Mobile/PDA About Us Advertise here
User User name Password  
  Not registered yet? Register here.
Lost your password? Click here. 		 
  Home   News   Guides   Downloads   Glossary   Hardware   Profiles   Forums   v4  
 Advertise at AfterDawn.com     Link to us!     Private messages     Compose a private message     List of all updated threads     Threads without replies     Search messages
Sunday 24.11.2024 / 18:14
Search AfterDawn Forums:        In English   Suomeksi   På svenska
afterdawn.com > forums > software, operating systems and more > windows - virus and spyware problems > win32:zlob-bn and win32:hoaxalarm-u
Show topics
 
Forums
Forums
Win32:Zlob-BN and Win32:Hoaxalarm-U
  Jump to:
 
Posted Message
djswiffer
Newbie
_ 		29. May 2006 @ 11:00 _ Link to this message    Send private message to this user   
I seem to have the same two virusses that get back all the time!

C:\WINDOWS\system32\1024\ldBEA5.tmp\[UPX] Win32:Hoaxalarm-U [Adw]
C:\WINDOWS\system32\1024\ld7FC3.tmp\[Upack] Win32:Zlob-BN [Trj]


Logfile of HijackThis v1.99.1
Scan saved at 20:57:17, on 29/05/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast\ashServ.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Alwil Software\Avast\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ALWILS~1\Avast\ashDisp.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe
C:\Program Files\HP\HP Share-to-Web\hpgs2wnd.exe
C:\WINDOWS\system32\taskswitch.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Icons\SetIcon.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\HP\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\DU Meter\DUMeter.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\PROGRA~1\BILLPS~1\WINPAT~1\winpatrol.exe
C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\ABIT\Common\Bin\WinCinemaMgr.exe
C:\Program Files\Yahoo!\WidgetEngine\YahooWidgetEngine.exe
C:\Program Files\Yahoo!\WidgetEngine\YahooWidgetEngine.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\WINDOWS\system32\svchost.exe
C:\DOCUME~1\diesel\LOCALS~1\Temp\~e5.0001
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\iTunes\iTunes.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Documents and Settings\diesel\Bureaublad\DOWN\HijackThis_v1.99.1.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.skynet.be:8080
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {206E52E0-D52E-11D4-AD54-0000E86C26F6} - C:\PROGRA~1\FRESHD~1\FRESHD~1\fdcatch.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O3 - Toolbar: FreshDownload Bar - {ED0E8CA5-42FB-4B18-997B-769E0408E79D} - C:\PROGRA~1\FRESHD~1\FRESHD~1\fdiebar.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast\ashDisp.exe
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [CamMonitor] C:\Program Files\HP\Digital Imaging\\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\HP\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\system32\taskswitch.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SetIcon] C:\Program Files\Icons\SetIcon.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [DU Meter] C:\Program Files\DU Meter\DUMeter.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [WinPatrol] C:\PROGRA~1\BILLPS~1\WINPAT~1\winpatrol.exe
O4 - HKLM\..\Run: [BootSkin Startup Jobs] "C:\PROGRA~1\Stardock\WINCUS~1\BootSkin\BootSkin.exe" /StartupJobs
O4 - HKCU\..\Run: [LDM] \Program\
O4 - HKCU\..\Run: [FreeRAM XP] "C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" -win
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Yahoo! Widget Engine.lnk = C:\Program Files\Yahoo!\WidgetEngine\YahooWidgetEngine.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\ABIT\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Snelstart HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Save with Download Manager... - file://C:\Program Files\J River\Media Center 11\DMDownload.htm
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
O9 - Extra button: FreshDownload - {402DD9EC-3DBC-4248-BF6A-115DD0FF5FD6} - C:\Program Files\FreshDevices\FreshDownload\fd.exe
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .m4p: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin4.dll
O16 - DPF: Dexia netbanking - http://netbanking.dexia.be/PC//Dynamic/Shared/Applet//DexiaIIA.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/...
O16 - DPF: {80330F43-7899-4D7F-AD17-C41F3E005895} (Download.DownloadManager) - http://www.musicminutes.com/downloadmanager/activex/download.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O18 - Protocol: bw+0 - {B139C23C-B679-4207-87BF-FAE86B83BA6E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {B139C23C-B679-4207-87BF-FAE86B83BA6E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {B139C23C-B679-4207-87BF-FAE86B83BA6E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {B139C23C-B679-4207-87BF-FAE86B83BA6E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {B139C23C-B679-4207-87BF-FAE86B83BA6E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {B139C23C-B679-4207-87BF-FAE86B83BA6E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {B139C23C-B679-4207-87BF-FAE86B83BA6E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {B139C23C-B679-4207-87BF-FAE86B83BA6E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {B139C23C-B679-4207-87BF-FAE86B83BA6E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {B139C23C-B679-4207-87BF-FAE86B83BA6E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {B139C23C-B679-4207-87BF-FAE86B83BA6E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {B139C23C-B679-4207-87BF-FAE86B83BA6E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {B139C23C-B679-4207-87BF-FAE86B83BA6E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {B139C23C-B679-4207-87BF-FAE86B83BA6E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {B139C23C-B679-4207-87BF-FAE86B83BA6E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {B139C23C-B679-4207-87BF-FAE86B83BA6E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {B139C23C-B679-4207-87BF-FAE86B83BA6E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {B139C23C-B679-4207-87BF-FAE86B83BA6E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {B139C23C-B679-4207-87BF-FAE86B83BA6E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {B139C23C-B679-4207-87BF-FAE86B83BA6E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {B139C23C-B679-4207-87BF-FAE86B83BA6E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {B139C23C-B679-4207-87BF-FAE86B83BA6E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {B139C23C-B679-4207-87BF-FAE86B83BA6E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {B139C23C-B679-4207-87BF-FAE86B83BA6E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {B139C23C-B679-4207-87BF-FAE86B83BA6E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {B139C23C-B679-4207-87BF-FAE86B83BA6E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {B139C23C-B679-4207-87BF-FAE86B83BA6E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {B139C23C-B679-4207-87BF-FAE86B83BA6E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {B139C23C-B679-4207-87BF-FAE86B83BA6E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {B139C23C-B679-4207-87BF-FAE86B83BA6E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {B139C23C-B679-4207-87BF-FAE86B83BA6E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {B139C23C-B679-4207-87BF-FAE86B83BA6E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {B139C23C-B679-4207-87BF-FAE86B83BA6E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {B139C23C-B679-4207-87BF-FAE86B83BA6E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {B139C23C-B679-4207-87BF-FAE86B83BA6E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {B139C23C-B679-4207-87BF-FAE86B83BA6E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {B139C23C-B679-4207-87BF-FAE86B83BA6E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {B139C23C-B679-4207-87BF-FAE86B83BA6E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {B139C23C-B679-4207-87BF-FAE86B83BA6E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {B139C23C-B679-4207-87BF-FAE86B83BA6E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {B139C23C-B679-4207-87BF-FAE86B83BA6E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {B139C23C-B679-4207-87BF-FAE86B83BA6E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {B139C23C-B679-4207-87BF-FAE86B83BA6E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {B139C23C-B679-4207-87BF-FAE86B83BA6E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {B139C23C-B679-4207-87BF-FAE86B83BA6E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {B139C23C-B679-4207-87BF-FAE86B83BA6E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {B139C23C-B679-4207-87BF-FAE86B83BA6E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {B139C23C-B679-4207-87BF-FAE86B83BA6E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {B139C23C-B679-4207-87BF-FAE86B83BA6E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {B139C23C-B679-4207-87BF-FAE86B83BA6E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {B139C23C-B679-4207-87BF-FAE86B83BA6E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {B139C23C-B679-4207-87BF-FAE86B83BA6E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {B139C23C-B679-4207-87BF-FAE86B83BA6E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {B139C23C-B679-4207-87BF-FAE86B83BA6E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {B139C23C-B679-4207-87BF-FAE86B83BA6E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {B139C23C-B679-4207-87BF-FAE86B83BA6E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {B139C23C-B679-4207-87BF-FAE86B83BA6E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {B139C23C-B679-4207-87BF-FAE86B83BA6E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {B139C23C-B679-4207-87BF-FAE86B83BA6E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {B139C23C-B679-4207-87BF-FAE86B83BA6E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {B139C23C-B679-4207-87BF-FAE86B83BA6E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {B139C23C-B679-4207-87BF-FAE86B83BA6E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {B139C23C-B679-4207-87BF-FAE86B83BA6E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {B139C23C-B679-4207-87BF-FAE86B83BA6E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {B139C23C-B679-4207-87BF-FAE86B83BA6E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {B139C23C-B679-4207-87BF-FAE86B83BA6E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {B139C23C-B679-4207-87BF-FAE86B83BA6E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {B139C23C-B679-4207-87BF-FAE86B83BA6E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {B139C23C-B679-4207-87BF-FAE86B83BA6E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {B139C23C-B679-4207-87BF-FAE86B83BA6E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {B139C23C-B679-4207-87BF-FAE86B83BA6E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {B139C23C-B679-4207-87BF-FAE86B83BA6E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {B139C23C-B679-4207-87BF-FAE86B83BA6E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {B139C23C-B679-4207-87BF-FAE86B83BA6E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {B139C23C-B679-4207-87BF-FAE86B83BA6E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {B139C23C-B679-4207-87BF-FAE86B83BA6E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: offline-8876480 - {B139C23C-B679-4207-87BF-FAE86B83BA6E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: talkto - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast\ashWebSv.exe" /service (file missing)
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: ZipToA - Iomega Corporation - C:\WINDOWS\system32\ZipToA.exe
[ + quote]
ieps!
Advertisement
_ 		__
tapiiri
Senior Member
_ 		29. May 2006 @ 11:04 _ Link to this message    Send private message to this user   
Hi djswiffer,

Download SmitfraudFix.zip to your desktop -> http://siri.urz.free.fr/Fix/SmitfraudFix.zip

Unzip it (folder named SmitFraudFix) to your desktop:

Open the folder SmitfraudFix and doubleclick smitfraudfix.cmd
Choose option #1 - Search by typing 1 and pressing "Enter"; a textfile opens and lists the infected files (if those exist)

Post the contents of this textfile to here.

(Some antiviruses recognises process.exe as a malware. It is not malware, it is a program that stops processes).

[ + quote]
Jaa- ei tuollaasia spämmäreitä ookkaa -> tapiiri

http://www.virustorjunta.net/index.php
djswiffer
Newbie
_ 		29. May 2006 @ 11:06 _ Link to this message    Send private message to this user   
SmitFraudFix v2.50

Scan done at 21:06:08,71, ma 29/05/2006
Run from C:\Documents and Settings\diesel\Bureaublad\SmitfraudFix
OS: Microsoft Windows XP [versie 5.1.2600] - Windows_NT
Fix ran in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

C:\WINDOWS\system32\ld????.tmp FOUND !
C:\WINDOWS\system32\ot.ico FOUND !
C:\WINDOWS\system32\regperf.exe FOUND !
C:\WINDOWS\system32\stdole3.tlb FOUND !
C:\WINDOWS\system32\1024\ FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\diesel\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Start Menu


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\diesel\FAVORI~1

C:\DOCUME~1\diesel\FAVORI~1\Antivirus Test Online.url FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» Desktop


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Mijn huidige introductiepagina"


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection


»»»»»»»»»»»»»»»»»»»»»»»» End


[ + quote]
ieps!
tapiiri
Senior Member
_ 		29. May 2006 @ 11:15 _ Link to this message    Send private message to this user   
Oukkei,

BOOT in safemode, open SmitfraudFix folder and doubleclick the file smitfraudfix.cmd
Choose option #2 - Clean by typing 2 and pressing "Enter" in order to remove the infected files.

You are asked: "Registry cleaning - Do you want to clean the registry ?"; answer "Yes" by typing Y and press "Enter" in order to remove your desktop wallpaper and the infected registry keys.

The tool checks if wininet.dll file is infected. You might be asked to replace the infected .dll (if found); answer "Yes" by typing Y and press "Enter".

The tool might have to restart your computer; if it won't do it, restart your computer back to normal mode.
A textfile will appear after the cleaning process, copy this file and paste it to here.

Tha log is saved to your local diskdrive, usually C:\rapport.txt.

Warning : Running option 2 in a clean computer will delete your desktop wallpaper.
[ + quote]
Jaa- ei tuollaasia spämmäreitä ookkaa -> tapiiri

http://www.virustorjunta.net/index.php
djswiffer
Newbie
_ 		29. May 2006 @ 11:34 _ Link to this message    Send private message to this user   
SmitFraudFix v2.50

Scan done at 21:26:17,53, ma 29/05/2006
Run from C:\Documents and Settings\diesel\Bureaublad\SmitfraudFix
OS: Microsoft Windows XP [versie 5.1.2600] - Windows_NT
Fix ran in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Killing process


»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

C:\WINDOWS\system32\ld????.tmp Deleted
C:\WINDOWS\system32\ot.ico Deleted
C:\WINDOWS\system32\regperf.exe Deleted
C:\WINDOWS\system32\stdole3.tlb Deleted
C:\WINDOWS\system32\1024\ Deleted
C:\DOCUME~1\diesel\FAVORI~1\Antivirus Test Online.url Deleted

»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» End

[ + quote]
ieps!
tapiiri
Senior Member
_ 		29. May 2006 @ 11:39 _ Link to this message    Send private message to this user   
its gone hope so.

Send a fresh hijack log.
[ + quote]
Jaa- ei tuollaasia spämmäreitä ookkaa -> tapiiri

http://www.virustorjunta.net/index.php
djswiffer
Newbie
_ 		29. May 2006 @ 11:41 _ Link to this message    Send private message to this user   
Logfile of HijackThis v1.99.1
Scan saved at 21:40:49, on 29/05/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast\ashServ.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Alwil Software\Avast\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ALWILS~1\Avast\ashDisp.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe
C:\Program Files\HP\HP Share-to-Web\hpgs2wnd.exe
C:\WINDOWS\system32\taskswitch.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Icons\SetIcon.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\HP\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\DU Meter\DUMeter.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\PROGRA~1\BILLPS~1\WINPAT~1\winpatrol.exe
C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\ABIT\Common\Bin\WinCinemaMgr.exe
C:\Program Files\Yahoo!\WidgetEngine\YahooWidgetEngine.exe
C:\Program Files\Yahoo!\WidgetEngine\YahooWidgetEngine.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\svchost.exe
C:\Documents and Settings\diesel\Bureaublad\DOWN\HijackThis_v1.99.1.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.skynet.be:8080
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {206E52E0-D52E-11D4-AD54-0000E86C26F6} - C:\PROGRA~1\FRESHD~1\FRESHD~1\fdcatch.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O3 - Toolbar: FreshDownload Bar - {ED0E8CA5-42FB-4B18-997B-769E0408E79D} - C:\PROGRA~1\FRESHD~1\FRESHD~1\fdiebar.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast\ashDisp.exe
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [CamMonitor] C:\Program Files\HP\Digital Imaging\\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\HP\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\system32\taskswitch.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SetIcon] C:\Program Files\Icons\SetIcon.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [DU Meter] C:\Program Files\DU Meter\DUMeter.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [WinPatrol] C:\PROGRA~1\BILLPS~1\WINPAT~1\winpatrol.exe
O4 - HKLM\..\Run: [BootSkin Startup Jobs] "C:\PROGRA~1\Stardock\WINCUS~1\BootSkin\BootSkin.exe" /StartupJobs
O4 - HKCU\..\Run: [LDM] \Program\
O4 - HKCU\..\Run: [FreeRAM XP] "C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" -win
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Yahoo! Widget Engine.lnk = C:\Program Files\Yahoo!\WidgetEngine\YahooWidgetEngine.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\ABIT\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Snelstart HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Save with Download Manager... - file://C:\Program Files\J River\Media Center 11\DMDownload.htm
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
O9 - Extra button: FreshDownload - {402DD9EC-3DBC-4248-BF6A-115DD0FF5FD6} - C:\Program Files\FreshDevices\FreshDownload\fd.exe
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .m4p: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin4.dll
O16 - DPF: Dexia netbanking - http://netbanking.dexia.be/PC//Dynamic/Shared/Applet//DexiaIIA.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/...
O16 - DPF: {80330F43-7899-4D7F-AD17-C41F3E005895} (Download.DownloadManager) - http://www.musicminutes.com/downloadmanager/activex/download.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O18 - Protocol: bw+0 - {B139C23C-B679-4207-87BF-FAE86B83BA6E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {B139C23C-B679-4207-87BF-FAE86B83BA6E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {B139C23C-B679-4207-87BF-FAE86B83BA6E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {B139C23C-B679-4207-87BF-FAE86B83BA6E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {B139C23C-B679-4207-87BF-FAE86B83BA6E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {B139C23C-B679-4207-87BF-FAE86B83BA6E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {B139C23C-B679-4207-87BF-FAE86B83BA6E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {B139C23C-B679-4207-87BF-FAE86B83BA6E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {B139C23C-B679-4207-87BF-FAE86B83BA6E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {B139C23C-B679-4207-87BF-FAE86B83BA6E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {B139C23C-B679-4207-87BF-FAE86B83BA6E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {B139C23C-B679-4207-87BF-FAE86B83BA6E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {B139C23C-B679-4207-87BF-FAE86B83BA6E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {B139C23C-B679-4207-87BF-FAE86B83BA6E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {B139C23C-B679-4207-87BF-FAE86B83BA6E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {B139C23C-B679-4207-87BF-FAE86B83BA6E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {B139C23C-B679-4207-87BF-FAE86B83BA6E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {B139C23C-B679-4207-87BF-FAE86B83BA6E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {B139C23C-B679-4207-87BF-FAE86B83BA6E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {B139C23C-B679-4207-87BF-FAE86B83BA6E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {B139C23C-B679-4207-87BF-FAE86B83BA6E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {B139C23C-B679-4207-87BF-FAE86B83BA6E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {B139C23C-B679-4207-87BF-FAE86B83BA6E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {B139C23C-B679-4207-87BF-FAE86B83BA6E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {B139C23C-B679-4207-87BF-FAE86B83BA6E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {B139C23C-B679-4207-87BF-FAE86B83BA6E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {B139C23C-B679-4207-87BF-FAE86B83BA6E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {B139C23C-B679-4207-87BF-FAE86B83BA6E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {B139C23C-B679-4207-87BF-FAE86B83BA6E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {B139C23C-B679-4207-87BF-FAE86B83BA6E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {B139C23C-B679-4207-87BF-FAE86B83BA6E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {B139C23C-B679-4207-87BF-FAE86B83BA6E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {B139C23C-B679-4207-87BF-FAE86B83BA6E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {B139C23C-B679-4207-87BF-FAE86B83BA6E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {B139C23C-B679-4207-87BF-FAE86B83BA6E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {B139C23C-B679-4207-87BF-FAE86B83BA6E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {B139C23C-B679-4207-87BF-FAE86B83BA6E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {B139C23C-B679-4207-87BF-FAE86B83BA6E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {B139C23C-B679-4207-87BF-FAE86B83BA6E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {B139C23C-B679-4207-87BF-FAE86B83BA6E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {B139C23C-B679-4207-87BF-FAE86B83BA6E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {B139C23C-B679-4207-87BF-FAE86B83BA6E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {B139C23C-B679-4207-87BF-FAE86B83BA6E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {B139C23C-B679-4207-87BF-FAE86B83BA6E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {B139C23C-B679-4207-87BF-FAE86B83BA6E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {B139C23C-B679-4207-87BF-FAE86B83BA6E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {B139C23C-B679-4207-87BF-FAE86B83BA6E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {B139C23C-B679-4207-87BF-FAE86B83BA6E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {B139C23C-B679-4207-87BF-FAE86B83BA6E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {B139C23C-B679-4207-87BF-FAE86B83BA6E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {B139C23C-B679-4207-87BF-FAE86B83BA6E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {B139C23C-B679-4207-87BF-FAE86B83BA6E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {B139C23C-B679-4207-87BF-FAE86B83BA6E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {B139C23C-B679-4207-87BF-FAE86B83BA6E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {B139C23C-B679-4207-87BF-FAE86B83BA6E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {B139C23C-B679-4207-87BF-FAE86B83BA6E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {B139C23C-B679-4207-87BF-FAE86B83BA6E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {B139C23C-B679-4207-87BF-FAE86B83BA6E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {B139C23C-B679-4207-87BF-FAE86B83BA6E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {B139C23C-B679-4207-87BF-FAE86B83BA6E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {B139C23C-B679-4207-87BF-FAE86B83BA6E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {B139C23C-B679-4207-87BF-FAE86B83BA6E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {B139C23C-B679-4207-87BF-FAE86B83BA6E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {B139C23C-B679-4207-87BF-FAE86B83BA6E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {B139C23C-B679-4207-87BF-FAE86B83BA6E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {B139C23C-B679-4207-87BF-FAE86B83BA6E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {B139C23C-B679-4207-87BF-FAE86B83BA6E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {B139C23C-B679-4207-87BF-FAE86B83BA6E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {B139C23C-B679-4207-87BF-FAE86B83BA6E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {B139C23C-B679-4207-87BF-FAE86B83BA6E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {B139C23C-B679-4207-87BF-FAE86B83BA6E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {B139C23C-B679-4207-87BF-FAE86B83BA6E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {B139C23C-B679-4207-87BF-FAE86B83BA6E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {B139C23C-B679-4207-87BF-FAE86B83BA6E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {B139C23C-B679-4207-87BF-FAE86B83BA6E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {B139C23C-B679-4207-87BF-FAE86B83BA6E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: offline-8876480 - {B139C23C-B679-4207-87BF-FAE86B83BA6E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: talkto - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast\ashWebSv.exe" /service (file missing)
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: ZipToA - Iomega Corporation - C:\WINDOWS\system32\ZipToA.exe


[ + quote]
ieps!
tapiiri
Senior Member
_ 		29. May 2006 @ 11:49 _ Link to this message    Send private message to this user   
Okei looks fine.

Is it better ?

[ + quote]
Jaa- ei tuollaasia spämmäreitä ookkaa -> tapiiri

http://www.virustorjunta.net/index.php
djswiffer
Newbie
_ 		29. May 2006 @ 11:56 _ Link to this message    Send private message to this user   
I've got no virusnotificaions anymore,

THANKS!!
[ + quote]
ieps!
tapiiri
Senior Member
_ 		29. May 2006 @ 11:59 _ Link to this message    Send private message to this user   
you're wellcome
[ + quote]
Jaa- ei tuollaasia spämmäreitä ookkaa -> tapiiri

http://www.virustorjunta.net/index.php
flo6102
Newbie
_ 		31. May 2006 @ 07:02 _ Link to this message    Send private message to this user   
I've got the same problem, but I already posted it there:
afterdawn.com / forums / windows - virus and spyware problems / win32:zlob-bn // win32:trojano-cl :: need help /

Maybe someone can move it over here, sorry...
[ + quote]
tapiiri
Senior Member
_ 		31. May 2006 @ 07:58 _ Link to this message    Send private message to this user   
Hi flo6102,

I read your another massage and see that you have scanned allready option #1 by smitfraudfix.

Oukkei,Boot your computer to SAfemode,
Instructions:
http://www.pchell.com/support/safemode.shtml

In safemode, open SmitfraudFix folder and doubleclick the file smitfraudfix.cmd
Choose option #2 - Clean by typing 2 and pressing "Enter" in order to remove the infected files.

You are asked: "Registry cleaning - Do you want to clean the registry ?"; answer "Yes" by typing Y and press "Enter" in order to remove your desktop wallpaper and the infected registry keys.

The tool checks if wininet.dll file is infected. You might be asked to replace the infected .dll (if found); answer "Yes" by typing Y and press "Enter".

The tool might have to restart your computer; if it won't do it, restart your computer back to normal mode.
A textfile will appear after the cleaning process, copy this file and paste it to here.

Tha log is saved to your local diskdrive, usually C:\rapport.txt.

Warning : Running option 2 in a clean computer will delete your desktop wallpaper.

Send fresh HijackThis log too.
[ + quote]
Jaa- ei tuollaasia spämmäreitä ookkaa -> tapiiri

http://www.virustorjunta.net/index.php
flo6102
Newbie
_ 		31. May 2006 @ 08:45 _ Link to this message    Send private message to this user   
Thanks for immediate answer, i followed your instructions...


SmitFraudFix v2.51

Scan done at 18:14:37,78, 31.05.2006
Run from C:\Dokumente und Einstellungen\Flo\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
Fix ran in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Killing process


»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

C:\WINDOWS\system32\ld????.tmp Deleted
C:\WINDOWS\system32\ot.ico Deleted
C:\WINDOWS\system32\regperf.exe Deleted
C:\WINDOWS\system32\stdole3.tlb Deleted
C:\WINDOWS\system32\ts.ico Deleted
C:\WINDOWS\system32\1024\ Deleted
C:\DOKUME~1\Flo\FAVORI~1\Antivirus Test Online.url Deleted

»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» End


Logfile of HijackThis v1.99.1
Scan saved at 18:22:04, on 31.05.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Programme\Power Management\PwrGui.exe
C:\WINDOWS\htpatch.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
C:\Programme\QuickTime Alternative\QTSystem\qttask.exe
C:\Programme\iTunes\iTunesHelper.exe
C:\Programme\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Programme\Gemeinsame Dateien\PCSuite\DataLayer\DataLayer.exe
C:\Programme\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\Programme\Alwil Software\Avast4\aswUpdSv.exe
C:\Programme\Alwil Software\Avast4\ashServ.exe
C:\PROGRA~1\GEMEIN~1\Nokia\MPAPI\MPAPI3s.exe
C:\PROGRA~1\GEMEIN~1\PCSuite\Services\SERVIC~1.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\Programme\iPod\bin\iPodService.exe
C:\Programme\Alwil Software\Avast4\ashMaiSv.exe
C:\Programme\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programme\Internet Explorer\iexplore.exe
C:\Dokumente und Einstellungen\Flo\Desktop\HijackThis_v1.99.1.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe irprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [PowerManagement] C:\Programme\Power Management\PwrGui.exe
O4 - HKLM\..\Run: [HTpatch] C:\WINDOWS\htpatch.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime Alternative\QTSystem\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programme\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Programme\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Programme\Nokia\Nokia PC Suite 6\LaunchApplication.exe -onlytray
O4 - HKLM\..\Run: [DataLayer] C:\Programme\Gemeinsame Dateien\PCSuite\DataLayer\DataLayer.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PcSync] C:\Programme\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programme\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programme\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Programme\PartyGaming.net\PartyPokerNet\RunPF.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Programme\PartyGaming.net\PartyPokerNet\RunPF.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31...
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Con...
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x8...
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {7584C670-2274-4EFB-B00B-D6AABA6D3850} (Microsoft RDP Client Control (redist)) - http://www.neptun.sote.hu/tsweb/msrdp.cab
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.johannrain-softwareentwicklung.de/scan/Msie/bitdefender.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {C81B5180-AFD1-41A3-97E1-99E8D254DB98} - http://www.commandondemand.com/eval/cod/cabs/cssweb.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{25B544C1-3CBE-447C-B18D-ADB53513FD46}: NameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{25B544C1-3CBE-447C-B18D-ADB53513FD46}: NameServer = 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{25B544C1-3CBE-447C-B18D-ADB53513FD46}: NameServer = 192.168.1.1
O17 - HKLM\System\CS3\Services\Tcpip\..\{25B544C1-3CBE-447C-B18D-ADB53513FD46}: NameServer = 192.168.1.1
O17 - HKLM\System\CS4\Services\Tcpip\..\{25B544C1-3CBE-447C-B18D-ADB53513FD46}: NameServer = 192.168.1.1
O17 - HKLM\System\CS5\Services\Tcpip\..\{25B544C1-3CBE-447C-B18D-ADB53513FD46}: NameServer = 192.168.1.1
O17 - HKLM\System\CS6\Services\Tcpip\..\{25B544C1-3CBE-447C-B18D-ADB53513FD46}: NameServer = 192.168.1.1
O17 - HKLM\System\CS7\Services\Tcpip\..\{25B544C1-3CBE-447C-B18D-ADB53513FD46}: NameServer = 192.168.1.1
O17 - HKLM\System\CS8\Services\Tcpip\..\{25B544C1-3CBE-447C-B18D-ADB53513FD46}: NameServer = 192.168.1.1
O17 - HKLM\System\CS9\Services\Tcpip\..\{25B544C1-3CBE-447C-B18D-ADB53513FD46}: NameServer = 192.168.1.1
O17 - HKLM\System\CS10\Services\Tcpip\..\{25B544C1-3CBE-447C-B18D-ADB53513FD46}: NameServer = 192.168.1.1
O17 - HKLM\System\CS11\Services\Tcpip\..\{25B544C1-3CBE-447C-B18D-ADB53513FD46}: NameServer = 192.168.1.1
O17 - HKLM\System\CS12\Services\Tcpip\..\{25B544C1-3CBE-447C-B18D-ADB53513FD46}: NameServer = 192.168.1.1
O17 - HKLM\System\CS13\Services\Tcpip\..\{25B544C1-3CBE-447C-B18D-ADB53513FD46}: NameServer = 192.168.1.1
O17 - HKLM\System\CS14\Services\Tcpip\..\{25B544C1-3CBE-447C-B18D-ADB53513FD46}: NameServer = 192.168.1.1
O17 - HKLM\System\CS15\Services\Tcpip\..\{25B544C1-3CBE-447C-B18D-ADB53513FD46}: NameServer = 192.168.1.1
O17 - HKLM\System\CS16\Services\Tcpip\..\{25B544C1-3CBE-447C-B18D-ADB53513FD46}: NameServer = 192.168.1.1
O17 - HKLM\System\CS17\Services\Tcpip\..\{25B544C1-3CBE-447C-B18D-ADB53513FD46}: NameServer = 192.168.1.1
O17 - HKLM\System\CS18\Services\Tcpip\..\{25B544C1-3CBE-447C-B18D-ADB53513FD46}: NameServer = 192.168.1.1
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Programme\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Programme\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Programme\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Programme\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: iPodService - Apple Computer, Inc. - C:\Programme\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
[ + quote]
flo6102
Newbie
_ 		31. May 2006 @ 08:57 _ Link to this message    Send private message to this user   
Both viruses are back + Win32:Zlob-BM occured too....what to do now???
[ + quote]
tapiiri
Senior Member
_ 		31. May 2006 @ 09:14 _ Link to this message    Send private message to this user   
Yes I think there is something more, let's find out:

Please download ewido anti-malware it is a free version of the program -> http://www.ewido.net/en/download/

1. Install ewido anti-malware
2. When installing, under "Additional Options" uncheck..
* Install background guard
* Install scan via context menu
3. Launch ewido, there should be an icon on your desktop, double-click it.
4. The program will now open to the main screen.
5. When you run ewido for the first time, you may get a warning "Database could not be found!". Click OK. We will fix this in a moment.
6. You will need to update ewido to the latest definition files.
* On the left hand side of the main screen click update.
* Then click on Start Update.
7. The update will start and a progress bar will show the updates being installed.
(the status bar at the bottom will display ("Update successful")

If you are having problems with the updater, you can use this link to manually update ewido.
ewido manual updates -> http://download.ewido.net/ewido-signatures-full-current.exe Make sure to close Ewido before installing the update.

Once the updates are installed do the following:

Reboot your computer in SafeMode by doing the following:

1. Restart your computer
2. After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3. Instead of Windows loading as normal, a menu should appear
4. Select the first option, to run Windows in Safe Mode.


Then launch ewido:

* Click on scanner
* Click on Complete System Scan and the scan will begin.
* You will be prompted to clean the first infection.
* Select "Perform action on all infections", then proceed.
* Once the scan has completed, there will be a button located on the bottom of the screen named Save report
* Click Save report.
* Save the report .txt file to your desktop or a location where you can find it easily.

Close ewido anti-malware.

Reboot back to normal mode


Send ewido report.
[ + quote]
Jaa- ei tuollaasia spämmäreitä ookkaa -> tapiiri

http://www.virustorjunta.net/index.php
tapiiri
Senior Member
_ 		31. May 2006 @ 09:41 _ Link to this message    Send private message to this user   
After that, please download silent runner, Instuctions to download and use it :

http://www.silentrunners.org/sr_scriptuse.html

Send a log made by silent runner to reply .
[ + quote]
Jaa- ei tuollaasia spämmäreitä ookkaa -> tapiiri

http://www.virustorjunta.net/index.php

This message has been edited since posting. Last time this message was edited on 31. May 2006 @ 10:00
flo6102
Newbie
_ 		31. May 2006 @ 11:49 _ Link to this message    Send private message to this user   
ok took some time but finished it. At the moment I started silentrunners, hoaxalarm and zlob-bn appeared again, zlob-BM did not....here are reports, seems to be difficult...

"Silent Runners.vbs", revision 45, http://www.silentrunners.org/
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by "{++}"


Startup items buried in registry:
---------------------------------

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"CTFMON.EXE" = "C:\WINDOWS\system32\ctfmon.exe" [MS]
"PcSync" = "C:\Programme\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog" ["Time Information Services Ltd."]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\ {++}
"wininet.dll" = "regperf.exe" [null data]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"BluetoothAuthenticationAgent" = "rundll32.exe irprops.cpl,,BluetoothAuthenticationAgent" [MS]
"PowerManagement" = "C:\Programme\Power Management\PwrGui.exe" [empty string]
"HTpatch" = "C:\WINDOWS\htpatch.exe" [null data]
"NvCplDaemon" = "RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup" [MS]
"nwiz" = "nwiz.exe /install" ["NVIDIA Corporation"]
"SoundMan" = "SOUNDMAN.EXE" ["Realtek Semiconductor Corp."]
"avast!" = "C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [null data]
"TkBellExe" = ""C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot" ["RealNetworks, Inc."]
"QuickTime Task" = ""C:\Programme\QuickTime Alternative\QTSystem\qttask.exe" -atboottime" ["Apple Computer, Inc."]
"iTunesHelper" = ""C:\Programme\iTunes\iTunesHelper.exe"" ["Apple Computer, Inc."]
"DAEMON Tools" = ""C:\Programme\DAEMON Tools\daemon.exe" -lang 1033" [file not found]
"NeroFilterCheck" = "C:\WINDOWS\system32\NeroCheck.exe" ["Ahead Software Gmbh"]
"PCSuiteTrayApplication" = "C:\Programme\Nokia\Nokia PC Suite 6\LaunchApplication.exe -onlytray" ["Nokia"]
"DataLayer" = "C:\Programme\Gemeinsame Dateien\PCSuite\DataLayer\DataLayer.exe" ["Nokia Mobile Phones Ltd."]
"SunJavaUpdateSched" = "C:\Programme\Java\jre1.5.0_06\bin\jusched.exe" ["Sun Microsystems, Inc."]
"Zone Labs Client" = "C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe" ["Zone Labs, LLC"]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided)
-> {HKLM...CLSID} = "AcroIEHlprObj Class"
\InProcServer32\(Default) = "C:\Programme\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx" [empty string]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided)
-> {HKLM...CLSID} = "SSVHelper Class"
\InProcServer32\(Default) = "C:\Programme\Java\jre1.5.0_06\bin\ssv.dll" ["Sun Microsystems, Inc."]

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "CPL-Erweiterung für Anzeigeverschiebung"
-> {HKLM...CLSID} = "CPL-Erweiterung für Anzeigeverschiebung"
\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Erweiterung für HyperTerminal-Icons"
-> {HKLM...CLSID} = "HyperTerminal Icon Ext"
\InProcServer32\(Default) = "C:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."]
"{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop-Explorer"
-> {HKLM...CLSID} = "Desktop-Explorer"
\InProcServer32\(Default) = "C:\WINDOWS\System32\nvshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\WINDOWS\System32\nvshell.dll" ["NVIDIA Corporation"]
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Programme\WinRAR\rarext.dll" [null data]
"{472083B0-C522-11CF-8763-00608CC02F24}" = "avast"
-> {HKLM...CLSID} = "avast"
\InProcServer32\(Default) = "C:\Programme\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"]
"{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}" = "Shell Extensions for RealOne Player"
-> {HKLM...CLSID} = "RealOne Player Context Menu Class"
\InProcServer32\(Default) = "C:\Programme\Real\RealPlayer\rpshell.dll" ["RealNetworks, Inc."]
"{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF}" = "iTunes"
-> {HKLM...CLSID} = "iTunes"
\InProcServer32\(Default) = "C:\Programme\iTunes\iTunesMiniPlayer.dll" ["Apple Computer, Inc."]
"{21569614-B795-46b1-85F4-E737A8DC09AD}" = "Shell Search Band"
-> {HKLM...CLSID} = "Shell Search Band"
\InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" [MS]
"{32020A01-506E-484D-A2A8-BE3CF17601C3}" = "AlcoholShellEx"
-> {HKLM...CLSID} = "AlcoholShellEx"
\InProcServer32\(Default) = "C:\PROGRA~1\ALCOHO~1\ALCOHO~1\AXShlEx.dll" ["Alcohol Soft Development Team"]
"{73B24247-042E-4EF5-ADC2-42F62E6FD654}" = "ICQ Lite Shell Extension"
-> {HKLM...CLSID} = "MCLiteShellExt Class"
\InProcServer32\(Default) = "C:\Programme\ICQLite\ICQLiteShell.dll" [empty string]
"{40950107-FEA6-4d53-A65F-B2DCBA57DD58}" = "Nokia Phone Browser"
-> {HKLM...CLSID} = "Nokia Phone Browser"
\InProcServer32\(Default) = "C:\Programme\Nokia\Nokia PC Suite 6\PhoneBrowser.dll" ["Nokia"]
"{FBFE7864-D495-41f0-B7DC-4BB601CC295E}" = "Contact View"



---------------------------------------------------------
ewido anti-malware - Scan Report
---------------------------------------------------------

+ Erstellt am: 21:22:57, 31.05.2006
+ Report-Checksumme: E757CF35

+ Scanergebnis:

C:\Dokumente und Einstellungen\Flo\Cookies\flo@ad.adition[2].txt -> TrackingCookie.Adition : Gesäubert mit Backup
C:\Dokumente und Einstellungen\Flo\Cookies\flo@adopt.euroclick[2].txt -> TrackingCookie.Euroclick : Gesäubert mit Backup
C:\Dokumente und Einstellungen\Flo\Cookies\flo@ads.komtrack[1].txt -> TrackingCookie.Komtrack : Gesäubert mit Backup
C:\Dokumente und Einstellungen\Flo\Cookies\flo@adserver.71i[1].txt -> TrackingCookie.71i : Gesäubert mit Backup
C:\Dokumente und Einstellungen\Flo\Cookies\flo@as-eu.falkag[1].txt -> TrackingCookie.Falkag : Gesäubert mit Backup
C:\Dokumente und Einstellungen\Flo\Cookies\flo@as1.falkag[1].txt -> TrackingCookie.Falkag : Gesäubert mit Backup
C:\Dokumente und Einstellungen\Flo\Cookies\flo@atdmt[2].txt -> TrackingCookie.Atdmt : Gesäubert mit Backup
C:\Dokumente und Einstellungen\Flo\Cookies\flo@axa.addcontrol[2].txt -> TrackingCookie.Addcontrol : Gesäubert mit Backup
C:\Dokumente und Einstellungen\Flo\Cookies\flo@bs.serving-sys[2].txt -> TrackingCookie.Serving-sys : Gesäubert mit Backup
C:\Dokumente und Einstellungen\Flo\Cookies\flo@c1.zedo[2].txt -> TrackingCookie.Zedo : Gesäubert mit Backup
C:\Dokumente und Einstellungen\Flo\Cookies\flo@casalemedia[1].txt -> TrackingCookie.Casalemedia : Gesäubert mit Backup
C:\Dokumente und Einstellungen\Flo\Cookies\flo@com[1].txt -> TrackingCookie.Com : Gesäubert mit Backup
C:\Dokumente und Einstellungen\Flo\Cookies\flo@count.xhit[1].txt -> TrackingCookie.Xhit : Gesäubert mit Backup
C:\Dokumente und Einstellungen\Flo\Cookies\flo@data3.perf.overture[1].txt -> TrackingCookie.Overture : Gesäubert mit Backup
C:\Dokumente und Einstellungen\Flo\Cookies\flo@doubleclick[1].txt -> TrackingCookie.Doubleclick : Gesäubert mit Backup
C:\Dokumente und Einstellungen\Flo\Cookies\flo@e-2dj6wfl4gocpoep.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Gesäubert mit Backup
C:\Dokumente und Einstellungen\Flo\Cookies\flo@e-2dj6wfloghc5shq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Gesäubert mit Backup
C:\Dokumente und Einstellungen\Flo\Cookies\flo@e-2dj6wjkyqlc5ifq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Gesäubert mit Backup
C:\Dokumente und Einstellungen\Flo\Cookies\flo@e-2dj6wjl4shc5ecp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Gesäubert mit Backup
C:\Dokumente und Einstellungen\Flo\Cookies\flo@e-2dj6wjl4umc5ifp.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Gesäubert mit Backup
C:\Dokumente und Einstellungen\Flo\Cookies\flo@e-2dj6wjlysndjoep.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Gesäubert mit Backup
C:\Dokumente und Einstellungen\Flo\Cookies\flo@e-2dj6wjmiaodzwko.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Gesäubert mit Backup
C:\Dokumente und Einstellungen\Flo\Cookies\flo@e-2dj6wjmiqkdzafp.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Gesäubert mit Backup
C:\Dokumente und Einstellungen\Flo\Cookies\flo@e-2dj6wjmykiazaeo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Gesäubert mit Backup
C:\Dokumente und Einstellungen\Flo\Cookies\flo@ehg-bellcanada.hitbox[2].txt -> TrackingCookie.Hitbox : Gesäubert mit Backup
C:\Dokumente und Einstellungen\Flo\Cookies\flo@ehg-dig.hitbox[1].txt -> TrackingCookie.Hitbox : Gesäubert mit Backup
C:\Dokumente und Einstellungen\Flo\Cookies\flo@ehg-idg.hitbox[2].txt -> TrackingCookie.Hitbox : Gesäubert mit Backup
C:\Dokumente und Einstellungen\Flo\Cookies\flo@ehg-ifilm.hitbox[2].txt -> TrackingCookie.Hitbox : Gesäubert mit Backup
C:\Dokumente und Einstellungen\Flo\Cookies\flo@ehg-mastercard.hitbox[2].txt -> TrackingCookie.Hitbox : Gesäubert mit Backup
C:\Dokumente und Einstellungen\Flo\Cookies\flo@ehg-meevee.hitbox[2].txt -> TrackingCookie.Hitbox : Gesäubert mit Backup
C:\Dokumente und Einstellungen\Flo\Cookies\flo@ehg-nokiafin.hitbox[2].txt -> TrackingCookie.Hitbox : Gesäubert mit Backup
C:\Dokumente und Einstellungen\Flo\Cookies\flo@fastclick[2].txt -> TrackingCookie.Fastclick : Gesäubert mit Backup
C:\Dokumente und Einstellungen\Flo\Cookies\flo@hotlog[1].txt -> TrackingCookie.Hotlog : Gesäubert mit Backup
C:\Dokumente und Einstellungen\Flo\Cookies\flo@image.masterstats[1].txt -> TrackingCookie.Masterstats : Gesäubert mit Backup
C:\Dokumente und Einstellungen\Flo\Cookies\flo@ivwbox[2].txt -> TrackingCookie.Ivwbox : Gesäubert mit Backup
C:\Dokumente und Einstellungen\Flo\Cookies\flo@komtrack[2].txt -> TrackingCookie.Komtrack : Gesäubert mit Backup
C:\Dokumente und Einstellungen\Flo\Cookies\flo@max.i12[1].txt -> TrackingCookie.I12 : Gesäubert mit Backup
C:\Dokumente und Einstellungen\Flo\Cookies\flo@media.fastclick[1].txt -> TrackingCookie.Fastclick : Gesäubert mit Backup
C:\Dokumente und Einstellungen\Flo\Cookies\flo@mediaplex[1].txt -> TrackingCookie.Mediaplex : Gesäubert mit Backup
C:\Dokumente und Einstellungen\Flo\Cookies\flo@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Gesäubert mit Backup
C:\Dokumente und Einstellungen\Flo\Cookies\flo@oewabox[2].txt -> TrackingCookie.Oewabox : Gesäubert mit Backup
C:\Dokumente und Einstellungen\Flo\Cookies\flo@opodo.122.2o7[1].txt -> TrackingCookie.2o7 : Gesäubert mit Backup
C:\Dokumente und Einstellungen\Flo\Cookies\flo@overture[2].txt -> TrackingCookie.Overture : Gesäubert mit Backup
C:\Dokumente und Einstellungen\Flo\Cookies\flo@partygaming.122.2o7[1].txt -> TrackingCookie.2o7 : Gesäubert mit Backup
C:\Dokumente und Einstellungen\Flo\Cookies\flo@php.sales.tfag[2].txt -> TrackingCookie.Tfag : Gesäubert mit Backup
C:\Dokumente und Einstellungen\Flo\Cookies\flo@ppms.popularix[2].txt -> TrackingCookie.Popularix : Gesäubert mit Backup
C:\Dokumente und Einstellungen\Flo\Cookies\flo@sel.as-eu.falkag[2].txt -> TrackingCookie.Falkag : Gesäubert mit Backup
C:\Dokumente und Einstellungen\Flo\Cookies\flo@sel.as-us.falkag[2].txt -> TrackingCookie.Falkag : Gesäubert mit Backup
C:\Dokumente und Einstellungen\Flo\Cookies\flo@smm.valueclick[1].txt -> TrackingCookie.Valueclick : Gesäubert mit Backup
C:\Dokumente und Einstellungen\Flo\Cookies\flo@srv1.ad.adition[1].txt -> TrackingCookie.Adition : Gesäubert mit Backup
C:\Dokumente und Einstellungen\Flo\Cookies\flo@stat.onestat[2].txt -> TrackingCookie.Onestat : Gesäubert mit Backup
C:\Dokumente und Einstellungen\Flo\Cookies\flo@statse.webtrendslive[2].txt -> TrackingCookie.Webtrendslive : Gesäubert mit Backup
C:\Dokumente und Einstellungen\Flo\Cookies\flo@trafficcenter[1].txt -> TrackingCookie.Trafficcenter : Gesäubert mit Backup
C:\Dokumente und Einstellungen\Flo\Cookies\flo@tribalfusion[2].txt -> TrackingCookie.Tribalfusion : Gesäubert mit Backup
C:\Dokumente und Einstellungen\Flo\Cookies\flo@valueclick[2].txt -> TrackingCookie.Valueclick : Gesäubert mit Backup
C:\Dokumente und Einstellungen\Flo\Cookies\flo@weborama[1].txt -> TrackingCookie.Weborama : Gesäubert mit Backup
C:\Dokumente und Einstellungen\Flo\Cookies\flo@webstat[2].txt -> TrackingCookie.Web-stat : Gesäubert mit Backup
C:\Dokumente und Einstellungen\Flo\Cookies\flo@www.etracker[2].txt -> TrackingCookie.Etracker : Gesäubert mit Backup
C:\Dokumente und Einstellungen\Flo\Cookies\flo@yadro[2].txt -> TrackingCookie.Yadro : Gesäubert mit Backup
C:\Dokumente und Einstellungen\Flo\Lokale Einstellungen\Temporary Internet Files\Content.IE5\0P63W9YN\drsmartload_js[1].htm -> Downloader.IstBar.j : Gesäubert mit Backup
C:\Dokumente und Einstellungen\Flo\Lokale Einstellungen\Temporary Internet Files\Content.IE5\GJA3UPCD\drsmartload_js[1].htm -> Downloader.IstBar.j : Gesäubert mit Backup
C:\Programme\Media-codec -> Trojan.Small : Gesäubert mit Backup
C:\Programme\Media-Codec\uninst.exe -> Trojan.Small : Gesäubert mit Backup
C:\WINDOWS\system32\1024 -> Trojan.Small : Gesäubert mit Backup
C:\WINDOWS\system32\username.exe -> Adware.EliteBar : Gesäubert mit Backup


::Report Ende
[ + quote]
flo6102
Newbie
_ 		31. May 2006 @ 12:07 _ Link to this message    Send private message to this user   
zlob bm is back too...
[ + quote]
tapiiri
Senior Member
_ 		31. May 2006 @ 13:15 _ Link to this message    Send private message to this user   
Okei, that is in the registry:

Copy text below in to notepad:
Quote:
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
"wininet.dll"=-
Save it to desktop filetype "allfiles" and name REGFIX.reg

Doubleclick it and answer yes all question.

Boot comp and run silent runner, and send a logfile.


[ + quote]
Jaa- ei tuollaasia spämmäreitä ookkaa -> tapiiri

http://www.virustorjunta.net/index.php
flo6102
Newbie
_ 		31. May 2006 @ 13:40 _ Link to this message    Send private message to this user   
here we go...

"Silent Runners.vbs", revision 45, http://www.silentrunners.org/
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by "{++}"


Startup items buried in registry:
---------------------------------

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"CTFMON.EXE" = "C:\WINDOWS\system32\ctfmon.exe" [MS]
"PcSync" = "C:\Programme\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog" ["Time Information Services Ltd."]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"BluetoothAuthenticationAgent" = "rundll32.exe irprops.cpl,,BluetoothAuthenticationAgent" [MS]
"PowerManagement" = "C:\Programme\Power Management\PwrGui.exe" [empty string]
"HTpatch" = "C:\WINDOWS\htpatch.exe" [null data]
"NvCplDaemon" = "RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup" [MS]
"nwiz" = "nwiz.exe /install" ["NVIDIA Corporation"]
"SoundMan" = "SOUNDMAN.EXE" ["Realtek Semiconductor Corp."]
"avast!" = "C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [null data]
"TkBellExe" = ""C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot" ["RealNetworks, Inc."]
"QuickTime Task" = ""C:\Programme\QuickTime Alternative\QTSystem\qttask.exe" -atboottime" ["Apple Computer, Inc."]
"iTunesHelper" = ""C:\Programme\iTunes\iTunesHelper.exe"" ["Apple Computer, Inc."]
"DAEMON Tools" = ""C:\Programme\DAEMON Tools\daemon.exe" -lang 1033" [file not found]
"NeroFilterCheck" = "C:\WINDOWS\system32\NeroCheck.exe" ["Ahead Software Gmbh"]
"PCSuiteTrayApplication" = "C:\Programme\Nokia\Nokia PC Suite 6\LaunchApplication.exe -onlytray" ["Nokia"]
"DataLayer" = "C:\Programme\Gemeinsame Dateien\PCSuite\DataLayer\DataLayer.exe" ["Nokia Mobile Phones Ltd."]
"SunJavaUpdateSched" = "C:\Programme\Java\jre1.5.0_06\bin\jusched.exe" ["Sun Microsystems, Inc."]
"Zone Labs Client" = "C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe" ["Zone Labs, LLC"]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided)
-> {HKLM...CLSID} = "AcroIEHlprObj Class"
\InProcServer32\(Default) = "C:\Programme\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx" [empty string]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided)
-> {HKLM...CLSID} = "SSVHelper Class"
\InProcServer32\(Default) = "C:\Programme\Java\jre1.5.0_06\bin\ssv.dll" ["Sun Microsystems, Inc."]

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "CPL-Erweiterung für Anzeigeverschiebung"
-> {HKLM...CLSID} = "CPL-Erweiterung für Anzeigeverschiebung"
\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Erweiterung für HyperTerminal-Icons"
-> {HKLM...CLSID} = "HyperTerminal Icon Ext"
\InProcServer32\(Default) = "C:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."]
"{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop-Explorer"
-> {HKLM...CLSID} = "Desktop-Explorer"
\InProcServer32\(Default) = "C:\WINDOWS\System32\nvshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\WINDOWS\System32\nvshell.dll" ["NVIDIA Corporation"]
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Programme\WinRAR\rarext.dll" [null data]
"{472083B0-C522-11CF-8763-00608CC02F24}" = "avast"
-> {HKLM...CLSID} = "avast"
\InProcServer32\(Default) = "C:\Programme\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"]
"{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}" = "Shell Extensions for RealOne Player"
-> {HKLM...CLSID} = "RealOne Player Context Menu Class"
\InProcServer32\(Default) = "C:\Programme\Real\RealPlayer\rpshell.dll" ["RealNetworks, Inc."]
"{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF}" = "iTunes"
-> {HKLM...CLSID} = "iTunes"
\InProcServer32\(Default) = "C:\Programme\iTunes\iTunesMiniPlayer.dll" ["Apple Computer, Inc."]
"{21569614-B795-46b1-85F4-E737A8DC09AD}" = "Shell Search Band"
-> {HKLM...CLSID} = "Shell Search Band"
\InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" [MS]
"{32020A01-506E-484D-A2A8-BE3CF17601C3}" = "AlcoholShellEx"
-> {HKLM...CLSID} = "AlcoholShellEx"
\InProcServer32\(Default) = "C:\PROGRA~1\ALCOHO~1\ALCOHO~1\AXShlEx.dll" ["Alcohol Soft Development Team"]
"{73B24247-042E-4EF5-ADC2-42F62E6FD654}" = "ICQ Lite Shell Extension"
-> {HKLM...CLSID} = "MCLiteShellExt Class"
\InProcServer32\(Default) = "C:\Programme\ICQLite\ICQLiteShell.dll" [empty string]
"{40950107-FEA6-4d53-A65F-B2DCBA57DD58}" = "Nokia Phone Browser"
-> {HKLM...CLSID} = "Nokia Phone Browser"
\InProcServer32\(Default) = "C:\Programme\Nokia\Nokia PC Suite 6\PhoneBrowser.dll" ["Nokia"]
"{FBFE7864-D495-41f0-B7DC-4BB601CC295E}" = "Contact View"
-> {HKLM...CLSID} = "Contact View"
\InProcServer32\(Default) = "C:\Programme\Nokia\Nokia PC Suite 6\ContactView.dll" ["Nokia"]
"{C0C4375A-5B72-4efe-929D-3B848C3A1E91}" = "Message View"
-> {HKLM...CLSID} = "Message View"
\InProcServer32\(Default) = "C:\Programme\Nokia\Nokia PC Suite 6\MessageView.dll" ["Nokia"]
"{640167b4-59b0-47a6-b335-a6b3c0695aea}" = "Portable Media Devices"
-> {HKLM...CLSID} = "Portable Media Devices"
\InProcServer32\(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS]
"{cc86590a-b60a-48e6-996b-41d25ed39a1e}" = "Portable Media Devices Menu"
-> {HKLM...CLSID} = "Portable Media Devices Menu"
\InProcServer32\(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\
INFECTION WARNING! "{54D9498B-CF93-414F-8984-8CE7FDE0D391}" = "ewido shell guard"
-> {HKLM...CLSID} = "CShellExecuteHookImpl Object"
\InProcServer32\(Default) = "C:\Programme\ewido anti-malware\shellhook.dll" ["TODO: <Firmenname>"]

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
INFECTION WARNING! WgaLogon\DLLName = "WgaLogon.dll" [MS]

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
avast\(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}"
-> {HKLM...CLSID} = "avast"
\InProcServer32\(Default) = "C:\Programme\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"]
ICQLiteMenu\(Default) = "{73B24247-042E-4EF5-ADC2-42F62E6FD654}"
-> {HKLM...CLSID} = "MCLiteShellExt Class"
\InProcServer32\(Default) = "C:\Programme\ICQLite\ICQLiteShell.dll" [empty string]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Programme\WinRAR\rarext.dll" [null data]

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\
ICQLiteMenu\(Default) = "{73B24247-042E-4EF5-ADC2-42F62E6FD654}"
-> {HKLM...CLSID} = "MCLiteShellExt Class"
\InProcServer32\(Default) = "C:\Programme\ICQLite\ICQLiteShell.dll" [empty string]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Programme\WinRAR\rarext.dll" [null data]

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
avast\(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}"
-> {HKLM...CLSID} = "avast"
\InProcServer32\(Default) = "C:\Programme\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Programme\WinRAR\rarext.dll" [null data]


Active Desktop and Wallpaper:
-----------------------------

Active Desktop is disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

HKCU\Control Panel\Desktop\
"Wallpaper" = "C:\Dokumente und Einstellungen\Flo\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp"


Startup items in "Flo" & "All Users" startup folders:
-----------------------------------------------------

C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart
"Microsoft Office" -> shortcut to: "C:\Programme\Microsoft Office\Office\OSA9.EXE -b -l" [MS]


Winsock2 Service Provider DLLs:
-------------------------------

Namespace Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

Transport Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 04, 07 - 20
%SystemRoot%\system32\rsvpsp.dll [MS], 05 - 06


Toolbars, Explorer Bars, Extensions:
------------------------------------

Explorer Bars

HKCU\Software\Microsoft\Internet Explorer\Explorer Bars\
{21569614-B795-46B1-85F4-E737A8DC09AD}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Shell Search Band"
\InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" [MS]

Extensions (Tools menu items, main toolbar menu buttons)

HKLM\Software\Microsoft\Internet Explorer\Extensions\
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\
"MenuText" = "Sun Java Konsole"
"CLSIDExtension" = "{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC}"
-> {HKCU...CLSID} = "Java Plug-in"
\InProcServer32\(Default) = "C:\Programme\Java\jre1.5.0_06\bin\ssv.dll" ["Sun Microsystems, Inc."]
-> {HKLM...CLSID} = "Java Plug-in 1.5.0_06"
\InProcServer32\(Default) = "C:\Programme\Java\jre1.5.0_06\bin\npjpi150_06.dll" ["Sun Microsystems, Inc."]

{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1}\
"ButtonText" = "PartyPoker.com"
"MenuText" = "PartyPoker.com"
"Exec" = "C:\Programme\PartyGaming\PartyPoker\RunApp.exe" [empty string]

{B863453A-26C3-4E1F-A54D-A2CD196348E9}\
"ButtonText" = "ICQ Lite"
"MenuText" = "ICQ Lite"
"Exec" = "C:\Programme\ICQLite\ICQLite.exe" ["ICQ Ltd."]

{F4430FE8-2638-42E5-B849-800749B94EED}\
"ButtonText" = "PartyPoker.net"
"MenuText" = "PartyPoker.net"
"Exec" = "C:\Programme\PartyGaming.net\PartyPokerNet\RunPF.exe" [file not found]

{FB5F1910-F110-11D2-BB9E-00C04F795683}\
"ButtonText" = "Messenger"
"MenuText" = "Windows Messenger"
"Exec" = "C:\Programme\Messenger\msmsgs.exe" [MS]


All Non-Disabled Services (Display Name, Service Name, Path {Service DLL}):
---------------------------------------------------------------------------

Anwendungsverwaltung, AppMgmt, "C:\WINDOWS\system32\svchost.exe -k netsvcs" {"C:\WINDOWS\System32\appmgmts.dll" [file not found]}
ASP.NET State Service, aspnet_state, "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe" [MS]
avast! Antivirus, avast! Antivirus, ""C:\Programme\Alwil Software\Avast4\ashServ.exe"" [null data]
avast! iAVS4 Control Service, aswUpdSv, ""C:\Programme\Alwil Software\Avast4\aswUpdSv.exe"" [null data]
avast! Mail Scanner, avast! Mail Scanner, ""C:\Programme\Alwil Software\Avast4\ashMaiSv.exe" /service" ["ALWIL Software"]
avast! Web Scanner, avast! Web Scanner, ""C:\Programme\Alwil Software\Avast4\ashWebSv.exe" /service" ["ALWIL Software"]
Dienst für Seriennummern der tragbaren Medien, WmdmPmSN, "C:\WINDOWS\System32\svchost.exe -k netsvcs" {"C:\WINDOWS\system32\MsPMSNSv.dll" [MS]}
ewido security suite control, ewido security suite control, "C:\Programme\ewido anti-malware\ewidoctrl.exe" ["ewido networks"]
HTTP-SSL, HTTPFilter, "C:\WINDOWS\System32\svchost.exe -k HTTPFilter" {"C:\WINDOWS\System32\w3ssl.dll" [MS]}
[ + quote]
tapiiri
Senior Member
_ 		31. May 2006 @ 13:57 _ Link to this message    Send private message to this user   
Now it looks better.

do you recieve those virus alerts any more ?

If do scan smitfraudfix option #1 and send that rapport.

Send a fresh HijackThis log too .
[ + quote]
Jaa- ei tuollaasia spämmäreitä ookkaa -> tapiiri

http://www.virustorjunta.net/index.php
flo6102
Newbie
_ 		31. May 2006 @ 14:14 _ Link to this message    Send private message to this user   
Many, many thanks tapiiri!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
Seems to be alright no more virus alerts! Hopefully it stays that way!

Logfile of HijackThis v1.99.1
Scan saved at 00:12:53, on 01.06.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\Power Management\PwrGui.exe
C:\WINDOWS\htpatch.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
C:\Programme\QuickTime Alternative\QTSystem\qttask.exe
C:\Programme\iTunes\iTunesHelper.exe
C:\Programme\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Programme\Gemeinsame Dateien\PCSuite\DataLayer\DataLayer.exe
C:\Programme\Java\jre1.5.0_06\bin\jusched.exe
C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\Programme\Alwil Software\Avast4\aswUpdSv.exe
C:\Programme\Alwil Software\Avast4\ashServ.exe
C:\PROGRA~1\GEMEIN~1\Nokia\MPAPI\MPAPI3s.exe
C:\PROGRA~1\GEMEIN~1\PCSuite\Services\SERVIC~1.EXE
C:\Programme\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Programme\iPod\bin\iPodService.exe
C:\Programme\Alwil Software\Avast4\ashMaiSv.exe
C:\Programme\Alwil Software\Avast4\ashWebSv.exe
C:\Programme\MSN Messenger\msnmsgr.exe
C:\Programme\Internet Explorer\iexplore.exe
C:\Dokumente und Einstellungen\Flo\Desktop\HijackThis_v1.99.1.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.onvista.de/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe irprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [PowerManagement] C:\Programme\Power Management\PwrGui.exe
O4 - HKLM\..\Run: [HTpatch] C:\WINDOWS\htpatch.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime Alternative\QTSystem\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programme\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Programme\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Programme\Nokia\Nokia PC Suite 6\LaunchApplication.exe -onlytray
O4 - HKLM\..\Run: [DataLayer] C:\Programme\Gemeinsame Dateien\PCSuite\DataLayer\DataLayer.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PcSync] C:\Programme\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programme\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programme\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Programme\PartyGaming.net\PartyPokerNet\RunPF.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Programme\PartyGaming.net\PartyPokerNet\RunPF.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31...
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Con...
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x8...
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {7584C670-2274-4EFB-B00B-D6AABA6D3850} (Microsoft RDP Client Control (redist)) - http://www.neptun.sote.hu/tsweb/msrdp.cab
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.johannrain-softwareentwicklung.de/scan/Msie/bitdefender.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {C81B5180-AFD1-41A3-97E1-99E8D254DB98} - http://www.commandondemand.com/eval/cod/cabs/cssweb.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{25B544C1-3CBE-447C-B18D-ADB53513FD46}: NameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{25B544C1-3CBE-447C-B18D-ADB53513FD46}: NameServer = 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{25B544C1-3CBE-447C-B18D-ADB53513FD46}: NameServer = 192.168.1.1
O17 - HKLM\System\CS3\Services\Tcpip\..\{25B544C1-3CBE-447C-B18D-ADB53513FD46}: NameServer = 192.168.1.1
O17 - HKLM\System\CS4\Services\Tcpip\..\{25B544C1-3CBE-447C-B18D-ADB53513FD46}: NameServer = 192.168.1.1
O17 - HKLM\System\CS5\Services\Tcpip\..\{25B544C1-3CBE-447C-B18D-ADB53513FD46}: NameServer = 192.168.1.1
O17 - HKLM\System\CS6\Services\Tcpip\..\{25B544C1-3CBE-447C-B18D-ADB53513FD46}: NameServer = 192.168.1.1
O17 - HKLM\System\CS7\Services\Tcpip\..\{25B544C1-3CBE-447C-B18D-ADB53513FD46}: NameServer = 192.168.1.1
O17 - HKLM\System\CS8\Services\Tcpip\..\{25B544C1-3CBE-447C-B18D-ADB53513FD46}: NameServer = 192.168.1.1
O17 - HKLM\System\CS9\Services\Tcpip\..\{25B544C1-3CBE-447C-B18D-ADB53513FD46}: NameServer = 192.168.1.1
O17 - HKLM\System\CS10\Services\Tcpip\..\{25B544C1-3CBE-447C-B18D-ADB53513FD46}: NameServer = 192.168.1.1
O17 - HKLM\System\CS11\Services\Tcpip\..\{25B544C1-3CBE-447C-B18D-ADB53513FD46}: NameServer = 192.168.1.1
O17 - HKLM\System\CS12\Services\Tcpip\..\{25B544C1-3CBE-447C-B18D-ADB53513FD46}: NameServer = 192.168.1.1
O17 - HKLM\System\CS13\Services\Tcpip\..\{25B544C1-3CBE-447C-B18D-ADB53513FD46}: NameServer = 192.168.1.1
O17 - HKLM\System\CS14\Services\Tcpip\..\{25B544C1-3CBE-447C-B18D-ADB53513FD46}: NameServer = 192.168.1.1
O17 - HKLM\System\CS15\Services\Tcpip\..\{25B544C1-3CBE-447C-B18D-ADB53513FD46}: NameServer = 192.168.1.1
O17 - HKLM\System\CS16\Services\Tcpip\..\{25B544C1-3CBE-447C-B18D-ADB53513FD46}: NameServer = 192.168.1.1
O17 - HKLM\System\CS17\Services\Tcpip\..\{25B544C1-3CBE-447C-B18D-ADB53513FD46}: NameServer = 192.168.1.1
O17 - HKLM\System\CS18\Services\Tcpip\..\{25B544C1-3CBE-447C-B18D-ADB53513FD46}: NameServer = 192.168.1.1
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Programme\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Programme\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Programme\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Programme\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: ewido security suite control - ewido networks - C:\Programme\ewido anti-malware\ewidoctrl.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Programme\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

Thanks again! You were great help!
[ + quote]
Advertisement
_ 		__
 
_
tapiiri
Senior Member
_ 		31. May 2006 @ 14:21 _ Link to this message    Send private message to this user   
log's clean :)

Yuo're wellcome.
[ + quote]
Jaa- ei tuollaasia spämmäreitä ookkaa -> tapiiri

http://www.virustorjunta.net/index.php
afterdawn.com > forums > software, operating systems and more > windows - virus and spyware problems > win32:zlob-bn and win32:hoaxalarm-u
 

Digital video: AfterDawn.com | AfterDawn Forums
Music: MP3Lizard.com
Gaming: Blasteroids.com | Blasteroids Forums | Compare game prices
Software: Software downloads
Blogs: User profile pages
RSS feeds: AfterDawn.com News | Software updates | AfterDawn Forums
International: AfterDawn in Finnish | AfterDawn in Swedish | AfterDawn in Norwegian | download.fi
Navigate: Search | Site map
About us: About AfterDawn Ltd | Advertise on our sites | Rules, Restrictions, Legal disclaimer & Privacy policy
Contact us: Send feedback | Contact our media sales team
 
  © 1999-2024 by AfterDawn Ltd.

  IDG TechNetwork