NEWS
PARASITES
SOFTWARE
FORUM
DIRECTORY

 
 
 
 
 
 
  
February 13, 2012, 01:40:18 AM *
Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
News: SMF - Just Installed!
 
   Home   Help Search Login Register  

Anybody who can help with this fu...ing spy / virus ???


AddThis Social Bookmark Button AddThis Feed Button
Pages: [1]
« previous next »
  Print  
Author Topic: Anybody who can help with this fu...ing spy / virus ???  (Read 2578 times)
olgierd-k
Newbie
*
Posts: 2


View Profile
« on: February 19, 2006, 04:30:33 PM »
Hi everybody,
Here is what happens:
From time to time the Network connection window appears saying:
"You (or some program) requires information from xxxxx. Which connection do you want to use ?"
Where xxxxx is one of the following:
smtp.aol.com
smtp.google.com
smtp.mail.ru
yahoo.com
66.36.243.201
socks.temphost.ws

On that, infected computer, I'm not even connected to internet and I do not run any program. But I neet it to be connected and do not want any spywere to connect behind my back to above sites.
I have tried to remove these pests manually, I have downloaded and run Spy Doctor, Search & Destroy,  Ad-aware and Norman. There was a number of adware which was removed succesfully, but this one (or a some) still presist !!!   Any help would be appreciated.
Here is my log.

Logfile of HijackThis v1.99.1
Scan saved at 12:14:23, on 2006-02-19
Platform: Windows XP  (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\AEIWLSVC.EXE
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\System32\HPConfig.exe
c:\LaserJet3150\jsdaemon.exe
C:\Program\Network Monitor\netmon.exe
C:\Norman\Bin\Zanda.exe
C:\Reflection_90\rtsserv.exe
C:\Spyware Doctor\sdhelp.exe
C:\WINDOWS\System32\slpservice.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\slpmonx.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\atiptaxx.exe
C:\Program\Hewlett-Packard\HP Display Settings\hpdisply.exe
C:\Program\Synaptics\SynTP\SynTPLpr.exe
C:\Program\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\System32\AEIWLRAD.EXE
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
C:\WINDOWS\System32\hphmon03.exe
C:\Program\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe
C:\Program\Hewlett-Packard\PhotoSmart\HP Share-to-Web\hpgs2wnd.exe
C:\program\hewlett-packard\Mmenu\hpcdtray.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program\Hewlett-Packard\TopToolsWMI\HPTrayIcon.exe
C:\Program\HEWLET~1\PHOTOS~1\HPSHAR~1\hpgs2wnf.exe
C:\Program\Hewlett-Packard\TopToolsWMI\WMIWDog.exe
C:\Program\HPONE-~1\OneTouch.EXE
C:\Program\QuickTime\qttask.exe
C:\Program\Delade filer\Real\Update_OB\realsched.exe
C:\Program\DELADE~1\PCSuite\DATALA~1\DATALA~1.EXE
C:\NOKIA9~2\NOKIAP~1\TRAYAP~1.EXE
C:\Norman\bin\ZLH.EXE
C:\WINDOWS\System32\ctfmon.exe
C:\Spyware Doctor\swdoctor.exe
C:\Security\Antivir\BitDefender for ICQ\aqmon.exe
C:\LaserJet3150\JETSTAT.EXE
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\Program\Delade filer\efax\dllcmd32.exe
C:\WWW_Utilities\ZoneAlarm\zonealarm.exe
C:\Norman\Nvc\BIN\NIP.EXE
C:\Program\DELADE~1\PCSuite\Services\SERVIC~1.EXE
C:\Norman\bin\NJEEVES.EXE
C:\Norman\Nvc\BIN\nipsvc.exe
C:\Norman\Nvc\bin\nvcoas.exe
C:\Norman\Nvc\bin\cclaw.exe
c:\LASERJ~1\JSFMAN.EXE
C:\Utilities\HiJackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: CCHelper - {0CF0B8EE-6596-11D5-A98E-0003470BB48E} - C:\WWW_Utilities\PopUp_Stopp_v30\CCHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\WWW_UT~1\SPYBOT~2\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\WWW_Utilities\Robot_fill_form\RoboForm.dll
O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program\Viewpoint\Viewpoint Toolbar\ViewBarBHO.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\SPYWAR~1\tools\iesdpb.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\WWW_Utilities\Robot_fill_form\RoboForm.dll
O3 - Toolbar: Pop-Up Stopper &Companion - {8F05B1A8-9D77-4B8F-AF54-6B2202066F95} - C:\WWW_Utilities\PopUp_Stopp_v30\popupus.dll
O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program\Viewpoint\Viewpoint Toolbar\ViewBar.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [HP Display Settings] C:\Program\Hewlett-Packard\HP Display Settings\hpdisply.exe /s
O4 - HKLM\..\Run: [SynTPLpr] C:\Program\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [1AEIWLRAD.EXE] AEIWLRAD.EXE
O4 - HKLM\..\Run: [HP Presentation Ready] C:\Program\Hewlett-Packard\HP Presentation Ready\PresRdy.exe -r
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [HPHmon03] C:\WINDOWS\System32\hphmon03.exe
O4 - HKLM\..\Run: [CXMon] "C:\Program\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe"
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program\Hewlett-Packard\PhotoSmart\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [HP CD-Writer] c:\program\hewlett-packard\Mmenu\hpcdtray.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [HP Tray Icon WMI] C:\Program\Hewlett-Packard\TopToolsWMI\HPTrayIcon.exe
O4 - HKLM\..\Run: [HP Lamp] C:\HP PrecisionScan\PrecisionScan\HPLamp.exe
O4 - HKLM\..\Run: [QT4HPOT] C:\Program\HPONE-~1\OneTouch.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program\Delade filer\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [DataLayer] C:\Program\DELADE~1\PCSuite\DATALA~1\DATALA~1.EXE
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\NOKIA9~2\NOKIAP~1\TRAYAP~1.EXE
O4 - HKLM\..\Run: [Norman ZANDA] C:\Norman\bin\ZLH.EXE /LOAD /SPLASH
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Spyware Doctor\swdoctor.exe" /Q
O4 - Global Startup: BitDefender for ICQ.lnk = C:\Security\Antivir\BitDefender for ICQ\aqmon.exe
O4 - Global Startup: BitDefender for MSN Messenger.lnk = C:\Security\Antivir\BitDefender for MSN Messenger\msnmon.exe
O4 - Global Startup: BitDefender_P2P_Startup.lnk = C:\WINDOWS\BitDefender_P2P_Startup.exe
O4 - Global Startup: HP LaserJet 3150 Status.lnk = C:\LaserJet3150\JETSTAT.EXE
O4 - Global Startup: Live Menu.lnk = C:\Program\Delade filer\efax\dllcmd32.exe
O4 - Global Startup: ZoneAlarm.lnk = C:\WWW_Utilities\ZoneAlarm\zonealarm.exe
O8 - Extra context menu item: &2 Customize Menu - res://C:\WWW_Utilities\Robot_fill_form\RoboForm.dll/ComCustomIEMenu.html
O8 - Extra context menu item: &7 Fill Forms - res://C:\WWW_Utilities\Robot_fill_form\RoboForm.dll/ComFillForms.html
O8 - Extra context menu item: &8 Save Forms - res://C:\WWW_Utilities\Robot_fill_form\RoboForm.dll/ComSavePass.html
O8 - Extra context menu item: &Viewpoint Search - res://C:\Program\Viewpoint\Viewpoint Toolbar\ViewBar.dll/CXTSEARCH.HTML
O8 - Extra context menu item: Search Using Copernic - C:\Copernic_2001\Search Extension.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: (no name) - {2A465934-E5F0-11D2-91B5-00104B9C4765} - C:\Copernic_2001\Copernic.exe
O9 - Extra 'Tools' menuitem: Launch Copernic 2001 - {2A465934-E5F0-11D2-91B5-00104B9C4765} - C:\Copernic_2001\Copernic.exe
O9 - Extra button: Copernic - {2A465936-E5F0-11D2-91B5-00104B9C4765} - C:\Copernic_2001\Copernic.exe
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Fill - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\WWW_Utilities\Robot_fill_form\RoboForm.dll
O9 - Extra 'Tools' menuitem: &7 Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\WWW_Utilities\Robot_fill_form\RoboForm.dll
O9 - Extra button: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\WWW_Utilities\Robot_fill_form\RoboForm.dll
O9 - Extra 'Tools' menuitem: &8 Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\WWW_Utilities\Robot_fill_form\RoboForm.dll
O9 - Extra button: Net2Phone - {4B30061A-5B39-11D3-80F8-0090276F843F} - http://www.net2phone.com/ (file missing)
O9 - Extra 'Tools' menuitem: Net2Phone - {4B30061A-5B39-11D3-80F8-0090276F843F} - http://www.net2phone.com/ (file missing)
O9 - Extra button: RF toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\WWW_Utilities\Robot_fill_form\RoboForm.dll
O9 - Extra 'Tools' menuitem: &9 Robo Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\WWW_Utilities\Robot_fill_form\RoboForm.dll
O9 - Extra button: Translate - {99EFB53C-C965-43CF-9F45-52242D134187} - file://C:\Copernic_2001\Translate.htm
O9 - Extra 'Tools' menuitem: &Translate Using Gist-In-Time - {99EFB53C-C965-43CF-9F45-52242D134187} - file://C:\Copernic_2001\Translate.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com/notebooks/omnibook/home
O16 - DPF: ppctlcab - http://www.pestscan.com/scanner/ppctlcab.cab
O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} (MetaStreamCtl Class) - https://components.viewpoint.com/MTSInstallers/MetaStream3.cab?url=http://www.viewpoint.com/cgi-bin/compaq.v2/vet_install_popup.pl?1&4&04.00.08.43-hp&http://h71016.www7.hp.com/html/interactive/h6300/model.html?jumpid=in_r295_3d/HND/h6300|ProdPage|viewpoint
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://www.pestscan.com/scanner/axscanner.cab
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004033001/housecall.antivirus.com/housecall/xscan53.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{3D28D13B-D293-42A0-BCFA-30011D9F1654}: NameServer = 194.204.152.34,194.204.159.1
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: Aeiwsvc - Unknown owner - C:\WINDOWS\system32\AEIWLSVC.EXE
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: HPAlertWMI - Hewlett-Packard Co. - C:\Program\Hewlett-Packard\TopToolsWMI\WMIProviders\HPAlertWMI.exe
O23 - Service: HP Configuration Service (HPConfig) - Hewlett-Packard - C:\WINDOWS\System32\HPConfig.exe
O23 - Service: jsdaemon - JetFax, Inc. - c:\LaserJet3150\jsdaemon.exe
O23 - Service: Network Monitor - Unknown owner - C:\Program\Network Monitor\netmon.exe
O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner - C:\Norman\Nvc\BIN\nipsvc.exe
O23 - Service: Norman NJeeves - Unknown owner - C:\Norman\bin\NJEEVES.EXE
O23 - Service: Norman ZANDA - Unknown owner - C:\Norman\Bin\Zanda.exe
O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\Norman\Nvc\bin\nvcoas.exe
O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman Data Defense Systems - C:\Norman\Nvc\BIN\NVCSCHED.EXE
O23 - Service: Pml Driver - HP - C:\WINDOWS\System32\HPHipm09.exe
O23 - Service: Reflection TimeSync - WRQ, Inc. - C:\Reflection_90\rtsserv.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Spyware Doctor\sdhelp.exe
O23 - Service: SLPMONX - ProdEx Technologies - C:\WINDOWS\System32\slpservice.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
=====================================================
And here is my xxx
ADS spy log
C:\Documents and Settings\All Users\Application Data\Microsoft\Windows NT\MSFax\SentItems\S-1-5-21-3757435101-3802400216-3657561249-500$201c2788dfa4bd1.tif : Xj1phwzh5qcwungrN45kt3kiCe  (992 bytes)
C:\Documents and Settings\All Users\Application Data\Microsoft\Windows NT\MSFax\SentItems\S-1-5-21-3757435101-3802400216-3657561249-500$201c3474befb0b3.tif : Xj1phwzh5qcwungrN45kt3kiCe  (912 bytes)
C:\Documents and Settings\All Users\Application Data\Microsoft\Windows NT\MSFax\SentItems\S-1-5-21-3757435101-3802400216-3657561249-500$201c3474c9ab278.tif : Xj1phwzh5qcwungrN45kt3kiCe  (912 bytes)
Logged
GTO
Global Moderator
Newbie
*****
Posts: 1519



View Profile
« Reply #1 on: February 20, 2006, 02:37:44 PM »
Hi, olgierd-k. Welcome to 2-Spyware.com forums!

Please follow these steps:

1. Download the KillBox utility.

2. Use HijackThis to fix the following entries:
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O9 - Extra button: Net2Phone - {4B30061A-5B39-11D3-80F8-0090276F843F} - http://www.net2phone.com/ (file missing)
O9 - Extra 'Tools' menuitem: Net2Phone - {4B30061A-5B39-11D3-80F8-0090276F843F} - http://www.net2phone.com/ (file missing)
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)

3. Use KillBox to delete the following file:
C:\Program\Network Monitor\netmon.exe

4. Delete the entire C:\Program\Network Monitor directory.

5. After you get done, run another HijackThis scan and post a fresh log here.


P.S. Your system is not up-to-date! You have to install Service Pack 2 for Microsoft Windows XP and Service Pack 2 for Microsoft Internet Explorer. Also apply all latest updates and security fixes.
Logged
olgierd-k
Newbie
*
Posts: 2


View Profile
« Reply #2 on: February 21, 2006, 12:29:53 PM »
Hi GTO!
Thanks for help, I really appreciate this !
I did as you suggested, deleting the Network Monitor all together, coul do in Safe Mode without KillBox.
I changed the registry, and restarted and... the Network connection pop-ups come back as before !!! Even the netmon.exe was not running any longer ! So it was not (not only Huh) cicios.H Huh
I scaned ADS spy with Hijack and deleted last 3 entrys. Then I installed Ewido, seems to be outstanding ! Found 7 more things which Spy Doc or Ad-Aware never showed ! I deleted all. Restarted, and... IT IS NOT POPPING UP ANY LONGER !!!!
So I can connect again (which I did) and running now on this computer.
What do you think, what was it Huh Which of the action taken did the success ?? Its good that it is gone, but very good to know what was it and how it works ?
I attach most recent Hijack log, ADS log and Ewido log. Hope it looks ok now, doenst it ?? (I hope I'm not happy to early.... !)  Cheesy

