********
15:15: | Start of Session, 27 Ekim 2005 Perşembe |
15:15: Spy Sweeper started
15:15: Sweep initiated using definitions version 562
15:15: Starting Memory Sweep
15:16: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
15:16: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
15:16: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
15:16: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
15:16: Found Adware: icannnews
15:16: Detected running threat: C:\WINDOWS\system32\m6nq0g55e6.dll (ID = 83)
15:17: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
15:17: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
15:17: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
15:17: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
15:17: Detected running threat: C:\WINDOWS\system32\WIDRMNet.dll (ID = 83)
15:18: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
15:18: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
15:18: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
15:18: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
15:19: Memory Sweep Complete, Elapsed Time: 00:03:46
15:19: Starting Registry Sweep
15:19: Found Adware: azsearch toolbar
15:19: HKCR\azentretien.loader\ (5 subtraces) (ID = 103886)
15:19: HKLM\software\azentretienco\ (3 subtraces) (ID = 103905)
15:19: HKLM\software\classes\azentretien.loader\ (5 subtraces) (ID = 103910)
15:19: Registry Sweep Complete, Elapsed Time:00:00:20
15:19: Starting Cookie Sweep
15:19: Found Spy Cookie: belnk cookie
15:19: administrator@belnk[1].txt (ID = 2292)
15:19:
[email protected][2].txt (ID = 2293)
15:19: Cookie Sweep Complete, Elapsed Time: 00:00:00
15:19: Starting File Sweep
15:19: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
15:19: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
15:19: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
15:19: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
15:20: Found Adware: look2me
15:20: iconu.exe (ID = 65721)
15:20: azesearch.bmp (ID = 50322)
15:20: bw2.com (ID = 65721)
15:21: appwrap[1].exe (ID = 65721)
15:21: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
15:21: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
15:21: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
15:21: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
15:21: appwrap[1].exe (ID = 65739)
15:21: icont.exe (ID = 65722)
15:22: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
15:22: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
15:22: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
15:22: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
15:23: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
15:23: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
15:23: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
15:23: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
15:24: appwrap[1].exe (ID = 65722)
15:25: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
15:25: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
15:25: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
15:25: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
15:26: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
15:26: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
15:26: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
15:26: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
15:27: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
15:27: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
15:27: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
15:27: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
15:28: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
15:28: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
15:28: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
15:28: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
15:29: appwrap[1].exe (ID = 65739)
15:29: appwrap[1].exe (ID = 65722)
15:30: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
15:30: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
15:30: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
15:30: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
15:30: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
15:30: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
15:30: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
15:30: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
15:31: File Sweep Complete, Elapsed Time: 00:11:31
15:31: Full Sweep has completed. Elapsed time 00:15:42
15:31: Traces Found: 29
15:31: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
15:31: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
15:31: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
15:31: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
15:31: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
15:31: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
15:31: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
15:31: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
15:32: Removal process initiated
15:32: Quarantining All Traces: look2me
15:32: Quarantining All Traces: azsearch toolbar
15:32: Quarantining All Traces: icannnews
15:32: icannnews is in use. It will be removed on reboot.
15:32: C:\WINDOWS\system32\m6nq0g55e6.dll is in use. It will be removed on reboot.
15:32: C:\WINDOWS\system32\WIDRMNet.dll is in use. It will be removed on reboot.
15:32: Quarantining All Traces: belnk cookie
15:32: Warning: Launched explorer.exe
15:32: Warning: Quarantine process could not restart Explorer.
15:33: Preparing to restart your computer. Please wait...
15:33: Removal process completed. Elapsed time 00:01:26
********
15:14: | Start of Session, 27 Ekim 2005 Perşembe |
15:14: Spy Sweeper started
15:14: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
15:14: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
15:14: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
15:14: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
15:15: Your spyware definitions have been updated.
15:15: | End of Session, 27 Ekim 2005 Perşembe |
Logfile of HijackThis v1.99.1
Scan saved at 15:40:52, on 27.10.2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\TrojanHunter 4.2\THGuard.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Rar$EX03.766\HijackThis.exe
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.2\THGuard.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) -
http://go.microsoft....k/?linkid=39204O17 - HKLM\System\CCS\Services\Tcpip\..\{EB9C2703-5FE4-461A-9A1E-7C00F200B06D}: NameServer = 144.122.199.20,144.122.199.90
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe