Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

problems with nail.exe, DrPMon.dll, svcproc.exe


  • Please log in to reply

#1
kopacu

kopacu

    New Member

  • Member
  • Pip
  • 4 posts
It's my first time on geekstogo.com and I don't know what to tell you exactly.
First I've been having trouble with the message regarding the missing of nail.exe every time windows started. It seems that I have fixed this with Ad-Aware.
My current problem is the following: my antivirus, AVG, display a set of 3 message regarding infections of the files nail.exe, DrPMon.dll, svcproc.exe. Every time I press delete in each dialog window but this still appear after a couple minutes.
I am posting the HijackThis log here hoping that someone will help me.

Logfile of HijackThis v1.99.1
Scan saved at 23:21:44, on 07.07.2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\Google\Gmail Notifier\G001-1.0.24.0\gnotify.exe
C:\PROGRA~1\Trust\Keyboard\Ikeymain.exe
C:\PROGRA~1\Trust\Mouse\Amoumain.exe
C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\j1krnqm4.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Logitech\Video\LogiTray.exe
c:\windows\system32\glafcy.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\LVComS.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Securitate\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ro/
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\2.bin\MWSSRCAS.DLL
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\2.bin\MWSSRCAS.DLL
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_5_7_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: RichEditor Class - {F79A2C4B-8776-4ED7-8B2F-4786A4A3500A} - C:\WINDOWS\system32\richedtr.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_5_7_0.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\G001-1.0.24.0\gnotify.exe
O4 - HKLM\..\Run: [iKeyWorks] C:\PROGRA~1\Trust\Keyboard\Ikeymain.exe
O4 - HKLM\..\Run: [WheelMouse] C:\PROGRA~1\Trust\Mouse\Amoumain.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [qjgjnm] c:\windows\system32\dxtdch.exe
O4 - HKLM\..\Run: [n338t4d9] C:\WINDOWS\system32\n338t4d9.exe
O4 - HKLM\..\Run: [j1krnqm4] C:\WINDOWS\system32\j1krnqm4.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [richup] C:\WINDOWS\system32\richup.exe
O4 - HKLM\..\Run: [zxptyl] c:\windows\system32\zxptyl.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [gah95on6] C:\WINDOWS\system32\gah95on6.exe
O4 - HKLM\..\Run: [farmmext] C:\WINDOWS\farmmext.exe
O4 - HKLM\..\Run: [ctrtui] c:\windows\system32\glafcy.exe r
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport în Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe (file missing)



Thank you.
  • 0

Advertisements


#2
therock247uk

therock247uk

    Expert

  • Expert
  • 14,671 posts
  • MVP
Please download the trial version of Ewido Security Suite here:
http://www.ewido.net/en/download/
Install it, and update the definitions to the newest files. Do NOT run a scan yet.

Please download Nailfix from here:
http://www.noidea.us...050515010747824
Unzip it to the desktop but please do NOT run it yet.

Next, please reboot your computer in Safe Mode by doing the following:
1) Restart your computer
2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3) Instead of Windows loading as normal, a menu should appear
4) Select the first option, to run Windows in Safe Mode.

For additional help in booting into Safe Mode, see the following site:
http://www.pchell.co.../safemode.shtml


Once in Safe Mode, please double-click on Nailfix.cmd. Your desktop and icons will disappear and reappear, and a window should open and close very quickly --- this is normal.

Then please run Ewido, and run a full scan. Save the logfile from the scan.

Restart your computer in normal mode and please post a new HijackThis log, as well as the log from the Ewido scan.
  • 0

#3
kopacu

kopacu

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
Ok! Sorry for the delay. Now I'm ready, so you can still help me here is my HijackThis log:

Logfile of HijackThis v1.99.1
Scan saved at 22:33:25, on 11.07.2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\Google\Gmail Notifier\G001-1.0.24.0\gnotify.exe
C:\PROGRA~1\Trust\Keyboard\Ikeymain.exe
C:\PROGRA~1\Trust\Mouse\Amoumain.exe
C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\LVComS.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Securitate\hijackthis\HijackThis.exe
C:\WINDOWS\system32\wuauclt.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ro/
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\2.bin\MWSSRCAS.DLL (file missing)
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_5_7_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: RichEditor Class - {F79A2C4B-8776-4ED7-8B2F-4786A4A3500A} - C:\WINDOWS\system32\richedtr.dll (file missing)
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_5_7_0.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\G001-1.0.24.0\gnotify.exe
O4 - HKLM\..\Run: [iKeyWorks] C:\PROGRA~1\Trust\Keyboard\Ikeymain.exe
O4 - HKLM\..\Run: [WheelMouse] C:\PROGRA~1\Trust\Mouse\Amoumain.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [qjgjnm] c:\windows\system32\dxtdch.exe
O4 - HKLM\..\Run: [n338t4d9] C:\WINDOWS\system32\n338t4d9.exe
O4 - HKLM\..\Run: [j1krnqm4] C:\WINDOWS\system32\j1krnqm4.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [richup] C:\WINDOWS\system32\richup.exe
O4 - HKLM\..\Run: [zxptyl] c:\windows\system32\zxptyl.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [gah95on6] C:\WINDOWS\system32\gah95on6.exe
O4 - HKLM\..\Run: [farmmext] C:\WINDOWS\farmmext.exe
O4 - HKLM\..\Run: [hsinwmd] c:\windows\system32\uouctz.exe r
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport în Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

Thank you.
  • 0

#4
therock247uk

therock247uk

    Expert

  • Expert
  • 14,671 posts
  • MVP
Please download ewido security suite it is a trial version of the program.
  • Install ewido security suite
  • When installing, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu".
  • Launch ewido, there should be an icon on your desktop double-click it.
  • The program will now go to the main screen
You will need to update ewido to the latest definition files.
  • On the left hand side of the main screen click update
  • Then click on Start Update
The update will start and a progress bar will show the updates being installed.
If you are having problems with the updater, you can use this link to manually update ewido.
ewido manual updates

Boot into safemode to do this keep tapping F8 on your keyboard while your PC is starting up you will get a menu select safemode.

Open Ewido again
  • Click on scanner
  • Click on Complete System Scan and the scan will begin.
  • While the scan is in progress you will be prompted to clean files, click OK
  • When it asks if you want to clean the first file, put a check in the lower left corner of the box that says "Perform action on all infections" then choose clean and click OK.
  • Once the scan has completed, there will be a button located on the bottom of the screen named Save report
  • Click Save report.
  • Save the report .txt file to your desktop.
Now close ewido security suite.

Reboot and Post the report Ewido made and a new Hijackthis log here in a reply.
  • 0

#5
kopacu

kopacu

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
Here it is. It installed himself in romanian language, so it contains some romanian words.
Here is the translation of phrase "Curatat cu backup" frequently meet in report
"Curatat cu backup"=cleared, deleted with backup


---------------------------------------------------------
ewido security suite - Raport Scanare
---------------------------------------------------------

+ Creat la: 22:28:56, 11.07.2005
+ Raport-Checksum: D3A0EE69

+ Scan result:

HKLM\SOFTWARE\Classes\CLSID\{00A6FAF1-072E-44cf-8957-5838F569A31D} -> Spyware.MyWebSearch : Curatat cu backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00A6FAF1-072E-44cf-8957-5838F569A31D} -> Spyware.MyWebSearch : Curatat cu backup
HKLM\SOFTWARE\SafeSurfing -> Spyware.SafeSurfing : Curatat cu backup
HKLM\SOFTWARE\SafeSurfing\System -> Spyware.SafeSurfing : Curatat cu backup
HKU\S-1-5-21-2052111302-1284227242-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000049-8F91-4D9C-9573-F016E7626484} -> Spyware.BetterInternet : Curatat cu backup
HKU\S-1-5-21-2052111302-1284227242-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF1-072E-44CF-8957-5838F569A31D} -> Spyware.MyWebSearch : Curatat cu backup
HKU\S-1-5-21-2052111302-1284227242-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} -> Spyware.WinFavorites : Curatat cu backup
HKU\S-1-5-21-2052111302-1284227242-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{16B238D5-80DE-47CE-8F17-B3ECE2C2248D} -> Spyware.Begin2Search : Curatat cu backup
HKU\S-1-5-21-2052111302-1284227242-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{22B720C7-5FA6-40A8-9F8F-8584BF669690} -> Spyware.Begin2Search : Curatat cu backup
HKU\S-1-5-21-2052111302-1284227242-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{302A3240-4805-4A34-97D7-1645A0B08410} -> Spyware.VX2 : Curatat cu backup
HKU\S-1-5-21-2052111302-1284227242-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{999A06FF-10EF-4A29-8640-69E99882C26B} -> Spyware.Begin2Search : Curatat cu backup
HKU\S-1-5-21-2052111302-1284227242-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C95FE080-8F5D-11D2-A20B-00AA003C157A} -> Spyware.Alexa : Curatat cu backup
HKU\S-1-5-21-2052111302-1284227242-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DDFFA75A-E81D-4454-89FC-B9FD0631E726} -> Spyware.VX2 : Curatat cu backup
HKU\S-1-5-21-2052111302-1284227242-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEF29D20-9A47-4657-ADF7-283EC2504001} -> Spyware.i-Lookup : Curatat cu backup
HKU\S-1-5-21-2052111302-1284227242-725345543-1003\Software\_rtneg2 -> Spyware.Begin2Search : Curatat cu backup
HKU\S-1-5-21-2052111302-1284227242-725345543-1003\Software\_rtneg2\eeennn -> Spyware.Begin2Search : Curatat cu backup
HKU\S-1-5-21-2052111302-1284227242-725345543-1003\Software\_rtneg2\kkws -> Spyware.Begin2Search : Curatat cu backup
HKU\S-1-5-21-2052111302-1284227242-725345543-1003\Software\_rtneg2\ppops -> Spyware.Begin2Search : Curatat cu backup
HKU\S-1-5-21-2052111302-1284227242-725345543-1003\Software\_rtneg2\reel -> Spyware.Begin2Search : Curatat cu backup
HKU\S-1-5-21-2052111302-1284227242-725345543-1003\Software\_rtneg2\ssites -> Spyware.Begin2Search : Curatat cu backup
:mozilla.23:C:\Documents and Settings\Familia\Application Data\Mozilla\Firefox\Profiles\oorcc6bn.default\cookies.txt -> Spyware.Cookie.Fastclick : Curatat cu backup
:mozilla.24:C:\Documents and Settings\Familia\Application Data\Mozilla\Firefox\Profiles\oorcc6bn.default\cookies.txt -> Spyware.Cookie.Fastclick : Curatat cu backup
:mozilla.25:C:\Documents and Settings\Familia\Application Data\Mozilla\Firefox\Profiles\oorcc6bn.default\cookies.txt -> Spyware.Cookie.Fastclick : Curatat cu backup
:mozilla.26:C:\Documents and Settings\Familia\Application Data\Mozilla\Firefox\Profiles\oorcc6bn.default\cookies.txt -> Spyware.Cookie.Fastclick : Curatat cu backup
:mozilla.27:C:\Documents and Settings\Familia\Application Data\Mozilla\Firefox\Profiles\oorcc6bn.default\cookies.txt -> Spyware.Cookie.Fastclick : Curatat cu backup
:mozilla.28:C:\Documents and Settings\Familia\Application Data\Mozilla\Firefox\Profiles\oorcc6bn.default\cookies.txt -> Spyware.Cookie.Fastclick : Curatat cu backup
:mozilla.29:C:\Documents and Settings\Familia\Application Data\Mozilla\Firefox\Profiles\oorcc6bn.default\cookies.txt -> Spyware.Cookie.Fastclick : Curatat cu backup
:mozilla.30:C:\Documents and Settings\Familia\Application Data\Mozilla\Firefox\Profiles\oorcc6bn.default\cookies.txt -> Spyware.Cookie.Fastclick : Curatat cu backup
:mozilla.39:C:\Documents and Settings\Familia\Application Data\Mozilla\Firefox\Profiles\oorcc6bn.default\cookies.txt -> Spyware.Cookie.Atdmt : Curatat cu backup
:mozilla.40:C:\Documents and Settings\Familia\Application Data\Mozilla\Firefox\Profiles\oorcc6bn.default\cookies.txt -> Spyware.Cookie.Valueclick : Curatat cu backup
:mozilla.64:C:\Documents and Settings\Familia\Application Data\Mozilla\Firefox\Profiles\oorcc6bn.default\cookies.txt -> Spyware.Cookie.Doubleclick : Curatat cu backup
:mozilla.65:C:\Documents and Settings\Familia\Application Data\Mozilla\Firefox\Profiles\oorcc6bn.default\cookies.txt -> Spyware.Cookie.Adserver : Curatat cu backup
:mozilla.66:C:\Documents and Settings\Familia\Application Data\Mozilla\Firefox\Profiles\oorcc6bn.default\cookies.txt -> Spyware.Cookie.Adserver : Curatat cu backup
:mozilla.67:C:\Documents and Settings\Familia\Application Data\Mozilla\Firefox\Profiles\oorcc6bn.default\cookies.txt -> Spyware.Cookie.Adserver : Curatat cu backup
:mozilla.68:C:\Documents and Settings\Familia\Application Data\Mozilla\Firefox\Profiles\oorcc6bn.default\cookies.txt -> Spyware.Cookie.Adserver : Curatat cu backup
:mozilla.69:C:\Documents and Settings\Familia\Application Data\Mozilla\Firefox\Profiles\oorcc6bn.default\cookies.txt -> Spyware.Cookie.Adserver : Curatat cu backup
:mozilla.85:C:\Documents and Settings\Familia\Application Data\Mozilla\Firefox\Profiles\oorcc6bn.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Curatat cu backup
:mozilla.86:C:\Documents and Settings\Familia\Application Data\Mozilla\Firefox\Profiles\oorcc6bn.default\cookies.txt -> Spyware.Cookie.Advertising : Curatat cu backup
:mozilla.87:C:\Documents and Settings\Familia\Application Data\Mozilla\Firefox\Profiles\oorcc6bn.default\cookies.txt -> Spyware.Cookie.Advertising : Curatat cu backup
:mozilla.88:C:\Documents and Settings\Familia\Application Data\Mozilla\Firefox\Profiles\oorcc6bn.default\cookies.txt -> Spyware.Cookie.Advertising : Curatat cu backup
:mozilla.89:C:\Documents and Settings\Familia\Application Data\Mozilla\Firefox\Profiles\oorcc6bn.default\cookies.txt -> Spyware.Cookie.Advertising : Curatat cu backup
:mozilla.90:C:\Documents and Settings\Familia\Application Data\Mozilla\Firefox\Profiles\oorcc6bn.default\cookies.txt -> Spyware.Cookie.Advertising : Curatat cu backup
:mozilla.91:C:\Documents and Settings\Familia\Application Data\Mozilla\Firefox\Profiles\oorcc6bn.default\cookies.txt -> Spyware.Cookie.Advertising : Curatat cu backup
:mozilla.92:C:\Documents and Settings\Familia\Application Data\Mozilla\Firefox\Profiles\oorcc6bn.default\cookies.txt -> Spyware.Cookie.Advertising : Curatat cu backup
:mozilla.93:C:\Documents and Settings\Familia\Application Data\Mozilla\Firefox\Profiles\oorcc6bn.default\cookies.txt -> Spyware.Cookie.Advertising : Curatat cu backup
:mozilla.94:C:\Documents and Settings\Familia\Application Data\Mozilla\Firefox\Profiles\oorcc6bn.default\cookies.txt -> Spyware.Cookie.Advertising : Curatat cu backup
:mozilla.95:C:\Documents and Settings\Familia\Application Data\Mozilla\Firefox\Profiles\oorcc6bn.default\cookies.txt -> Spyware.Cookie.Advertising : Curatat cu backup
:mozilla.96:C:\Documents and Settings\Familia\Application Data\Mozilla\Firefox\Profiles\oorcc6bn.default\cookies.txt -> Spyware.Cookie.Advertising : Curatat cu backup
:mozilla.97:C:\Documents and Settings\Familia\Application Data\Mozilla\Firefox\Profiles\oorcc6bn.default\cookies.txt -> Spyware.Cookie.Advertising : Curatat cu backup
:mozilla.98:C:\Documents and Settings\Familia\Application Data\Mozilla\Firefox\Profiles\oorcc6bn.default\cookies.txt -> Spyware.Cookie.Advertising : Curatat cu backup
:mozilla.99:C:\Documents and Settings\Familia\Application Data\Mozilla\Firefox\Profiles\oorcc6bn.default\cookies.txt -> Spyware.Cookie.Advertising : Curatat cu backup
:mozilla.100:C:\Documents and Settings\Familia\Application Data\Mozilla\Firefox\Profiles\oorcc6bn.default\cookies.txt -> Spyware.Cookie.Advertising : Curatat cu backup
:mozilla.101:C:\Documents and Settings\Familia\Application Data\Mozilla\Firefox\Profiles\oorcc6bn.default\cookies.txt -> Spyware.Cookie.Advertising : Curatat cu backup
:mozilla.102:C:\Documents and Settings\Familia\Application Data\Mozilla\Firefox\Profiles\oorcc6bn.default\cookies.txt -> Spyware.Cookie.Advertising : Curatat cu backup
:mozilla.118:C:\Documents and Settings\Familia\Application Data\Mozilla\Firefox\Profiles\oorcc6bn.default\cookies.txt -> Spyware.Cookie.Sexlist : Curatat cu backup
:mozilla.119:C:\Documents and Settings\Familia\Application Data\Mozilla\Firefox\Profiles\oorcc6bn.default\cookies.txt -> Spyware.Cookie.Sexlist : Curatat cu backup
:mozilla.120:C:\Documents and Settings\Familia\Application Data\Mozilla\Firefox\Profiles\oorcc6bn.default\cookies.txt -> Spyware.Cookie.Sexlist : Curatat cu backup
:mozilla.121:C:\Documents and Settings\Familia\Application Data\Mozilla\Firefox\Profiles\oorcc6bn.default\cookies.txt -> Spyware.Cookie.Sexlist : Curatat cu backup
:mozilla.122:C:\Documents and Settings\Familia\Application Data\Mozilla\Firefox\Profiles\oorcc6bn.default\cookies.txt -> Spyware.Cookie.Sexlist : Curatat cu backup
:mozilla.123:C:\Documents and Settings\Familia\Application Data\Mozilla\Firefox\Profiles\oorcc6bn.default\cookies.txt -> Spyware.Cookie.Sexlist : Curatat cu backup
:mozilla.124:C:\Documents and Settings\Familia\Application Data\Mozilla\Firefox\Profiles\oorcc6bn.default\cookies.txt -> Spyware.Cookie.Sexlist : Curatat cu backup
:mozilla.125:C:\Documents and Settings\Familia\Application Data\Mozilla\Firefox\Profiles\oorcc6bn.default\cookies.txt -> Spyware.Cookie.Sexlist : Curatat cu backup
:mozilla.126:C:\Documents and Settings\Familia\Application Data\Mozilla\Firefox\Profiles\oorcc6bn.default\cookies.txt -> Spyware.Cookie.Sexlist : Curatat cu backup
:mozilla.127:C:\Documents and Settings\Familia\Application Data\Mozilla\Firefox\Profiles\oorcc6bn.default\cookies.txt -> Spyware.Cookie.Sexlist : Curatat cu backup
:mozilla.128:C:\Documents and Settings\Familia\Application Data\Mozilla\Firefox\Profiles\oorcc6bn.default\cookies.txt -> Spyware.Cookie.Sexlist : Curatat cu backup
:mozilla.129:C:\Documents and Settings\Familia\Application Data\Mozilla\Firefox\Profiles\oorcc6bn.default\cookies.txt -> Spyware.Cookie.Sexlist : Curatat cu backup
:mozilla.130:C:\Documents and Settings\Familia\Application Data\Mozilla\Firefox\Profiles\oorcc6bn.default\cookies.txt -> Spyware.Cookie.Sexlist : Curatat cu backup
:mozilla.131:C:\Documents and Settings\Familia\Application Data\Mozilla\Firefox\Profiles\oorcc6bn.default\cookies.txt -> Spyware.Cookie.Sexlist : Curatat cu backup
:mozilla.132:C:\Documents and Settings\Familia\Application Data\Mozilla\Firefox\Profiles\oorcc6bn.default\cookies.txt -> Spyware.Cookie.Sexlist : Curatat cu backup
:mozilla.133:C:\Documents and Settings\Familia\Application Data\Mozilla\Firefox\Profiles\oorcc6bn.default\cookies.txt -> Spyware.Cookie.Sexlist : Curatat cu backup
:mozilla.147:C:\Documents and Settings\Familia\Application Data\Mozilla\Firefox\Profiles\oorcc6bn.default\cookies.txt -> Spyware.Cookie.Findwhat : Curatat cu backup
:mozilla.186:C:\Documents and Settings\Familia\Application Data\Mozilla\Firefox\Profiles\oorcc6bn.default\cookies.txt -> Spyware.Cookie.Overture : Curatat cu backup
:mozilla.187:C:\Documents and Settings\Familia\Application Data\Mozilla\Firefox\Profiles\oorcc6bn.default\cookies.txt -> Spyware.Cookie.Overture : Curatat cu backup
:mozilla.244:C:\Documents and Settings\Familia\Application Data\Mozilla\Firefox\Profiles\oorcc6bn.default\cookies.txt -> Spyware.Cookie.Spylog : Curatat cu backup
:mozilla.250:C:\Documents and Settings\Familia\Application Data\Mozilla\Firefox\Profiles\oorcc6bn.default\cookies.txt -> Spyware.Cookie.Bluestreak : Curatat cu backup
:mozilla.259:C:\Documents and Settings\Familia\Application Data\Mozilla\Firefox\Profiles\oorcc6bn.default\cookies.txt -> Spyware.Cookie.Pointroll : Curatat cu backup
:mozilla.260:C:\Documents and Settings\Familia\Application Data\Mozilla\Firefox\Profiles\oorcc6bn.default\cookies.txt -> Spyware.Cookie.Pointroll : Curatat cu backup
:mozilla.261:C:\Documents and Settings\Familia\Application Data\Mozilla\Firefox\Profiles\oorcc6bn.default\cookies.txt -> Spyware.Cookie.Pointroll : Curatat cu backup
:mozilla.264:C:\Documents and Settings\Familia\Application Data\Mozilla\Firefox\Profiles\oorcc6bn.default\cookies.txt -> Spyware.Cookie.Overture : Curatat cu backup
:mozilla.265:C:\Documents and Settings\Familia\Application Data\Mozilla\Firefox\Profiles\oorcc6bn.default\cookies.txt -> Spyware.Cookie.Questionmarket : Curatat cu backup
:mozilla.287:C:\Documents and Settings\Familia\Application Data\Mozilla\Firefox\Profiles\oorcc6bn.default\cookies.txt -> Spyware.Cookie.Webtrendslive : Curatat cu backup
:mozilla.288:C:\Documents and Settings\Familia\Application Data\Mozilla\Firefox\Profiles\oorcc6bn.default\cookies.txt -> Spyware.Cookie.Webtrendslive : Curatat cu backup
:mozilla.304:C:\Documents and Settings\Familia\Application Data\Mozilla\Firefox\Profiles\oorcc6bn.default\cookies.txt -> Spyware.Cookie.Centrport : Curatat cu backup
:mozilla.305:C:\Documents and Settings\Familia\Application Data\Mozilla\Firefox\Profiles\oorcc6bn.default\cookies.txt -> Spyware.Cookie.Centrport : Curatat cu backup
:mozilla.325:C:\Documents and Settings\Familia\Application Data\Mozilla\Firefox\Profiles\oorcc6bn.default\cookies.txt -> Spyware.Cookie.Paycounter : Curatat cu backup
:mozilla.346:C:\Documents and Settings\Familia\Application Data\Mozilla\Firefox\Profiles\oorcc6bn.default\cookies.txt -> Spyware.Cookie.Hitbox : Curatat cu backup
:mozilla.347:C:\Documents and Settings\Familia\Application Data\Mozilla\Firefox\Profiles\oorcc6bn.default\cookies.txt -> Spyware.Cookie.Hitbox : Curatat cu backup
:mozilla.348:C:\Documents and Settings\Familia\Application Data\Mozilla\Firefox\Profiles\oorcc6bn.default\cookies.txt -> Spyware.Cookie.Hitbox : Curatat cu backup
:mozilla.349:C:\Documents and Settings\Familia\Application Data\Mozilla\Firefox\Profiles\oorcc6bn.default\cookies.txt -> Spyware.Cookie.Hitbox : Curatat cu backup
:mozilla.354:C:\Documents and Settings\Familia\Application Data\Mozilla\Firefox\Profiles\oorcc6bn.default\cookies.txt -> Spyware.Cookie.Mediaplex : Curatat cu backup
:mozilla.395:C:\Documents and Settings\Familia\Application Data\Mozilla\Firefox\Profiles\oorcc6bn.default\cookies.txt -> Spyware.Cookie.Weborama : Curatat cu backup
:mozilla.401:C:\Documents and Settings\Familia\Application Data\Mozilla\Firefox\Profiles\oorcc6bn.default\cookies.txt -> Spyware.Cookie.Targetnet : Curatat cu backup
:mozilla.402:C:\Documents and Settings\Familia\Application Data\Mozilla\Firefox\Profiles\oorcc6bn.default\cookies.txt -> Spyware.Cookie.Ru4 : Curatat cu backup
:mozilla.10:C:\Documents and Settings\lugulugu\Application Data\Mozilla\Firefox\Profiles\87zd8r1u.default\cookies-1.txt -> Spyware.Cookie.Advertising : Curatat cu backup
:mozilla.11:C:\Documents and Settings\lugulugu\Application Data\Mozilla\Firefox\Profiles\87zd8r1u.default\cookies-1.txt -> Spyware.Cookie.Atdmt : Curatat cu backup
:mozilla.14:C:\Documents and Settings\lugulugu\Application Data\Mozilla\Firefox\Profiles\87zd8r1u.default\cookies-1.txt -> Spyware.Cookie.Doubleclick : Curatat cu backup
:mozilla.15:C:\Documents and Settings\lugulugu\Application Data\Mozilla\Firefox\Profiles\87zd8r1u.default\cookies-1.txt -> Spyware.Cookie.Mediaplex : Curatat cu backup
:mozilla.20:C:\Documents and Settings\lugulugu\Application Data\Mozilla\Firefox\Profiles\87zd8r1u.default\cookies-1.txt -> Spyware.Cookie.Tribalfusion : Curatat cu backup
:mozilla.21:C:\Documents and Settings\lugulugu\Application Data\Mozilla\Firefox\Profiles\87zd8r1u.default\cookies-1.txt -> Spyware.Cookie.Centrport : Curatat cu backup
:mozilla.33:C:\Documents and Settings\lugulugu\Application Data\Mozilla\Firefox\Profiles\87zd8r1u.default\cookies-1.txt -> Spyware.Cookie.Fastclick : Curatat cu backup
:mozilla.49:C:\Documents and Settings\lugulugu\Application Data\Mozilla\Firefox\Profiles\87zd8r1u.default\cookies-1.txt -> Spyware.Cookie.Trafficmp : Curatat cu backup
:mozilla.63:C:\Documents and Settings\lugulugu\Application Data\Mozilla\Firefox\Profiles\87zd8r1u.default\cookies-1.txt -> Spyware.Cookie.Bfast : Curatat cu backup
:mozilla.70:C:\Documents and Settings\lugulugu\Application Data\Mozilla\Firefox\Profiles\87zd8r1u.default\cookies-1.txt -> Spyware.Cookie.Hitbox : Curatat cu backup
:mozilla.82:C:\Documents and Settings\lugulugu\Application Data\Mozilla\Firefox\Profiles\87zd8r1u.default\cookies-1.txt -> Spyware.Cookie.Hitbox : Curatat cu backup
:mozilla.89:C:\Documents and Settings\lugulugu\Application Data\Mozilla\Firefox\Profiles\87zd8r1u.default\cookies-1.txt -> Spyware.Cookie.Adserver : Curatat cu backup
:mozilla.90:C:\Documents and Settings\lugulugu\Application Data\Mozilla\Firefox\Profiles\87zd8r1u.default\cookies-1.txt -> Spyware.Cookie.Adserver : Curatat cu backup
:mozilla.112:C:\Documents and Settings\lugulugu\Application Data\Mozilla\Firefox\Profiles\87zd8r1u.default\cookies-1.txt -> Spyware.Cookie.Findwhat : Curatat cu backup
C:\Documents and Settings\lugulugu\Cookies\lugulugu@doubleclick[1].txt -> Spyware.Cookie.Doubleclick : Curatat cu backup
C:\Documents and Settings\lugulugu\Cookies\lugulugu@perf.overture[1].txt -> Spyware.Cookie.Overture : Curatat cu backup
C:\Program Files\Mozilla Firefox\plugins\NPMyWebS.dll -> Spyware.MyWebSearch : Curatat cu backup
C:\Program Files\MyWebSearch\bar\1.bin\F3PSSAVR.SCR -> Spyware.MyWebSearch : Curatat cu backup
C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE -> Spyware.Wesbar : Curatat cu backup
C:\Program Files\MyWebSearch\bar\2.bin\F3PSSAVR.SCR -> Spyware.MyWebSearch : Curatat cu backup
C:\Program Files\MyWebSearch\bar\2.bin\MWSOEMON.EXE -> Spyware.Wesbar : Curatat cu backup
C:\Program Files\MyWebSearch\SrchAstt\2.bin\MWSSRCAS.DLL -> Spyware.MyWebSearch : Curatat cu backup
C:\WINDOWS\4a6rcte0.exe -> Adware.SAHA : Curatat cu backup
C:\WINDOWS\bmqkxhemrui.exe -> Adware.BetterInternet : Curatat cu backup
C:\WINDOWS\hujrpz.exe -> Adware.BetterInternet : Curatat cu backup
C:\WINDOWS\lphgh4li.exe -> Adware.SAHA : Curatat cu backup
C:\WINDOWS\system32\COMMCOS2.DLL -> Spyware.SafeSurfing : Curatat cu backup
C:\WINDOWS\system32\cxdxregt.exe -> Trojan.Zx.12 : Curatat cu backup
C:\WINDOWS\system32\j1krnqm4.exe -> Adware.SAHA : Curatat cu backup
C:\WINDOWS\system32\l2tphlhh.dll -> Adware.SAHA : Curatat cu backup
C:\WINDOWS\system32\n338t4d9.exe -> Adware.SAHA : Curatat cu backup
C:\WINDOWS\system32\nsaDC.dll -> Spyware.Beginto : Curatat cu backup
C:\WINDOWS\system32\nsuB5.dll -> Spyware.Beginto : Curatat cu backup
C:\WINDOWS\system32\richedtr.dll -> Spyware.SafeSurfing : Curatat cu backup
C:\WINDOWS\system32\richup.exe -> Spyware.SafeSurfing : Curatat cu backup
C:\WINDOWS\system32\uouctz.exe -> Adware.BetterInternet : Curatat cu backup
C:\WINDOWS\system320nskC0 -> Spyware.HotSearchBar : Curatat cu backup
C:\WINDOWS\wt\wtupdates\wtwebdriver\files\3.0.0.173\npwthost.dll -> Spyware.WildTangent : Curatat cu backup
C:\WINDOWS\wt\wtupdates\wtwebdriver\files\3.0.0.173\wtvh.dll -> Spyware.WildTangent : Curatat cu backup
C:\WINDOWS\wt\wtvh.dll -> Spyware.WildTangent : Curatat cu backup
E:\Kituri\Programare\MathCad\SETUP\IE\MSIE30.EXE/Iexplore.cab/icwconn1.exe -> Heuristic.Win32.Dialer : Eroare in timpul curatarii
E:\Stuff\Haioase\SHI MAI UMOR\Viagra.exe -> Not-A-Virus.Joke.Viagra : Curatat cu backup


::Sfarsit Raport
  • 0

#6
therock247uk

therock247uk

    Expert

  • Expert
  • 14,671 posts
  • MVP
Post a new Hijackthis log here in a reply.
  • 0

#7
kopacu

kopacu

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
The HijackThis log posted at #3 is created immediately after the ewido log from post #5. I cannot post a new log right now because I'm not at that computer. But if that one doesn't help you I will post another one when I will get to the computer, but this could take a while.
Thank you for helping me and thanks for you patience.
  • 0

#8
therock247uk

therock247uk

    Expert

  • Expert
  • 14,671 posts
  • MVP
Ok post one when you are at the computer again.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP