Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

oin, oin and more oin


  • Please log in to reply

#1
tager

tager

    Member

  • Member
  • PipPip
  • 16 posts
Logfile of HijackThis v1.99.1
Scan saved at 6:54:00 PM, on 8/8/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Rebate Retriever\RebateRetriever.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe
C:\WINDOWS\System32\raplpm.exe
C:\Program Files\acra\ueri.exe
C:\WINDOWS\System32\j?vaw.exe
C:\Program Files\D-Link AirPlus G\AirPlus.exe
C:\WINDOWS\dG9tIGdlcmFnaHR5\command.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Documents and Settings\tom geraghty.TOM-M7DFI6HQSGC\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\about.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O2 - BHO: SDWin32 Class - {24B4CF57-45C2-4CDE-A381-1D8FE8EA7832} - C:\WINDOWS\System32\qotci.dll (file missing)
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: LANBridge Class - {71D1708F-973D-4600-AF01-AD86688403AE} - C:\WINDOWS\System32\zqcrrnbs.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [dvd43] C:\Program Files\dvd43\dvd43_tray.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [t73j3Fe] nwebu.exe
O4 - HKLM\..\Run: [System service62] C:\WINDOWS\etb\pokapoka62.exe
O4 - HKLM\..\Run: [ttupt] C:\WINDOWS\ttupt.exe
O4 - HKLM\..\Run: [Rebate Retriever] C:\Program Files\Rebate Retriever\RebateRetriever.exe
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe"
O4 - HKLM\..\Run: [KavSvc] C:\WINDOWS\System32\raplpm.exe reg_run
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU\..\Run: [cwstRPK9l] inftuq.exe
O4 - HKCU\..\Run: [Uihe] C:\Program Files\acra\ueri.exe
O4 - HKCU\..\Run: [Qzoz] C:\WINDOWS\System32\j?vaw.exe
O4 - Global Startup: D-Link AirPlus G Configuration Utility.lnk = ?
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.c...nst20040510.cab
O16 - DPF: {4208FB4D-4E53-4F5A-BF7A-3E047DDB5281} (ActiveX Control) - http://www.icannnews.../ST/ActiveX.ocx
O16 - DPF: {56393399-041A-4650-94C7-13DFCB1F4665} (PSFormX Control) - http://www.my-etrust...er/pestscan.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/.../GrooveAX28.cab
O18 - Filter: text/html - (no CLSID) - (no file)
O20 - Winlogon Notify: Internet Settings - C:\WINDOWS\system32\tJembed.dll
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\dG9tIGdlcmFnaHR5\command.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: Windows VisFx Components - Unknown owner - C:\WINDOWS\keqjsvc.exe
  • 0

Advertisements


#2
tager

tager

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 7:34:33 PM, 8/8/2005
+ Report-Checksum: ADB12F08

+ Scan result:

[828] C:\WINDOWS\system32\tJembed.dll -> Spyware.Look2Me : Error during cleaning
[1404] C:\WINDOWS\system32\mvcsubs.dll -> Spyware.Look2Me : Error during cleaning
[1688] C:\WINDOWS\system32\mvcsubs.dll -> Spyware.Look2Me : Error during cleaning
[188] C:\Program Files\acra\ueri.exe -> TrojanDownloader.PurityScan.aa : Cleaned with backup
C:\WINDOWS\system32\zqcrrnbs.dll -> Spyware.SafeSurfing : Cleaned with backup
C:\Documents and Settings\tom geraghty.TOM-M7DFI6HQSGC\Local Settings\Temp\!update.exe -> TrojanDownloader.PurityScan.aa : Cleaned with backup
C:\Documents and Settings\tom geraghty.TOM-M7DFI6HQSGC\Local Settings\Temporary Internet Files\Content.IE5\I18D41W9\!update-2295[1].0000 -> TrojanDownloader.PurityScan.aa : Cleaned with backup
:mozilla.25:C:\Documents and Settings\tom geraghty.TOM-M7DFI6HQSGC\Application Data\Mozilla\Firefox\Profiles\81ydxwt2.default\cookies.txt -> Spyware.Cookie.Overture : Cleaned with backup
:mozilla.26:C:\Documents and Settings\tom geraghty.TOM-M7DFI6HQSGC\Application Data\Mozilla\Firefox\Profiles\81ydxwt2.default\cookies.txt -> Spyware.Cookie.Overture : Cleaned with backup
:mozilla.31:C:\Documents and Settings\tom geraghty.TOM-M7DFI6HQSGC\Application Data\Mozilla\Firefox\Profiles\81ydxwt2.default\cookies.txt -> Spyware.Cookie.Epilot : Cleaned with backup
C:\Program Files\acra\ueri.exe -> TrojanDownloader.PurityScan.aa : Cleaned with backup
C:\System Volume Information\_restore{EE49ACBF-D225-4402-A100-8D94A1CBF045}\RP88\A0038203.dll -> Spyware.HotSearchBar : Cleaned with backup
C:\System Volume Information\_restore{EE49ACBF-D225-4402-A100-8D94A1CBF045}\RP88\A0038204.exe -> Spyware.SafeSurfing : Cleaned with backup
C:\System Volume Information\_restore{EE49ACBF-D225-4402-A100-8D94A1CBF045}\RP88\A0038205.exe -> TrojanDownloader.VB.kd : Cleaned with backup
C:\System Volume Information\_restore{EE49ACBF-D225-4402-A100-8D94A1CBF045}\RP88\A0039183.exe -> TrojanDownloader.PurityScan.aa : Cleaned with backup
C:\System Volume Information\_restore{EE49ACBF-D225-4402-A100-8D94A1CBF045}\RP88\A0039190.dll -> Adware.eZula : Cleaned with backup
C:\System Volume Information\_restore{EE49ACBF-D225-4402-A100-8D94A1CBF045}\RP88\A0039194.dll -> Adware.eZula : Cleaned with backup
C:\System Volume Information\_restore{EE49ACBF-D225-4402-A100-8D94A1CBF045}\RP88\A0039195.exe -> TrojanDownloader.OneClickSearch.k : Cleaned with backup
C:\System Volume Information\_restore{EE49ACBF-D225-4402-A100-8D94A1CBF045}\RP88\A0039197.exe -> Adware.eZula : Cleaned with backup
C:\System Volume Information\_restore{EE49ACBF-D225-4402-A100-8D94A1CBF045}\RP88\A0039198.exe -> Adware.eZula : Cleaned with backup
C:\System Volume Information\_restore{EE49ACBF-D225-4402-A100-8D94A1CBF045}\RP88\A0039200.dll -> Adware.eZula : Cleaned with backup
C:\System Volume Information\_restore{EE49ACBF-D225-4402-A100-8D94A1CBF045}\RP88\A0039201.dll -> Adware.eZula : Cleaned with backup
C:\System Volume Information\_restore{EE49ACBF-D225-4402-A100-8D94A1CBF045}\RP88\A0039204.exe -> Adware.eZula : Cleaned with backup


::Report End
  • 0

#3
tager

tager

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
Logfile of HijackThis v1.99.1
Scan saved at 4:42:46 PM, on 8/10/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe
C:\Program Files\TrojanHunter 4.2\THGuard.exe
C:\Program Files\acra\ueri.exe
C:\WINDOWS\System32\j?vaw.exe
C:\Program Files\D-Link AirPlus G\AirPlus.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\WINDOWS\dG9tIGdlcmFnaHR5\command.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Documents and Settings\tom geraghty.TOM-M7DFI6HQSGC\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\about.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O2 - BHO: SDWin32 Class - {24B4CF57-45C2-4CDE-A381-1D8FE8EA7832} - C:\WINDOWS\System32\qotci.dll (file missing)
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: LANBridge Class - {71D1708F-973D-4600-AF01-AD86688403AE} - C:\WINDOWS\System32\zqcrrnbs.dll (file missing)
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [dvd43] C:\Program Files\dvd43\dvd43_tray.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [t73j3Fe] nwebu.exe
O4 - HKLM\..\Run: [System service62] C:\WINDOWS\etb\pokapoka62.exe
O4 - HKLM\..\Run: [ttupt] C:\WINDOWS\ttupt.exe
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe"
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.2\THGuard.exe"
O4 - HKLM\..\Run: [KavSvc] C:\WINDOWS\System32\raplpm.exe reg_run
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU\..\Run: [cwstRPK9l] inftuq.exe
O4 - HKCU\..\Run: [Uihe] C:\Program Files\acra\ueri.exe
O4 - HKCU\..\Run: [Qzoz] C:\WINDOWS\System32\j?vaw.exe
O4 - Global Startup: D-Link AirPlus G Configuration Utility.lnk = ?
O4 - Global Startup: naiu.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.c...nst20040510.cab
O16 - DPF: {4208FB4D-4E53-4F5A-BF7A-3E047DDB5281} (ActiveX Control) - http://www.icannnews.../ST/ActiveX.ocx
O16 - DPF: {56393399-041A-4650-94C7-13DFCB1F4665} (PSFormX Control) - http://www.my-etrust...er/pestscan.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/.../GrooveAX28.cab
O18 - Filter: text/html - (no CLSID) - (no file)
O20 - Winlogon Notify: Reliability - C:\WINDOWS\system32\tJembed.dll
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\dG9tIGdlcmFnaHR5\command.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: Windows VisFx Components - Unknown owner - C:\WINDOWS\keqjsvc.exe


