Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Slow computer and popups [CLOSED]


  • This topic is locked This topic is locked

#1
Discer

Discer

    New Member

  • Member
  • Pip
  • 5 posts
I got this process called: c:\windows\system32\ooibuks.exe .. when i try to close it, it just pops up with an other name.. well, anyway.. The computer is slow working and i got a spam of poppups everytime I'm surfing the web. Please help ?


Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\System32\svchost.exe
c:\windows\system32\ooibuks.exe
C:\Programfiler\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Media Access\MediaAccK.exe
C:\Program Files\Internet Optimizer\optimize.exe
C:\Program Files\Media Access\MediaAccess.exe
C:\Program Files\Hsblaef\Twdzna.exe
C:\Program Files\Internet Optimizer\actalert.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wisptis.exe
C:\Programfiler\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Eier\Skrivebord\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.tiscali.no
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.tiscali.no
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hp.no/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://crackspider.net/ie/assist.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Tiscali Internet Explorer
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://www.online.no/proxy.pac
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=proxy.tiscali.no:8080;https=proxy.tiscali.no:8080;ftp=proxy.tiscali.no:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = ;localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
O2 - BHO: BHObj Class - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - C:\WINDOWS\nem220.dll
O2 - BHO: BHObj Class - {8F4E5661-F99E-4B3E-8D85-0EA71C0748E4} - C:\WINDOWS\wsem303.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Programfiler\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [svaxlf] c:\windows\system32\itfpoh.exe
O4 - HKLM\..\Run: [Media Access] C:\Program Files\Media Access\MediaAccK.exe
O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe"
O4 - HKLM\..\Run: [Vrcabot] C:\Program Files\Hsblaef\Twdzna.exe
O4 - HKLM\..\Run: [bpduhov] c:\windows\system32\ooibuks.exe r
O4 - HKCU\..\Run: [msnmsgr] "C:\Programfiler\MSN Messenger\msnmsgr.exe" /background
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe
O16 - DPF: {11111111-1111-1111-1111-111111111111} - file://c:\info6_s.cab
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} - http://www.icanal.no...es/ExentCtl.ocx
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcaf...514/mcfscan.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AntiVir Update (AVWUpSrv) - Unknown owner - C:\Egen\kkk\AVWUPSRV.EXE (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe
  • 0

Advertisements


#2
Kristy

Kristy

    Visiting Consultant

  • Member
  • PipPipPipPip
  • 1,099 posts
Hello and welcome to Geeks To Go.

Lets start out with some general scans and see if we cant clean things up a little.

+++++ Step 1 +++++

Please run an on-line virus scan at Kaspersky OnLine Scan or if that doesnt work, you can use TrendMicro or BitDefender. (Please post the results of the scan(s) in your next reply)

+++++ Step 2 +++++

Update HiJackThis
  • Open HiJackThis
  • Click Open the Misc Tools Section
  • Click Check for update online
+++++ Step 3 +++++

After that, I will need to see two different logs from HiJackThis. The first is the normal log like you posted here. To get the other one, follow these directions.

Open HijackThis, click Config, click Misc Tools
Click "Open Uninstall Manager"
Click "Save List" (generates uninstall_list.txt)
Click Save, copy and paste the results in your next post.

Post back with those logs and we can continue from there.

If you have recieved help elsewhere or no longer need our assistance, please let us know.

~Kristy
  • 0

#3
Discer

Discer

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
Thank you for helping me.

This is my BitDefender virus scan:

Statistics

Scan path : C:\
Folders : 3873
Files : 242816
Archives : 7429
Packed files : 17300
Identified viruses : 20
Infected files : 24
Warnings : 0
Suspect files : 0
Disinfected files : 0
Deleted files : 1
Copied files : 0
Moved files : 19
Renamed files : 0
I/O errors : 25
Scan time : 00:48:35
Scan speed (files/sec) : 83

Virus definitions : 196476
Scan plugins : 13
Archive plugins : 39
Unpack plugins : 4
Mail plugins : 6
System plugins : 1

Scan options

Detection
[X] Scan boot sectors
[X] Scan archives
[X] Scan packed files
[X] Scan email

File mask
[ ] Programs
[X] All files
[ ] User defined extensions:
[ ] Exclude extensions: ;

Action

Infected objects
[ ] Ignore
[X] Disinfect
[ ] Delete
[ ] Copy to quarantine
[ ] Move to quarantine
[ ] Rename
[ ] Prompt user

Second action
[ ] Ignore
[ ] Delete
[ ] Copy to quarantine
[X] Move to quarantine
[ ] Rename
[ ] Prompt user

Scan options
[X] Enable warnings
[X] Enable heuristics
[ ] Show all files in log
[X] Report file: vscan.log
[ ] Append to existing report

Summary:

C:\Documents and Settings\Eier\Lokale innstillinger\Temp\temp.fr1E58 Infected Trojan.Agent.DB
C:\Documents and Settings\Eier\Lokale innstillinger\Temp\temp.fr1E58 Disinfection failed
C:\Documents and Settings\Eier\Lokale innstillinger\Temp\temp.fr1E58 Moved
C:\Documents and Settings\Eier\Programdata\Microsoft\Internet Explorer\Quick Launch\Snarvei til mirc32.lnk=>D:\Prog\IrcN\SYSTEM\mirc32.exe Infected Trojan.Mirchack.F
C:\Documents and Settings\Eier\Programdata\Microsoft\Internet Explorer\Quick Launch\Snarvei til mirc32.lnk=>D:\Prog\IrcN\SYSTEM\mirc32.exe Disinfection failed
C:\Documents and Settings\Eier\Programdata\Microsoft\Internet Explorer\Quick Launch\Snarvei til mirc32.lnk=>D:\Prog\IrcN\SYSTEM\mirc32.exe Move failed
C:\Documents and Settings\Eier\Programdata\Sun\Java\Deployment\cache\javapi\v1.0\file\SecurityClassLoader.class-7c728-4b86fd38.class Infected Trojan.Downloader.Small.WV
C:\Documents and Settings\Eier\Programdata\Sun\Java\Deployment\cache\javapi\v1.0\file\SecurityClassLoader.class-7c728-4b86fd38.class Disinfection failed
C:\Documents and Settings\Eier\Programdata\Sun\Java\Deployment\cache\javapi\v1.0\file\SecurityClassLoader.class-7c728-4b86fd38.class Moved
C:\Documents and Settings\Eier\Programdata\Sun\Java\Deployment\cache\javapi\v1.0\file\SecurityClassLoader.class-7c728-570a9f49.class Infected Trojan.Downloader.Small.WV
C:\Documents and Settings\Eier\Programdata\Sun\Java\Deployment\cache\javapi\v1.0\file\SecurityClassLoader.class-7c728-570a9f49.class Disinfection failed
C:\Documents and Settings\Eier\Programdata\Sun\Java\Deployment\cache\javapi\v1.0\file\SecurityClassLoader.class-7c728-570a9f49.class Moved
C:\Program Files\Hsblaef\Twdzna.exe Infected Trojan.Small.CY
C:\Program Files\Hsblaef\Twdzna.exe Disinfection failed
C:\Program Files\Hsblaef\Twdzna.exe Moved
C:\Program Files\Internet Optimizer\actalert.exe Infected Trojan.Downloader.Dyfuca.DP
C:\Program Files\Internet Optimizer\actalert.exe Disinfection failed
C:\Program Files\Internet Optimizer\actalert.exe Moved
C:\Program Files\Internet Optimizer\optimize.exe Infected GenPack:Trojan.Downloader.Dyfuca.EI
C:\Program Files\Internet Optimizer\optimize.exe Disinfection failed
C:\Program Files\Internet Optimizer\optimize.exe Moved
C:\Program Files\Internet Optimizer\update\actalert.exe Infected Trojan.Downloader.Dyfuca.DP
C:\Program Files\Internet Optimizer\update\actalert.exe Disinfection failed
C:\Program Files\Internet Optimizer\update\actalert.exe Move failed
C:\Program Files\Internet Optimizer\update\rogue.exe Infected Trojan.Small.CY
C:\Program Files\Internet Optimizer\update\rogue.exe Disinfection failed
C:\Program Files\Internet Optimizer\update\rogue.exe Moved
C:\Program Files\Media Access\MediaAccC.dll Infected Trojan.Winad.L.DLL
C:\Program Files\Media Access\MediaAccC.dll Disinfection failed
C:\Program Files\Media Access\MediaAccC.dll Moved
C:\Program Files\Media Access\MediaAccess.exe Infected Trojan.Delautoexec.51272.A
C:\Program Files\Media Access\MediaAccess.exe Disinfection failed
C:\Program Files\Media Access\MediaAccess.exe Moved
C:\Program Files\Media Access\MediaAccK.exe Infected Trojan.WinAd.18436
C:\Program Files\Media Access\MediaAccK.exe Disinfection failed
C:\Program Files\Media Access\MediaAccK.exe Moved
C:\Program Files\Media Pass\MediaPassC.dll Infected Trojan.WinAd.68608
C:\Program Files\Media Pass\MediaPassC.dll Disinfection failed
C:\Program Files\Media Pass\MediaPassC.dll Moved
C:\Programfiler\Norton SystemWorks\Norton AntiVirus\Quarantine\1AEC5E55.tmp=>(Quarantine-2) Infected Java.Trojan.Downloader.OpenStream.T
C:\Programfiler\Norton SystemWorks\Norton AntiVirus\Quarantine\1AEC5E55.tmp=>(Quarantine-2) Disinfection failed
C:\Programfiler\Norton SystemWorks\Norton AntiVirus\Quarantine\1AEC5E55.tmp Moved
C:\WINDOWS\eSearchBar\eu_Filesubmit_p1.exe Infected Dropped:Trojan.Downloader.Keenval.V
C:\WINDOWS\eSearchBar\eu_Filesubmit_p1.exe Disinfection failed
C:\WINDOWS\eSearchBar\eu_Filesubmit_p1.exe Moved
C:\WINDOWS\ffduvh.exe Infected BehavesLike:Win32.ExplorerHijack
C:\WINDOWS\ffduvh.exe Disinfection failed
C:\WINDOWS\ffduvh.exe Moved
C:\WINDOWS\Nail.exe Infected Adware.Nail.A
C:\WINDOWS\Nail.exe Disinfection failed
C:\WINDOWS\Nail.exe Moved
C:\WINDOWS\nem220.dll Infected Trojan.Downloader.Dyfuca.DD
C:\WINDOWS\nem220.dll Deleted
C:\WINDOWS\svcproc.exe Infected Trojan.Stervis.C
C:\WINDOWS\svcproc.exe Disinfection failed
C:\WINDOWS\svcproc.exe Moved
C:\WINDOWS\system32\dazouqu.exe Infected Trojan.Agent.AY
C:\WINDOWS\system32\dazouqu.exe Disinfection failed
C:\WINDOWS\system32\dazouqu.exe Move failed
C:\WINDOWS\system32\DrPMon.dll Infected Trojan.Agent.DB
C:\WINDOWS\system32\DrPMon.dll Disinfection failed
C:\WINDOWS\system32\DrPMon.dll Moved
C:\WINDOWS\system32\KTKbdHk.dll Infected Trojan.Keylog.Dafunk.B
C:\WINDOWS\system32\KTKbdHk.dll Disinfection failed
C:\WINDOWS\system32\KTKbdHk.dll Moved
C:\WINDOWS\system32\ntsd32.exe=>(NSIS o)=>zlib_nsis0002 Infected Trojan.Clicker.Vb.DN
C:\WINDOWS\system32\ntsd32.exe=>(NSIS o)=>zlib_nsis0002 Disinfection failed
C:\WINDOWS\system32\ntsd32.exe=>(NSIS o)=>zlib_nsis0002 Move failed
C:\WINDOWS\wsem303.dll Infected Trojan.Downloader.Dyfuca.DT
C:\WINDOWS\wsem303.dll Disinfection failed
C:\WINDOWS\wsem303.dll Moved
Scanned files
-----------------------------------------------------

This is my normal HiJackThis LOG:

Logfile of HijackThis v1.99.1
Scan saved at 18:57:19, on 22.07.2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\Programfiler\Fellesfiler\Softwin\BitDefender Communicator\xcommsvr.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.exe
C:\Programfiler\Fellesfiler\Softwin\BitDefender Scan Server\bdss.exe
c:\windows\system32\dazouqu.exe
C:\Programfiler\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Programfiler\QuickTime\qttask.exe
C:\Program Files\Media Access\MediaAccK.exe
C:\Program Files\Media Access\MediaAccess.exe
C:\Program Files\Internet Optimizer\optimize.exe
C:\Programfiler\Softwin\BitDefender Free Edition\bdmcon.exe
C:\Programfiler\MSN Messenger\msnmsgr.exe
C:\Program Files\Internet Optimizer\actalert.exe
C:\Programfiler\Pixoria\Konfabulator\Konfabulator.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Programfiler\Softwin\BitDefender Free Edition\bdlite.exe
C:\Programfiler\Winamp\winamp.exe
D:\Prog\IrcN\SYSTEM\mirc32.exe
C:\Programfiler\Mozilla Firefox\firefox.exe
C:\WINDOWS\notepad.exe
C:\Documents and Settings\Eier\Skrivebord\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.tiscali.no
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.tiscali.no
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hp.no/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://crackspider.net/ie/assist.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Tiscali Internet Explorer
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://www.online.no/proxy.pac
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=proxy.tiscali.no:8080;https=proxy.tiscali.no:8080;ftp=proxy.tiscali.no:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = ;localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
O2 - BHO: BHObj Class - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - C:\WINDOWS\nem220.dll (file missing)
O2 - BHO: BHObj Class - {8F4E5661-F99E-4B3E-8D85-0EA71C0748E4} - C:\WINDOWS\wsem303.dll (file missing)
O4 - HKLM\..\Run: [ATIPTA] C:\Programfiler\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [svaxlf] c:\windows\system32\itfpoh.exe
O4 - HKLM\..\Run: [Media Access] C:\Program Files\Media Access\MediaAccK.exe
O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe"
O4 - HKLM\..\Run: [BDMCon] C:\Programfiler\Softwin\BitDefender Free Edition\\bdmcon.exe
O4 - HKLM\..\Run: [BDNewsAgent] C:\Programfiler\Softwin\BitDefender Free Edition\\bdnagent.exe
O4 - HKLM\..\Run: [hithsc] c:\windows\system32\dazouqu.exe r
O4 - HKCU\..\Run: [msnmsgr] "C:\Programfiler\MSN Messenger\msnmsgr.exe" /background
O4 - Startup: Konfabulator.lnk = C:\Programfiler\Pixoria\Konfabulator\Konfabulator.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.t...all/xscan60.cab
O16 - DPF: {11111111-1111-1111-1111-111111111111} - file://c:\info6_s.cab
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} - http://www.icanal.no...es/ExentCtl.ocx
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcaf...514/mcfscan.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AntiVir Update (AVWUpSrv) - Unknown owner - C:\Egen\kkk\AVWUPSRV.EXE (file missing)
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Programfiler\Fellesfiler\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe (file missing)
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Programfiler\Fellesfiler\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)
-----------------------------

And here are uninstall_list.txt:

Active Alert
Ad-Aware SE Personal
Adobe Acrobat 5.0
Adobe Photoshop 7.0
ATI - Avinstalleringsverktøy for Programvaren
ATI Control Panel
ATI Display Driver
Battlefield 2™
BearShare
BitComet 0.56
BitDefender Free Edition
Codec Pack - All In 1 6.0.2.2
DAEMON Tools
HijackThis 1.99.1
Indeo® Software
Intel® 82845G Graphics Driver Software
Internet Optimizer
InterVideo WinDVD 4
Java 2 Runtime Environment, SE v1.4.2_05
JetShell for iAUDIO
Logitech Desktop Messenger
Logitech iTouch Programvare
Logitech MouseWare 9.80
Macromedia Shockwave Player
Media Access
Microsoft .NET Framework (Norwegian) v1.0.3705
Microsoft .NET Framework 1.1
Microsoft Data Access Components KB870669
Microsoft Office XP Media Content
Microsoft Office XP Standard
Microsoft Windows Journal Viewer
mIRC
Mozilla Firefox (0.9.)
Mozilla Firefox (1.0)
MSN Messenger 7.0
Nero 6 Enterprise Edition
OLYMPUS CAMEDIA Master 4.0
PowerDVD
QuickTime
Readiris 7.5
Realtek AC'97 Audio
Ricochet Lost Worlds: Recharged
SLD CODEC PACK 1.5.2
The ABI Network- A Division of Direct Revenue
Time Zones for PCs
Ventrilo
VIA Audio Driver Setup Program
VideoLAN VLC media player 0.8.1
Winamp (remove only)
Windows Media Format Runtime
Windows Media Player 10
Windows XP Service Pack 2
WinMX
WinRAR arkiverer
WinZip
World of Warcraft
WSEM Update
XviD MPEG-4 Codec

--------------------------------

Thank you so much for helping me.
  • 0

#4
Kristy

Kristy

    Visiting Consultant

  • Member
  • PipPipPipPip
  • 1,099 posts
No problem Discer,

You may wish to print out a copy of these instructions to follow while you complete this procedure.

Please save Hijack This in a permanent folder (i.e. C:\HJT). This ensures backups are saved and accessible.

Please download the trial version of Ewido Security Suite here:
http://www.ewido.net/en/download/
Install it, and update the definitions to the newest files. Do NOT run a scan yet.

Please download Nailfix here:
http://www.noidea.us...050515010747824
Unzip it to the desktop but please do NOT run it yet.

Next, please reboot your computer in Safe Mode by doing the following:
1) Restart your computer
2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3) Instead of Windows loading as normal, a menu should appear
4) Select the first option, to run Windows in Safe Mode.

For additional help in booting into Safe Mode, see the following site:
http://www.pchell.co.../safemode.shtml


Once in Safe Mode, please double-click on Nailfix.cmd. Your desktop and icons will disappear and reappear, and a window should open and close very quickly --- this is normal.

Then, go to Start > Run > and type in:

services.msc

Click OK.

In the services window find System Startup Service.
Rightclick and choose "Properties". On the "General" tab under "Service Status" click the "Stop" button to stop the service. Beside "Startup Type" in the dropdown menu select "Disabled". Click Apply then OK. Exit the Services utility.

Then please run Ewido, and run a full scan. Save the logfile from the scan.

Next please run HijackThis, click Scan, and check:

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://crackspider.net/ie/assist.php
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = ;localhost
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
O2 - BHO: BHObj Class - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - C:\WINDOWS\nem220.dll (file missing)
O2 - BHO: BHObj Class - {8F4E5661-F99E-4B3E-8D85-0EA71C0748E4} - C:\WINDOWS\wsem303.dll (file missing)
O4 - HKLM\..\Run: [svaxlf] c:\windows\system32\itfpoh.exe
O4 - HKLM\..\Run: [Media Access] C:\Program Files\Media Access\MediaAccK.exe
O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe"
O4 - HKLM\..\Run: [hithsc] c:\windows\system32\dazouqu.exe r
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present (If you or your administrator did not set this, place a check by this as well.)
O16 - DPF: {11111111-1111-1111-1111-111111111111} - file://c:\info6_s.cab
O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe (file missing)


Close all open windows except for HijackThis and click Fix Checked.

Next in Hijack This click on the "Config" button in the lower right corner. In the next window click on the "Misc Tools" button at the top then click the "Delete an NT service" button. Copy and paste the following line in that box:

SvcProc

Click OK.

Go to Start > Run and type in cmd

Click OK

This will open a command shell. In the command window Copy and Paste the following commands one at a time exactly as the appear below and hit the Enter key after each one:

Paste this:

del C:\WINDOWS\svcproc.exe

Hit Enter.

Go to Start > Control Panel > Add/Remove Programs and remove the following(if found):

Media Access
Internet Optimizer


Exit Add/Remove Programs.

Be sure you're able to view hidden files, and remove the following files/folders in bold (if found):

C:\WINDOWS\nem220.dll
C:\WINDOWS\wsem303.dll
c:\windows\system32\itfpoh.exe
C:\Program Files\Media Access
C:\Program Files\Internet Optimizer
c:\windows\system32\dazouqu.exe r


Empty your recycle bin.

Restart your computer in normal mode and please post a new HijackThis log, as well as the log from the Ewido scan.

~Kristy :tazz:
  • 0

#5
Discer

Discer

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
hey..

I dont got access to the "System Startup Service's Properties..
But i did everything besides that, and now the whole thing is gone.

My computer is much quicker and smoother.. I'll send you log:

---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 01:28:54, 23.07.2005
+ Report-Checksum: 7C496A75

+ Scan result:

:mozilla.444:C:\Documents and Settings\Eier\Programdata\Mozilla\Firefox\Profiles\default.goj\cookies.txt -> Spyware.Cookie.Serving-sys : Ignored
HKLM\SOFTWARE\Avenue Media -> Spyware.InternetOptimizer : Cleaned with backup
HKLM\SOFTWARE\Avenue Media\Internet Optimizer -> Spyware.InternetOptimizer : Cleaned with backup
HKLM\SOFTWARE\Avenue Media\Internet Optimizer\Active Alert -> Spyware.InternetOptimizer : Cleaned with backup
HKLM\SOFTWARE\Avenue Media\Internet Optimizer\Active Alert\cf1 -> Spyware.InternetOptimizer : Cleaned with backup
HKLM\SOFTWARE\Avenue Media\Internet Optimizer\Browser Helper -> Spyware.InternetOptimizer : Cleaned with backup
HKLM\SOFTWARE\Avenue Media\Internet Optimizer\Browser Helper\cf1 -> Spyware.InternetOptimizer : Cleaned with backup
HKLM\SOFTWARE\Avenue Media\Internet Optimizer\WSE -> Spyware.InternetOptimizer : Cleaned with backup
HKLM\SOFTWARE\Avenue Media\Internet Optimizer\WSE\cf2 -> Spyware.InternetOptimizer : Cleaned with backup
HKLM\SOFTWARE\Avenue Media\Internet Optimizer\WSE\cf4 -> Spyware.InternetOptimizer : Cleaned with backup
HKLM\SOFTWARE\Classes\ANSMTP.MassSender -> Spyware.007Spy : Cleaned with backup
HKLM\SOFTWARE\Classes\ANSMTP.MassSender\CLSID -> Spyware.007Spy : Cleaned with backup
HKLM\SOFTWARE\Classes\ANSMTP.MassSender\CurVer -> Spyware.007Spy : Cleaned with backup
HKLM\SOFTWARE\Classes\ANSMTP.OBJ -> Spyware.007Spy : Cleaned with backup
HKLM\SOFTWARE\Classes\ANSMTP.OBJ\CLSID -> Spyware.007Spy : Cleaned with backup
HKLM\SOFTWARE\Classes\ANSMTP.OBJ\CurVer -> Spyware.007Spy : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{00000010-6F7D-442C-93E3-4A4827C2E4C8} -> Spyware.InternetOptimizer : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{8F4E5661-F99E-4B3E-8D85-0EA71C0748E4} -> Spyware.MoneyTree : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{9F95F736-0F62-4214-A4B4-CAA6738D4C07} -> Spyware.SaveNow : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{CEA206E8-8057-4A04-ACE9-FF0D69A92297} -> Spyware.SafeSurfing : Cleaned with backup
HKLM\SOFTWARE\Classes\DyFuCA_BH.BHObj -> Spyware.MoneyTree : Cleaned with backup
HKLM\SOFTWARE\Classes\DyFuCA_BH.BHObj\CLSID -> Spyware.MoneyTree : Cleaned with backup
HKLM\SOFTWARE\Classes\DyFuCA_BH.BHObj\CurVer -> Spyware.MoneyTree : Cleaned with backup
HKLM\SOFTWARE\Classes\DyFuCA_BH.SinkObj -> Spyware.MoneyTree : Cleaned with backup
HKLM\SOFTWARE\Classes\DyFuCA_BH.SinkObj\CLSID -> Spyware.MoneyTree : Cleaned with backup
HKLM\SOFTWARE\Classes\DyFuCA_BH.SinkObj\CurVer -> Spyware.MoneyTree : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{1C01D150-91A4-4DE0-9BF8-A35D1BDF1001} -> Spyware.SafeSurfing : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{AA4939C3-DECA-4A48-A454-97CD587C0EF5} -> Spyware.ISTBar : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{C285D18D-43A2-4AEF-83FB-BF280E660A97} -> Spyware.SaveNow : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{EEE4A2E5-9F56-432F-A6ED-F6F625B551E0} -> Dialer.Generic : Cleaned with backup
HKLM\SOFTWARE\Classes\MediaAccess.Installer -> Spyware.WinAd : Cleaned with backup
HKLM\SOFTWARE\Classes\MediaAccess.Installer\CLSID -> Spyware.WinAd : Cleaned with backup
HKLM\SOFTWARE\Classes\MediaAccess.Installer\CurVer -> Spyware.WinAd : Cleaned with backup
HKLM\SOFTWARE\Classes\TypeLib\{0BE10B0D-B4DB-4693-9B1F-9AEAD54D17DC} -> Spyware.SafeSurfing : Cleaned with backup
HKLM\SOFTWARE\Classes\TypeLib\{40B1D454-9CA4-43CC-86AA-CB175EAC52FB} -> Spyware.MoneyTree : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{11111111-1111-1111-1111-111111111111} -> Spyware.VX2 : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00000010-6F7D-442C-93E3-4A4827C2E4C8} -> Spyware.InternetOptimizer : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8F4E5661-F99E-4B3E-8D85-0EA71C0748E4} -> Spyware.MoneyTree : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\AMeOpt -> Spyware.InternetOptimizer : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DyFuCA -> Spyware.MoneyTree : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Optimizer -> Spyware.InternetOptimizer : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Optimizer Active Alert -> Spyware.SafeSurfing : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Kapabout -> Spyware.InternetOptimizer : Cleaned with backup
HKLM\SOFTWARE\Policies\Avenue Media -> Spyware.InternetOptimizer : Cleaned with backup
HKLM\SOFTWARE\SDS Software -> Dialer.Generic : Cleaned with backup
HKLM\SOFTWARE\SDS Software\Setup2Go -> Dialer.Generic : Cleaned with backup
HKLM\SOFTWARE\SDS Software\Setup2Go\UserData -> Dialer.Generic : Cleaned with backup
HKLM\SOFTWARE\SDS Software\Setup2Go\UserData\FLW, Inc -> Dialer.Generic : Cleaned with backup
HKLM\SOFTWARE\SDS Software\Setup2Go\UserData\FLW, Inc\Convertor -> Dialer.Generic : Cleaned with backup
HKLM\SOFTWARE\SDS Software\Setup2Go\UserData\FLW, Inc\Convertor\1.3 -> Dialer.Generic : Cleaned with backup
HKU\S-1-5-21-2303877834-3533656497-68114603-1003\Software\Avenue Media -> Spyware.InternetOptimizer : Cleaned with backup
HKU\S-1-5-21-2303877834-3533656497-68114603-1003\Software\Microsoft\Internet Explorer\Explorer Bars\{8CBA1B49-8144-4721-A7B1-64C578C9EED7} -> Spyware.SideFind : Cleaned with backup
HKU\S-1-5-21-2303877834-3533656497-68114603-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-DD60-0064-6EC2-6E0100000000} -> Spyware.MediaMotor : Cleaned with backup
HKU\S-1-5-21-2303877834-3533656497-68114603-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000010-6F7D-442C-93E3-4A4827C2E4C8} -> Spyware.InternetOptimizer : Cleaned with backup
HKU\S-1-5-21-2303877834-3533656497-68114603-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{10E42047-DEB9-4535-A118-B3F6EC39B807} -> Spyware.SideFind : Cleaned with backup
HKU\S-1-5-21-2303877834-3533656497-68114603-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} -> Spyware.WinFavorites : Cleaned with backup
HKU\S-1-5-21-2303877834-3533656497-68114603-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{302A3240-4805-4A34-97D7-1645A0B08410} -> Spyware.VX2 : Cleaned with backup
HKU\S-1-5-21-2303877834-3533656497-68114603-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{86227D9C-0EFE-4F8A-AA55-30386A3F5686} -> Spyware.YourSiteBar : Cleaned with backup
HKU\S-1-5-21-2303877834-3533656497-68114603-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8F4E5661-F99E-4B3E-8D85-0EA71C0748E4} -> Spyware.MoneyTree : Cleaned with backup
HKU\S-1-5-21-2303877834-3533656497-68114603-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A3FDD654-A057-4971-9844-4ED8E67DBBB8} -> Spyware.ISTBar : Cleaned with backup
HKU\S-1-5-21-2303877834-3533656497-68114603-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AD0B8220-7DA4-4C0A-8532-B25A9F631D3D} -> Dialer.Generic : Cleaned with backup
HKU\S-1-5-21-2303877834-3533656497-68114603-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F4E04583-354E-4076-BE7D-ED6A80FD66DA} -> Spyware.BargainBuddy : Cleaned with backup
HKU\S-1-5-21-2303877834-3533656497-68114603-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FAA356E4-D317-42A6-AB41-A3021C6E7D52} -> Spyware.ISTBar : Cleaned with backup
HKU\S-1-5-21-2303877834-3533656497-68114603-1003\Software\Microsoft\Windows\CurrentVersion\Policies\AMeOpt -> Spyware.InternetOptimizer : Cleaned with backup
HKU\S-1-5-21-2303877834-3533656497-68114603-1003\Software\Policies\Avenue Media -> Spyware.InternetOptimizer : Cleaned with backup
HKU\S-1-5-21-2303877834-3533656497-68114603-1003\Software\SCom -> Dialer.Generic : Cleaned with backup
C:\Documents and Settings\Eier\Cookies\eier@2o7[2].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\Eier\Cookies\eier@adtech[2].txt -> Spyware.Cookie.Adtech : Cleaned with backup
C:\Documents and Settings\Eier\Cookies\eier@advertising[2].txt -> Spyware.Cookie.Advertising : Cleaned with backup
C:\Documents and Settings\Eier\Cookies\eier@atdmt[2].txt -> Spyware.Cookie.Atdmt : Cleaned with backup
C:\Documents and Settings\Eier\Cookies\eier@bluestreak[1].txt -> Spyware.Cookie.Bluestreak : Cleaned with backup
C:\Documents and Settings\Eier\Cookies\eier@doubleclick[1].txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
C:\Documents and Settings\Eier\Cookies\eier@fastclick[2].txt -> Spyware.Cookie.Fastclick : Cleaned with backup
C:\Documents and Settings\Eier\Cookies\eier@servedby.advertising[2].txt -> Spyware.Cookie.Advertising : Cleaned with backup
C:\Documents and Settings\Eier\Cookies\eier@statse.webtrendslive[2].txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
C:\Documents and Settings\Eier\Cookies\eier@tradedoubler[2].txt -> Spyware.Cookie.Tradedoubler : Cleaned with backup
C:\Documents and Settings\Eier\Cookies\eier@tribalfusion[2].txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
C:\Documents and Settings\Eier\Cookies\eier@z1.adserver[1].txt -> Spyware.Cookie.Adserver : Cleaned with backup
C:\Documents and Settings\Eier\Lokale innstillinger\Temp\COH\aurareco.exe -> Adware.BetterInternet : Cleaned with backup
C:\Documents and Settings\Eier\Lokale innstillinger\Temp\TYH\aurareco.exe -> Adware.BetterInternet : Cleaned with backup
C:\Documents and Settings\Eier\Lokale innstillinger\Temp\VEW\aurareco.exe -> Adware.BetterInternet : Cleaned with backup
:mozilla.22:C:\Documents and Settings\Eier\Programdata\Mozilla\Firefox\Profiles\default.goj\cookies.txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
:mozilla.28:C:\Documents and Settings\Eier\Programdata\Mozilla\Firefox\Profiles\default.goj\cookies.txt -> Spyware.Cookie.Tradedoubler : Cleaned with backup
:mozilla.29:C:\Documents and Settings\Eier\Programdata\Mozilla\Firefox\Profiles\default.goj\cookies.txt -> Spyware.Cookie.Tradedoubler : Cleaned with backup
:mozilla.30:C:\Documents and Settings\Eier\Programdata\Mozilla\Firefox\Profiles\default.goj\cookies.txt -> Spyware.Cookie.Tradedoubler : Cleaned with backup
:mozilla.31:C:\Documents and Settings\Eier\Programdata\Mozilla\Firefox\Profiles\default.goj\cookies.txt -> Spyware.Cookie.Tradedoubler : Cleaned with backup
:mozilla.55:C:\Documents and Settings\Eier\Programdata\Mozilla\Firefox\Profiles\default.goj\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.57:C:\Documents and Settings\Eier\Programdata\Mozilla\Firefox\Profiles\default.goj\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.62:C:\Documents and Settings\Eier\Programdata\Mozilla\Firefox\Profiles\default.goj\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.78:C:\Documents and Settings\Eier\Programdata\Mozilla\Firefox\Profiles\default.goj\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
:mozilla.82:C:\Documents and Settings\Eier\Programdata\Mozilla\Firefox\Profiles\default.goj\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.83:C:\Documents and Settings\Eier\Programdata\Mozilla\Firefox\Profiles\default.goj\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.84:C:\Documents and Settings\Eier\Programdata\Mozilla\Firefox\Profiles\default.goj\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.88:C:\Documents and Settings\Eier\Programdata\Mozilla\Firefox\Profiles\default.goj\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.89:C:\Documents and Settings\Eier\Programdata\Mozilla\Firefox\Profiles\default.goj\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.90:C:\Documents and Settings\Eier\Programdata\Mozilla\Firefox\Profiles\default.goj\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.91:C:\Documents and Settings\Eier\Programdata\Mozilla\Firefox\Profiles\default.goj\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.92:C:\Documents and Settings\Eier\Programdata\Mozilla\Firefox\Profiles\default.goj\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.93:C:\Documents and Settings\Eier\Programdata\Mozilla\Firefox\Profiles\default.goj\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.94:C:\Documents and Settings\Eier\Programdata\Mozilla\Firefox\Profiles\default.goj\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.95:C:\Documents and Settings\Eier\Programdata\Mozilla\Firefox\Profiles\default.goj\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.96:C:\Documents and Settings\Eier\Programdata\Mozilla\Firefox\Profiles\default.goj\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.97:C:\Documents and Settings\Eier\Programdata\Mozilla\Firefox\Profiles\default.goj\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.98:C:\Documents and Settings\Eier\Programdata\Mozilla\Firefox\Profiles\default.goj\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.99:C:\Documents and Settings\Eier\Programdata\Mozilla\Firefox\Profiles\default.goj\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.100:C:\Documents and Settings\Eier\Programdata\Mozilla\Firefox\Profiles\default.goj\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.101:C:\Documents and Settings\Eier\Programdata\Mozilla\Firefox\Profiles\default.goj\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.102:C:\Documents and Settings\Eier\Programdata\Mozilla\Firefox\Profiles\default.goj\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.103:C:\Documents and Settings\Eier\Programdata\Mozilla\Firefox\Profiles\default.goj\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.104:C:\Documents and Settings\Eier\Programdata\Mozilla\Firefox\Profiles\default.goj\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.105:C:\Documents and Settings\Eier\Programdata\Mozilla\Firefox\Profiles\default.goj\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.106:C:\Documents and Settings\Eier\Programdata\Mozilla\Firefox\Profiles\default.goj\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.107:C:\Documents and Settings\Eier\Programdata\Mozilla\Firefox\Profiles\default.goj\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.108:C:\Documents and Settings\Eier\Programdata\Mozilla\Firefox\Profiles\default.goj\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.109:C:\Documents and Settings\Eier\Programdata\Mozilla\Firefox\Profiles\default.goj\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.110:C:\Documents and Settings\Eier\Programdata\Mozilla\Firefox\Profiles\default.goj\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.111:C:\Documents and Settings\Eier\Programdata\Mozilla\Firefox\Profiles\default.goj\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.112:C:\Documents and Settings\Eier\Programdata\Mozilla\Firefox\Profiles\default.goj\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.113:C:\Documents and Settings\Eier\Programdata\Mozilla\Firefox\Profiles\default.goj\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.114:C:\Documents and Settings\Eier\Programdata\Mozilla\Firefox\Profiles\default.goj\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.115:C:\Documents and Settings\Eier\Programdata\Mozilla\Firefox\Profiles\default.goj\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.116:C:\Documents and Settings\Eier\Programdata\Mozilla\Firefox\Profiles\default.goj\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.118:C:\Documents and Settings\Eier\Programdata\Mozilla\Firefox\Profiles\default.goj\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.119:C:\Documents and Settings\Eier\Programdata\Mozilla\Firefox\Profiles\default.goj\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.121:C:\Documents and Settings\Eier\Programdata\Mozilla\Firefox\Profiles\default.goj\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.122:C:\Documents and Settings\Eier\Programdata\Mozilla\Firefox\Profiles\default.goj\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.123:C:\Documents and Settings\Eier\Programdata\Mozilla\Firefox\Profiles\default.goj\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.124:C:\Documents and Settings\Eier\Programdata\Mozilla\Firefox\Profiles\default.goj\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.125:C:\Documents and Settings\Eier\Programdata\Mozilla\Firefox\Profiles\default.goj\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.126:C:\Documents and Settings\Eier\Programdata\Mozilla\Firefox\Profiles\default.goj\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.127:C:\Documents and Settings\Eier\Programdata\Mozilla\Firefox\Profiles\default.goj\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.128:C:\Documents and Settings\Eier\Programdata\Mozilla\Firefox\Profiles\default.goj\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.129:C:\Documents and Settings\Eier\Programdata\Mozilla\Firefox\Profiles\default.goj\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.130:C:\Documents and Settings\Eier\Programdata\Mozilla\Firefox\Profiles\default.goj\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.131:C:\Documents and Settings\Eier\Programdata\Mozilla\Firefox\Profiles\default.goj\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.132:C:\Documents and Settings\Eier\Programdata\Mozilla\Firefox\Profiles\default.goj\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.133:C:\Documents and Settings\Eier\Programdata\Mozilla\Firefox\Profiles\default.goj\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.134:C:\Documents and Settings\Eier\Programdata\Mozilla\Firefox\Profiles\default.goj\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.135:C:\Documents and Settings\Eier\Programdata\Mozilla\Firefox\Profiles\default.goj\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.136:C:\Documents and Settings\Eier\Programdata\Mozilla\Firefox\Profiles\default.goj\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.137:C:\Documents and Settings\Eier\Programdata\Mozilla\Firefox\Profiles\default.goj\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.138:C:\Documents and Settings\Eier\Programdata\Mozilla\Firefox\Profiles\default.goj\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.139:C:\Documents and Settings\Eier\Programdata\Mozilla\Firefox\Profiles\default.goj\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.145:C:\Documents and Settings\Eier\Programdata\Mozilla\Firefox\Profiles\default.goj\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.146:C:\Documents and Settings\Eier\Programdata\Mozilla\Firefox\Profiles\default.goj\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.148:C:\Documents and Settings\Eier\Programdata\Mozilla\Firefox\Profiles\default.goj\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.150:C:\Documents and Settings\Eier\Programdata\Mozilla\Firefox\Profiles\default.goj\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.151:C:\Documents and Settings\Eier\Programdata\Mozilla\Firefox\Profiles\default.goj\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.152:C:\Documents and Settings\Eier\Programdata\Mozilla\Firefox\Profiles\default.goj\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.163:C:\Documents and Settings\Eier\Programdata\Mozilla\Firefox\Profiles\default.goj\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.164:C:\Documents and Settings\Eier\Programdata\Mozilla\Firefox\Profiles\default.goj\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.165:C:\Documents and Settings\Eier\Programdata\Mozilla\Firefox\Profiles\default.goj\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.166:C:\Documents and Settings\Eier\Programdata\Mozilla\Firefox\Profiles\default.goj\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.167:C:\Documents and Settings\Eier\Programdata\Mozilla\Firefox\Profiles\default.goj\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.177:C:\Documents and Settings\Eier\Programdata\Mozilla\Firefox\Profiles\default.goj\cookies.txt -> Spyware.Cookie.Valueclick : Cleaned with backup
:mozilla.178:C:\Documents and Settings\Eier\Programdata\Mozilla\Firefox\Profiles\default.goj\cookies.txt -> Spyware.Cookie.Valueclick : Cleaned with backup
:mozilla.184:C:\Documents and Settings\Eier\Programdata\Mozilla\Firefox\Profiles\default.goj\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.185:C:\Documents and Settings\Eier\Programdata\Mozilla\Firefox\Profiles\default.goj\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.186:C:\Documents and Settings\Eier\Programdata\Mozilla\Firefox\Profiles\default.goj\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.199:C:\Documents and Settings\Eier\Programdata\Mozilla\Firefox\Profiles\default.goj\cookies.txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
:mozilla.200:C:\Documents and Settings\Eier\Programdata\Mozilla\Firefox\Profiles\default.goj\cookies.txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
:mozilla.274:C:\Documents and Settings\Eier\Programdata\Mozilla\Firefox\Profiles\default.goj\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.275:C:\Documents and Settings\Eier\Programdata\Mozilla\Firefox\Profiles\default.goj\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.276:C:\Documents and Settings\Eier\Programdata\Mozilla\Firefox\Profiles\default.goj\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.277:C:\Documents and Settings\Eier\Programdata\Mozilla\Firefox\Profiles\default.goj\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.278:C:\Documents and Settings\Eier\Programdata\Mozilla\Firefox\Profiles\default.goj\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.279:C:\Documents and Settings\Eier\Programdata\Mozilla\Firefox\Profiles\default.goj\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.280:C:\Documents and Settings\Eier\Programdata\Mozilla\Firefox\Profiles\default.goj\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.281:C:\Documents and Settings\Eier\Programdata\Mozilla\Firefox\Profiles\default.goj\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.282:C:\Documents and Settings\Eier\Programdata\Mozilla\Firefox\Profiles\default.goj\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.283:C:\Documents and Settings\Eier\Programdata\Mozilla\Firefox\Profiles\default.goj\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.284:C:\Documents and Settings\Eier\Programdata\Mozilla\Firefox\Profiles\default.goj\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.285:C:\Documents and Settings\Eier\Programdata\Mozilla\Firefox\Profiles\default.goj\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.286:C:\Documents and Settings\Eier\Programdata\Mozilla\Firefox\Profiles\default.goj\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.287:C:\Documents and Settings\Eier\Programdata\Mozilla\Firefox\Profiles\default.goj\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.288:C:\Documents and Settings\Eier\Programdata\Mozilla\Firefox\Profiles\default.goj\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.289:C:\Documents and Settings\Eier\Programdata\Mozilla\Firefox\Profiles\default.goj\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.290:C:\Documents and Settings\Eier\Programdata\Mozilla\Firefox\Profiles\default.goj\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.291:C:\Documents and Settings\Eier\Programdata\Mozilla\Firefox\Profiles\default.goj\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.306:C:\Documents and Settings\Eier\Programdata\Mozilla\Firefox\Profiles\default.goj\cookies.txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.316:C:\Documents and Settings\Eier\Programdata\Mozilla\Firefox\Profiles\default.goj\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.320:C:\Documents and Settings\Eier\Programdata\Mozilla\Firefox\Profiles\default.goj\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.321:C:\Documents and Settings\Eier\Programdata\Mozilla\Firefox\Profiles\default.goj\cookies.txt -> Spyware.Cookie.Bluestreak : Cleaned with backup
:mozilla.350:C:\Documents and Settings\Eier\Programdata\Mozilla\Firefox\Profiles\default.goj\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.383:C:\Documents and Settings\Eier\Programdata\Mozilla\Firefox\Profiles\default.goj\cookies.txt -> Spyware.Cookie.Centrport : Cleaned with backup
:mozilla.384:C:\Documents and Settings\Eier\Programdata\Mozilla\Firefox\Profiles\default.goj\cookies.txt -> Spyware.Cookie.Centrport : Cleaned with backup
:mozilla.385:C:\Documents and Settings\Eier\Programdata\Mozilla\Firefox\Profiles\default.goj\cookies.txt -> Spyware.Cookie.Centrport : Cleaned with backup
:mozilla.386:C:\Documents and Settings\Eier\Programdata\Mozilla\Firefox\Profiles\default.goj\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.387:C:\Documents and Settings\Eier\Programdata\Mozilla\Firefox\Profiles\default.goj\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.388:C:\Documents and Settings\Eier\Programdata\Mozilla\Firefox\Profiles\default.goj\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.389:C:\Documents and Settings\Eier\Programdata\Mozilla\Firefox\Profiles\default.goj\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.440:C:\Documents and Settings\Eier\Programdata\Mozilla\Firefox\Profiles\default.goj\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.441:C:\Documents and Settings\Eier\Programdata\Mozilla\Firefox\Profiles\default.goj\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.442:C:\Documents and Settings\Eier\Programdata\Mozilla\Firefox\Profiles\default.goj\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.443:C:\Documents and Settings\Eier\Programdata\Mozilla\Firefox\Profiles\default.goj\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.447:C:\Documents and Settings\Eier\Programdata\Mozilla\Firefox\Profiles\default.goj\cookies.txt -> Spyware.Cookie.Adtech : Cleaned with backup
:mozilla.448:C:\Documents and Settings\Eier\Programdata\Mozilla\Firefox\Profiles\default.goj\cookies.txt -> Spyware.Cookie.Adtech : Cleaned with backup
:mozilla.450:C:\Documents and Settings\Eier\Programdata\Mozilla\Firefox\Profiles\default.goj\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.458:C:\Documents and Settings\Eier\Programdata\Mozilla\Firefox\Profiles\default.goj\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.462:C:\Documents and Settings\Eier\Programdata\Mozilla\Firefox\Profiles\default.goj\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.553:C:\Documents and Settings\Eier\Programdata\Mozilla\Firefox\Profiles\default.goj\cookies.txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
:mozilla.574:C:\Documents and Settings\Eier\Programdata\Mozilla\Firefox\Profiles\default.goj\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.622:C:\Documents and Settings\Eier\Programdata\Mozilla\Firefox\Profiles\default.goj\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.633:C:\Documents and Settings\Eier\Programdata\Mozilla\Firefox\Profiles\default.goj\cookies.txt -> Spyware.Cookie.Targetnet : Cleaned with backup
:mozilla.634:C:\Documents and Settings\Eier\Programdata\Mozilla\Firefox\Profiles\default.goj\cookies.txt -> Spyware.Cookie.Targetnet : Cleaned with backup
:mozilla.701:C:\Documents and Settings\Eier\Programdata\Mozilla\Firefox\Profiles\default.goj\cookies.txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.703:C:\Documents and Settings\Eier\Programdata\Mozilla\Firefox\Profiles\default.goj\cookies.txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.707:C:\Documents and Settings\Eier\Programdata\Mozilla\Firefox\Profiles\default.goj\cookies.txt -> Spyware.Cookie.Ad-logics : Cleaned with backup
:mozilla.745:C:\Documents and Settings\Eier\Programdata\Mozilla\Firefox\Profiles\default.goj\cookies.txt -> Spyware.Cookie.Enigmasoftwaregroup : Cleaned with backup
:mozilla.746:C:\Documents and Settings\Eier\Programdata\Mozilla\Firefox\Profiles\default.goj\cookies.txt -> Spyware.Cookie.Enigmasoftwaregroup : Cleaned with backup
:mozilla.747:C:\Documents and Settings\Eier\Programdata\Mozilla\Firefox\Profiles\default.goj\cookies.txt -> Spyware.Cookie.Enigmasoftwaregroup : Cleaned with backup
:mozilla.753:C:\Documents and Settings\Eier\Programdata\Mozilla\Firefox\Profiles\default.goj\cookies.txt -> Spyware.Cookie.Hitslink : Cleaned with backup
:mozilla.754:C:\Documents and Settings\Eier\Programdata\Mozilla\Firefox\Profiles\default.goj\cookies.txt -> Spyware.Cookie.Hitslink : Cleaned with backup
:mozilla.755:C:\Documents and Settings\Eier\Programdata\Mozilla\Firefox\Profiles\default.goj\cookies.txt -> Spyware.Cookie.Hitslink : Cleaned with backup
:mozilla.756:C:\Documents and Settings\Eier\Programdata\Mozilla\Firefox\Profiles\default.goj\cookies.txt -> Spyware.Cookie.Hitslink : Cleaned with backup
:mozilla.771:C:\Documents and Settings\Eier\Programdata\Mozilla\Firefox\Profiles\default.goj\cookies.txt -> Spyware.Cookie.Paycounter : Cleaned with backup
:mozilla.783:C:\Documents and Settings\Eier\Programdata\Mozilla\Firefox\Profiles\default.goj\cookies.txt -> Spyware.Cookie.Qksrv : Cleaned with backup
:mozilla.784:C:\Documents and Settings\Eier\Programdata\Mozilla\Firefox\Profiles\default.goj\cookies.txt -> Spyware.Cookie.Qksrv : Cleaned with backup
:mozilla.917:C:\Documents and Settings\Eier\Programdata\Mozilla\Firefox\Profiles\default.goj\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.919:C:\Documents and Settings\Eier\Programdata\Mozilla\Firefox\Profiles\default.goj\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.920:C:\Documents and Settings\Eier\Programdata\Mozilla\Firefox\Profiles\default.goj\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.930:C:\Documents and Settings\Eier\Programdata\Mozilla\Firefox\Profiles\default.goj\cookies.txt -> Spyware.Cookie.Linksynergy : Cleaned with backup
:mozilla.931:C:\Documents and Settings\Eier\Programdata\Mozilla\Firefox\Profiles\default.goj\cookies.txt -> Spyware.Cookie.Linksynergy : Cleaned with backup
:mozilla.932:C:\Documents and Settings\Eier\Programdata\Mozilla\Firefox\Profiles\default.goj\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.947:C:\Documents and Settings\Eier\Programdata\Mozilla\Firefox\Profiles\default.goj\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.948:C:\Documents and Settings\Eier\Programdata\Mozilla\Firefox\Profiles\default.goj\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.969:C:\Documents and Settings\Eier\Programdata\Mozilla\Firefox\Profiles\default.goj\cookies.txt -> Spyware.Cookie.Valuead : Cleaned with backup
C:\Program Files\Internet Optimizer\update\actalert.exe -> TrojanDownloader.Dyfuca.dp : Cleaned with backup
C:\Programfiler\Softwin\BitDefender Free Edition\Infected\actalert.exe -> TrojanDownloader.Dyfuca.dp : Cleaned with backup
C:\Programfiler\Softwin\BitDefender Free Edition\Infected\DrPMon.dll -> Adware.BetterInternet : Cleaned with backup
C:\Programfiler\Softwin\BitDefender Free Edition\Infected\KTKbdHk.dll -> TrojanSpy.GYKS98 : Cleaned with backup
C:\Programfiler\Softwin\BitDefender Free Edition\Infected\MediaAccC.dll -> Spyware.WinAD : Cleaned with backup
C:\Programfiler\Softwin\BitDefender Free Edition\Infected\MediaAccess.exe -> Spyware.MediaPass : Cleaned with backup
C:\Programfiler\Softwin\BitDefender Free Edition\Infected\MediaAccK.exe -> Spyware.WinAD : Cleaned with backup
C:\Programfiler\Softwin\BitDefender Free Edition\Infected\MediaPassC.dll -> Spyware.WinAD : Cleaned with backup
C:\Programfiler\Softwin\BitDefender Free Edition\Infected\Nail.exe -> Adware.BetterInternet : Cleaned with backup
C:\Programfiler\Softwin\BitDefender Free Edition\Infected\optimize.exe -> TrojanDownloader.Dyfuca.ei : Cleaned with backup
C:\Programfiler\Softwin\BitDefender Free Edition\Infected\rogue.exe -> Trojan.Small.cy : Cleaned with backup
C:\Programfiler\Softwin\BitDefender Free Edition\Infected\SecurityClassLoader.class-7c728-4b86fd38.class -> TrojanDownloader.Small.wv : Cleaned with backup
C:\Programfiler\Softwin\BitDefender Free Edition\Infected\SecurityClassLoader.class-7c728-570a9f49.class -> TrojanDownloader.Small.wv : Cleaned with backup
C:\Programfiler\Softwin\BitDefender Free Edition\Infected\svcproc.exe -> Adware.BetterInternet : Cleaned with backup
C:\Programfiler\Softwin\BitDefender Free Edition\Infected\Twdzna.exe -> Trojan.Small.cy : Cleaned with backup
C:\Programfiler\Softwin\BitDefender Free Edition\Infected\wsem303.dll -> TrojanDownloader.Dyfuca.dt : Cleaned with backup
C:\WINDOWS\qhtlbqhbzo.exe -> Adware.BetterInternet : Cleaned with backup
C:\WINDOWS\system32\localsplnet.dll -> Spyware.MediaBack : Cleaned with backup
C:\WINDOWS\system32\tushti.exe -> Adware.BetterInternet : Cleaned with backup
D:\div.prog\ghostmail51.zip/Ghostmail51.exe -> Not-A-Virus.Flooder.MailSpam.GhostMail.51 : Cleaned with backup
D:\div.prog\PCBugDoctor v1.0.0.5.rar/PCBugDoctor v1.0.0.5\keygen.exe -> Spyware.WinAD : Cleaned with backup
D:\Prog\PCBugDoctor v1.0.0.5\PCBugDoctor v1.0.0.5\keygen.exe -> Spyware.WinAD : Cleaned with backup


::Report End


--------------


Logfile of HijackThis v1.99.1
Scan saved at 02:10:45, on 23.07.2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Programfiler\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Programfiler\QuickTime\qttask.exe
C:\Programfiler\Softwin\BitDefender Free Edition\bdmcon.exe
C:\Programfiler\MSN Messenger\msnmsgr.exe
C:\Programfiler\ewido\security suite\ewidoctrl.exe
C:\Programfiler\ewido\security suite\ewidoguard.exe
C:\Programfiler\Pixoria\Konfabulator\Konfabulator.exe
C:\WINDOWS\System32\svchost.exe
C:\Programfiler\Fellesfiler\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Programfiler\Fellesfiler\Softwin\BitDefender Scan Server\bdss.exe
C:\WINDOWS\system32\wscntfy.exe
c:\windows\system32\iaejtc.exe
D:\Prog\IrcN\SYSTEM\mirc32.exe
C:\Programfiler\Mozilla Firefox\firefox.exe
C:\WINDOWS\notepad.exe
C:\WINDOWS\system32\mmc.exe
C:\WINDOWS\notepad.exe
C:\hjt\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.tiscali.no
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.tiscali.no
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hp.no/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Tiscali Internet Explorer
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://www.online.no/proxy.pac
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=proxy.tiscali.no:8080;https=proxy.tiscali.no:8080;ftp=proxy.tiscali.no:8080
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger
O4 - HKLM\..\Run: [ATIPTA] C:\Programfiler\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [BDMCon] C:\Programfiler\Softwin\BitDefender Free Edition\\bdmcon.exe
O4 - HKLM\..\Run: [BDNewsAgent] C:\Programfiler\Softwin\BitDefender Free Edition\\bdnagent.exe
O4 - HKLM\..\Run: [ynrdmqb] c:\windows\system32\iaejtc.exe r
O4 - HKCU\..\Run: [msnmsgr] "C:\Programfiler\MSN Messenger\msnmsgr.exe" /background
O4 - Startup: Konfabulator.lnk = C:\Programfiler\Pixoria\Konfabulator\Konfabulator.exe
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.t...all/xscan60.cab
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} - http://www.icanal.no...es/ExentCtl.ocx
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcaf...514/mcfscan.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AntiVir Update (AVWUpSrv) - Unknown owner - C:\Egen\kkk\AVWUPSRV.EXE (file missing)
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Programfiler\Fellesfiler\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: ewido security suite control - ewido networks - C:\Programfiler\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Programfiler\ewido\security suite\ewidoguard.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Programfiler\Fellesfiler\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)

------------------------


Ad-Aware SE Personal
Adobe Acrobat 5.0
Adobe Photoshop 7.0
ATI - Avinstalleringsverktøy for Programvaren
ATI Control Panel
ATI Display Driver
Battlefield 2™
BearShare
BitComet 0.56
BitDefender Free Edition
Bygg biler med Mulle Mekk
Codec Pack - All In 1 6.0.2.2
DAEMON Tools
ewido security suite
HijackThis 1.99.1
Indeo® Software
Intel® 82845G Graphics Driver Software
InterVideo WinDVD 4
Java 2 Runtime Environment, SE v1.4.2_05
JetShell for iAUDIO
Konfabulator
Logitech Desktop Messenger
Logitech iTouch Programvare
Logitech MouseWare 9.80
Macromedia Shockwave Player
Microsoft .NET Framework (Norwegian) v1.0.3705
Microsoft .NET Framework 1.1
Microsoft Data Access Components KB870669
Microsoft Office XP Media Content
Microsoft Office XP Standard
Microsoft Windows Journal Viewer
mIRC
Mozilla Firefox (0.9.)
Mozilla Firefox (1.0)
MSN Messenger 7.0
Nero 6 Enterprise Edition
OLYMPUS CAMEDIA Master 4.0
PowerDVD
QuickTime
Readiris 7.5
Realtek AC'97 Audio
Ricochet Lost Worlds: Recharged
SLD CODEC PACK 1.5.2
The ABI Network- A Division of Direct Revenue
The Simpsons Hit & Run™
Time Zones for PCs
Ventrilo
VIA Audio Driver Setup Program
VideoLAN VLC media player 0.8.1
Winamp (remove only)
Windows Media Format Runtime
Windows Media Player 10
Windows XP Service Pack 2
WinMX
WinRAR arkiverer
WinZip
World of Warcraft
WSEM Update
XviD MPEG-4 Codec
-----------------------

And, thanks again mate.
  • 0

#6
Kristy

Kristy

    Visiting Consultant

  • Member
  • PipPipPipPip
  • 1,099 posts
Hello Discer,

You may wish to print out a copy of these instructions to follow while you complete this procedure.

Next please run HijackThis, click Scan, and check:

O4 - HKLM\..\Run: [ynrdmqb] c:\windows\system32\iaejtc.exe r

Close all open windows except for HijackThis and click Fix Checked.

Please reboot into safe mode (continually tap the F8 key while your system is starting, select Safe Mode from the menu).

Then please run Ewido, and run a full scan. Save the logfile from the scan.

Be sure you're able to view hidden files, and remove the following files/folders in bold (if found):

c:\windows\system32\iaejtc.exe r

Empty your recycle bin.

Restart your computer in normal mode and please post a new HijackThis log, as well as the log from the Ewido scan.

~Kristy :tazz:
  • 0

#7
Discer

Discer

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
Hey, and again; appreciate your help!

Iv'e done what you said. But i can't find any folder/files in the C:\WINDOWS\system32 named that.

When i trye to fix the file with HijackThis, It only change name to something else.

Here is my log:

Logfile of HijackThis v1.99.1
Scan saved at 13:50:39, on 23.07.2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Programfiler\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Programfiler\QuickTime\qttask.exe
C:\Programfiler\Softwin\BitDefender Free Edition\bdmcon.exe
C:\Programfiler\MSN Messenger\msnmsgr.exe
C:\Programfiler\ewido\security suite\ewidoctrl.exe
C:\Programfiler\ewido\security suite\ewidoguard.exe
C:\Programfiler\Pixoria\Konfabulator\Konfabulator.exe
C:\WINDOWS\System32\svchost.exe
C:\Programfiler\Fellesfiler\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Programfiler\Fellesfiler\Softwin\BitDefender Scan Server\bdss.exe
C:\WINDOWS\system32\wscntfy.exe
D:\Prog\IrcN\SYSTEM\mirc32.exe
C:\WINDOWS\notepad.exe
c:\windows\system32\cjkadj.exe
C:\WINDOWS\explorer.exe
C:\Programfiler\Winamp\winamp.exe
C:\Programfiler\Mozilla Firefox\firefox.exe
C:\hjt\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.tiscali.no
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.tiscali.no
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hp.no/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Tiscali Internet Explorer
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://www.online.no/proxy.pac
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=proxy.tiscali.no:8080;https=proxy.tiscali.no:8080;ftp=proxy.tiscali.no:8080
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Programfiler\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [BDMCon] C:\Programfiler\Softwin\BitDefender Free Edition\\bdmcon.exe
O4 - HKLM\..\Run: [BDNewsAgent] C:\Programfiler\Softwin\BitDefender Free Edition\\bdnagent.exe
O4 - HKLM\..\Run: [iwayhb] c:\windows\system32\cjkadj.exe r
O4 - HKCU\..\Run: [msnmsgr] "C:\Programfiler\MSN Messenger\msnmsgr.exe" /background
O4 - Startup: Konfabulator.lnk = C:\Programfiler\Pixoria\Konfabulator\Konfabulator.exe
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.t...all/xscan60.cab
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} - http://www.icanal.no...es/ExentCtl.ocx
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcaf...514/mcfscan.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AntiVir Update (AVWUpSrv) - Unknown owner - C:\Egen\kkk\AVWUPSRV.EXE (file missing)
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Programfiler\Fellesfiler\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: ewido security suite control - ewido networks - C:\Programfiler\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Programfiler\ewido\security suite\ewidoguard.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Programfiler\Fellesfiler\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing


----------

Thanks
  • 0

#8
Kristy

Kristy

    Visiting Consultant

  • Member
  • PipPipPipPip
  • 1,099 posts
Hello Discer,

You may wish to print out a copy of these instructions to follow while you complete this procedure.

Next, please reboot your computer in Safe Mode by doing the following:
1) Restart your computer
2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3) Instead of Windows loading as normal, a menu should appear
4) Select the first option, to run Windows in Safe Mode.

For additional help in booting into Safe Mode, see the following site:
http://www.pchell.co.../safemode.shtml


Once in Safe Mode, please double-click on Nailfix.cmd. Your desktop and icons will disappear and reappear, and a window should open and close very quickly --- this is normal.

Then please run Ewido, and run a full scan. Save the logfile from the scan.

Next please run HijackThis, click Scan, and check:

F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
O4 - HKLM\..\Run: [iwayhb] c:\windows\system32\cjkadj.exe r


Close all open windows except for HijackThis and click Fix Checked.

Be sure you're able to view hidden files, and remove the following files/folders in bold (if found):

c:\windows\system32\cjkadj.exe r

Empty your recycle bin.

Restart your computer in normal mode and please post a new HijackThis log, as well as the log from the Ewido scan.

~Kristy :tazz:
  • 0

#9
Discer

Discer

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
Hello, Kristy.

Thank you so much! The computer is amazingly qucker and smoother!

I cant thank enough!


Logfile of HijackThis v1.99.1
Scan saved at 12:37:48, on 24.07.2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Programfiler\ewido\security suite\ewidoctrl.exe
C:\Programfiler\ewido\security suite\ewidoguard.exe
C:\Programfiler\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\System32\svchost.exe
C:\Programfiler\QuickTime\qttask.exe
C:\Programfiler\Softwin\BitDefender Free Edition\bdmcon.exe
C:\Programfiler\MSN Messenger\msnmsgr.exe
C:\Programfiler\Fellesfiler\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Programfiler\Pixoria\Konfabulator\Konfabulator.exe
C:\Programfiler\Fellesfiler\Softwin\BitDefender Scan Server\bdss.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\notepad.exe
C:\WINDOWS\notepad.exe
C:\WINDOWS\notepad.exe
C:\Programfiler\Winamp\winamp.exe
C:\Programfiler\Mozilla Firefox\firefox.exe
C:\hjt\HijackThis.exe
C:\Programfiler\Windows NT\Tilbehør\WORDPAD.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.tiscali.no
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.tiscali.no
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hp.no/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Tiscali Internet Explorer
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://www.online.no/proxy.pac
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=proxy.tiscali.no:8080;https=proxy.tiscali.no:8080;ftp=proxy.tiscali.no:8080
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger
O4 - HKLM\..\Run: [ATIPTA] C:\Programfiler\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [BDMCon] C:\Programfiler\Softwin\BitDefender Free Edition\\bdmcon.exe
O4 - HKLM\..\Run: [BDNewsAgent] C:\Programfiler\Softwin\BitDefender Free Edition\\bdnagent.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Programfiler\MSN Messenger\msnmsgr.exe" /background
O4 - Startup: Konfabulator.lnk = C:\Programfiler\Pixoria\Konfabulator\Konfabulator.exe
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.t...all/xscan60.cab
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} - http://www.icanal.no...es/ExentCtl.ocx
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcaf...514/mcfscan.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AntiVir Update (AVWUpSrv) - Unknown owner - C:\Egen\kkk\AVWUPSRV.EXE (file missing)
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Programfiler\Fellesfiler\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: ewido security suite control - ewido networks - C:\Programfiler\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Programfiler\ewido\security suite\ewidoguard.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Programfiler\Fellesfiler\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)

-----------------


ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 12:19:34, 24.07.2005
+ Report-Checksum: F770A899

+ Scan result:

C:\Documents and Settings\Eier\Cookies\eier@advertising[2].txt -> Spyware.Cookie.Advertising : Cleaned with backup
C:\Documents and Settings\Eier\Cookies\eier@fastclick[1].txt -> Spyware.Cookie.Fastclick : Cleaned with backup
C:\Documents and Settings\Eier\Cookies\eier@servedby.advertising[1].txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.14:C:\Documents and Settings\Eier\Programdata\Mozilla\Firefox\Profiles\default.goj\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.15:C:\Documents and Settings\Eier\Programdata\Mozilla\Firefox\Profiles\default.goj\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.16:C:\Documents and Settings\Eier\Programdata\Mozilla\Firefox\Profiles\default.goj\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.17:C:\Documents and Settings\Eier\Programdata\Mozilla\Firefox\Profiles\default.goj\cookies.txt -> Spyware.Cookie.Adtech : Cleaned with backup
:mozilla.18:C:\Documents and Settings\Eier\Programdata\Mozilla\Firefox\Profiles\default.goj\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.19:C:\Documents and Settings\Eier\Programdata\Mozilla\Firefox\Profiles\default.goj\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.20:C:\Documents and Settings\Eier\Programdata\Mozilla\Firefox\Profiles\default.goj\cookies.txt -> Spyware.Cookie.Adtech : Cleaned with backup
:mozilla.23:C:\Documents and Settings\Eier\Programdata\Mozilla\Firefox\Profiles\default.goj\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.24:C:\Documents and Settings\Eier\Programdata\Mozilla\Firefox\Profiles\default.goj\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.25:C:\Documents and Settings\Eier\Programdata\Mozilla\Firefox\Profiles\default.goj\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.26:C:\Documents and Settings\Eier\Programdata\Mozilla\Firefox\Profiles\default.goj\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.27:C:\Documents and Settings\Eier\Programdata\Mozilla\Firefox\Profiles\default.goj\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.28:C:\Documents and Settings\Eier\Programdata\Mozilla\Firefox\Profiles\default.goj\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.29:C:\Documents and Settings\Eier\Programdata\Mozilla\Firefox\Profiles\default.goj\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.30:C:\Documents and Settings\Eier\Programdata\Mozilla\Firefox\Profiles\default.goj\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.31:C:\Documents and Settings\Eier\Programdata\Mozilla\Firefox\Profiles\default.goj\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.32:C:\Documents and Settings\Eier\Programdata\Mozilla\Firefox\Profiles\default.goj\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.33:C:\Documents and Settings\Eier\Programdata\Mozilla\Firefox\Profiles\default.goj\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.34:C:\Documents and Settings\Eier\Programdata\Mozilla\Firefox\Profiles\default.goj\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.43:C:\Documents and Settings\Eier\Programdata\Mozilla\Firefox\Profiles\default.goj\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.44:C:\Documents and Settings\Eier\Programdata\Mozilla\Firefox\Profiles\default.goj\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.50:C:\Documents and Settings\Eier\Programdata\Mozilla\Firefox\Profiles\default.goj\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.51:C:\Documents and Settings\Eier\Programdata\Mozilla\Firefox\Profiles\default.goj\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.68:C:\Documents and Settings\Eier\Programdata\Mozilla\Firefox\Profiles\default.goj\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.75:C:\Documents and Settings\Eier\Programdata\Mozilla\Firefox\Profiles\default.goj\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
:mozilla.78:C:\Documents and Settings\Eier\Programdata\Mozilla\Firefox\Profiles\default.goj\cookies.txt -> Spyware.Cookie.Tradedoubler : Cleaned with backup
:mozilla.79:C:\Documents and Settings\Eier\Programdata\Mozilla\Firefox\Profiles\default.goj\cookies.txt -> Spyware.Cookie.Tradedoubler : Cleaned with backup
:mozilla.83:C:\Documents and Settings\Eier\Programdata\Mozilla\Firefox\Profiles\default.goj\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.84:C:\Documents and Settings\Eier\Programdata\Mozilla\Firefox\Profiles\default.goj\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.85:C:\Documents and Settings\Eier\Programdata\Mozilla\Firefox\Profiles\default.goj\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.91:C:\Documents and Settings\Eier\Programdata\Mozilla\Firefox\Profiles\default.goj\cookies.txt -> Spyware.Cookie.Bfast : Cleaned with backup
:mozilla.113:C:\Documents and Settings\Eier\Programdata\Mozilla\Firefox\Profiles\default.goj\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.114:C:\Documents and Settings\Eier\Programdata\Mozilla\Firefox\Profiles\default.goj\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.115:C:\Documents and Settings\Eier\Programdata\Mozilla\Firefox\Profiles\default.goj\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.116:C:\Documents and Settings\Eier\Programdata\Mozilla\Firefox\Profiles\default.goj\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.117:C:\Documents and Settings\Eier\Programdata\Mozilla\Firefox\Profiles\default.goj\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.118:C:\Documents and Settings\Eier\Programdata\Mozilla\Firefox\Profiles\default.goj\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.122:C:\Documents and Settings\Eier\Programdata\Mozilla\Firefox\Profiles\default.goj\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.156:C:\Documents and Settings\Eier\Programdata\Mozilla\Firefox\Profiles\default.goj\cookies.txt -> Spyware.Cookie.Valueclick : Cleaned with backup
:mozilla.157:C:\Documents and Settings\Eier\Programdata\Mozilla\Firefox\Profiles\default.goj\cookies.txt -> Spyware.Cookie.Valueclick : Cleaned with backup
:mozilla.385:C:\Documents and Settings\Eier\Programdata\Mozilla\Firefox\Profiles\default.goj\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
C:\WINDOWS\system32\cjkadj.exe -> Adware.BetterInternet : Cleaned with backup


::Report End
  • 0

#10
Kristy

Kristy

    Visiting Consultant

  • Member
  • PipPipPipPip
  • 1,099 posts
No problem Discer ;)

Congratulations! Your log is clean!

**You may now re-hide hidden files**

Here are some tips, to reduce the potential for spyware infection in the future, I strongly recommend installing the following applications:

Detect and Remove Programs:
  • How to use Ad-Aware to remove Spyware <= If you suspect that you have spyware installed on your computer, here are instructions on how to download, install and then use Ad-Aware.
  • How to use Spybot to remove Spyware <= If you suspect that you have spyware installed on your computer, here are instructions on how to download, install and then use Spybot. Similar to Ad-Aware, I strongly recommend both to catch most spyware.
Prevention Programs:
  • Spywareblaster <= SpywareBlaster will prevent spyware from being installed.
  • Spywareguard <= SpywareGuard offers realtime protection from spyware installation attempts.
  • IE/Spyad <= IE/Spyad places over 4000 websites and domains in the IE Restricted list which will severely impair attempts to infect your system. It basically prevents any downloads (Cookies etc) from the sites listed, although you will still be able to connect to the sites.
  • MVPS Hosts file <= The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your coputer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer
  • Google Toolbar <= Get the free google toolbar to help stop pop up windows.
Other necessary Programs:
  • AntiVirus Program<= An AntiVirus program is a must! Whether it is a free version like AVG or Anti-Vir, or a shareware version like Norton or Kapersky, this is a must have.
  • Firewall<= A firewall is definatley a must have. Two good free versions are Sygate and ZoneLabs.
  • More Secure Browser<= Internet Explorer is not the most secure and best browser. There are safer and better alternatives available. I recommend Firefox, however Opera and SlimBrowsers are good as well.
And also see TonyKlein's good advice
So how did I get infected in the first place? and AntiSpyware Net's spyware article: Spyware, Adware, Malware: What it is, how it got on my computer, how to get rid of it, and how to prevent it.

~Kristy :tazz:
  • 0

#11
Kristy

Kristy

    Visiting Consultant

  • Member
  • PipPipPipPip
  • 1,099 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP