|
|
|
|
|||||
|
|
|
|
|
|
|||
| Welcome
to Tech Support Forum home to more then 136,000 problems solved. Issues
have included: Spyware, Malware, Virus Issues, Windows, Microsoft,
Linux, Networking, Security, Hardware, and Gaming Getting your
problem solved is as easy as: 1. Registering for a free account 2. Asking your question 3. Receiving an answer Registered members: * See fewer ads. * And much more..
|
| Want to know how to post a question? click here | Having problems with spyware and pop-ups? First Steps |
|
|||||||
| Resolved HJT Threads Resolved spyware and popup issues. |
|
|
LinkBack | Thread Tools |
03-31-2006, 11:14 AM
|
#1 (permalink) |
|
Registered User
Join Date: Jun 2005
Posts: 12
OS: WinXP
|
Some problem with Internet Explorer
Hi!
I have a little problem with Internet Explorer which seems to be caused by some kind of spyware which I can't remove... I tried to scan my computer with my antivirus (Kapersky), Ad-aware and Spybot, but the problem is still not fixed. Here's my problem: Some random sites entered in my bookmarks and I can't remove those (I can remove my own bookmarks, but not those). My popup killer also seems to be affected, since popups appear randomly (it's almost always the same popups). It's not a very big problem, but it's a bit annoying.... I wish you could help me out with this!!! Here's my HJT log: Logfile of HijackThis v1.99.1 Scan saved at 13:07:53, on 2006-03-31 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\CTsvcCDA.EXE C:\WINDOWS\system32\gearsec.exe C:\WINDOWS\system32\slserv.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\MsPMSPSv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\SOUNDMAN.EXE C:\WINDOWS\System32\sistray.EXE C:\WINDOWS\System32\khooker.exe C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe C:\WINDOWS\system32\RunDll32.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe C:\Program Files\HP DVD\Umbrella\DVDTray.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe C:\Program Files\FinePixViewer\QuickDCF.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\system32\spool\drivers\w32x86\3\CAPM1LAK.EXE C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\system32\CAPM1RSK.EXE C:\WINDOWS\system32\spool\drivers\w32x86\3\CAPM1SWK.EXE C:\Program Files\iTunes\iTunes.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Documents and Settings\Jonathan\Mes documents\Fichiers\HJT\hijackthis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.billboard.com/bbcom/index.jsp R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKLM\..\Run: [] C:\WINDOWS\Options\OEMReset.exe /Audit O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe O4 - HKLM\..\Run: [SiS Tray] C:\WINDOWS\System32\sistray.EXE O4 - HKLM\..\Run: [SiS KHooker] C:\WINDOWS\System32\khooker.exe O4 - HKLM\..\Run: [CHotkey] mHotkey.exe O4 - HKLM\..\Run: [KAVPersonal50] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe" /minimize O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe O4 - HKLM\..\Run: [CTStartup] C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE /run O4 - HKLM\..\Run: [AudCtrl] RunDll32 AudCtrl.dll,RCMonitor O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe" O4 - HKLM\..\Run: [DVDTray] "C:\Program Files\HP DVD\Umbrella\DVDTray.exe" O4 - HKLM\..\Run: [DVDBitSet] "C:\Program Files\HP DVD\Umbrella\DVDBitSet.exe" /NOUI O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [pure heck info once] C:\Documents and Settings\All Users\Application Data\boneownspureheck\Jump junk.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe O4 - Global Startup: Adobe Gamma Loader.lnk = ? O4 - Global Startup: Exif Launcher.lnk = ? O4 - Global Startup: Fenêtre d'état de Canon PC1200 iC D600 iR1200G.LNK = C:\WINDOWS\system32\spool\drivers\w32x86\3\CAPM1LAK.EXE O8 - Extra context menu item: &Traduire à partir de l'anglais - res://C:\Program Files\Google\GoogleToolbar2.dll/cmwordtrans.html O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Pages liées - res://C:\Program Files\Google\GoogleToolbar2.dll/cmbacklinks.html O8 - Extra context menu item: Pages similaires - res://C:\Program Files\Google\GoogleToolbar2.dll/cmsimilar.html O8 - Extra context menu item: Recherche &Google - res://C:\Program Files\Google\GoogleToolbar2.dll/cmsearch.html O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://C:\Program Files\Google\GoogleToolbar2.dll/cmcache.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing) O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing) O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://creative.com/su/ocx/15015/CTSUEng.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1131651354130 O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://creative.com/su/ocx/15016/CTPID.cab O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE O23 - Service: gearsec - GEAR Software - C:\WINDOWS\system32\gearsec.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: kavsvc - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe Thanks for your help!!! |
|
     |
| Important Information |
|
Join the #1 Tech Support Forum Today - It's Totally Free!
TechSupportForum.com is a leading support website for your computer needs. We offer free, friendly and personalized computer support. Why pay to have your computer fixed when you can do it for free. Join TechSupportforum.com Today - Click Here |
|
04-01-2006, 10:29 AM
|
#2 (permalink) |
|
Analyst, Security Team
|
Please print out or copy this page to Notepad. Make sure to work through the fixes in the exact order it is mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes. You should 'not' have any open browsers when you are following the procedures below.
Please download Ewido Security Suite at http://www.ewido.net/en/download/. 1. Install Ewido Security Suite. 2. When installing, under 'Additional Options' uncheck: * Install background guard * Install scan via context menu 3. Launch Ewido, there should be an icon on your desktop, double click it. 4. The program will now open to the main screen. 5. When you run Ewido for the first time, you will get a warning 'Database could not be found!'. Click OK. We will fix this in a moment. 6. You will need to update Ewido to the latest definition files. * On the left hand side of the main screen click update. * Then click on Start Update. 7. The update will start and a progress bar will show the updates being installed. The status bar at the bottom will display 'Update successful'. 8. Exit Ewido. DO NOT scan yet. If you are having problems with the updater, you can go to http://www.ewido.net/en/download/updates/ to update manually. Download CleanUp! http://cleanup.stevengould.org/ (Alternate Link if main link don't work - http://www.greyknight17.com/spy/CleanUp.exe ) and install it. Don't run it yet. Restart your computer and boot into Safe Mode (if you don't know how, go to http://www.bleepingcomputer.com/foru...howtutorial=61 ). CleanUp! deletes EVERYTHING out of your temp/temporary folders, it does not make backups. If you have any documents or programs that are saved in any Temporary Folders, please make a backup of these before running CleanUp!. Run CleanUp! and click on the Options button. Uncheck 'Scan local drives for temporary files'. Also uncheck those two Newsgroup entries if you don't want to delete them. Click OK and then click on the CleanUp! button. Let it run. After it's done, choose Yes to logoff. Now open Ewido and do a scan on your system. * Click on scanner. * Click on 'Complete System Scan' and the scan will begin. * While the scan is in progress you will be prompted to clean the first infected file it finds. Choose 'Remove', then put a check next to 'Perform action on all infections' in the left corner of the box so you don't have to sit and watch Ewido the whole time. Click OK. Exit Ewido when it's done. * Once the scan has completed, there will be a button located on the bottom of the screen named 'Save report'. * Click 'Save report'. * Save the report to your desktop. Run a scan in HijackThis. Check each of the following if they still exist and hit 'Fix Checked' after you checked the last one: O4 - HKLM\..\Run: [pure heck info once] C:\Documents and Settings\All Users\Application Data\boneownspureheck\Jump junk.exe Locate the following Files/Folders and delete them if they exist (if no location given, just do a search for them): C:\Documents and Settings\All Users\Application Data\boneownspureheck\ Restart your computer to get back to Normal Mode. Post the Ewido report and a new HijackThis log here. Also give us this log: Download FindLOP http://metallica.geekstogo.com/findlop.zip and unzip to a folder. Inside the folder find findlop.bat Double click on it and it will create the file C:\findlop.txt Find that file and copy the content into your next reply.
__________________
Please do NOT PM me. Post whatever questions you may have in the forum and we will take a look at it when we get to it. If you have waited for more than 3 days, you may then and ONLY then PM me for assistance. I will take a look at it. |
|
|
|
|
04-01-2006, 11:08 PM
|
#3 (permalink) |
|
Registered User
Join Date: Jun 2005
Posts: 12
OS: WinXP
|
Thank you!
I've done everything you told me and here are my 3 logs: Second HJT log: Logfile of HijackThis v1.99.1 Scan saved at 01:02:12, on 2006-04-02 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\SOUNDMAN.EXE C:\WINDOWS\System32\sistray.EXE C:\WINDOWS\System32\khooker.exe C:\WINDOWS\mHotkey.exe C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe C:\WINDOWS\system32\CTsvcCDA.EXE C:\WINDOWS\system32\RunDll32.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\ewido anti-malware\ewidoctrl.exe C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe C:\Program Files\HP DVD\Umbrella\DVDTray.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe C:\Program Files\FinePixViewer\QuickDCF.exe C:\WINDOWS\system32\gearsec.exe C:\WINDOWS\system32\spool\drivers\w32x86\3\CAPM1LAK.EXE C:\WINDOWS\system32\CAPM1RSK.EXE C:\WINDOWS\system32\spool\drivers\w32x86\3\CAPM1SWK.EXE C:\WINDOWS\system32\slserv.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\MsPMSPSv.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\system32\wuauclt.exe C:\Documents and Settings\Jonathan\Mes documents\Fichiers\HJT\hijackthis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.billboard.com/bbcom/index.jsp R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKLM\..\Run: [] C:\WINDOWS\Options\OEMReset.exe /Audit O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe O4 - HKLM\..\Run: [SiS Tray] C:\WINDOWS\System32\sistray.EXE O4 - HKLM\..\Run: [SiS KHooker] C:\WINDOWS\System32\khooker.exe O4 - HKLM\..\Run: [CHotkey] mHotkey.exe O4 - HKLM\..\Run: [KAVPersonal50] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe" /minimize O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe O4 - HKLM\..\Run: [CTStartup] C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE /run O4 - HKLM\..\Run: [AudCtrl] RunDll32 AudCtrl.dll,RCMonitor O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe" O4 - HKLM\..\Run: [DVDTray] "C:\Program Files\HP DVD\Umbrella\DVDTray.exe" O4 - HKLM\..\Run: [DVDBitSet] "C:\Program Files\HP DVD\Umbrella\DVDBitSet.exe" /NOUI O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe" O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe O4 - Global Startup: Exif Launcher.lnk = ? O4 - Global Startup: Fenêtre d'état de Canon PC1200 iC D600 iR1200G.LNK = C:\WINDOWS\system32\spool\drivers\w32x86\3\CAPM1LAK.EXE O8 - Extra context menu item: &Traduire à partir de l'anglais - res://C:\Program Files\Google\GoogleToolbar2.dll/cmwordtrans.html O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Pages liées - res://C:\Program Files\Google\GoogleToolbar2.dll/cmbacklinks.html O8 - Extra context menu item: Pages similaires - res://C:\Program Files\Google\GoogleToolbar2.dll/cmsimilar.html O8 - Extra context menu item: Recherche &Google - res://C:\Program Files\Google\GoogleToolbar2.dll/cmsearch.html O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://C:\Program Files\Google\GoogleToolbar2.dll/cmcache.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing) O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing) O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://creative.com/su/ocx/15015/CTSUEng.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1131651354130 O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://creative.com/su/ocx/15016/CTPID.cab O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O23 - Service: Adobe Active File Monitor V4 (AdobeActiveFileMonitor4.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe O23 - Service: gearsec - GEAR Software - C:\WINDOWS\system32\gearsec.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: kavsvc - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe Ewido report: --------------------------------------------------------- ewido anti-malware - Rapport de scan --------------------------------------------------------- + Créé le: 00:56:13, 2006-04-02 + Somme de contrôle: E1DA361F + Résultats du scan: C:\Documents and Settings\Jonathan\Mes documents\Fichiers\babylon31.exe/SaveNowInst.exe/SaveNow.exe -> Adware.SaveNow : Nettoyer et sauvegarder C:\Documents and Settings\Jonathan\Mes documents\Fichiers\babylon31.exe/SaveNowInst.exe/Uninst.exe -> Adware.SaveNow : Nettoyer et sauvegarder C:\Documents and Settings\Jonathan\Mes documents\Fichiers\babylon31.exe/SaveNowInst.exe/SaveNow.exe -> Adware.SaveNow : Nettoyer et sauvegarder C:\Documents and Settings\Jonathan\Mes documents\Fichiers\babylon31.exe/SaveNowInst.exe/Uninst.exe -> Adware.SaveNow : Nettoyer et sauvegarder C:\Documents and Settings\Pascal\Application Data\Adverts\uninst.exe -> Adware.Lop : Nettoyer et sauvegarder :mozilla.14:C:\Documents and Settings\Pascal\Application Data\Mozilla\Firefox\Profiles\jc3bv9gz.default\cookies.txt -> TrackingCookie.X10 : Nettoyer et sauvegarder :mozilla.19:C:\Documents and Settings\Pascal\Application Data\Mozilla\Firefox\Profiles\jc3bv9gz.default\cookies.txt -> TrackingCookie.Valueclick : Nettoyer et sauvegarder :mozilla.23:C:\Documents and Settings\Pascal\Application Data\Mozilla\Firefox\Profiles\jc3bv9gz.default\cookies.txt -> TrackingCookie.Weborama : Nettoyer et sauvegarder :mozilla.24:C:\Documents and Settings\Pascal\Application Data\Mozilla\Firefox\Profiles\jc3bv9gz.default\cookies.txt -> TrackingCookie.Targetnet : Nettoyer et sauvegarder :mozilla.25:C:\Documents and Settings\Pascal\Application Data\Mozilla\Firefox\Profiles\jc3bv9gz.default\cookies.txt -> TrackingCookie.Targetnet : Nettoyer et sauvegarder :mozilla.34:C:\Documents and Settings\Pascal\Application Data\Mozilla\Firefox\Profiles\jc3bv9gz.default\cookies.txt -> TrackingCookie.Mediaplex : Nettoyer et sauvegarder :mozilla.35:C:\Documents and Settings\Pascal\Application Data\Mozilla\Firefox\Profiles\jc3bv9gz.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyer et sauvegarder :mozilla.36:C:\Documents and Settings\Pascal\Application Data\Mozilla\Firefox\Profiles\jc3bv9gz.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyer et sauvegarder :mozilla.37:C:\Documents and Settings\Pascal\Application Data\Mozilla\Firefox\Profiles\jc3bv9gz.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyer et sauvegarder :mozilla.38:C:\Documents and Settings\Pascal\Application Data\Mozilla\Firefox\Profiles\jc3bv9gz.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyer et sauvegarder :mozilla.49:C:\Documents and Settings\Pascal\Application Data\Mozilla\Firefox\Profiles\jc3bv9gz.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyer et sauvegarder :mozilla.50:C:\Documents and Settings\Pascal\Application Data\Mozilla\Firefox\Profiles\jc3bv9gz.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyer et sauvegarder :mozilla.51:C:\Documents and Settings\Pascal\Application Data\Mozilla\Firefox\Profiles\jc3bv9gz.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyer et sauvegarder :mozilla.52:C:\Documents and Settings\Pascal\Application Data\Mozilla\Firefox\Profiles\jc3bv9gz.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyer et sauvegarder :mozilla.64:C:\Documents and Settings\Pascal\Application Data\Mozilla\Firefox\Profiles\jc3bv9gz.default\cookies.txt -> TrackingCookie.Tradedoubler : Nettoyer et sauvegarder :mozilla.67:C:\Documents and Settings\Pascal\Application Data\Mozilla\Firefox\Profiles\jc3bv9gz.default\cookies.txt -> TrackingCookie.Casinotropez : Nettoyer et sauvegarder :mozilla.68:C:\Documents and Settings\Pascal\Application Data\Mozilla\Firefox\Profiles\jc3bv9gz.default\cookies.txt -> TrackingCookie.Overture : Nettoyer et sauvegarder :mozilla.69:C:\Documents and Settings\Pascal\Application Data\Mozilla\Firefox\Profiles\jc3bv9gz.default\cookies.txt -> TrackingCookie.Overture : Nettoyer et sauvegarder :mozilla.70:C:\Documents and Settings\Pascal\Application Data\Mozilla\Firefox\Profiles\jc3bv9gz.default\cookies.txt -> TrackingCookie.Statcounter : Nettoyer et sauvegarder :mozilla.86:C:\Documents and Settings\Pascal\Application Data\Mozilla\Firefox\Profiles\jc3bv9gz.default\cookies.txt -> TrackingCookie.Trafficmp : Nettoyer et sauvegarder :mozilla.87:C:\Documents and Settings\Pascal\Application Data\Mozilla\Firefox\Profiles\jc3bv9gz.default\cookies.txt -> TrackingCookie.Trafficmp : Nettoyer et sauvegarder :mozilla.88:C:\Documents and Settings\Pascal\Application Data\Mozilla\Firefox\Profiles\jc3bv9gz.default\cookies.txt -> TrackingCookie.Trafficmp : Nettoyer et sauvegarder :mozilla.89:C:\Documents and Settings\Pascal\Application Data\Mozilla\Firefox\Profiles\jc3bv9gz.default\cookies.txt -> TrackingCookie.Trafficmp : Nettoyer et sauvegarder :mozilla.90:C:\Documents and Settings\Pascal\Application Data\Mozilla\Firefox\Profiles\jc3bv9gz.default\cookies.txt -> TrackingCookie.Trafficmp : Nettoyer et sauvegarder :mozilla.91:C:\Documents and Settings\Pascal\Application Data\Mozilla\Firefox\Profiles\jc3bv9gz.default\cookies.txt -> TrackingCookie.Trafficmp : Nettoyer et sauvegarder :mozilla.92:C:\Documents and Settings\Pascal\Application Data\Mozilla\Firefox\Profiles\jc3bv9gz.default\cookies.txt -> TrackingCookie.Trafficmp : Nettoyer et sauvegarder :mozilla.93:C:\Documents and Settings\Pascal\Application Data\Mozilla\Firefox\Profiles\jc3bv9gz.default\cookies.txt -> TrackingCookie.Tribalfusion : Nettoyer et sauvegarder :mozilla.112:C:\Documents and Settings\Pascal\Application Data\Mozilla\Firefox\Profiles\jc3bv9gz.default\cookies.txt -> TrackingCookie.Weborama : Nettoyer et sauvegarder :mozilla.113:C:\Documents and Settings\Pascal\Application Data\Mozilla\Firefox\Profiles\jc3bv9gz.default\cookies.txt -> TrackingCookie.Weborama : Nettoyer et sauvegarder :mozilla.117:C:\Documents and Settings\Pascal\Application Data\Mozilla\Firefox\Profiles\jc3bv9gz.default\cookies.txt -> TrackingCookie.2o7 : Nettoyer et sauvegarder :mozilla.153:C:\Documents and Settings\Pascal\Application Data\Mozilla\Firefox\Profiles\jc3bv9gz.default\cookies.txt -> TrackingCookie.Yieldmanager : Nettoyer et sauvegarder :mozilla.154:C:\Documents and Settings\Pascal\Application Data\Mozilla\Firefox\Profiles\jc3bv9gz.default\cookies.txt -> TrackingCookie.Yieldmanager : Nettoyer et sauvegarder :mozilla.155:C:\Documents and Settings\Pascal\Application Data\Mozilla\Firefox\Profiles\jc3bv9gz.default\cookies.txt -> TrackingCookie.Atdmt : Nettoyer et sauvegarder :mozilla.156:C:\Documents and Settings\Pascal\Application Data\Mozilla\Firefox\Profiles\jc3bv9gz.default\cookies.txt -> TrackingCookie.Bluestreak : Nettoyer et sauvegarder :mozilla.157:C:\Documents and Settings\Pascal\Application Data\Mozilla\Firefox\Profiles\jc3bv9gz.default\cookies.txt -> TrackingCookie.Euroclick : Nettoyer et sauvegarder :mozilla.165:C:\Documents and Settings\Pascal\Application Data\Mozilla\Firefox\Profiles\jc3bv9gz.default\cookies.txt -> TrackingCookie.Fastclick : Nettoyer et sauvegarder :mozilla.166:C:\Documents and Settings\Pascal\Application Data\Mozilla\Firefox\Profiles\jc3bv9gz.default\cookies.txt -> TrackingCookie.Fastclick : Nettoyer et sauvegarder :mozilla.168:C:\Documents and Settings\Pascal\Application Data\Mozilla\Firefox\Profiles\jc3bv9gz.default\cookies.txt -> TrackingCookie.Coremetrics : Nettoyer et sauvegarder :mozilla.171:C:\Documents and Settings\Pascal\Application Data\Mozilla\Firefox\Profiles\jc3bv9gz.default\cookies.txt -> TrackingCookie.Casalemedia : Nettoyer et sauvegarder :mozilla.172:C:\Documents and Settings\Pascal\Application Data\Mozilla\Firefox\Profiles\jc3bv9gz.default\cookies.txt -> TrackingCookie.Casalemedia : Nettoyer et sauvegarder :mozilla.173:C:\Documents and Settings\Pascal\Application Data\Mozilla\Firefox\Profiles\jc3bv9gz.default\cookies.txt -> TrackingCookie.Casalemedia : Nettoyer et sauvegarder :mozilla.174:C:\Documents and Settings\Pascal\Application Data\Mozilla\Firefox\Profiles\jc3bv9gz.default\cookies.txt -> TrackingCookie.Casalemedia : Nettoyer et sauvegarder :mozilla.175:C:\Documents and Settings\Pascal\Application Data\Mozilla\Firefox\Profiles\jc3bv9gz.default\cookies.txt -> TrackingCookie.Casalemedia : Nettoyer et sauvegarder :mozilla.176:C:\Documents and Settings\Pascal\Application Data\Mozilla\Firefox\Profiles\jc3bv9gz.default\cookies.txt -> TrackingCookie.Casalemedia : Nettoyer et sauvegarder :mozilla.179:C:\Documents and Settings\Pascal\Application Data\Mozilla\Firefox\Profiles\jc3bv9gz.default\cookies.txt -> TrackingCookie.Hitbox : Nettoyer et sauvegarder :mozilla.180:C:\Documents and Settings\Pascal\Application Data\Mozilla\Firefox\Profiles\jc3bv9gz.default\cookies.txt -> TrackingCookie.Doubleclick : Nettoyer et sauvegarder :mozilla.186:C:\Documents and Settings\Pascal\Application Data\Mozilla\Firefox\Profiles\jc3bv9gz.default\cookies.txt -> TrackingCookie.Advertising : Nettoyer et sauvegarder :mozilla.187:C:\Documents and Settings\Pascal\Application Data\Mozilla\Firefox\Profiles\jc3bv9gz.default\cookies.txt -> TrackingCookie.Advertising : Nettoyer et sauvegarder :mozilla.188:C:\Documents and Settings\Pascal\Application Data\Mozilla\Firefox\Profiles\jc3bv9gz.default\cookies.txt -> TrackingCookie.Advertising : Nettoyer et sauvegarder :mozilla.189:C:\Documents and Settings\Pascal\Application Data\Mozilla\Firefox\Profiles\jc3bv9gz.default\cookies.txt -> TrackingCookie.Advertising : Nettoyer et sauvegarder :mozilla.207:C:\Documents and Settings\Pascal\Application Data\Mozilla\Firefox\Profiles\jc3bv9gz.default\cookies.txt -> TrackingCookie.Hitbox : Nettoyer et sauvegarder :mozilla.208:C:\Documents and Settings\Pascal\Application Data\Mozilla\Firefox\Profiles\jc3bv9gz.default\cookies.txt -> TrackingCookie.Hitbox : Nettoyer et sauvegarder :mozilla.212:C:\Documents and Settings\Pascal\Application Data\Mozilla\Firefox\Profiles\jc3bv9gz.default\cookies.txt -> TrackingCookie.Adtech : Nettoyer et sauvegarder :mozilla.213:C:\Documents and Settings\Pascal\Application Data\Mozilla\Firefox\Profiles\jc3bv9gz.default\cookies.txt -> TrackingCookie.Adtech : Nettoyer et sauvegarder :mozilla.221:C:\Documents and Settings\Pascal\Application Data\Mozilla\Firefox\Profiles\jc3bv9gz.default\cookies.txt -> TrackingCookie.Comclick : Nettoyer et sauvegarder :mozilla.222:C:\Documents and Settings\Pascal\Application Data\Mozilla\Firefox\Profiles\jc3bv9gz.default\cookies.txt -> TrackingCookie.Comclick : Nettoyer et sauvegarder :mozilla.223:C:\Documents and Settings\Pascal\Application Data\Mozilla\Firefox\Profiles\jc3bv9gz.default\cookies.txt -> TrackingCookie.Comclick : Nettoyer et sauvegarder :mozilla.226:C:\Documents and Settings\Pascal\Application Data\Mozilla\Firefox\Profiles\jc3bv9gz.default\cookies.txt -> TrackingCookie.2o7 : Nettoyer et sauvegarder :mozilla.227:C:\Documents and Settings\Pascal\Application Data\Mozilla\Firefox\Profiles\jc3bv9gz.default\cookies.txt -> TrackingCookie.2o7 : Nettoyer et sauvegarder :mozilla.228:C:\Documents and Settings\Pascal\Application Data\Mozilla\Firefox\Profiles\jc3bv9gz.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyer et sauvegarder :mozilla.236:C:\Documents and Settings\Pascal\Application Data\Mozilla\Firefox\Profiles\jc3bv9gz.default\cookies.txt -> TrackingCookie.Estat : Nettoyer et sauvegarder :mozilla.239:C:\Documents and Settings\Pascal\Application Data\Mozilla\Firefox\Profiles\jc3bv9gz.default\cookies.txt -> TrackingCookie.Googleadservices : Nettoyer et sauvegarder :mozilla.240:C:\Documents and Settings\Pascal\Application Data\Mozilla\Firefox\Profiles\jc3bv9gz.default\cookies.txt -> TrackingCookie.Googleadservices : Nettoyer et sauvegarder C:\WINDOWS\NDNuninstall6_98.exe -> Adware.NewDotNet : Nettoyer et sauvegarder C:\WINDOWS\NDNuninstall7_14.exe -> Adware.NewDotNet : Nettoyer et sauvegarder C:\WINDOWS\NDNuninstall7_22.exe -> Adware.NewDotNet : Nettoyer et sauvegarder E:\System Volume Information\_restore{F78E5B4A-A43A-4404-9259-168FCB56955E}\RP124\A0027100.exe/SaveNowInst.exe/SaveNow.exe -> Adware.SaveNow : Nettoyer et sauvegarder E:\System Volume Information\_restore{F78E5B4A-A43A-4404-9259-168FCB56955E}\RP124\A0027100.exe/SaveNowInst.exe/Uninst.exe -> Adware.SaveNow : Nettoyer et sauvegarder E:\System Volume Information\_restore{F78E5B4A-A43A-4404-9259-168FCB56955E}\RP124\A0027100.exe/SaveNowInst.exe/SaveNow.exe -> Adware.SaveNow : Nettoyer et sauvegarder E:\System Volume Information\_restore{F78E5B4A-A43A-4404-9259-168FCB56955E}\RP124\A0027100.exe/SaveNowInst.exe/Uninst.exe -> Adware.SaveNow : Nettoyer et sauvegarder F:\System Volume Information\_restore{9B817BEC-7ECE-4557-8C6F-5D856CB3DD19}\RP8\A0001620.exe/SaveNowInst.exe/SaveNow.exe -> Adware.SaveNow : Nettoyer et sauvegarder F:\System Volume Information\_restore{9B817BEC-7ECE-4557-8C6F-5D856CB3DD19}\RP8\A0001620.exe/SaveNowInst.exe/Uninst.exe -> Adware.SaveNow : Nettoyer et sauvegarder F:\System Volume Information\_restore{9B817BEC-7ECE-4557-8C6F-5D856CB3DD19}\RP8\A0001620.exe/SaveNowInst.exe/SaveNow.exe -> Adware.SaveNow : Nettoyer et sauvegarder F:\System Volume Information\_restore{9B817BEC-7ECE-4557-8C6F-5D856CB3DD19}\RP8\A0001620.exe/SaveNowInst.exe/Uninst.exe -> Adware.SaveNow : Nettoyer et sauvegarder ::Fin du rapport Findlop log: [TRACE] Enumerating jobs and queues Thank you so much for helping me! |
|
|
|
|
04-02-2006, 05:37 PM
|
#4 (permalink) |
|
Analyst, Security Team
|
Turn off system restore by right clicking on My Computer and go to Properties->System Restore and check the box for Turn off System Restore. Click Apply and then OK. Restart your computer and uncheck the same box to enable System Restore.
Your log is clean. To help prevent future spyware infections, read the Anti-Spyware Tutorial and use the tools provided. Are there any problems now? If not, you should be set to go.
__________________
Please do NOT PM me. Post whatever questions you may have in the forum and we will take a look at it when we get to it. If you have waited for more than 3 days, you may then and ONLY then PM me for assistance. I will take a look at it. |
|
|
|
| Thread Tools | |
|
|