---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 6:05:58 PM, 8/10/2005
+ Report-Checksum: 3887496B

+ Scan result:

[836] C:\WINDOWS\system32\tJembed.dll -> Spyware.Look2Me : Error during cleaning
C:\WINDOWS\system32\аti2evxx.exe -> Spyware.PurityScan : Cleaned with backup
C:\WINDOWS\system32\ryyty.dll.tcf -> Spyware.Adstart : Cleaned with backup
C:\WINDOWS\system32\hfipyed.sys -> Trojan.Painwin.a : Cleaned with backup
C:\WINDOWS\system32\heavefa.vxd -> Trojan.Painwin.a : Cleaned with backup
C:\System Volume Information\_restore{EE49ACBF-D225-4402-A100-8D94A1CBF045}\RP91\A0039289.dll -> Spyware.Adstart : Cleaned with backup
C:\System Volume Information\_restore{EE49ACBF-D225-4402-A100-8D94A1CBF045}\RP91\A0039294.exe -> TrojanDownloader.PurityScan.aa : Cleaned with backup


::Report End
  • 0

#4
tager

tager

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
Winfixer is in on this...

Logfile of HijackThis v1.99.1
Scan saved at 9:34:58 PM, on 8/12/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Documents and Settings\tom geraghty.TOM-M7DFI6HQSGC\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\about.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O2 - BHO: SDWin32 Class - {24B4CF57-45C2-4CDE-A381-1D8FE8EA7832} - C:\WINDOWS\System32\qotci.dll (file missing)
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: LANBridge Class - {71D1708F-973D-4600-AF01-AD86688403AE} - C:\WINDOWS\System32\zqcrrnbs.dll (file missing)
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [dvd43] C:\Program Files\dvd43\dvd43_tray.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [t73j3Fe] nwebu.exe
O4 - HKLM\..\Run: [System service62] C:\WINDOWS\etb\pokapoka62.exe
O4 - HKLM\..\Run: [ttupt] C:\WINDOWS\ttupt.exe
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe"
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.2\THGuard.exe"
O4 - HKLM\..\Run: [KavSvc] C:\WINDOWS\System32\raplpm.exe reg_run
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU\..\Run: [cwstRPK9l] inftuq.exe
O4 - HKCU\..\Run: [Uihe] C:\Program Files\acra\ueri.exe
O4 - HKCU\..\Run: [Qzoz] C:\WINDOWS\System32\j?vaw.exe
O4 - HKCU\..\Run: [eZmmod] C:\PROGRA~1\ezula\mmod.exe
O4 - HKCU\..\Run: [eZWO] C:\PROGRA~1\Web Offer\wo.exe
O4 - Global Startup: D-Link AirPlus G Configuration Utility.lnk = ?
O4 - Global Startup: naiu.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.c...nst20040510.cab
O16 - DPF: {4208FB4D-4E53-4F5A-BF7A-3E047DDB5281} (ActiveX Control) - http://www.icannnews.../ST/ActiveX.ocx
O16 - DPF: {56393399-041A-4650-94C7-13DFCB1F4665} (PSFormX Control) - http://www.my-etrust...er/pestscan.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/.../GrooveAX28.cab
O18 - Filter: text/html - (no CLSID) - (no file)
O20 - Winlogon Notify: WebCheck - C:\WINDOWS\system32\tJembed.dll
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\dG9tIGdlcmFnaHR5\command.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: Windows VisFx Components - Unknown owner - C:\WINDOWS\keqjsvc.exe
  • 0

#5
tager

tager

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 10:31:00 PM, 8/12/2005
+ Report-Checksum: 5EF8C985

+ Scan result:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Web Offer -> Spyware.eZula : Cleaned with backup
[828] C:\WINDOWS\system32\tJembed.dll -> Spyware.Look2Me : Error during cleaning
[1412] C:\WINDOWS\system32\denetlib.dll -> Spyware.Look2Me : Error during cleaning
[1688] C:\WINDOWS\system32\denetlib.dll -> Spyware.Look2Me : Error during cleaning
C:\WINDOWS\system32\ezPopStub.exe -> Adware.eZula : Cleaned with backup
C:\Documents and Settings\tom geraghty.TOM-M7DFI6HQSGC\Cookies\tom geraghty@ad.yieldmanager[1].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\tom geraghty.TOM-M7DFI6HQSGC\Cookies\tom geraghty@statcounter[2].txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.19:C:\Documents and Settings\tom geraghty.TOM-M7DFI6HQSGC\Application Data\Mozilla\Firefox\Profiles\81ydxwt2.default\cookies.txt -> Spyware.Cookie.Overture : Cleaned with backup
-> : Error during cleaning
:mozilla.21:C:\Documents and Settings\tom geraghty.TOM-M7DFI6HQSGC\Application Data\Mozilla\Firefox\Profiles\81ydxwt2.default\cookies.txt -> Spyware.Cookie.Overture : Cleaned with backup
C:\System Volume Information\_restore{EE49ACBF-D225-4402-A100-8D94A1CBF045}\RP67\A0022387.exe -> Spyware.BargainBuddy : Cleaned with backup
C:\System Volume Information\_restore{EE49ACBF-D225-4402-A100-8D94A1CBF045}\RP74\A0029547.exe -> Spyware.BargainBuddy : Cleaned with backup
C:\System Volume Information\_restore{EE49ACBF-D225-4402-A100-8D94A1CBF045}\RP74\A0030584.exe -> Spyware.BargainBuddy : Cleaned with backup
C:\System Volume Information\_restore{EE49ACBF-D225-4402-A100-8D94A1CBF045}\RP86\A0037110.exe -> Spyware.ISearch : Cleaned with backup
C:\System Volume Information\_restore{EE49ACBF-D225-4402-A100-8D94A1CBF045}\RP91\A0039331.exe -> Spyware.PurityScan : Cleaned with backup
C:\System Volume Information\_restore{EE49ACBF-D225-4402-A100-8D94A1CBF045}\RP91\A0039332.sys -> Trojan.Painwin.a : Cleaned with backup
C:\System Volume Information\_restore{EE49ACBF-D225-4402-A100-8D94A1CBF045}\RP91\A0039333.vxd -> Trojan.Painwin.a : Cleaned with backup
C:\System Volume Information\_restore{EE49ACBF-D225-4402-A100-8D94A1CBF045}\RP91\A0040343.exe -> Adware.eZula : Cleaned with backup
C:\System Volume Information\_restore{EE49ACBF-D225-4402-A100-8D94A1CBF045}\RP91\A0040354.exe -> TrojanDownloader.OneClickSearch.k : Cleaned with backup
C:\System Volume Information\_restore{EE49ACBF-D225-4402-A100-8D94A1CBF045}\RP91\A0040350.dll.tcf -> Adware.eZula : Cleaned with backup
C:\System Volume Information\_restore{EE49ACBF-D225-4402-A100-8D94A1CBF045}\RP91\A0040353.dll.tcf -> Adware.eZula : Cleaned with backup
C:\System Volume Information\_restore{EE49ACBF-D225-4402-A100-8D94A1CBF045}\RP91\A0040356.exe.tcf -> Adware.eZula : Cleaned with backup
C:\System Volume Information\_restore{EE49ACBF-D225-4402-A100-8D94A1CBF045}\RP91\A0040357.exe.tcf -> Adware.eZula : Cleaned with backup
C:\System Volume Information\_restore{EE49ACBF-D225-4402-A100-8D94A1CBF045}\RP91\A0040359.dll.tcf -> Adware.eZula : Cleaned with backup


::Report End
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP