My W32.Myzor.FK@yf problem.
Hello great helpers,
I'm a newbe to this forums and I hope you can help me with my problem.
I found this board through google search because my computer seems to be infected with the W32.Myzor.FK@yf virus.
I found a thread with a good expenation to remove this virus.
And I went trough it step by step. (except for the safemode part, because it wouldn't start in savemode)
I have 2 rapports and I saw you can see in thoose reports if there is still something not right on my computer.
I joined this board because I had 2 bleu screens.
(I installed the new msn live messenger beta, but removed it after thoose screens.)
Here are my reports:
-----------------------------------------------------------------------------------------------------------------------
SmitFraudFix v2.44
Scan done at 5:49:38,35, di 16-05-2006
Run from C:\Documents and Settings\Cornholio\Bureaublad\SmitfraudFix\SmitfraudFix
OS: Microsoft Windows XP [versie 5.1.2600]
»»»»»»»»»»»»»»»»»»»»»»»» Killing process
»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files
C:\WINDOWS\system32\dcomcfg.exe Deleted
C:\WINDOWS\system32\hp????.tmp Deleted
Problem while deleting C:\WINDOWS\system32\ld????.tmp
C:\WINDOWS\system32\ot.ico Deleted
Problem while deleting C:\WINDOWS\system32\regperf.exe
C:\WINDOWS\system32\simpole.tlb Deleted
Problem while deleting C:\WINDOWS\system32\stdole3.tlb
C:\WINDOWS\system32\1024\ Deleted
C:\Program Files\MalwareWipe\ Deleted
»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files
»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning
Registry Cleaning done.
»»»»»»»»»»»»»»»»»»»»»»»» Reboot
C:\WINDOWS\system32\ld????.tmp Deleted
C:\WINDOWS\system32\stdole3.tlb Deleted
»»»»»»»»»»»»»»»»»»»»»»»» End
-----------------------------------------------------------------------------------------------------------------
---------------------------------------------------------
ewido anti-malware - Scan rapport
---------------------------------------------------------
+ Gemaakt op: 5:46:16, 16-5-2006
+ Rapport samenvatting: 8C5F1E1E
+ Scan resultaten:
HKLM\SOFTWARE\Classes\CLSID\{2178F3FB-2560-458f-BDEE-631E2FE0DFE4} -> Adware.WinAntiVirus : Schoongemaakt met een backup
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\ins -> Adware.WebRebates : Schoongemaakt met een backup
[1344] C:\WINDOWS\system32\appmagr.dll -> Not-A-Virus.Hoax.Win32.Renos.da : Fout gedurende het schoonmake
:mozilla.6:C:\Documents and Settings\Cornholio\Application Data\Mozilla\Firefox\Profiles\752v9v21.default\cookies.txt -> TrackingCookie.2o7 : Schoongemaakt met een backup
:mozilla.20:C:\Documents and Settings\Cornholio\Application Data\Mozilla\Firefox\Profiles\752v9v21.default\cookies.txt -> TrackingCookie.Sitestat : Schoongemaakt met een backup
:mozilla.21:C:\Documents and Settings\Cornholio\Application Data\Mozilla\Firefox\Profiles\752v9v21.default\cookies.txt -> TrackingCookie.Sitestat : Schoongemaakt met een backup
:mozilla.22:C:\Documents and Settings\Cornholio\Application Data\Mozilla\Firefox\Profiles\752v9v21.default\cookies.txt -> TrackingCookie.Sitestat : Schoongemaakt met een backup
:mozilla.30:C:\Documents and Settings\Cornholio\Application Data\Mozilla\Firefox\Profiles\752v9v21.default\cookies.txt -> TrackingCookie.Casalemedia : Schoongemaakt met een backup
:mozilla.31:C:\Documents and Settings\Cornholio\Application Data\Mozilla\Firefox\Profiles\752v9v21.default\cookies.txt -> TrackingCookie.Casalemedia : Schoongemaakt met een backup
:mozilla.32:C:\Documents and Settings\Cornholio\Application Data\Mozilla\Firefox\Profiles\752v9v21.default\cookies.txt -> TrackingCookie.Casalemedia : Schoongemaakt met een backup
:mozilla.34:C:\Documents and Settings\Cornholio\Application Data\Mozilla\Firefox\Profiles\752v9v21.default\cookies.txt -> TrackingCookie.Clickbank : Schoongemaakt met een backup
:mozilla.36:C:\Documents and Settings\Cornholio\Application Data\Mozilla\Firefox\Profiles\752v9v21.default\cookies.txt -> TrackingCookie.Com : Schoongemaakt met een backup
:mozilla.37:C:\Documents and Settings\Cornholio\Application Data\Mozilla\Firefox\Profiles\752v9v21.default\cookies.txt -> TrackingCookie.Com : Schoongemaakt met een backup
:mozilla.105:C:\Documents and Settings\Cornholio\Application Data\Mozilla\Firefox\Profiles\752v9v21.default\cookies.txt -> TrackingCookie.Statcounter : Schoongemaakt met een backup
:mozilla.159:C:\Documents and Settings\Cornholio\Application Data\Mozilla\Firefox\Profiles\752v9v21.default\cookies.txt -> TrackingCookie.Masterstats : Schoongemaakt met een backup
:mozilla.160:C:\Documents and Settings\Cornholio\Application Data\Mozilla\Firefox\Profiles\752v9v21.default\cookies.txt -> TrackingCookie.Googleadservices : Schoongemaakt met een backup
:mozilla.161:C:\Documents and Settings\Cornholio\Application Data\Mozilla\Firefox\Profiles\752v9v21.default\cookies.txt -> TrackingCookie.Googleadservices : Schoongemaakt met een backup
:mozilla.247:C:\Documents and Settings\Cornholio\Application Data\Mozilla\Firefox\Profiles\752v9v21.default\cookies.txt -> TrackingCookie.2o7 : Schoongemaakt met een backup
:mozilla.257:C:\Documents and Settings\Cornholio\Application Data\Mozilla\Firefox\Profiles\752v9v21.default\cookies.txt -> TrackingCookie.2o7 : Schoongemaakt met een backup
:mozilla.278:C:\Documents and Settings\Cornholio\Application Data\Mozilla\Firefox\Profiles\752v9v21.default\cookies.txt -> TrackingCookie.2o7 : Schoongemaakt met een backup
:mozilla.313:C:\Documents and Settings\Cornholio\Application Data\Mozilla\Firefox\Profiles\752v9v21.default\cookies.txt -> TrackingCookie.Sitestat : Schoongemaakt met een backup
:mozilla.314:C:\Documents and Settings\Cornholio\Application Data\Mozilla\Firefox\Profiles\752v9v21.default\cookies.txt -> TrackingCookie.Sitestat : Schoongemaakt met een backup
:mozilla.315:C:\Documents and Settings\Cornholio\Application Data\Mozilla\Firefox\Profiles\752v9v21.default\cookies.txt -> TrackingCookie.Sitestat : Schoongemaakt met een backup
:mozilla.316:C:\Documents and Settings\Cornholio\Application Data\Mozilla\Firefox\Profiles\752v9v21.default\cookies.txt -> TrackingCookie.Sitestat : Schoongemaakt met een backup
:mozilla.317:C:\Documents and Settings\Cornholio\Application Data\Mozilla\Firefox\Profiles\752v9v21.default\cookies.txt -> TrackingCookie.Sitestat : Schoongemaakt met een backup
:mozilla.318:C:\Documents and Settings\Cornholio\Application Data\Mozilla\Firefox\Profiles\752v9v21.default\cookies.txt -> TrackingCookie.Sitestat : Schoongemaakt met een backup
:mozilla.319:C:\Documents and Settings\Cornholio\Application Data\Mozilla\Firefox\Profiles\752v9v21.default\cookies.txt -> TrackingCookie.Sitestat : Schoongemaakt met een backup
:mozilla.320:C:\Documents and Settings\Cornholio\Application Data\Mozilla\Firefox\Profiles\752v9v21.default\cookies.txt -> TrackingCookie.Sitestat : Schoongemaakt met een backup
:mozilla.321:C:\Documents and Settings\Cornholio\Application Data\Mozilla\Firefox\Profiles\752v9v21.default\cookies.txt -> TrackingCookie.Sitestat : Schoongemaakt met een backup
:mozilla.322:C:\Documents and Settings\Cornholio\Application Data\Mozilla\Firefox\Profiles\752v9v21.default\cookies.txt -> TrackingCookie.Sitestat : Schoongemaakt met een backup
:mozilla.323:C:\Documents and Settings\Cornholio\Application Data\Mozilla\Firefox\Profiles\752v9v21.default\cookies.txt -> TrackingCookie.Sitestat : Schoongemaakt met een backup
:mozilla.324:C:\Documents and Settings\Cornholio\Application Data\Mozilla\Firefox\Profiles\752v9v21.default\cookies.txt -> TrackingCookie.Sitestat : Schoongemaakt met een backup
:mozilla.325:C:\Documents and Settings\Cornholio\Application Data\Mozilla\Firefox\Profiles\752v9v21.default\cookies.txt -> TrackingCookie.Sitestat : Schoongemaakt met een backup
:mozilla.326:C:\Documents and Settings\Cornholio\Application Data\Mozilla\Firefox\Profiles\752v9v21.default\cookies.txt -> TrackingCookie.Sitestat : Schoongemaakt met een backup
:mozilla.327:C:\Documents and Settings\Cornholio\Application Data\Mozilla\Firefox\Profiles\752v9v21.default\cookies.txt -> TrackingCookie.Sitestat : Schoongemaakt met een backup
:mozilla.400:C:\Documents and Settings\Cornholio\Application Data\Mozilla\Firefox\Profiles\752v9v21.default\cookies.txt -> TrackingCookie.Revenue : Schoongemaakt met een backup
:mozilla.446:C:\Documents and Settings\Cornholio\Application Data\Mozilla\Firefox\Profiles\752v9v21.default\cookies.txt -> TrackingCookie.Web-stat : Schoongemaakt met een backup
:mozilla.447:C:\Documents and Settings\Cornholio\Application Data\Mozilla\Firefox\Profiles\752v9v21.default\cookies.txt -> TrackingCookie.Web-stat : Schoongemaakt met een backup
:mozilla.487:C:\Documents and Settings\Cornholio\Application Data\Mozilla\Firefox\Profiles\752v9v21.default\cookies.txt -> TrackingCookie.Onestat : Schoongemaakt met een backup
:mozilla.488:C:\Documents and Settings\Cornholio\Application Data\Mozilla\Firefox\Profiles\752v9v21.default\cookies.txt -> TrackingCookie.Onestat : Schoongemaakt met een backup
:mozilla.489:C:\Documents and Settings\Cornholio\Application Data\Mozilla\Firefox\Profiles\752v9v21.default\cookies.txt -> TrackingCookie.Onestat : Schoongemaakt met een backup
:mozilla.490:C:\Documents and Settings\Cornholio\Application Data\Mozilla\Firefox\Profiles\752v9v21.default\cookies.txt -> TrackingCookie.Statcounter : Schoongemaakt met een backup
:mozilla.491:C:\Documents and Settings\Cornholio\Application Data\Mozilla\Firefox\Profiles\752v9v21.default\cookies.txt -> TrackingCookie.Statcounter : Schoongemaakt met een backup
:mozilla.492:C:\Documents and Settings\Cornholio\Application Data\Mozilla\Firefox\Profiles\752v9v21.default\cookies.txt -> TrackingCookie.Statcounter : Schoongemaakt met een backup
:mozilla.493:C:\Documents and Settings\Cornholio\Application Data\Mozilla\Firefox\Profiles\752v9v21.default\cookies.txt -> TrackingCookie.Statcounter : Schoongemaakt met een backup
:mozilla.494:C:\Documents and Settings\Cornholio\Application Data\Mozilla\Firefox\Profiles\752v9v21.default\cookies.txt -> TrackingCookie.Statcounter : Schoongemaakt met een backup
:mozilla.495:C:\Documents and Settings\Cornholio\Application Data\Mozilla\Firefox\Profiles\752v9v21.default\cookies.txt -> TrackingCookie.Statcounter : Schoongemaakt met een backup
:mozilla.496:C:\Documents and Settings\Cornholio\Application Data\Mozilla\Firefox\Profiles\752v9v21.default\cookies.txt -> TrackingCookie.Statcounter : Schoongemaakt met een backup
:mozilla.497:C:\Documents and Settings\Cornholio\Application Data\Mozilla\Firefox\Profiles\752v9v21.default\cookies.txt -> TrackingCookie.Statcounter : Schoongemaakt met een backup
:mozilla.498:C:\Documents and Settings\Cornholio\Application Data\Mozilla\Firefox\Profiles\752v9v21.default\cookies.txt -> TrackingCookie.Statcounter : Schoongemaakt met een backup
:mozilla.499:C:\Documents and Settings\Cornholio\Application Data\Mozilla\Firefox\Profiles\752v9v21.default\cookies.txt -> TrackingCookie.Statcounter : Schoongemaakt met een backup
:mozilla.531:C:\Documents and Settings\Cornholio\Application Data\Mozilla\Firefox\Profiles\752v9v21.default\cookies.txt -> TrackingCookie.Tribalfusion : Schoongemaakt met een backup
:mozilla.566:C:\Documents and Settings\Cornholio\Application Data\Mozilla\Firefox\Profiles\752v9v21.default\cookies.txt -> TrackingCookie.Web-stat : Schoongemaakt met een backup
:mozilla.567:C:\Documents and Settings\Cornholio\Application Data\Mozilla\Firefox\Profiles\752v9v21.default\cookies.txt -> TrackingCookie.Web-stat : Schoongemaakt met een backup
:mozilla.568:C:\Documents and Settings\Cornholio\Application Data\Mozilla\Firefox\Profiles\752v9v21.default\cookies.txt -> TrackingCookie.Web-stat : Schoongemaakt met een backup
:mozilla.569:C:\Documents and Settings\Cornholio\Application Data\Mozilla\Firefox\Profiles\752v9v21.default\cookies.txt -> TrackingCookie.Web-stat : Schoongemaakt met een backup
:mozilla.570:C:\Documents and Settings\Cornholio\Application Data\Mozilla\Firefox\Profiles\752v9v21.default\cookies.txt -> TrackingCookie.Web-stat : Schoongemaakt met een backup
:mozilla.571:C:\Documents and Settings\Cornholio\Application Data\Mozilla\Firefox\Profiles\752v9v21.default\cookies.txt -> TrackingCookie.Web-stat : Schoongemaakt met een backup
:mozilla.572:C:\Documents and Settings\Cornholio\Application Data\Mozilla\Firefox\Profiles\752v9v21.default\cookies.txt -> TrackingCookie.Web-stat : Schoongemaakt met een backup
:mozilla.573:C:\Documents and Settings\Cornholio\Application Data\Mozilla\Firefox\Profiles\752v9v21.default\cookies.txt -> TrackingCookie.Web-stat : Schoongemaakt met een backup
:mozilla.574:C:\Documents and Settings\Cornholio\Application Data\Mozilla\Firefox\Profiles\752v9v21.default\cookies.txt -> TrackingCookie.Web-stat : Schoongemaakt met een backup
:mozilla.575:C:\Documents and Settings\Cornholio\Application Data\Mozilla\Firefox\Profiles\752v9v21.default\cookies.txt -> TrackingCookie.Web-stat : Schoongemaakt met een backup
:mozilla.792:C:\Documents and Settings\Cornholio\Application Data\Mozilla\Firefox\Profiles\752v9v21.default\cookies.txt -> TrackingCookie.Myaffiliateprogram : Schoongemaakt met een backup
:mozilla.889:C:\Documents and Settings\Cornholio\Application Data\Mozilla\Firefox\Profiles\752v9v21.default\cookies.txt -> TrackingCookie.Web-stat : Schoongemaakt met een backup
:mozilla.890:C:\Documents and Settings\Cornholio\Application Data\Mozilla\Firefox\Profiles\752v9v21.default\cookies.txt -> TrackingCookie.Web-stat : Schoongemaakt met een backup
:mozilla.916:C:\Documents and Settings\Cornholio\Application Data\Mozilla\Firefox\Profiles\752v9v21.default\cookies.txt -> TrackingCookie.Esomniture : Schoongemaakt met een backup
:mozilla.917:C:\Documents and Settings\Cornholio\Application Data\Mozilla\Firefox\Profiles\752v9v21.default\cookies.txt -> TrackingCookie.Esomniture : Schoongemaakt met een backup
:mozilla.918:C:\Documents and Settings\Cornholio\Application Data\Mozilla\Firefox\Profiles\752v9v21.default\cookies.txt -> TrackingCookie.Esomniture : Schoongemaakt met een backup
:mozilla.919:C:\Documents and Settings\Cornholio\Application Data\Mozilla\Firefox\Profiles\752v9v21.default\cookies.txt -> TrackingCookie.Esomniture : Schoongemaakt met een backup
:mozilla.920:C:\Documents and Settings\Cornholio\Application Data\Mozilla\Firefox\Profiles\752v9v21.default\cookies.txt -> TrackingCookie.Esomniture : Schoongemaakt met een backup
:mozilla.921:C:\Documents and Settings\Cornholio\Application Data\Mozilla\Firefox\Profiles\752v9v21.default\cookies.txt -> TrackingCookie.Yadro : Schoongemaakt met een backup
:mozilla.932:C:\Documents and Settings\Cornholio\Application Data\Mozilla\Firefox\Profiles\752v9v21.default\cookies.txt -> TrackingCookie.Zedo : Schoongemaakt met een backup
:mozilla.933:C:\Documents and Settings\Cornholio\Application Data\Mozilla\Firefox\Profiles\752v9v21.default\cookies.txt -> TrackingCookie.Zedo : Schoongemaakt met een backup
:mozilla.943:C:\Documents and Settings\Cornholio\Application Data\Mozilla\Firefox\Profiles\752v9v21.default\cookies.txt -> TrackingCookie.Sitestat : Schoongemaakt met een backup
:mozilla.944:C:\Documents and Settings\Cornholio\Application Data\Mozilla\Firefox\Profiles\752v9v21.default\cookies.txt -> TrackingCookie.Sitestat : Schoongemaakt met een backup
:mozilla.950:C:\Documents and Settings\Cornholio\Application Data\Mozilla\Firefox\Profiles\752v9v21.default\cookies.txt -> TrackingCookie.Onestat : Schoongemaakt met een backup
:mozilla.971:C:\Documents and Settings\Cornholio\Application Data\Mozilla\Firefox\Profiles\752v9v21.default\cookies.txt -> TrackingCookie.Googleadservices : Schoongemaakt met een backup
:mozilla.976:C:\Documents and Settings\Cornholio\Application Data\Mozilla\Firefox\Profiles\752v9v21.default\cookies.txt -> TrackingCookie.Myaffiliateprogram : Schoongemaakt met een backup
C:\Documents and Settings\Cornholio\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jrl.jar-eea61fb-650c6cae.zip/NewSecurityClassLoader.class -> Not-A-Virus.Exploit.ByteVerify : Schoongemaakt met een backup
C:\Documents and Settings\Cornholio\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jrl.jar-eea61fb-650c6cae.zip/NewURLClassLoader.class -> Not-A-Virus.Exploit.ByteVerify : Schoongemaakt met een backup
C:\Program Files\Spybot - Search & Destroy\Recovery\Advertisingcom.zip/cornholio@www.directnetadvertising[1].txt -> TrackingCookie.Directnetadvertising : Schoongemaakt met een backup
C:\Program Files\Spybot - Search & Destroy\Recovery\Advertisingcom1.zip/cornholio@advertising[1].txt -> TrackingCookie.Advertising : Schoongemaakt met een backup
C:\Program Files\Spybot - Search & Destroy\Recovery\AvenueAInc.zip/cornholio@atdmt[2].txt -> TrackingCookie.Atdmt : Schoongemaakt met een backup
C:\Program Files\Spybot - Search & Destroy\Recovery\BFast.zip/cornholio@bfast[2].txt -> TrackingCookie.Bfast : Schoongemaakt met een backup
C:\Program Files\Spybot - Search & Destroy\Recovery\CoreMetrics.zip/cornholio@data.coremetrics[2].txt -> TrackingCookie.Coremetrics : Schoongemaakt met een backup
C:\Program Files\Spybot - Search & Destroy\Recovery\HitBox.zip/cornholio@w101.hitbox[2].txt -> TrackingCookie.Hitbox : Schoongemaakt met een backup
C:\Program Files\Spybot - Search & Destroy\Recovery\HitBox1.zip/cornholio@hitbox[1].txt -> TrackingCookie.Hitbox : Schoongemaakt met een backup
C:\Program Files\Spybot - Search & Destroy\Recovery\HitBox2.zip/cornholio@hg1.hitbox[2].txt -> TrackingCookie.Hitbox : Schoongemaakt met een backup
C:\Program Files\Spybot - Search & Destroy\Recovery\HitsLink.zip/cornholio@counter2.hitslink[2].txt -> TrackingCookie.Hitslink : Schoongemaakt met een backup
C:\Program Files\Spybot - Search & Destroy\Recovery\InternetExplorer1.zip/cornholio@2o7[1].txt -> TrackingCookie.2o7 : Schoongemaakt met een backup
C:\Program Files\Spybot - Search & Destroy\Recovery\InternetExplorer1.zip/cornholio@abcsearch[1].txt -> TrackingCookie.Abcsearch : Schoongemaakt met een backup
C:\Program Files\Spybot - Search & Destroy\Recovery\InternetExplorer1.zip/cornholio@abetterinternet[2].txt -> TrackingCookie.Abetterinternet : Schoongemaakt met een backup
C:\Program Files\Spybot - Search & Destroy\Recovery\InternetExplorer1.zip/cornholio@adorigin[1].txt -> TrackingCookie.Adorigin : Schoongemaakt met een backup
C:\Program Files\Spybot - Search & Destroy\Recovery\InternetExplorer1.zip/cornholio@c.porngraph[2].txt -> TrackingCookie.Porngraph : Schoongemaakt met een backup
C:\Program Files\Spybot - Search & Destroy\Recovery\InternetExplorer1.zip/cornholio@casalemedia[2].txt -> TrackingCookie.Casalemedia : Schoongemaakt met een backup
C:\Program Files\Spybot - Search & Destroy\Recovery\InternetExplorer1.zip/cornholio@com[2].txt -> TrackingCookie.Com : Schoongemaakt met een backup
C:\Program Files\Spybot - Search & Destroy\Recovery\InternetExplorer1.zip/cornholio@cz3.clickzs[1].txt -> TrackingCookie.Clickzs : Schoongemaakt met een backup
C:\Program Files\Spybot - Search & Destroy\Recovery\InternetExplorer1.zip/cornholio@cz6.clickzs[1].txt -> TrackingCookie.Clickzs : Schoongemaakt met een backup
C:\Program Files\Spybot - Search & Destroy\Recovery\InternetExplorer1.zip/cornholio@cz7.clickzs[2].txt -> TrackingCookie.Clickzs : Schoongemaakt met een backup
C:\Program Files\Spybot - Search & Destroy\Recovery\InternetExplorer1.zip/cornholio@cz8.clickzs[1].txt -> TrackingCookie.Clickzs : Schoongemaakt met een backup
C:\Program Files\Spybot - Search & Destroy\Recovery\InternetExplorer1.zip/cornholio@estat[1].txt -> TrackingCookie.Estat : Schoongemaakt met een backup
C:\Program Files\Spybot - Search & Destroy\Recovery\InternetExplorer1.zip/cornholio@ilead.itrack[1].txt -> TrackingCookie.Itrack : Schoongemaakt met een backup
C:\Program Files\Spybot - Search & Destroy\Recovery\InternetExplorer1.zip/cornholio@image.masterstats[1].txt -> TrackingCookie.Masterstats : Schoongemaakt met een backup
C:\Program Files\Spybot - Search & Destroy\Recovery\InternetExplorer1.zip/cornholio@programs.wegcash[1].txt -> TrackingCookie.Wegcash : Schoongemaakt met een backup
C:\Program Files\Spybot - Search & Destroy\Recovery\InternetExplorer1.zip/cornholio@spinbox[2].txt -> TrackingCookie.Spinbox : Schoongemaakt met een backup
C:\Program Files\Spybot - Search & Destroy\Recovery\InternetExplorer1.zip/cornholio@webstat[2].txt -> TrackingCookie.Web-stat : Schoongemaakt met een backup
C:\Program Files\Spybot - Search & Destroy\Recovery\InternetExplorer1.zip/cornholio@www.burstbeacon[2].txt -> TrackingCookie.Burstbeacon : Schoongemaakt met een backup
C:\Program Files\Spybot - Search & Destroy\Recovery\InternetExplorer1.zip/cornholio@www.myaffiliateprogram[1].txt -> TrackingCookie.Myaffiliateprogram : Schoongemaakt met een backup
C:\Program Files\Spybot - Search & Destroy\Recovery\InternetExplorer1.zip/cornholio@yadro[2].txt -> TrackingCookie.Yadro : Schoongemaakt met een backup
C:\Program Files\Spybot - Search & Destroy\Recovery\MediaPlex.zip/cornholio@mediaplex[2].txt -> TrackingCookie.Mediaplex : Schoongemaakt met een backup
C:\WINDOWS\SYSTEM32\1024\ldA029.tmp -> Not-A-Virus.Hoax.Win32.Renos.da : Schoongemaakt met een backup
C:\WINDOWS\SYSTEM32\__delete_on_reboot__appmagr.dll -> Not-A-Virus.Hoax.Win32.Renos.da : Schoongemaakt met een backup
::Einde rapport
-------------------------------------------------------------------------------
thoose are my reports..
please help me.
TheCorN
-
I'm reviewing your logs now
Give me a few minutes to analyze and prepare a response for you.
FYI, you were not infected with W32.Myzor.FK@yf
That is a fake warning to try to fool you into downloading fraudulent scanners which they want you to buy.
We call this family of fake software: Smitfraud. That is what was giving you the false alert.
0 -
This is my HijackThis logfile:
Logfile of HijackThis v1.99.1
Scan saved at 13:14:11, on 20-5-2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\CTsvcCDA.exe
C:\WINDOWS\system32\crypserv.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\PROGRA~1\NORTON~2\NORTON~4\GHOSTS~2.EXE
C:\Program Files\LogMeIn\RaMaint.exe
C:\Program Files\LogMeIn\LogMeIn.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton SystemWorks\Norton Antivirus\navapsvc.exe
C:\PROGRA~1\NORTON~2\NORTON~2\NPROTECT.EXE
C:\Program Files\LogMeIn\LogMeInSystray.exe
C:\WINDOWS\System32\DSentry.exe
C:\WINDOWS\system32\MMTray.exe
C:\WINDOWS\system32\MMTray2k.exe
C:\WINDOWS\system32\MMTrayLSI.exe
C:\Program Files\Lexmark X5100 Series\lxbabmgr.exe
C:\Program Files\Lexmark X5100 Series\lxbabmon.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Norton SystemWorks\Norton Antivirus\SAVScan.exe
C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe
C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe
C:\Program Files\Norton SystemWorks\Password Manager\AcctMgr.exe
C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
C:\PROGRA~1\NORTON~2\NORTON~2\SPEEDD~1\NOPDB.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\a-squared\a2guard.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe
C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
C:\Program Files\de Ajax NewsAlert\NewsAlert.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
F:\DownloadZ\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton Antivirus\NavShExt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup
O4 - HKLM\..\Run: [updReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [MMTray] MMTray.exe
O4 - HKLM\..\Run: [MMTray2K] MMTray2k.exe
O4 - HKLM\..\Run: [MMTrayLSI] MMTrayLSI.exe
O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
O4 - HKLM\..\Run: [Lexmark X5100 Series] "C:\Program Files\Lexmark X5100 Series\lxbabmgr.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [winupdt] RUNDLL32.EXE c:\windows\aauhccup1.dll,_mainRD
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [GhostStartTrayApp] C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe
O4 - HKLM\..\Run: [AcctMgr] C:\Program Files\Norton SystemWorks\Password Manager\AcctMgr.exe /startup
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\LogMeInSystray.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [a-squared] "C:\Program Files\a-squared\a2guard.exe"
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - Startup: NewsAlert.lnk = C:\Program Files\de Ajax NewsAlert\NewsAlert.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &NeoTrace It! - C:\PROGRA~1\NEOTRA~1\NTXcontext.htm
O8 - Extra context menu item: Download Images by Image Collector - C:\Program Files\Internet Image Collector\iic_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Shorten URL - http://www.cjb.net/menuext.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra button: NeoTrace It! - {9885224C-1217-4c5f-83C2-00002E6CEF2B} - C:\PROGRA~1\NEOTRA~1\NTXtoolbar.htm (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O12 - Plugin for .UVR: C:\Program Files\Internet Explorer\Plugins\NPUPano.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {23B7A816-3647-49D2-9756-6F41CE8F9201} - http://bins.dynamicdesktopmedia.com/cab/ddm_control.CAB
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab
O16 - DPF: {47CE07C6-7856-466A-B9FB-34616CD08A55} (MAXXPlayer Class) - http://www.maxx-xs.nl/player/Package/maxx2.cab
O16 - DPF: {4D7F48C0-CB49-4EA6-97D4-04F4EACC2F3B} - http://sib1.od2.com/common/Member/ClientIn...2/OCI/setup.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Besturing) - http://a840.g.akamai.net/7/840/537/2004033...all/xscan53.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...StatsClient.cab
O16 - DPF: {9A54032D-31F7-400D-B184-83B33BDE65FA} (MSN File Upload Control) - http://sc.groups.msn.com/controls/FileUC/MsnUpld.cab
O16 - DPF: {9C37446B-0B81-41E8-A312-7AE8A39FA402} (Project1.UserControl1) - http://www.roings.com/p.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {BAC01377-73DD-4796-854D-2A8997E3D68A} (Yahoo! Photos Easy Upload Tool Class) - http://us.dl1.yimg.com/download.yahoo.com/...ropper1_4us.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (ASquaredScanForm Element) - http://www.windowsecurity.com/trojanscan/axscan.cab
O16 - DPF: {BD8667B7-38D8-4C77-B580-18C3E146372C} (Creative Toolbox Plug-in) - http://ak.imgag.com/imgag/cp/install/Crusher.cab
O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} (EPSImageControl Class) - http://tools.ebayimg.com/eps/activex/EPSControl_v1-32.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/controls/msnchat45.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab31267.cab
O20 - Winlogon Notify: LMIinit - C:\WINDOWS\SYSTEM32\LMIinit.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: FireDaemon Service: dll32 (dll32) - Sublime Solutions Pty Ltd - C:\windows\system32\spool\printers\FireDaemon.exe
O23 - Service: FireDaemon Service: events (events) - Sublime Solutions Pty Ltd - C:\windows\system32\spool\printers\FireDaemon.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: GhostStartService - Symantec Corporation - C:\PROGRA~1\NORTON~2\NORTON~4\GHOSTS~2.EXE
O23 - Service: InCD Helper (read only) (InCDsrvR) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\LogMeIn.exe
O23 - Service: Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Antivirus\navapsvc.exe
O23 - Service: Intel® NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~2\NORTON~2\NPROTECT.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Antivirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~2\NORTON~2\SPEEDD~1\NOPDB.EXE
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
Hello great helpers,I'm a newbe to this forums and I hope you can help me with my problem.
I found this board through google search because my computer seems to be infected with the W32.Myzor.FK@yf virus.
I found a thread with a good expenation to remove this virus.
And I went trough it step by step. (except for the safemode part, because it wouldn't start in savemode)
I have 2 rapports and I saw you can see in thoose reports if there is still something not right on my computer.
I joined this board because I had 2 bleu screens.
(I installed the new msn live messenger beta, but removed it after thoose screens.)
Here are my reports:
-----------------------------------------------------------------------------------------------------------------------
SmitFraudFix v2.44
Scan done at 5:49:38,35, di 16-05-2006
Run from C:\Documents and Settings\Cornholio\Bureaublad\SmitfraudFix\SmitfraudFix
OS: Microsoft Windows XP [versie 5.1.2600]
»»»»»»»»»»»»»»»»»»»»»»»» Killing process
»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files
C:\WINDOWS\system32\dcomcfg.exe Deleted
C:\WINDOWS\system32\hp????.tmp Deleted
Problem while deleting C:\WINDOWS\system32\ld????.tmp
C:\WINDOWS\system32\ot.ico Deleted
Problem while deleting C:\WINDOWS\system32\regperf.exe
C:\WINDOWS\system32\simpole.tlb Deleted
Problem while deleting C:\WINDOWS\system32\stdole3.tlb
C:\WINDOWS\system32\1024\ Deleted
C:\Program Files\MalwareWipe\ Deleted
»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files
»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning
Registry Cleaning done.
»»»»»»»»»»»»»»»»»»»»»»»» Reboot
C:\WINDOWS\system32\ld????.tmp Deleted
C:\WINDOWS\system32\stdole3.tlb Deleted
»»»»»»»»»»»»»»»»»»»»»»»» End
-----------------------------------------------------------------------------------------------------------------
---------------------------------------------------------
ewido anti-malware - Scan rapport
---------------------------------------------------------
+ Gemaakt op: 5:46:16, 16-5-2006
+ Rapport samenvatting: 8C5F1E1E
+ Scan resultaten:
HKLM\SOFTWARE\Classes\CLSID\{2178F3FB-2560-458f-BDEE-631E2FE0DFE4} -> Adware.WinAntiVirus : Schoongemaakt met een backup
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\ins -> Adware.WebRebates : Schoongemaakt met een backup
[1344] C:\WINDOWS\system32\appmagr.dll -> Not-A-Virus.Hoax.Win32.Renos.da : Fout gedurende het schoonmake
:mozilla.6:C:\Documents and Settings\Cornholio\Application Data\Mozilla\Firefox\Profiles\752v9v21.default\cookies.txt -> TrackingCookie.2o7 : Schoongemaakt met een backup
:mozilla.20:C:\Documents and Settings\Cornholio\Application Data\Mozilla\Firefox\Profiles\752v9v21.default\cookies.txt -> TrackingCookie.Sitestat : Schoongemaakt met een backup
:mozilla.21:C:\Documents and Settings\Cornholio\Application Data\Mozilla\Firefox\Profiles\752v9v21.default\cookies.txt -> TrackingCookie.Sitestat : Schoongemaakt met een backup
:mozilla.22:C:\Documents and Settings\Cornholio\Application Data\Mozilla\Firefox\Profiles\752v9v21.default\cookies.txt -> TrackingCookie.Sitestat : Schoongemaakt met een backup
:mozilla.30:C:\Documents and Settings\Cornholio\Application Data\Mozilla\Firefox\Profiles\752v9v21.default\cookies.txt -> TrackingCookie.Casalemedia : Schoongemaakt met een backup
:mozilla.31:C:\Documents and Settings\Cornholio\Application Data\Mozilla\Firefox\Profiles\752v9v21.default\cookies.txt -> TrackingCookie.Casalemedia : Schoongemaakt met een backup
:mozilla.32:C:\Documents and Settings\Cornholio\Application Data\Mozilla\Firefox\Profiles\752v9v21.default\cookies.txt -> TrackingCookie.Casalemedia : Schoongemaakt met een backup
:mozilla.34:C:\Documents and Settings\Cornholio\Application Data\Mozilla\Firefox\Profiles\752v9v21.default\cookies.txt -> TrackingCookie.Clickbank : Schoongemaakt met een backup
:mozilla.36:C:\Documents and Settings\Cornholio\Application Data\Mozilla\Firefox\Profiles\752v9v21.default\cookies.txt -> TrackingCookie.Com : Schoongemaakt met een backup
:mozilla.37:C:\Documents and Settings\Cornholio\Application Data\Mozilla\Firefox\Profiles\752v9v21.default\cookies.txt -> TrackingCookie.Com : Schoongemaakt met een backup
:mozilla.105:C:\Documents and Settings\Cornholio\Application Data\Mozilla\Firefox\Profiles\752v9v21.default\cookies.txt -> TrackingCookie.Statcounter : Schoongemaakt met een backup
:mozilla.159:C:\Documents and Settings\Cornholio\Application Data\Mozilla\Firefox\Profiles\752v9v21.default\cookies.txt -> TrackingCookie.Masterstats : Schoongemaakt met een backup
:mozilla.160:C:\Documents and Settings\Cornholio\Application Data\Mozilla\Firefox\Profiles\752v9v21.default\cookies.txt -> TrackingCookie.Googleadservices : Schoongemaakt met een backup
:mozilla.161:C:\Documents and Settings\Cornholio\Application Data\Mozilla\Firefox\Profiles\752v9v21.default\cookies.txt -> TrackingCookie.Googleadservices : Schoongemaakt met een backup
:mozilla.247:C:\Documents and Settings\Cornholio\Application Data\Mozilla\Firefox\Profiles\752v9v21.default\cookies.txt -> TrackingCookie.2o7 : Schoongemaakt met een backup
:mozilla.257:C:\Documents and Settings\Cornholio\Application Data\Mozilla\Firefox\Profiles\752v9v21.default\cookies.txt -> TrackingCookie.2o7 : Schoongemaakt met een backup
:mozilla.278:C:\Documents and Settings\Cornholio\Application Data\Mozilla\Firefox\Profiles\752v9v21.default\cookies.txt -> TrackingCookie.2o7 : Schoongemaakt met een backup
:mozilla.313:C:\Documents and Settings\Cornholio\Application Data\Mozilla\Firefox\Profiles\752v9v21.default\cookies.txt -> TrackingCookie.Sitestat : Schoongemaakt met een backup
:mozilla.314:C:\Documents and Settings\Cornholio\Application Data\Mozilla\Firefox\Profiles\752v9v21.default\cookies.txt -> TrackingCookie.Sitestat : Schoongemaakt met een backup
:mozilla.315:C:\Documents and Settings\Cornholio\Application Data\Mozilla\Firefox\Profiles\752v9v21.default\cookies.txt -> TrackingCookie.Sitestat : Schoongemaakt met een backup
:mozilla.316:C:\Documents and Settings\Cornholio\Application Data\Mozilla\Firefox\Profiles\752v9v21.default\cookies.txt -> TrackingCookie.Sitestat : Schoongemaakt met een backup
:mozilla.317:C:\Documents and Settings\Cornholio\Application Data\Mozilla\Firefox\Profiles\752v9v21.default\cookies.txt -> TrackingCookie.Sitestat : Schoongemaakt met een backup
:mozilla.318:C:\Documents and Settings\Cornholio\Application Data\Mozilla\Firefox\Profiles\752v9v21.default\cookies.txt -> TrackingCookie.Sitestat : Schoongemaakt met een backup
:mozilla.319:C:\Documents and Settings\Cornholio\Application Data\Mozilla\Firefox\Profiles\752v9v21.default\cookies.txt -> TrackingCookie.Sitestat : Schoongemaakt met een backup
:mozilla.320:C:\Documents and Settings\Cornholio\Application Data\Mozilla\Firefox\Profiles\752v9v21.default\cookies.txt -> TrackingCookie.Sitestat : Schoongemaakt met een backup
:mozilla.321:C:\Documents and Settings\Cornholio\Application Data\Mozilla\Firefox\Profiles\752v9v21.default\cookies.txt -> TrackingCookie.Sitestat : Schoongemaakt met een backup
:mozilla.322:C:\Documents and Settings\Cornholio\Application Data\Mozilla\Firefox\Profiles\752v9v21.default\cookies.txt -> TrackingCookie.Sitestat : Schoongemaakt met een backup
:mozilla.323:C:\Documents and Settings\Cornholio\Application Data\Mozilla\Firefox\Profiles\752v9v21.default\cookies.txt -> TrackingCookie.Sitestat : Schoongemaakt met een backup
:mozilla.324:C:\Documents and Settings\Cornholio\Application Data\Mozilla\Firefox\Profiles\752v9v21.default\cookies.txt -> TrackingCookie.Sitestat : Schoongemaakt met een backup
:mozilla.325:C:\Documents and Settings\Cornholio\Application Data\Mozilla\Firefox\Profiles\752v9v21.default\cookies.txt -> TrackingCookie.Sitestat : Schoongemaakt met een backup
:mozilla.326:C:\Documents and Settings\Cornholio\Application Data\Mozilla\Firefox\Profiles\752v9v21.default\cookies.txt -> TrackingCookie.Sitestat : Schoongemaakt met een backup
:mozilla.327:C:\Documents and Settings\Cornholio\Application Data\Mozilla\Firefox\Profiles\752v9v21.default\cookies.txt -> TrackingCookie.Sitestat : Schoongemaakt met een backup
:mozilla.400:C:\Documents and Settings\Cornholio\Application Data\Mozilla\Firefox\Profiles\752v9v21.default\cookies.txt -> TrackingCookie.Revenue : Schoongemaakt met een backup
:mozilla.446:C:\Documents and Settings\Cornholio\Application Data\Mozilla\Firefox\Profiles\752v9v21.default\cookies.txt -> TrackingCookie.Web-stat : Schoongemaakt met een backup
:mozilla.447:C:\Documents and Settings\Cornholio\Application Data\Mozilla\Firefox\Profiles\752v9v21.default\cookies.txt -> TrackingCookie.Web-stat : Schoongemaakt met een backup
:mozilla.487:C:\Documents and Settings\Cornholio\Application Data\Mozilla\Firefox\Profiles\752v9v21.default\cookies.txt -> TrackingCookie.Onestat : Schoongemaakt met een backup
:mozilla.488:C:\Documents and Settings\Cornholio\Application Data\Mozilla\Firefox\Profiles\752v9v21.default\cookies.txt -> TrackingCookie.Onestat : Schoongemaakt met een backup
:mozilla.489:C:\Documents and Settings\Cornholio\Application Data\Mozilla\Firefox\Profiles\752v9v21.default\cookies.txt -> TrackingCookie.Onestat : Schoongemaakt met een backup
:mozilla.490:C:\Documents and Settings\Cornholio\Application Data\Mozilla\Firefox\Profiles\752v9v21.default\cookies.txt -> TrackingCookie.Statcounter : Schoongemaakt met een backup
:mozilla.491:C:\Documents and Settings\Cornholio\Application Data\Mozilla\Firefox\Profiles\752v9v21.default\cookies.txt -> TrackingCookie.Statcounter : Schoongemaakt met een backup
:mozilla.492:C:\Documents and Settings\Cornholio\Application Data\Mozilla\Firefox\Profiles\752v9v21.default\cookies.txt -> TrackingCookie.Statcounter : Schoongemaakt met een backup
:mozilla.493:C:\Documents and Settings\Cornholio\Application Data\Mozilla\Firefox\Profiles\752v9v21.default\cookies.txt -> TrackingCookie.Statcounter : Schoongemaakt met een backup
:mozilla.494:C:\Documents and Settings\Cornholio\Application Data\Mozilla\Firefox\Profiles\752v9v21.default\cookies.txt -> TrackingCookie.Statcounter : Schoongemaakt met een backup
:mozilla.495:C:\Documents and Settings\Cornholio\Application Data\Mozilla\Firefox\Profiles\752v9v21.default\cookies.txt -> TrackingCookie.Statcounter : Schoongemaakt met een backup
:mozilla.496:C:\Documents and Settings\Cornholio\Application Data\Mozilla\Firefox\Profiles\752v9v21.default\cookies.txt -> TrackingCookie.Statcounter : Schoongemaakt met een backup
:mozilla.497:C:\Documents and Settings\Cornholio\Application Data\Mozilla\Firefox\Profiles\752v9v21.default\cookies.txt -> TrackingCookie.Statcounter : Schoongemaakt met een backup
:mozilla.498:C:\Documents and Settings\Cornholio\Application Data\Mozilla\Firefox\Profiles\752v9v21.default\cookies.txt -> TrackingCookie.Statcounter : Schoongemaakt met een backup
:mozilla.499:C:\Documents and Settings\Cornholio\Application Data\Mozilla\Firefox\Profiles\752v9v21.default\cookies.txt -> TrackingCookie.Statcounter : Schoongemaakt met een backup
:mozilla.531:C:\Documents and Settings\Cornholio\Application Data\Mozilla\Firefox\Profiles\752v9v21.default\cookies.txt -> TrackingCookie.Tribalfusion : Schoongemaakt met een backup
:mozilla.566:C:\Documents and Settings\Cornholio\Application Data\Mozilla\Firefox\Profiles\752v9v21.default\cookies.txt -> TrackingCookie.Web-stat : Schoongemaakt met een backup
:mozilla.567:C:\Documents and Settings\Cornholio\Application Data\Mozilla\Firefox\Profiles\752v9v21.default\cookies.txt -> TrackingCookie.Web-stat : Schoongemaakt met een backup
:mozilla.568:C:\Documents and Settings\Cornholio\Application Data\Mozilla\Firefox\Profiles\752v9v21.default\cookies.txt -> TrackingCookie.Web-stat : Schoongemaakt met een backup
:mozilla.569:C:\Documents and Settings\Cornholio\Application Data\Mozilla\Firefox\Profiles\752v9v21.default\cookies.txt -> TrackingCookie.Web-stat : Schoongemaakt met een backup
:mozilla.570:C:\Documents and Settings\Cornholio\Application Data\Mozilla\Firefox\Profiles\752v9v21.default\cookies.txt -> TrackingCookie.Web-stat : Schoongemaakt met een backup
:mozilla.571:C:\Documents and Settings\Cornholio\Application Data\Mozilla\Firefox\Profiles\752v9v21.default\cookies.txt -> TrackingCookie.Web-stat : Schoongemaakt met een backup
:mozilla.572:C:\Documents and Settings\Cornholio\Application Data\Mozilla\Firefox\Profiles\752v9v21.default\cookies.txt -> TrackingCookie.Web-stat : Schoongemaakt met een backup
:mozilla.573:C:\Documents and Settings\Cornholio\Application Data\Mozilla\Firefox\Profiles\752v9v21.default\cookies.txt -> TrackingCookie.Web-stat : Schoongemaakt met een backup
:mozilla.574:C:\Documents and Settings\Cornholio\Application Data\Mozilla\Firefox\Profiles\752v9v21.default\cookies.txt -> TrackingCookie.Web-stat : Schoongemaakt met een backup
:mozilla.575:C:\Documents and Settings\Cornholio\Application Data\Mozilla\Firefox\Profiles\752v9v21.default\cookies.txt -> TrackingCookie.Web-stat : Schoongemaakt met een backup
:mozilla.792:C:\Documents and Settings\Cornholio\Application Data\Mozilla\Firefox\Profiles\752v9v21.default\cookies.txt -> TrackingCookie.Myaffiliateprogram : Schoongemaakt met een backup
:mozilla.889:C:\Documents and Settings\Cornholio\Application Data\Mozilla\Firefox\Profiles\752v9v21.default\cookies.txt -> TrackingCookie.Web-stat : Schoongemaakt met een backup
:mozilla.890:C:\Documents and Settings\Cornholio\Application Data\Mozilla\Firefox\Profiles\752v9v21.default\cookies.txt -> TrackingCookie.Web-stat : Schoongemaakt met een backup
:mozilla.916:C:\Documents and Settings\Cornholio\Application Data\Mozilla\Firefox\Profiles\752v9v21.default\cookies.txt -> TrackingCookie.Esomniture : Schoongemaakt met een backup
:mozilla.917:C:\Documents and Settings\Cornholio\Application Data\Mozilla\Firefox\Profiles\752v9v21.default\cookies.txt -> TrackingCookie.Esomniture : Schoongemaakt met een backup
:mozilla.918:C:\Documents and Settings\Cornholio\Application Data\Mozilla\Firefox\Profiles\752v9v21.default\cookies.txt -> TrackingCookie.Esomniture : Schoongemaakt met een backup
:mozilla.919:C:\Documents and Settings\Cornholio\Application Data\Mozilla\Firefox\Profiles\752v9v21.default\cookies.txt -> TrackingCookie.Esomniture : Schoongemaakt met een backup
:mozilla.920:C:\Documents and Settings\Cornholio\Application Data\Mozilla\Firefox\Profiles\752v9v21.default\cookies.txt -> TrackingCookie.Esomniture : Schoongemaakt met een backup
:mozilla.921:C:\Documents and Settings\Cornholio\Application Data\Mozilla\Firefox\Profiles\752v9v21.default\cookies.txt -> TrackingCookie.Yadro : Schoongemaakt met een backup
:mozilla.932:C:\Documents and Settings\Cornholio\Application Data\Mozilla\Firefox\Profiles\752v9v21.default\cookies.txt -> TrackingCookie.Zedo : Schoongemaakt met een backup
:mozilla.933:C:\Documents and Settings\Cornholio\Application Data\Mozilla\Firefox\Profiles\752v9v21.default\cookies.txt -> TrackingCookie.Zedo : Schoongemaakt met een backup
:mozilla.943:C:\Documents and Settings\Cornholio\Application Data\Mozilla\Firefox\Profiles\752v9v21.default\cookies.txt -> TrackingCookie.Sitestat : Schoongemaakt met een backup
:mozilla.944:C:\Documents and Settings\Cornholio\Application Data\Mozilla\Firefox\Profiles\752v9v21.default\cookies.txt -> TrackingCookie.Sitestat : Schoongemaakt met een backup
:mozilla.950:C:\Documents and Settings\Cornholio\Application Data\Mozilla\Firefox\Profiles\752v9v21.default\cookies.txt -> TrackingCookie.Onestat : Schoongemaakt met een backup
:mozilla.971:C:\Documents and Settings\Cornholio\Application Data\Mozilla\Firefox\Profiles\752v9v21.default\cookies.txt -> TrackingCookie.Googleadservices : Schoongemaakt met een backup
:mozilla.976:C:\Documents and Settings\Cornholio\Application Data\Mozilla\Firefox\Profiles\752v9v21.default\cookies.txt -> TrackingCookie.Myaffiliateprogram : Schoongemaakt met een backup
C:\Documents and Settings\Cornholio\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jrl.jar-eea61fb-650c6cae.zip/NewSecurityClassLoader.class -> Not-A-Virus.Exploit.ByteVerify : Schoongemaakt met een backup
C:\Documents and Settings\Cornholio\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jrl.jar-eea61fb-650c6cae.zip/NewURLClassLoader.class -> Not-A-Virus.Exploit.ByteVerify : Schoongemaakt met een backup
C:\Program Files\Spybot - Search & Destroy\Recovery\Advertisingcom.zip/cornholio@www.directnetadvertising[1].txt -> TrackingCookie.Directnetadvertising : Schoongemaakt met een backup
C:\Program Files\Spybot - Search & Destroy\Recovery\Advertisingcom1.zip/cornholio@advertising[1].txt -> TrackingCookie.Advertising : Schoongemaakt met een backup
C:\Program Files\Spybot - Search & Destroy\Recovery\AvenueAInc.zip/cornholio@atdmt[2].txt -> TrackingCookie.Atdmt : Schoongemaakt met een backup
C:\Program Files\Spybot - Search & Destroy\Recovery\BFast.zip/cornholio@bfast[2].txt -> TrackingCookie.Bfast : Schoongemaakt met een backup
C:\Program Files\Spybot - Search & Destroy\Recovery\CoreMetrics.zip/cornholio@data.coremetrics[2].txt -> TrackingCookie.Coremetrics : Schoongemaakt met een backup
C:\Program Files\Spybot - Search & Destroy\Recovery\HitBox.zip/cornholio@w101.hitbox[2].txt -> TrackingCookie.Hitbox : Schoongemaakt met een backup
C:\Program Files\Spybot - Search & Destroy\Recovery\HitBox1.zip/cornholio@hitbox[1].txt -> TrackingCookie.Hitbox : Schoongemaakt met een backup
C:\Program Files\Spybot - Search & Destroy\Recovery\HitBox2.zip/cornholio@hg1.hitbox[2].txt -> TrackingCookie.Hitbox : Schoongemaakt met een backup
C:\Program Files\Spybot - Search & Destroy\Recovery\HitsLink.zip/cornholio@counter2.hitslink[2].txt -> TrackingCookie.Hitslink : Schoongemaakt met een backup
C:\Program Files\Spybot - Search & Destroy\Recovery\InternetExplorer1.zip/cornholio@2o7[1].txt -> TrackingCookie.2o7 : Schoongemaakt met een backup
C:\Program Files\Spybot - Search & Destroy\Recovery\InternetExplorer1.zip/cornholio@abcsearch[1].txt -> TrackingCookie.Abcsearch : Schoongemaakt met een backup
C:\Program Files\Spybot - Search & Destroy\Recovery\InternetExplorer1.zip/cornholio@abetterinternet[2].txt -> TrackingCookie.Abetterinternet : Schoongemaakt met een backup
C:\Program Files\Spybot - Search & Destroy\Recovery\InternetExplorer1.zip/cornholio@adorigin[1].txt -> TrackingCookie.Adorigin : Schoongemaakt met een backup
C:\Program Files\Spybot - Search & Destroy\Recovery\InternetExplorer1.zip/cornholio@c.porngraph[2].txt -> TrackingCookie.Porngraph : Schoongemaakt met een backup
C:\Program Files\Spybot - Search & Destroy\Recovery\InternetExplorer1.zip/cornholio@casalemedia[2].txt -> TrackingCookie.Casalemedia : Schoongemaakt met een backup
C:\Program Files\Spybot - Search & Destroy\Recovery\InternetExplorer1.zip/cornholio@com[2].txt -> TrackingCookie.Com : Schoongemaakt met een backup
C:\Program Files\Spybot - Search & Destroy\Recovery\InternetExplorer1.zip/cornholio@cz3.clickzs[1].txt -> TrackingCookie.Clickzs : Schoongemaakt met een backup
C:\Program Files\Spybot - Search & Destroy\Recovery\InternetExplorer1.zip/cornholio@cz6.clickzs[1].txt -> TrackingCookie.Clickzs : Schoongemaakt met een backup
C:\Program Files\Spybot - Search & Destroy\Recovery\InternetExplorer1.zip/cornholio@cz7.clickzs[2].txt -> TrackingCookie.Clickzs : Schoongemaakt met een backup
C:\Program Files\Spybot - Search & Destroy\Recovery\InternetExplorer1.zip/cornholio@cz8.clickzs[1].txt -> TrackingCookie.Clickzs : Schoongemaakt met een backup
C:\Program Files\Spybot - Search & Destroy\Recovery\InternetExplorer1.zip/cornholio@estat[1].txt -> TrackingCookie.Estat : Schoongemaakt met een backup
C:\Program Files\Spybot - Search & Destroy\Recovery\InternetExplorer1.zip/cornholio@ilead.itrack[1].txt -> TrackingCookie.Itrack : Schoongemaakt met een backup
C:\Program Files\Spybot - Search & Destroy\Recovery\InternetExplorer1.zip/cornholio@image.masterstats[1].txt -> TrackingCookie.Masterstats : Schoongemaakt met een backup
C:\Program Files\Spybot - Search & Destroy\Recovery\InternetExplorer1.zip/cornholio@programs.wegcash[1].txt -> TrackingCookie.Wegcash : Schoongemaakt met een backup
C:\Program Files\Spybot - Search & Destroy\Recovery\InternetExplorer1.zip/cornholio@spinbox[2].txt -> TrackingCookie.Spinbox : Schoongemaakt met een backup
C:\Program Files\Spybot - Search & Destroy\Recovery\InternetExplorer1.zip/cornholio@webstat[2].txt -> TrackingCookie.Web-stat : Schoongemaakt met een backup
C:\Program Files\Spybot - Search & Destroy\Recovery\InternetExplorer1.zip/cornholio@www.burstbeacon[2].txt -> TrackingCookie.Burstbeacon : Schoongemaakt met een backup
C:\Program Files\Spybot - Search & Destroy\Recovery\InternetExplorer1.zip/cornholio@www.myaffiliateprogram[1].txt -> TrackingCookie.Myaffiliateprogram : Schoongemaakt met een backup
C:\Program Files\Spybot - Search & Destroy\Recovery\InternetExplorer1.zip/cornholio@yadro[2].txt -> TrackingCookie.Yadro : Schoongemaakt met een backup
C:\Program Files\Spybot - Search & Destroy\Recovery\MediaPlex.zip/cornholio@mediaplex[2].txt -> TrackingCookie.Mediaplex : Schoongemaakt met een backup
C:\WINDOWS\SYSTEM32\1024\ldA029.tmp -> Not-A-Virus.Hoax.Win32.Renos.da : Schoongemaakt met een backup
C:\WINDOWS\SYSTEM32\__delete_on_reboot__appmagr.dll -> Not-A-Virus.Hoax.Win32.Renos.da : Schoongemaakt met een backup
::Einde rapport
-------------------------------------------------------------------------------
thoose are my reports..
please help me.
TheCorN
0 -
There is a newer version of SmitfraudFix released (v. 2.45). It has been updated for newer variants of Smitfraud.
Delete the folder and zip file of SmitfraudFix that you now have and download the new version here:
Download SmitfraudFix (by S!Ri) to your Desktop (Win2k/WinXP only!).
http://siri.urz.free.fr/Fix/SmitfraudFix.zip
Extract the file to your desktop to create the Smitfraud folder.
Open the SmitfraudFix folder and double-click smitfraudfix.cmd
Select option #2 - Clean by typing 2 and press Enter.
Wait for the tool to complete and disk cleanup to finish.
You will be prompted : "Registry cleaning - Do you want to clean the registry ?" answer Yes by typing Y and hit Enter.
The tool will also check if wininet.dll is infected. If a clean version is found, you will be prompted to replace wininet.dll. Answer Yes to the question "Replace infected file ?" by typing Y and hit Enter.
A reboot may be needed to finish the cleaning process, if you computer does not restart automatically please do it yourself manually.
You have other pests and may have a worm on there (that 04 item in the list below...I have listed a description for you because that may be a backdoor worm which give access to your PC to a remote attacker)
Scan with HijackThis and checkmark the following entires, then press the *fix checked* button
O4 - HKLM\..\Run: [winupdt] RUNDLL32.EXE c:\windows\aauhccup1.dll,_mainRD <---worm!
O16 - DPF: {23B7A816-3647-49D2-9756-6F41CE8F9201} - http://bins.dynamicdesktopmedia.com/cab/ddm_control.CAB
O16 - DPF: {9C37446B-0B81-41E8-A312-7AE8A39FA402} (Project1.UserControl1) - http://www.roings.com/p.cab
Then delete this file:
c:\windows\aauhccup1.dll
That worm is most likely a variant of this one :
Email-Worm.Win32.Mabutu.a
http://www.viruslist.com/en/viruses/encycl...a?virusid=57406
It may have already been removed and what we are seeing is a leftover in the registry but you should doublecheck by getting an online AV scan at one of the following:
eTrust Antivirus Web Scanner
http://www3.ca.com/securityadvisor/virusinfo/scan.aspx
(if prompted, please *allow* Active X and the install of software - this is needed to scan your system)
It will take a while to download the updates needed, and then you'll be presented with a screen to scan your system.
Trend Micro (PC-cillin) - Free on-line Scan
http://housecall.antivirus.com
Panda's Active Scan
http://www.pandasoftware.com/products/activescan.htm
When you are done, please reboot your PC
Scan again with HijackThis to make a new log and post it here, along with the rapport.txt from the new SmitFraudFix v. 2.45
0 -
Sorry for the late reaction.
I was busy and not much online..
But I did and here are my rapports:
-----------------------------------------------------------------
Logfile of HijackThis v1.99.1
Scan saved at 0:50:19, on 23-5-2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\System32\CTsvcCDA.exe
C:\WINDOWS\system32\crypserv.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\PROGRA~1\NORTON~2\NORTON~4\GHOSTS~2.EXE
C:\Program Files\LogMeIn\RaMaint.exe
C:\Program Files\LogMeIn\LogMeIn.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton SystemWorks\Norton Antivirus\navapsvc.exe
C:\PROGRA~1\NORTON~2\NORTON~2\NPROTECT.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Norton SystemWorks\Norton Antivirus\SAVScan.exe
C:\PROGRA~1\NORTON~2\NORTON~2\SPEEDD~1\NOPDB.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\DSentry.exe
C:\WINDOWS\system32\MMTray.exe
C:\WINDOWS\system32\MMTray2k.exe
C:\WINDOWS\system32\MMTrayLSI.exe
C:\Program Files\Lexmark X5100 Series\lxbabmgr.exe
C:\Program Files\Lexmark X5100 Series\lxbabmon.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe
C:\Program Files\Norton SystemWorks\Password Manager\AcctMgr.exe
C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe
C:\Program Files\LogMeIn\LogMeInSystray.exe
C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\a-squared\a2guard.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe
C:\Program Files\de Ajax NewsAlert\NewsAlert.exe
C:\Program Files\Internet Explorer\iexplore.exe
F:\DownloadZ\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton Antivirus\NavShExt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup
O4 - HKLM\..\Run: [updReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [MMTray] MMTray.exe
O4 - HKLM\..\Run: [MMTray2K] MMTray2k.exe
O4 - HKLM\..\Run: [MMTrayLSI] MMTrayLSI.exe
O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
O4 - HKLM\..\Run: [Lexmark X5100 Series] "C:\Program Files\Lexmark X5100 Series\lxbabmgr.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [GhostStartTrayApp] C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe
O4 - HKLM\..\Run: [AcctMgr] C:\Program Files\Norton SystemWorks\Password Manager\AcctMgr.exe /startup
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\LogMeInSystray.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [a-squared] "C:\Program Files\a-squared\a2guard.exe"
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - Startup: NewsAlert.lnk = C:\Program Files\de Ajax NewsAlert\NewsAlert.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &NeoTrace It! - C:\PROGRA~1\NEOTRA~1\NTXcontext.htm
O8 - Extra context menu item: Download Images by Image Collector - C:\Program Files\Internet Image Collector\iic_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Shorten URL - http://www.cjb.net/menuext.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra button: NeoTrace It! - {9885224C-1217-4c5f-83C2-00002E6CEF2B} - C:\PROGRA~1\NEOTRA~1\NTXtoolbar.htm (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O12 - Plugin for .UVR: C:\Program Files\Internet Explorer\Plugins\NPUPano.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab
O16 - DPF: {47CE07C6-7856-466A-B9FB-34616CD08A55} (MAXXPlayer Class) - http://www.maxx-xs.nl/player/Package/maxx2.cab
O16 - DPF: {4D7F48C0-CB49-4EA6-97D4-04F4EACC2F3B} - http://sib1.od2.com/common/Member/ClientIn...2/OCI/setup.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Besturing) - http://a840.g.akamai.net/7/840/537/2004033...all/xscan53.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...StatsClient.cab
O16 - DPF: {9A54032D-31F7-400D-B184-83B33BDE65FA} (MSN File Upload Control) - http://sc.groups.msn.com/controls/FileUC/MsnUpld.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {BAC01377-73DD-4796-854D-2A8997E3D68A} (Yahoo! Photos Easy Upload Tool Class) - http://us.dl1.yimg.com/download.yahoo.com/...ropper1_4us.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (ASquaredScanForm Element) - http://www.windowsecurity.com/trojanscan/axscan.cab
O16 - DPF: {BD8667B7-38D8-4C77-B580-18C3E146372C} (Creative Toolbox Plug-in) - http://ak.imgag.com/imgag/cp/install/Crusher.cab
O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} (EPSImageControl Class) - http://tools.ebayimg.com/eps/activex/EPSControl_v1-32.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/controls/msnchat45.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab31267.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: LMIinit - C:\WINDOWS\SYSTEM32\LMIinit.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: FireDaemon Service: dll32 (dll32) - Sublime Solutions Pty Ltd - C:\windows\system32\spool\printers\FireDaemon.exe
O23 - Service: FireDaemon Service: events (events) - Sublime Solutions Pty Ltd - C:\windows\system32\spool\printers\FireDaemon.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: GhostStartService - Symantec Corporation - C:\PROGRA~1\NORTON~2\NORTON~4\GHOSTS~2.EXE
O23 - Service: InCD Helper (read only) (InCDsrvR) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\LogMeIn.exe
O23 - Service: Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Antivirus\navapsvc.exe
O23 - Service: Intel® NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~2\NORTON~2\NPROTECT.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Antivirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~2\NORTON~2\SPEEDD~1\NOPDB.EXE
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
---------------------------------------------------------
SmitFraudFix v2.45
Scan done at 22:24:40,29, ma 22-05-2006
Run from C:\Documents and Settings\Cornholio\Bureaublad\SmitfraudFix\SmitfraudFix
OS: Microsoft Windows XP [versie 5.1.2600]
»»»»»»»»»»»»»»»»»»»»»»»» Killing process
»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files
C:\WINDOWS\system32\regperf.exe Deleted
»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files
»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning
Registry Cleaning done.
»»»»»»»»»»»»»»»»»»»»»»»» End
0 -
Those reports all look good.
Do your issues appear to be resolved at this point?
0 -
Those reports all look good.Do your issues appear to be resolved at this point?
Many many many thanx dude..
I'll keep in toutch with this forum, cause I never found so quick help!!
It is resolved yes...
0 -
Glad to hear it! Always glad when we can help (I happen to be a dudette, however )
Go ahead and delete the SmitfraudFix zip file and the folder too. It won't be needed again (and if it was it would best to redownload to get the newest version).
Do a disk cleanup. Go to Start > Run and type in the box: cleanmgr
Wait while Windows scans your PC for files to delete. When it finishes it will present a list. Make sure these 3 are checkmarked and press *ok* to delete them:
Temporary Files
Temporary Internet Files
Recycle Bin
.............................................
Now that your PC is clean, make sure all programs are running properly and then you'll need to reset your restore point in Windows XP.......why?
One of the best features of Windows ME or XP is the System Restore option, however if a malware infects a computer with this operating system it can be backed up in the System Restore folder. Therefore, clearing the restore points is necessary after malware removal.
To reset your restore points, please note that you will need to log into your computer with an account which has full administrator access. You will know if the account has administrator access because you will be able to see the System Restore tab. If the tab is missing, you are logged in under a limited account.
(winXP)
1. Turn off System Restore.
Go to Start and right-click on *My Computer*.
Click Properties.
Click the System Restore tab.
Put a Checkmark in the box next to "Turn off System Restore".
Click Apply, and then click OK.
2. Reboot.
3. Turn ON System Restore.
Go to Start and right-click on *My Computer*.
Click Properties.
Click the System Restore tab.
Remove the checkmark next to "Turn off System Restore".
Click Apply, and then click OK.
How to Turn On and Turn Off System Restore in Windows XP
http://support.microsoft.com/default.aspx?...kb;en-us;310405
Next, I highly recommend you get some extra protection to prevent future infections. Here are some things you can do and some free programs to help .
How do I prevent Browser Hijacks and Spyware?
http://www.dslreports.com/faq/13620
I'm happy to see you have SP2 installed. That will address numerous security issues in your Operating System and IE
Make sure that you keep your Operating System and IE updated with the latest Critical Security Updates from Microsoft...they usually come out once a month, on the 2nd Tuesday of each month. This is the first step in malware prevention, as many nasties now take advantage of new exploits and if not patched, you are vulnerable!
Windows Update
http://update.microsoft.com/microsoftupdate/
And see this link for instructions on how to configure the enhanced security features in SP2:
http://www.microsoft.com/technet/security/...xp/iesecxp.mspx
I also highly recommend to get the free tool, Microsoft Baseline Security Analyzer (MBSA) from Microsoft to analyze your PC security for prevention purposes.
MBSA Version 2.0 will scan for common system misconfigurations on Windows 2000, Windows XP, and Windows Server 2003 systems. This program will identify the system security weaknesses in your browser and operating system and provides easy instructions to correct them. This includes any missing critical Windows security updates, system vulnerabilities and your IE Browser security settings. Get the download here:
Microsoft Baseline Security Analyzer
http://www.microsoft.com/technet/security/...s/mbsahome.mspx
Choose MBSAsetup-EN.msi = (English Version) or the language appropriate for you.
0 -
Thnx again!!
I did all the above !!
Your a great help hero
0 -
You're quite welcome
Stay safe and happy surfing!
0
Please sign in to leave a comment.
Comments
9 comments