A0075784.dll C:\System Volume Information\_restore{0FC18D51-1237-4A93-B469-5F3FE853CF64}\RP251\A0075784.dll Deleted successfully! Attempting to delete: C:\System Volume Information\_restore{0FC18D51-1237-4A93-B469-5F3FE853CF64}\RP251\A0075874.dll C:\System Volume Information\_restore{0FC18D51-1237-4A93-B469-5F3FE853CF64}\RP251\A0075874.dll Deleted successfully! Attempting to delete: C:\System Volume Information\_restore{0FC18D51-1237-4A93-B469-5F3FE853CF64}\RP251\A0075888.dll C:\System Volume Information\_restore{0FC18D51-1237-4A93-B469-5F3FE853CF64}\RP251\A0075888.dll Deleted successfully! Attempting to delete: C:\System Volume Information\_restore{0FC18D51-1237-4A93-B469-5F3FE853CF64}\RP251\A0075899.dll C:\System Volume Information\_restore{0FC18D51-1237-4A93-B469-5F3FE853CF64}\RP251\A0075899.dll Deleted successfully! Attempting to delete: C:\System Volume Information\_restore{0FC18D51-1237-4A93-B469-5F3FE853CF64}\RP251\A0075908.dll C:\System Volume Information\_restore{0FC18D51-1237-4A93-B469-5F3FE853CF64}\RP251\A0075908.dll Deleted successfully! Attempting to delete: C:\System Volume Information\_restore{0FC18D51-1237-4A93-B469-5F3FE853CF64}\RP251\A0075919.dll C:\System Volume Information\_restore{0FC18D51-1237-4A93-B469-5F3FE853CF64}\RP251\A0075919.dll Deleted successfully! Attempting to delete: C:\WINDOWS\system32\irpql5751.dll C:\WINDOWS\system32\irpql5751.dll Deleted successfully! Attempting to delete: C:\WINDOWS\system32\r08slal71dq.dll C:\WINDOWS\system32\r08slal71dq.dll Deleted successfully! Attempting to delete: C:\WINDOWS\system32\guard.tmp C:\WINDOWS\system32\guard.tmp Deleted successfully! Making registry repairs. Removing: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\CSCSettings Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{CDB6E186-E228-489E-BFFB-78C6BC76624C}" HKCR\Clsid\{CDB6E186-E228-489E-BFFB-78C6BC76624C} Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{4EB499FB-0E5D-462A-B1E0-B7558B1591B4}" HKCR\Clsid\{4EB499FB-0E5D-462A-B1E0-B7558B1591B4} Restoring Windows certificates. Replaced hosts file with default windows hosts file Restoring SeDebugPrivilege for Administrateurs - Succeeded

#5 Amihavingfunorwat

Amihavingfunorwat

    New Member

  • New Member
  • Pip
  • 6 posts

Posted 22 May 2006 - 02:02 PM

Here is the ewido log, Control Service still present. --------------------------------------------------------- ewido anti-malware - Rapport de scan --------------------------------------------------------- + Créé le: 15:31:54, 2006-05-22 + Somme de contrôle: E442BFA1 + Résultats du scan: C:\!KillBox\guard.tmp -> Adware.Look2Me : Nettoyer sans sauvegarder C:\Documents and Settings\Camille\Cookies\camille@2o7[1].txt -> TrackingCookie.2o7 : Nettoyer sans sauvegarder C:\Documents and Settings\Camille\Cookies\camille@atdmt[2].txt -> TrackingCookie.Atdmt : Nettoyer sans sauvegarder C:\Documents and Settings\Camille\Cookies\camille@com[1].txt -> TrackingCookie.Com : Nettoyer sans sauvegarder C:\Documents and Settings\Camille\Cookies\camille@doubleclick[1].txt -> TrackingCookie.Doubleclick : Nettoyer sans sauvegarder C:\Documents and Settings\Camille\Cookies\camille@overture[1].txt -> TrackingCookie.Overture : Nettoyer sans sauvegarder C:\Documents and Settings\Camille\Cookies\camille@questionmarket[1].txt -> TrackingCookie.Questionmarket : Nettoyer sans sauvegarder C:\Documents and Settings\Camille\Cookies\camille@serving-sys[2].txt -> TrackingCookie.Serving-sys : Nettoyer sans sauvegarder C:\Documents and Settings\Camille\Cookies\camille@statse.webtrendslive[1].txt -> TrackingCookie.Webtrendslive : Nettoyer sans sauvegarder :mozilla.6:C:\Documents and Settings\Charles Roy\Application Data\Mozilla\Profiles\default\e2hmaudj.slt\cookies.txt -> TrackingCookie.247realmedia : Nettoyer sans sauvegarder :mozilla.7:C:\Documents and Settings\Charles Roy\Application Data\Mozilla\Profiles\default\e2hmaudj.slt\cookies.txt -> TrackingCookie.2o7 : Nettoyer sans sauvegarder :mozilla.8:C:\Documents and Settings\Charles Roy\Application Data\Mozilla\Profiles\default\e2hmaudj.slt\cookies.txt -> TrackingCookie.2o7 : Nettoyer sans sauvegarder :mozilla.9:C:\Documents and Settings\Charles Roy\Application Data\Mozilla\Profiles\default\e2hmaudj.slt\cookies.txt -> TrackingCookie.2o7 : Nettoyer sans sauvegarder :mozilla.10:C:\Documents and Settings\Charles Roy\Application Data\Mozilla\Profiles\default\e2hmaudj.slt\cookies.txt -> TrackingCookie.2o7 : Nettoyer sans sauvegarder :mozilla.14:C:\Documents and Settings\Charles Roy\Application Data\Mozilla\Profiles\default\e2hmaudj.slt\cookies.txt -> TrackingCookie.Pointroll : Nettoyer sans sauvegarder :mozilla.15:C:\Documents and Settings\Charles Roy\Application Data\Mozilla\Profiles\default\e2hmaudj.slt\cookies.txt -> TrackingCookie.Pointroll : Nettoyer sans sauvegarder :mozilla.16:C:\Documents and Settings\Charles Roy\Application Data\Mozilla\Profiles\default\e2hmaudj.slt\cookies.txt -> TrackingCookie.Pointroll : Nettoyer sans sauvegarder :mozilla.26:C:\Documents and Settings\Charles Roy\Application Data\Mozilla\Profiles\default\e2hmaudj.slt\cookies.txt -> TrackingCookie.Falkag : Nettoyer sans sauvegarder :mozilla.33:C:\Documents and Settings\Charles Roy\Application Data\Mozilla\Profiles\default\e2hmaudj.slt\cookies.txt -> TrackingCookie.Burstnet : Nettoyer sans sauvegarder :mozilla.36:C:\Documents and Settings\Charles Roy\Application Data\Mozilla\Profiles\default\e2hmaudj.slt\cookies.txt -> TrackingCookie.Casalemedia : Nettoyer sans sauvegarder :mozilla.37:C:\Documents and Settings\Charles Roy\Application Data\Mozilla\Profiles\default\e2hmaudj.slt\cookies.txt -> TrackingCookie.Centrport : Nettoyer sans sauvegarder :mozilla.38:C:\Documents and Settings\Charles Roy\Application Data\Mozilla\Profiles\default\e2hmaudj.slt\cookies.txt -> TrackingCookie.Com : Nettoyer sans sauvegarder :mozilla.39:C:\Documents and Settings\Charles Roy\Application Data\Mozilla\Profiles\default\e2hmaudj.slt\cookies.txt -> TrackingCookie.Com : Nettoyer sans sauvegarder :mozilla.46:C:\Documents and Settings\Charles Roy\Application Data\Mozilla\Profiles\default\e2hmaudj.slt\cookies.txt -> TrackingCookie.Sexcounter : Nettoyer sans sauvegarder :mozilla.47:C:\Documents and Settings\Charles Roy\Application Data\Mozilla\Profiles\default\e2hmaudj.slt\cookies.txt -> TrackingCookie.Sexcounter : Nettoyer sans sauvegarder :mozilla.51:C:\Documents and Settings\Charles Roy\Application Data\Mozilla\Profiles\default\e2hmaudj.slt\cookies.txt -> TrackingCookie.Ru4 : Nettoyer sans sauvegarder :mozilla.52:C:\Documents and Settings\Charles Roy\Application Data\Mozilla\Profiles\default\e2hmaudj.slt\cookies.txt -> TrackingCookie.Estat : Nettoyer sans sauvegarder :mozilla.89:C:\Documents and Settings\Charles Roy\Application Data\Mozilla\Profiles\default\e2hmaudj.slt\cookies.txt -> TrackingCookie.Overture : Nettoyer sans sauvegarder :mozilla.90:C:\Documents and Settings\Charles Roy\Application Data\Mozilla\Profiles\default\e2hmaudj.slt\cookies.txt -> TrackingCookie.Overture : Nettoyer sans sauvegarder :mozilla.100:C:\Documents and Settings\Charles Roy\Application Data\Mozilla\Profiles\default\e2hmaudj.slt\cookies.txt -> TrackingCookie.Questionmarket : Nettoyer sans sauvegarder :mozilla.104:C:\Documents and Settings\Charles Roy\Application Data\Mozilla\Profiles\default\e2hmaudj.slt\cookies.txt -> TrackingCookie.Revenue : Nettoyer sans sauvegarder :mozilla.107:C:\Documents and Settings\Charles Roy\Application Data\Mozilla\Profiles\default\e2hmaudj.slt\cookies.txt -> TrackingCookie.Spylog : Nettoyer sans sauvegarder :mozilla.110:C:\Documents and Settings\Charles Roy\Application Data\Mozilla\Profiles\default\e2hmaudj.slt\cookies.txt -> TrackingCookie.Statcounter : Nettoyer sans sauvegarder :mozilla.115:C:\Documents and Settings\Charles Roy\Application Data\Mozilla\Profiles\default\e2hmaudj.slt\cookies.txt -> TrackingCookie.Tribalfusion : Nettoyer sans sauvegarder :mozilla.116:C:\Documents and Settings\Charles Roy\Application Data\Mozilla\Profiles\default\e2hmaudj.slt\cookies.txt -> TrackingCookie.Tribalfusion : Nettoyer sans sauvegarder :mozilla.117:C:\Documents and Settings\Charles Roy\Application Data\Mozilla\Profiles\default\e2hmaudj.slt\cookies.txt -> TrackingCookie.Tribalfusion : Nettoyer sans sauvegarder :mozilla.121:C:\Documents and Settings\Charles Roy\Application Data\Mozilla\Profiles\default\e2hmaudj.slt\cookies.txt -> TrackingCookie.Weborama : Nettoyer sans sauvegarder :mozilla.122:C:\Documents and Settings\Charles Roy\Application Data\Mozilla\Profiles\default\e2hmaudj.slt\cookies.txt -> TrackingCookie.Weborama : Nettoyer sans sauvegarder :mozilla.123:C:\Documents and Settings\Charles Roy\Application Data\Mozilla\Profiles\default\e2hmaudj.slt\cookies.txt -> TrackingCookie.Weborama : Nettoyer sans sauvegarder :mozilla.133:C:\Documents and Settings\Charles Roy\Application Data\Mozilla\Profiles\default\e2hmaudj.slt\cookies.txt -> TrackingCookie.Adserver : Nettoyer sans sauvegarder :mozilla.134:C:\Documents and Settings\Charles Roy\Application Data\Mozilla\Profiles\default\e2hmaudj.slt\cookies.txt -> TrackingCookie.Adserver : Nettoyer sans sauvegarder :mozilla.135:C:\Documents and Settings\Charles Roy\Application Data\Mozilla\Profiles\default\e2hmaudj.slt\cookies.txt -> TrackingCookie.Adserver : Nettoyer sans sauvegarder :mozilla.136:C:\Documents and Settings\Charles Roy\Application Data\Mozilla\Profiles\default\e2hmaudj.slt\cookies.txt -> TrackingCookie.Zedo : Nettoyer sans sauvegarder :mozilla.137:C:\Documents and Settings\Charles Roy\Application Data\Mozilla\Profiles\default\e2hmaudj.slt\cookies.txt -> TrackingCookie.Zedo : Nettoyer sans sauvegarder :mozilla.157:C:\Documents and Settings\Charles Roy\Application Data\Mozilla\Profiles\default\e2hmaudj.slt\cookies.txt -> TrackingCookie.Counted : Nettoyer sans sauvegarder :mozilla.158:C:\Documents and Settings\Charles Roy\Application Data\Mozilla\Profiles\default\e2hmaudj.slt\cookies.txt -> TrackingCookie.Enhance : Nettoyer sans sauvegarder :mozilla.168:C:\Documents and Settings\Charles Roy\Application Data\Mozilla\Profiles\default\e2hmaudj.slt\cookies.txt -> TrackingCookie.Comclick : Nettoyer sans sauvegarder :mozilla.169:C:\Documents and Settings\Charles Roy\Application Data\Mozilla\Profiles\default\e2hmaudj.slt\cookies.txt -> TrackingCookie.Comclick : Nettoyer sans sauvegarder :mozilla.170:C:\Documents and Settings\Charles Roy\Application Data\Mozilla\Profiles\default\e2hmaudj.slt\cookies.txt -> TrackingCookie.Comclick : Nettoyer sans sauvegarder :mozilla.171:C:\Documents and Settings\Charles Roy\Application Data\Mozilla\Profiles\default\e2hmaudj.slt\cookies.txt -> TrackingCookie.Comclick : Nettoyer sans sauvegarder :mozilla.186:C:\Documents and Settings\Charles Roy\Application Data\Mozilla\Profiles\default\e2hmaudj.slt\cookies.txt -> TrackingCookie.Liveperson : Nettoyer sans sauvegarder :mozilla.187:C:\Documents and Settings\Charles Roy\Application Data\Mozilla\Profiles\default\e2hmaudj.slt\cookies.txt -> TrackingCookie.Liveperson : Nettoyer sans sauvegarder :mozilla.188:C:\Documents and Settings\Charles Roy\Application Data\Mozilla\Profiles\default\e2hmaudj.slt\cookies.txt -> TrackingCookie.Liveperson : Nettoyer sans sauvegarder :mozilla.189:C:\Documents and Settings\Charles Roy\Application Data\Mozilla\Profiles\default\e2hmaudj.slt\cookies.txt -> TrackingCookie.Liveperson : Nettoyer sans sauvegarder :mozilla.191:C:\Documents and Settings\Charles Roy\Application Data\Mozilla\Profiles\default\e2hmaudj.slt\cookies.txt -> TrackingCookie.Onestat : Nettoyer sans sauvegarder :mozilla.192:C:\Documents and Settings\Charles Roy\Application Data\Mozilla\Profiles\default\e2hmaudj.slt\cookies.txt -> TrackingCookie.Onestat : Nettoyer sans sauvegarder :mozilla.193:C:\Documents and Settings\Charles Roy\Application Data\Mozilla\Profiles\default\e2hmaudj.slt\cookies.txt -> TrackingCookie.Onestat : Nettoyer sans sauvegarder :mozilla.194:C:\Documents and Settings\Charles Roy\Application Data\Mozilla\Profiles\default\e2hmaudj.slt\cookies.txt -> TrackingCookie.Onestat : Nettoyer sans sauvegarder :mozilla.204:C:\Documents and Settings\Charles Roy\Application Data\Mozilla\Profiles\default\e2hmaudj.slt\cookies.txt -> TrackingCookie.Adengage : Nettoyer sans sauvegarder :mozilla.205:C:\Documents and Settings\Charles Roy\Application Data\Mozilla\Profiles\default\e2hmaudj.slt\cookies.txt -> TrackingCookie.Adengage : Nettoyer sans sauvegarder :mozilla.206:C:\Documents and Settings\Charles Roy\Application Data\Mozilla\Profiles\default\e2hmaudj.slt\cookies.txt -> TrackingCookie.Adengage : Nettoyer sans sauvegarder :mozilla.244:C:\Documents and Settings\Charles Roy\Application Data\Mozilla\Profiles\default\e2hmaudj.slt\cookies.txt -> TrackingCookie.Smartadserver : Nettoyer sans sauvegarder :mozilla.245:C:\Documents and Settings\Charles Roy\Application Data\Mozilla\Profiles\default\e2hmaudj.slt\cookies.txt -> TrackingCookie.Smartadserver : Nettoyer sans sauvegarder :mozilla.246:C:\Documents and Settings\Charles Roy\Application Data\Mozilla\Profiles\default\e2hmaudj.slt\cookies.txt -> TrackingCookie.Smartadserver : Nettoyer sans sauvegarder :mozilla.250:C:\Documents and Settings\Charles Roy\Application Data\Mozilla\Profiles\default\e2hmaudj.slt\cookies.txt -> TrackingCookie.Web-stat : Nettoyer sans sauvegarder :mozilla.251:C:\Documents and Settings\Charles Roy\Application Data\Mozilla\Profiles\default\e2hmaudj.slt\cookies.txt -> TrackingCookie.Web-stat : Nettoyer sans sauvegarder C:\Documents and Settings\Charles Roy\Cookies\charles roy@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Nettoyer sans sauvegarder C:\Documents and Settings\Charles Roy\Cookies\charles roy@burstnet[2].txt -> TrackingCookie.Burstnet : Nettoyer sans sauvegarder C:\Documents and Settings\Charles Roy\Cookies\charles roy@c.goclick[2].txt -> TrackingCookie.Goclick : Nettoyer sans sauvegarder C:\Documents and Settings\Charles Roy\Cookies\charles roy@com[1].txt -> TrackingCookie.Com : Nettoyer sans sauvegarder C:\Documents and Settings\Charles Roy\Cookies\charles roy@data2.perf.overture[2].txt -> TrackingCookie.Overture : Nettoyer sans sauvegarder C:\Documents and Settings\Charles Roy\Cookies\charles roy@free.wegcash[2].txt -> TrackingCookie.Wegcash : Nettoyer sans sauvegarder C:\Documents and Settings\Charles Roy\Cookies\charles roy@image.masterstats[1].txt -> TrackingCookie.Masterstats : Nettoyer sans sauvegarder C:\Documents and Settings\Charles Roy\Cookies\charles roy@partygaming.122.2o7[1].txt -> TrackingCookie.2o7 : Nettoyer sans sauvegarder C:\Documents and Settings\Charles Roy\Cookies\charles roy@rotator.adjuggler[1].txt -> TrackingCookie.Adjuggler : Nettoyer sans sauvegarder C:\Documents and Settings\Charles Roy\Cookies\charles roy@tacoda[1].txt -> TrackingCookie.Tacoda : Nettoyer sans sauvegarder C:\Documents and Settings\Charles Roy\Cookies\charles roy@workopolis.122.2o7[1].txt -> TrackingCookie.2o7 : Nettoyer sans sauvegarder C:\Documents and Settings\Charles Roy\Cookies\charles roy@yadro[2].txt -> TrackingCookie.Yadro : Nettoyer sans sauvegarder C:\Documents and Settings\Charles Roy\Local Settings\Temp\Cookies\charles roy@com[1].txt -> TrackingCookie.Com : Nettoyer sans sauvegarder C:\Documents and Settings\Charles Roy\Local Settings\Temp\Cookies\charles roy@cpvfeed[1].txt -> TrackingCookie.Cpvfeed : Nettoyer sans sauvegarder C:\Documents and Settings\Charles Roy\Local Settings\Temp\temp.fr4C34 -> Adware.Look2Me : Nettoyer sans sauvegarder C:\Documents and Settings\Charles Roy\Local Settings\Temporary Internet Files\Content.IE5\8LG5UN4L\MTE3NDI6ODoxNg[1].exe -> Downloader.Small.buy : Nettoyer sans sauvegarder C:\Documents and Settings\Charles Roy\Local Settings\Temporary Internet Files\Content.IE5\DC0FH1S9\Installer[1].exe -> Adware.Look2Me : Nettoyer sans sauvegarder C:\Documents and Settings\Charles Roy\Local Settings\Temporary Internet Files\Content.IE5\GHQVE7GT\bag[1].htm -> Not-A-Virus.Exploit.JS.CVE20051790.j : Nettoyer sans sauvegarder C:\Documents and Settings\Charles Roy\Local Settings\Temporary Internet Files\Content.IE5\I7WVA58Z\243461[1].exe -> Downloader.Small.on : Nettoyer sans sauvegarder C:\Documents and Settings\Charles Roy\Local Settings\Temporary Internet Files\Content.IE5\QL87MD4X\WHCC2[1].exe/whAgent.exe -> Adware.WebHancer : Nettoyer sans sauvegarder C:\Documents and Settings\Charles Roy\Local Settings\Temporary Internet Files\Content.IE5\S1OFSZWN\stub_113_4_0_4_0[1].exe -> Downloader.TSUpdate.o : Nettoyer sans sauvegarder C:\Documents and Settings\Charles Roy\Local Settings\Temporary Internet Files\Content.IE5\SRJ7USX9\SS1001[1].exe -> Dropper.Small.qn : Nettoyer sans sauvegarder C:\Documents and Settings\Charles Roy\Local Settings\Temporary Internet Files\Content.IE5\SZ27I5QL\send_car_int[1].htm -> Not-A-Virus.Exploit.HTML.CodeBaseExec : Nettoyer sans sauvegarder C:\Documents and Settings\Charles Roy\Local Settings\Temporary Internet Files\Content.IE5\ZFHBNT4W\AppWrap[1].exe -> Adware.Zestyfind : Nettoyer sans sauvegarder C:\Documents and Settings\LocalService\Cookies\system@c.goclick[2].txt -> TrackingCookie.Goclick : Nettoyer sans sauvegarder C:\Documents and Settings\Lolo\Cookies\lolo@com[1].txt -> TrackingCookie.Com : Nettoyer sans sauvegarder C:\Program Files\Fichiers communs\zrfq\zrfql.exe -> Downloader.TSUpdate.p : Nettoyer sans sauvegarder C:\Program Files\Fichiers communs\zrfq\zrfqp.exe -> Downloader.TSUpdate.f : Nettoyer sans sauvegarder C:\Program Files\Fox Magic\Mr. Captor 3.32\ghook.dll -> Adware.DigitalNames : Nettoyer sans sauvegarder C:\WINDOWS\SS1001.exe -> Dropper.Small.qn : Nettoyer sans sauvegarder C:\WINDOWS\Temp\bw2.com -> Adware.Zestyfind : Nettoyer sans sauvegarder C:\WINDOWS\Temp\Cookies\charles roy@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Nettoyer sans sauvegarder C:\WINDOWS\Temp\Cookies\charles roy@as-eu.falkag[2].txt -> TrackingCookie.Falkag : Nettoyer sans sauvegarder C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\IJ234NO7\send_ocx_sof[1].htm -> Not-A-Virus.Exploit.HTML.CodeBaseExec : Nettoyer sans sauvegarder C:\WINDOWS\visfx500.exe -> Dropper.Agent.aie : Nettoyer sans sauvegarder :mozilla.6:D:\Transferts\Documents and Settings\Charles\Application Data\Mozilla\Profiles\default\n27auhhl.slt\cookies.txt -> TrackingCookie.Smartadserver : Nettoyer sans sauvegarder -> : Erreur durant le nettoyage :mozilla.11:D:\Transferts\Documents and Settings\Charles\Application Data\Mozilla\Profiles\default\n27auhhl.slt\cookies.txt -> TrackingCookie.Atdmt : Nettoyer sans sauvegarder :mozilla.21:D:\Transferts\Documents and Settings\Charles\Application Data\Mozilla\Profiles\default\n27auhhl.slt\cookies.txt -> TrackingCookie.Smartadserver : Nettoyer sans sauvegarder :mozilla.23:D:\Transferts\Documents and Settings\Charles\Application Data\Mozilla\Profiles\default\n27auhhl.slt\cookies.txt -> TrackingCookie.Centrport : Nettoyer sans sauvegarder :mozilla.24:D:\Transferts\Documents and Settings\Charles\Application Data\Mozilla\Profiles\default\n27auhhl.slt\cookies.txt -> TrackingCookie.Burstnet : Nettoyer sans sauvegarder :mozilla.25:D:\Transferts\Documents and Settings\Charles\Application Data\Mozilla\Profiles\default\n27auhhl.slt\cookies.txt -> TrackingCookie.Advertising : Nettoyer sans sauvegarder :mozilla.26:D:\Transferts\Documents and Settings\Charles\Application Data\Mozilla\Profiles\default\n27auhhl.slt\cookies.txt -> TrackingCookie.Advertising : Nettoyer sans sauvegarder :mozilla.27:D:\Transferts\Documents and Settings\Charles\Application Data\Mozilla\Profiles\default\n27auhhl.slt\cookies.txt -> TrackingCookie.Casalemedia : Nettoyer sans sauvegarder :mozilla.28:D:\Transferts\Documents and Settings\Charles\Application Data\Mozilla\Profiles\default\n27auhhl.slt\cookies.txt -> TrackingCookie.Casalemedia : Nettoyer sans sauvegarder :mozilla.29:D:\Transferts\Documents and Settings\Charles\Application Data\Mozilla\Profiles\default\n27auhhl.slt\cookies.txt -> TrackingCookie.Advertising : Nettoyer sans sauvegarder :mozilla.30:D:\Transferts\Documents and Settings\Charles\Application Data\Mozilla\Profiles\default\n27auhhl.slt\cookies.txt -> TrackingCookie.Advertising : Nettoyer sans sauvegarder :mozilla.31:D:\Transferts\Documents and Settings\Charles\Application Data\Mozilla\Profiles\default\n27auhhl.slt\cookies.txt -> TrackingCookie.Advertising : Nettoyer sans sauvegarder :mozilla.32:D:\Transferts\Documents and Settings\Charles\Application Data\Mozilla\Profiles\default\n27auhhl.slt\cookies.txt -> TrackingCookie.Casalemedia : Nettoyer sans sauvegarder :mozilla.33:D:\Transferts\Documents and Settings\Charles\Application Data\Mozilla\Profiles\default\n27auhhl.slt\cookies.txt -> TrackingCookie.Advertising : Nettoyer sans sauvegarder :mozilla.34:D:\Transferts\Documents and Settings\Charles\Application Data\Mozilla\Profiles\default\n27auhhl.slt\cookies.txt -> TrackingCookie.Advertising : Nettoyer sans sauvegarder :mozilla.35:D:\Transferts\Documents and Settings\Charles\Application Data\Mozilla\Profiles\default\n27auhhl.slt\cookies.txt -> TrackingCookie.Advertising : Nettoyer sans sauvegarder :mozilla.38:D:\Transferts\Documents and Settings\Charles\Application Data\Mozilla\Profiles\default\n27auhhl.slt\cookies.txt -> TrackingCookie.Advertising : Nettoyer sans sauvegarder :mozilla.66:D:\Transferts\Documents and Settings\Charles\Application Data\Mozilla\Profiles\default\n27auhhl.slt\cookies.txt -> TrackingCookie.Fastclick : Nettoyer sans sauvegarder :mozilla.67:D:\Transferts\Documents and Settings\Charles\Application Data\Mozilla\Profiles\default\n27auhhl.slt\cookies.txt -> TrackingCookie.Fastclick : Nettoyer sans sauvegarder :mozilla.68:D:\Transferts\Documents and Settings\Charles\Application Data\Mozilla\Profiles\default\n27auhhl.slt\cookies.txt -> TrackingCookie.Fastclick : Nettoyer sans sauvegarder :mozilla.78:D:\Transferts\Documents and Settings\Charles\Application Data\Mozilla\Profiles\default\n27auhhl.slt\cookies.txt -> TrackingCookie.Liveperson : Nettoyer sans sauvegarder :mozilla.80:D:\Transferts\Documents and Settings\Charles\Application Data\Mozilla\Profiles\default\n27auhhl.slt\cookies.txt -> TrackingCookie.Liveperson : Nettoyer sans sauvegarder :mozilla.82:D:\Transferts\Documents and Settings\Charles\Application Data\Mozilla\Profiles\default\n27auhhl.slt\cookies.txt -> TrackingCookie.Estat : Nettoyer sans sauvegarder :mozilla.84:D:\Transferts\Documents and Settings\Charles\Application Data\Mozilla\Profiles\default\n27auhhl.slt\cookies.txt -> TrackingCookie.Trafficmp : Nettoyer sans sauvegarder :mozilla.85:D:\Transferts\Documents and Settings\Charles\Application Data\Mozilla\Profiles\default\n27auhhl.slt\cookies.txt -> TrackingCookie.Trafficmp : Nettoyer sans sauvegarder :mozilla.86:D:\Transferts\Documents and Settings\Charles\Application Data\Mozilla\Profiles\default\n27auhhl.slt\cookies.txt -> TrackingCookie.Trafficmp : Nettoyer sans sauvegarder :mozilla.87:D:\Transferts\Documents and Settings\Charles\Application Data\Mozilla\Profiles\default\n27auhhl.slt\cookies.txt -> TrackingCookie.Trafficmp : Nettoyer sans sauvegarder :mozilla.88:D:\Transferts\Documents and Settings\Charles\Application Data\Mozilla\Profiles\default\n27auhhl.slt\cookies.txt -> TrackingCookie.Trafficmp : Nettoyer sans sauvegarder :mozilla.89:D:\Transferts\Documents and Settings\Charles\Application Data\Mozilla\Profiles\default\n27auhhl.slt\cookies.txt -> TrackingCookie.Trafficmp : Nettoyer sans sauvegarder :mozilla.97:D:\Transferts\Documents and Settings\Charles\Application Data\Mozilla\Profiles\default\n27auhhl.slt\cookies.txt -> TrackingCookie.Advertising : Nettoyer sans sauvegarder :mozilla.98:D:\Transferts\Documents and Settings\Charles\Application Data\Mozilla\Profiles\default\n27auhhl.slt\cookies.txt -> TrackingCookie.Advertising : Nettoyer sans sauvegarder :mozilla.99:D:\Transferts\Documents and Settings\Charles\Application Data\Mozilla\Profiles\default\n27auhhl.slt\cookies.txt -> TrackingCookie.Doubleclick : Nettoyer sans sauvegarder :mozilla.101:D:\Transferts\Documents and Settings\Charles\Application Data\Mozilla\Profiles\default\n27auhhl.slt\cookies.txt -> TrackingCookie.Advertising : Nettoyer sans sauvegarder :mozilla.103:D:\Transferts\Documents and Settings\Charles\Application Data\Mozilla\Profiles\default\n27auhhl.slt\cookies.txt -> TrackingCookie.Tribalfusion : Nettoyer sans sauvegarder :mozilla.104:D:\Transferts\Documents and Settings\Charles\Application Data\Mozilla\Profiles\default\n27auhhl.slt\cookies.txt -> TrackingCookie.Targetnet : Nettoyer sans sauvegarder :mozilla.105:D:\Transferts\Documents and Settings\Charles\Application Data\Mozilla\Profiles\default\n27auhhl.slt\cookies.txt -> TrackingCookie.Advertising : Nettoyer sans sauvegarder :mozilla.109:D:\Transferts\Documents and Settings\Charles\Application Data\Mozilla\Profiles\default\n27auhhl.slt\cookies.txt -> TrackingCookie.Targetnet : Nettoyer sans sauvegarder :mozilla.110:D:\Transferts\Documents and Settings\Charles\Application Data\Mozilla\Profiles\default\n27auhhl.slt\cookies.txt -> TrackingCookie.Advertising : Nettoyer sans sauvegarder :mozilla.111:D:\Transferts\Documents and Settings\Charles\Application Data\Mozilla\Profiles\default\n27auhhl.slt\cookies.txt -> TrackingCookie.Advertising : Nettoyer sans sauvegarder :mozilla.112:D:\Transferts\Documents and Settings\Charles\Application Data\Mozilla\Profiles\default\n27auhhl.slt\cookies.txt -> TrackingCookie.Gator : Nettoyer sans sauvegarder :mozilla.113:D:\Transferts\Documents and Settings\Charles\Application Data\Mozilla\Profiles\default\n27auhhl.slt\cookies.txt -> TrackingCookie.Advertising : Nettoyer sans sauvegarder :mozilla.115:D:\Transferts\Documents and Settings\Charles\Application Data\Mozilla\Profiles\default\n27auhhl.slt\cookies.txt -> TrackingCookie.247realmedia : Nettoyer sans sauvegarder :mozilla.116:D:\Transferts\Documents and Settings\Charles\Application Data\Mozilla\Profiles\default\n27auhhl.slt\cookies.txt -> TrackingCookie.Mediaplex : Nettoyer sans sauvegarder :mozilla.118:D:\Transferts\Documents and Settings\Charles\Application Data\Mozilla\Profiles\default\n27auhhl.slt\cookies.txt -> TrackingCookie.Bluestreak : Nettoyer sans sauvegarder :mozilla.141:D:\Transferts\Documents and Settings\Charles\Application Data\Mozilla\Profiles\default\n27auhhl.slt\cookies.txt -> TrackingCookie.Falkag : Nettoyer sans sauvegarder :mozilla.154:D:\Transferts\Documents and Settings\Charles\Application Data\Mozilla\Profiles\default\n27auhhl.slt\cookies.txt -> TrackingCookie.Paypopup : Nettoyer sans sauvegarder :mozilla.169:D:\Transferts\Documents and Settings\Charles\Application Data\Mozilla\Profiles\default\n27auhhl.slt\cookies.txt -> TrackingCookie.Xxxtoolbar : Nettoyer sans sauvegarder :mozilla.170:D:\Transferts\Documents and Settings\Charles\Application Data\Mozilla\Profiles\default\n27auhhl.slt\cookies.txt -> TrackingCookie.Xxxtoolbar : Nettoyer sans sauvegarder :mozilla.177:D:\Transferts\Documents and Settings\Charles\Application Data\Mozilla\Profiles\default\n27auhhl.slt\cookies.txt -> TrackingCookie.Hotlog : Nettoyer sans sauvegarder :mozilla.218:D:\Transferts\Documents and Settings\Charles\Application Data\Mozilla\Profiles\default\n27auhhl.slt\cookies.txt -> TrackingCookie.Adtech : Nettoyer sans sauvegarder :mozilla.219:D:\Transferts\Documents and Settings\Charles\Application Data\Mozilla\Profiles\default\n27auhhl.slt\cookies.txt -> TrackingCookie.Adtech : Nettoyer sans sauvegarder ::Fin du rapport

#6 Siggyx

Siggyx

    SuperHelper

  • Authentic Member
  • PipPipPipPipPipPip
  • 6,776 posts

Posted 22 May 2006 - 02:07 PM

Scan with hijackthis and put a check beside this line and choose FIX O4 - HKLM\..\Run: [defender] C:\\defender21.exe Then reboot to safe mode and look for and delete this file if present C:\\defender21.exe Reboot to normal mode and post a new log please.

#7 Amihavingfunorwat

Amihavingfunorwat

    New Member

  • New Member
  • Pip
  • 6 posts

Posted 22 May 2006 - 03:14 PM

Ewido removed defender21. I tried to remove the 3 command service keys using a small .bat file found on another forum, but no luck.

Logfile of HijackThis v1.99.1
Scan saved at 17:04:29, on 2006-05-22
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\LEXMAR~1\ACMonitor_X73.exe
C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X73.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Fichiers communs\Ulead Systems\DVD\USISrv.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Fichiers communs\Network Associates\TalkBack\TBMon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\Linksys\Wireless-B PCI Adapter\OdHost.exe
C:\Program Files\Linksys\Wireless-B PCI Adapter\WMP11Cfg.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Charles Roy\Bureau\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://www.yahoo.com"); (C:\Documents and Settings\Charles Roy\Application Data\Mozilla\Profiles\default\e2hmaudj.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Charles Roy\Application Data\Mozilla\Profiles\default\e2hmaudj.slt\prefs.js)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
O4 - HKLM\..\Run: [Lexmark X73 Button Monitor] C:\PROGRA~1\LEXMAR~1\ACMonitor_X73.exe
O4 - HKLM\..\Run: [Lexmark X73 Button Manager] C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X73.exe
O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [USIUDF_Eject_Monitor] C:\Program Files\Fichiers communs\Ulead Systems\DVD\USISrv.exe
O4 - HKLM\..\Run: [Ulead Quick-Drop] "d:\Ulead DVD MovieFactory 4.0 Disc Creator TBYB\Ulead Quick-Drop 1.0\Quick-Drop.exe" WINDOWCALL
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Fichiers communs\Network Associates\TalkBack\TBMon.exe"
O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Wireless-B Notebook Adapter Utility.lnk = C:\Program Files\Linksys\Wireless-B PCI Adapter\Startup.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Run DAP - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - C:\PROGRA~1\DAP\DAP.EXE
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zon...er.cab31267.cab
O16 - DPF: {32305793-C19A-48E7-AD2F-D87FF7B264A4} (TenebrilSpywareScanner Control) - http://www.tenebril....wareScanner.ocx
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: NICSer_WMP11 - Unknown owner - C:\Program Files\Linksys\Wireless-B PCI Adapter\NICServ.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

#8 Siggyx

Siggyx

    SuperHelper

  • Authentic Member
  • PipPipPipPipPipPip
  • 6,776 posts

Posted 22 May 2006 - 03:32 PM

Please download http://users.telenet...lcmdservice.zip (by Marckie), and save it to your Desktop.
Unzip the content to your Desktop (a folder named delcmdservice)
Double-click on the delcmdservice folder
Double-click on delreg.bat to launch the tool
When the tool has finished, please reboot your computer

#9 Amihavingfunorwat

Amihavingfunorwat

    New Member

  • New Member
  • Pip
  • 6 posts

Posted 22 May 2006 - 03:39 PM

Yup! Got ren-cmdservice.zip at first and got no result, but delcmdservice did it. No more traces of spyware and clean log. Thx!

#10 Siggyx

Siggyx

    SuperHelper

  • Authentic Member
  • PipPipPipPipPipPip
  • 6,776 posts

Posted 22 May 2006 - 04:25 PM

Glad we could be of assistance. This topic is now closed. If you wish it reopened, please send us an email (Click for address) with a link to your thread.

Do not bother contacting us if you are not the topic starter. A valid, working link to the closed topic is required along with the user name used. If the user name does not match the one in the thread linked, the email will be deleted.
Make sure you use proper prevention to keep from having problems occur to your computer in the future.

Coyote's Installed programs for prevention:

http://forums.tomcoy...showtopic=31418

The help you receive here is free. If you wish to show your appreciation, then you may donate to help keep us online.

Visit the CoyoteStore http://TomCoyote.org/coyotestore.php

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users