Logfile of HijackThis v1.99.1
Scan saved at 18:09:32, on 2006-02-21
Platform: Windows XP  (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\AEIWLSVC.EXE
C:\WINDOWS\System32\Ati2evxx.exe
C:\Ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\System32\HPConfig.exe
c:\LaserJet3150\jsdaemon.exe
C:\Norman\Bin\Zanda.exe
C:\Reflection_90\rtsserv.exe
C:\Spyware Doctor\sdhelp.exe
C:\WINDOWS\System32\slpservice.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\slpmonx.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\Program\Hewlett-Packard\TopToolsWMI\WMIWDog.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\atiptaxx.exe
C:\Program\Hewlett-Packard\HP Display Settings\hpdisply.exe
C:\Program\Synaptics\SynTP\SynTPLpr.exe
C:\Program\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\System32\AEIWLRAD.EXE
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
C:\WINDOWS\System32\hphmon03.exe
C:\Program\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe
C:\Program\Hewlett-Packard\PhotoSmart\HP Share-to-Web\hpgs2wnd.exe
C:\program\hewlett-packard\Mmenu\hpcdtray.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program\Hewlett-Packard\TopToolsWMI\HPTrayIcon.exe
C:\Program\HEWLET~1\PHOTOS~1\HPSHAR~1\hpgs2wnf.exe
C:\Program\HPONE-~1\OneTouch.EXE
C:\Program\QuickTime\qttask.exe
C:\Program\Delade filer\Real\Update_OB\realsched.exe
C:\Program\DELADE~1\PCSuite\DATALA~1\DATALA~1.EXE
C:\NOKIA9~2\NOKIAP~1\TRAYAP~1.EXE
C:\Norman\bin\ZLH.EXE
C:\WINDOWS\System32\ctfmon.exe
C:\Security\Antivir\BitDefender for ICQ\aqmon.exe
C:\LaserJet3150\JETSTAT.EXE
C:\Program\Delade filer\efax\dllcmd32.exe
C:\Program\DELADE~1\PCSuite\Services\SERVIC~1.EXE
c:\LASERJ~1\JSFMAN.EXE
C:\Ewido anti-malware\ewidoguard.exe
C:\Norman\Nvc\bin\nvcoas.exe
C:\Norman\Nvc\BIN\NIP.EXE
C:\Norman\Nvc\BIN\nipsvc.exe
C:\Norman\bin\NJEEVES.EXE
C:\Norman\Nvc\bin\cclaw.exe
C:\spyware doctor\swdoctor.exe
C:\Utilities\HiJackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

http://basun.sunet.se/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

Länkar
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -

C:\Program\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: CCHelper - {0CF0B8EE-6596-11D5-A98E-0003470BB48E} -

C:\WWW_Utilities\PopUp_Stopp_v30\CCHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} -

C:\WWW_UT~1\SPYBOT~2\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} -

C:\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} -

C:\WWW_Utilities\Robot_fill_form\RoboForm.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} -

C:\SPYWAR~1\tools\iesdpb.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} -

C:\WWW_Utilities\Robot_fill_form\RoboForm.dll
O3 - Toolbar: Pop-Up Stopper &Companion -

{8F05B1A8-9D77-4B8F-AF54-6B2202066F95} -

C:\WWW_Utilities\PopUp_Stopp_v30\popupus.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -

C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [HP Display Settings] C:\Program\Hewlett-Packard\HP Display

Settings\hpdisply.exe /s
O4 - HKLM\..\Run: [SynTPLpr] C:\Program\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [1AEIWLRAD.EXE] AEIWLRAD.EXE
O4 - HKLM\..\Run: [HP Presentation Ready] C:\Program\Hewlett-Packard\HP

Presentation Ready\PresRdy.exe -r
O4 - HKLM\..\Run: [HPDJ Taskbar Utility]

C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [HPHmon03] C:\WINDOWS\System32\hphmon03.exe
O4 - HKLM\..\Run: [CXMon] "C:\Program\Hewlett-Packard\PhotoSmart\Photo

Imaging\Hpi_Monitor.exe"
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon]

C:\Program\Hewlett-Packard\PhotoSmart\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [HP CD-Writer]

c:\program\hewlett-packard\Mmenu\hpcdtray.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [HP Tray Icon WMI]

C:\Program\Hewlett-Packard\TopToolsWMI\HPTrayIcon.exe
O4 - HKLM\..\Run: [HP Lamp] C:\HP PrecisionScan\PrecisionScan\HPLamp.exe
O4 - HKLM\..\Run: [QT4HPOT] C:\Program\HPONE-~1\OneTouch.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe"

-atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program\Delade

filer\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [DataLayer]

C:\Program\DELADE~1\PCSuite\DATALA~1\DATALA~1.EXE
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\NOKIA9~2\NOKIAP~1\TRAYAP~1.EXE
O4 - HKLM\..\Run: [Norman ZANDA] C:\Norman\bin\ZLH.EXE /LOAD /SPLASH
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Spyware Doctor\swdoctor.exe" /Q
O4 - Global Startup: BitDefender for ICQ.lnk =

C:\Security\Antivir\BitDefender for ICQ\aqmon.exe
O4 - Global Startup: BitDefender for MSN Messenger.lnk =

C:\Security\Antivir\BitDefender for MSN Messenger\msnmon.exe
O4 - Global Startup: BitDefender_P2P_Startup.lnk =

C:\WINDOWS\BitDefender_P2P_Startup.exe
O4 - Global Startup: HP LaserJet 3150 Status.lnk =

C:\LaserJet3150\JETSTAT.EXE
O4 - Global Startup: Live Menu.lnk = C:\Program\Delade

filer\efax\dllcmd32.exe
O4 - Global Startup: ZoneAlarm.lnk = C:\WWW_Utilities\ZoneAlarm\zonealarm.exe
O8 - Extra context menu item: &2 Customize Menu -

res://C:\WWW_Utilities\Robot_fill_form\RoboForm.dll/ComCustomIEMenu.html
O8 - Extra context menu item: &7 Fill Forms -

res://C:\WWW_Utilities\Robot_fill_form\RoboForm.dll/ComFillForms.html
O8 - Extra context menu item: &8 Save Forms -

res://C:\WWW_Utilities\Robot_fill_form\RoboForm.dll/ComSavePass.html
O8 - Extra context menu item: Search Using Copernic - C:\Copernic_2001\Search

Extension.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -

C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java-konsol -

{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: (no name) - {2A465934-E5F0-11D2-91B5-00104B9C4765} -

C:\Copernic_2001\Copernic.exe
O9 - Extra 'Tools' menuitem: Launch Copernic 2001 -

{2A465934-E5F0-11D2-91B5-00104B9C4765} - C:\Copernic_2001\Copernic.exe
O9 - Extra button: Copernic - {2A465936-E5F0-11D2-91B5-00104B9C4765} -

C:\Copernic_2001\Copernic.exe
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} -

C:\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Fill - {320AF880-6646-11D3-ABEE-C5DBF3571F46} -

C:\WWW_Utilities\Robot_fill_form\RoboForm.dll
O9 - Extra 'Tools' menuitem: &7 Fill Forms -

{320AF880-6646-11D3-ABEE-C5DBF3571F46} -

C:\WWW_Utilities\Robot_fill_form\RoboForm.dll
O9 - Extra button: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} -

C:\WWW_Utilities\Robot_fill_form\RoboForm.dll
O9 - Extra 'Tools' menuitem: &8 Save Forms -

{320AF880-6646-11D3-ABEE-C5DBF3571F49} -

C:\WWW_Utilities\Robot_fill_form\RoboForm.dll
O9 - Extra button: RF toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} -

C:\WWW_Utilities\Robot_fill_form\RoboForm.dll
O9 - Extra 'Tools' menuitem: &9 Robo Toolbar -

{724d43aa-0d85-11d4-9908-00400523e39a} -

C:\WWW_Utilities\Robot_fill_form\RoboForm.dll
O9 - Extra button: Translate - {99EFB53C-C965-43CF-9F45-52242D134187} -

file://C:\Copernic_2001\Translate.htm
O9 - Extra 'Tools' menuitem: &Translate Using Gist-In-Time -

{99EFB53C-C965-43CF-9F45-52242D134187} -

file://C:\Copernic_2001\Translate.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} -

C:\WINDOWS\System32\Shdocvw.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com/notebooks/omnibook/home
O16 - DPF: ppctlcab - http://www.pestscan.com/scanner/ppctlcab.cab
O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} -

https://components.viewpoint.com/MTSInstallers/MetaStream3.cab?url=http://www

.viewpoint.com/cgi-bin/compaq.v2/vet_install_popup.pl?1&4&04.00.08.43-hp&http

://h71016.www7.hp.com/html/interactive/h6300/model.html?jumpid=in_r295_3d/HND

/h6300|ProdPage|viewpoint
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus

scanner) -

http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13}

(PPSDKActiveXScanner.MainScreen) -

http://www.pestscan.com/scanner/axscanner.cab
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) -

http://www.cult3d.com/download/cult.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility

Class) -

http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) -

http://a840.g.akamai.net/7/840/537/2004033001/housecall.antivirus.com/houseca

ll/xscan53.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF}

(MsnMessengerSetupDownloadControl Class) -

http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O17 -

HKLM\System\CCS\Services\Tcpip\..\{3D28D13B-D293-42A0-BCFA-30011D9F1654}:

NameServer = 194.204.152.34,194.204.159.1
O23 - Service: Aeiwsvc - Unknown owner - C:\WINDOWS\system32\AEIWLSVC.EXE
O23 - Service: Ati HotKey Poller - Unknown owner -

C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ewido security suite control - ewido networks - C:\Ewido

anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Ewido

anti-malware\ewidoguard.exe
O23 - Service: HPAlertWMI - Hewlett-Packard Co. -

C:\Program\Hewlett-Packard\TopToolsWMI\WMIProviders\HPAlertWMI.exe
O23 - Service: HP Configuration Service (HPConfig) - Hewlett-Packard -

C:\WINDOWS\System32\HPConfig.exe
O23 - Service: jsdaemon - JetFax, Inc. - c:\LaserJet3150\jsdaemon.exe
O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner -

C:\Norman\Nvc\BIN\nipsvc.exe
O23 - Service: Norman NJeeves - Unknown owner - C:\Norman\bin\NJEEVES.EXE
O23 - Service: Norman ZANDA - Unknown owner - C:\Norman\Bin\Zanda.exe
O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA

- C:\Norman\Nvc\bin\nvcoas.exe
O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman Data

Defense Systems - C:\Norman\Nvc\BIN\NVCSCHED.EXE
O23 - Service: Pml Driver - HP - C:\WINDOWS\System32\HPHipm09.exe
O23 - Service: Reflection TimeSync - WRQ, Inc. - C:\Reflection_90\rtsserv.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd

- C:\Spyware Doctor\sdhelp.exe
O23 - Service: SLPMONX - ProdEx Technologies -

C:\WINDOWS\System32\slpservice.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. -

C:\WINDOWS\system32\ZoneLabs\vsmon.exe

============================ ADS =====================
C:\Documents and Settings\All Users\Application Data\Microsoft\Windows NT\MSFax\SentItems\S-1-5-21-3757435101-3802400216-3657561249-500$201c2788dfa4bd1.tif : Xj1phwzh5qcwungrN45kt3kiCe  (992 bytes)
C:\Documents and Settings\All Users\Application Data\Microsoft\Windows NT\MSFax\SentItems\S-1-5-21-3757435101-3802400216-3657561249-500$201c2788dfa4bd1.tif : {4c8cc155-6c1e-11d1-8e41-00c04fb9386d}  (0 bytes)
C:\Documents and Settings\All Users\Application Data\Microsoft\Windows NT\MSFax\SentItems\S-1-5-21-3757435101-3802400216-3657561249-500$201c3474befb0b3.tif : Xj1phwzh5qcwungrN45kt3kiCe  (912 bytes)
C:\Documents and Settings\All Users\Application Data\Microsoft\Windows NT\MSFax\SentItems\S-1-5-21-3757435101-3802400216-3657561249-500$201c3474befb0b3.tif : {4c8cc155-6c1e-11d1-8e41-00c04fb9386d}  (0 bytes)
C:\Documents and Settings\All Users\Application Data\Microsoft\Windows NT\MSFax\SentItems\S-1-5-21-3757435101-3802400216-3657561249-500$201c3474c9ab278.tif : Xj1phwzh5qcwungrN45kt3kiCe  (912 bytes)
C:\Documents and Settings\All Users\Application Data\Microsoft\Windows NT\MSFax\SentItems\S-1-5-21-3757435101-3802400216-3657561249-500$201c3474c9ab278.tif : {4c8cc155-6c1e-11d1-8e41-00c04fb9386d}  (0 bytes)
C:\Documents and Settings\All Users\Dokument\Mina bilder\Exempelbilder\Thumbs.db : encryptable  (0 bytes)
C:\HP_gamla_pgm\HP_calender\APPTS.EXE : SummaryInformation  (88 bytes)
C:\HP_gamla_pgm\HP_calender\APPTS.EXE : {4c8cc155-6c1e-11d1-8e41-00c04fb9386d}  (0 bytes)

=================== Ewido =============
---------------------------------------------------------
 ewido anti-malware - Scan report
---------------------------------------------------------

 + Created on:         06:27:59, 2006-02-21
 + Report-Checksum:      B00040CC

 + Scan result:

   C:\1_drsmartload1._xe -> Downloader.VB.wj : Cleaned with backup
   C:\1_gimmygames._xe -> Downloader.VB.wd : Cleaned with backup
   C:\Eudora.ok\BILAGOR\maly_test.exe -> Not-A-Virus.BadJoke.Win32.Stupen.c : Cleaned with backup
   C:\Norman\Norman_GenFix.exe -> Heuristic.Win32.HostFile : Cleaned with backup
   C:\Utilities\Viruses\Norman\Norman_GenFix.exe -> Heuristic.Win32.HostFile : Cleaned with backup
   C:\WINDOWS\Access._xe -> Dialer.SexProvider : Cleaned with backup
   C:\WINDOWS\system32\barseek.dll -> Proxy.Small.du : Cleaned with backup
   C:\WINDOWS\sys_reg_virussmitt_AdwareRaxums.txt -> Hijacker.StartPage : Cleaned with backup
   C:\WINDOWS\tool2.exe -> Not-A-Virus.Hoax.Win32.Renos.az : Cleaned with backup
   C:\WINDOWS\toolbar.exe -> Downloader.VB.vz : Cleaned with backup
   C:\WINDOWS\winsysban7.exe -> Hijacker.VB.le : Cleaned with backup
   C:\WINDOWS\winsysupd7.exe -> Downloader.VB.wg : Cleaned with backup


::Report End

---------------------------------------------------------
 ewido anti-malware - Process report
---------------------------------------------------------

 + Created on:         06:33:32, 2006-02-21
 + Report-Checksum:      9154DF8C

       0: System Process
       4: System Process
     200: C:\WINDOWS\System32\atiptaxx.exe
     228: C:\Program\Hewlett-Packard\HP Display Settings\hpdisply.exe
     240: C:\Program\Synaptics\SynTP\SynTPLpr.exe
     260: C:\Program\Synaptics\SynTP\SynTPEnh.exe
     268: C:\WINDOWS\System32\AEIWLRAD.EXE
     280: C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
     284: C:\WINDOWS\System32\hphmon03.exe
     292: C:\Program\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe
     300: C:\Program\Hewlett-Packard\PhotoSmart\HP Share-to-Web\hpgs2wnd.exe
     308: C:\program\hewlett-packard\Mmenu\hpcdtray.exe
     336: C:\Program\Hewlett-Packard\TopToolsWMI\HPTrayIcon.exe
     372: C:\WINDOWS\system32\dla\tfswctrl.exe
     412: \SystemRoot\System32\smss.exe
     468: \??\C:\WINDOWS\system32\csrss.exe
     492: \??\C:\WINDOWS\system32\winlogon.exe
     544: C:\WINDOWS\system32\services.exe
     556: C:\WINDOWS\system32\lsass.exe
     700: C:\Ewido anti-malware\ewidoctrl.exe
     764: C:\WINDOWS\system32\svchost.exe
     808: C:\WINDOWS\System32\svchost.exe
     896: C:\Program\HEWLET~1\PHOTOS~1\HPSHAR~1\hpgs2wnf.exe
     932: C:\WINDOWS\System32\svchost.exe
     956: C:\WINDOWS\System32\svchost.exe
    1076: C:\WINDOWS\system32\spoolsv.exe
    1164: C:\WINDOWS\system32\AEIWLSVC.EXE
    1176: C:\WINDOWS\System32\Ati2evxx.exe
    1288: C:\WINDOWS\System32\HPConfig.exe
    1312: c:\LaserJet3150\jsdaemon.exe
    1336: C:\Program\Hewlett-Packard\TopToolsWMI\WMIWDog.exe
    1368: C:\Norman\Bin\Zanda.exe
    1404: C:\Reflection_90\rtsserv.exe
    1488: C:\Spyware Doctor\sdhelp.exe
    1516: C:\WINDOWS\System32\slpservice.exe
    1536: C:\WINDOWS\System32\snmp.exe
    1548: C:\WINDOWS\System32\slpmonx.exe
    1564: C:\WINDOWS\System32\svchost.exe
    1588: C:\WINDOWS\System32\wdfmgr.exe
    1624: C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    1948: C:\WINDOWS\Explorer.EXE
    1992: C:\WINDOWS\System32\wbem\wmiprvse.exe
    2196: C:\Program\HPONE-~1\OneTouch.EXE
    2204: C:\Program\QuickTime\qttask.exe
    2216: C:\Program\Delade filer\Real\Update_OB\realsched.exe
    2224: C:\Program\DELADE~1\PCSuite\DATALA~1\DATALA~1.EXE
    2232: C:\NOKIA9~2\NOKIAP~1\TRAYAP~1.EXE
    2264: C:\Norman\bin\ZLH.EXE
    2272: C:\WINDOWS\System32\ctfmon.exe
    2280: C:\spyware doctor\Swdoctor.exe
    2312: C:\Security\Antivir\BitDefender for ICQ\aqmon.exe
    2372: C:\LaserJet3150\JETSTAT.EXE
    2392: C:\Program\Delade filer\efax\dllcmd32.exe
    2432: C:\WWW_Utilities\ZoneAlarm\zonealarm.exe
    2508: C:\Norman\Nvc\BIN\nipsvc.exe
    2532: C:\Norman\bin\NJEEVES.EXE
    2588: C:\Norman\Nvc\bin\nvcoas.exe
    2616: C:\Norman\Nvc\BIN\NIP.EXE
    2632: c:\LASERJ~1\JSFMAN.EXE
    2660: C:\Program\DELADE~1\PCSuite\Services\SERVIC~1.EXE
    3020: C:\Norman\Nvc\bin\cclaw.exe
    3124: C:\WinZip_8\winzip32.exe
    3880: C:\Ewido anti-malware\SecuritySuite.exe
---------------------------------------------------------
 ewido anti-malware - Startup report
---------------------------------------------------------

 + Created on:         06:30:21, 2006-02-21
 + Report-Checksum:      5BBE12CE

Reg\HKLM\Run         ATIModeChange                            Ati2mdxx.exe                                                                                        
Reg\HKLM\Run         AtiPTA                                   atiptaxx.exe                                                                                        
Reg\HKLM\Run         HP Display Settings                      C:\Program\Hewlett-Packard\HP Display Settings\hpdisply.exe /s                                      
Reg\HKLM\Run         SynTPLpr                                 C:\Program\Synaptics\SynTP\SynTPLpr.exe                                                            
Reg\HKLM\Run         SynTPEnh                                 C:\Program\Synaptics\SynTP\SynTPEnh.exe                                                            
Reg\HKLM\Run         1AEIWLRAD.EXE                            AEIWLRAD.EXE                                                                                        
Reg\HKLM\Run         HP Presentation Ready                    C:\Program\Hewlett-Packard\HP Presentation Ready\PresRdy.exe -r                                    
Reg\HKLM\Run         HPDJ Taskbar Utility                     C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe                                            
Reg\HKLM\Run         HPHmon03                                 C:\WINDOWS\System32\hphmon03.exe                                                                    
Reg\HKLM\Run         CXMon                                    "C:\Program\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe"                              
Reg\HKLM\Run         Share-to-Web Namespace Daemon            C:\Program\Hewlett-Packard\PhotoSmart\HP Share-to-Web\hpgs2wnd.exe                                  
Reg\HKLM\Run         HP CD-Writer                             c:\program\hewlett-packard\Mmenu\hpcdtray.exe                                                      
Reg\HKLM\Run         dla                                      C:\WINDOWS\system32\dla\tfswctrl.exe                                                                
Reg\HKLM\Run         HP Tray Icon WMI                         C:\Program\Hewlett-Packard\TopToolsWMI\HPTrayIcon.exe                                              
Reg\HKLM\Run         HP Lamp                                  C:\HP PrecisionScan\PrecisionScan\HPLamp.exe                                                        
Reg\HKLM\Run         QT4HPOT                                  C:\Program\HPONE-~1\OneTouch.EXE                                                                    
Reg\HKLM\Run         QuickTime Task                           "C:\Program\QuickTime\qttask.exe" -atboottime                                                      
Reg\HKLM\Run         TkBellExe                                "C:\Program\Delade filer\Real\Update_OB\realsched.exe"  -osboot                                    
Reg\HKLM\Run         DataLayer                                C:\Program\DELADE~1\PCSuite\DATALA~1\DATALA~1.EXE                                                  
Reg\HKLM\Run         PCSuiteTrayApplication                   C:\NOKIA9~2\NOKIAP~1\TRAYAP~1.EXE                                                                  
Reg\HKLM\Run         Norman ZANDA                             C:\Norman\bin\ZLH.EXE /LOAD /SPLASH                                                                
Reg\HKCU\Run         CTFMON.EXE                               C:\WINDOWS\System32\ctfmon.exe                                                                      
Reg\HKCU\Run         Spyware Doctor                           "C:\spyware doctor\Swdoctor.exe" /Q                                                                
Reg\HKCU\Run         Windows installer                                                                                                                            
Shell\CommonStartup  BitDefender for ICQ.lnk                  C:\Documents and Settings\All Users\Start-meny\Program\Autostart\BitDefender for ICQ.lnk            
Shell\CommonStartup  BitDefender for MSN Messenger.lnk        C:\Documents and Settings\All Users\Start-meny\Program\Autostart\BitDefender for MSN Messenger.lnk  
Shell\CommonStartup  BitDefender_P2P_Startup.lnk              C:\Documents and Settings\All Users\Start-meny\Program\Autostart\BitDefender_P2P_Startup.lnk        
Shell\CommonStartup  HP LaserJet 3150 Status.lnk              C:\Documents and Settings\All Users\Start-meny\Program\Autostart\HP LaserJet 3150 Status.lnk        
Shell\CommonStartup  Live Menu.lnk                            C:\Documents and Settings\All Users\Start-meny\Program\Autostart\Live Menu.lnk                      
Shell\CommonStartup  ZoneAlarm.lnk                            C:\Documents and Settings\All Users\Start-meny\Program\Autostart\ZoneAlarm.lnk                      
[/quote]
Logged
GTO
Global Moderator
Newbie
*****
Posts: 1519



View Profile
« Reply #3 on: February 22, 2006, 09:48:22 AM »
Hi, olgierd-k.

I'm glad you have succesfully got rid of the infection Cool. According to ewido anti-malware log, your system was infected with the following parasites:
C:\1_drsmartload1._xe -> Downloader.VB.wj
C:\1_gimmygames._xe -> Downloader.VB.wd
C:\Eudora.ok\BILAGOR\maly_test.exe -> Not-A-Virus.BadJoke.Win32.Stupen.c
C:\WINDOWS\Access._xe -> Dialer.SexProvider
C:\WINDOWS\system32\barseek.dll -> Proxy.Small.du
C:\WINDOWS\sys_reg_virussmitt_AdwareRaxums.txt -> Hijacker.StartPage
C:\WINDOWS\tool2.exe -> Not-A-Virus.Hoax.Win32.Renos.az
C:\WINDOWS\toolbar.exe -> Downloader.VB.vz
C:\WINDOWS\winsysban7.exe -> Hijacker.VB.le
C:\WINDOWS\winsysupd7.exe -> Downloader.VB.wg

As you can see, none of the infected files were on your HijackThis log. The reason is simple: HijackThis is programmed to check only the fixed number of specific locations in the Windows registry. It doesn't scan your files and the file system. Malicious registry entries associated with the infected files were in different registry parts that HijackThis doesn't check. That is why I couldn't provide you with the full list of malicious files. And that is why it is very important to have several powerful anti-spyware programs and scan the infected system with each of them. There is no such tool that find 100% of parasites. Advanced anti-spyware products complement each other.
Logged
Pages: [1]
  Print  
« previous next »
 
Jump to:  




Recommended software:
STOPzilla
(90/100)
STOPzilla is a powerful anti-spyware program that detects, blocks, and removes malicious software allowing users to surf the Web not worrying about spyware, Trojan horses,...
Malwarebytes Anti Malware
(88/100)
There are loads of malware removers on the net today and most of them are lightweight applications, which usually means they’re fast and don’t...
Spyware Doctor
(87/100)
Spyware Doctor is a very powerful, but yet highly user-friendly spyware remover, made by PC Tools, reputable computer security experts. This product provides effective and...
SpyHunter
(86/100)
SpyHunter is a quite simple, but yet highly effective spyware remover with an easy-to-use interface. This program is an excellent choice for users, who are...
XoftSpySE Anti Spyware
(84/100)
XoftSpySE, an anti-spyware program made by ParetoLogic, Inc., is a simple, but effective on-demand scanner with the typical set of functions but very easy to...
Encyclopedia of parasites:

Spreading the knowledge:

It is very hard to fight Computer parasites alone in internet space. If you have a website we would be more than happy if you would help us to spread the knowledge about latest threats. You can help your visitors to manage their Computer system manually without aditional expences. Knowledge is the power, we just need to spread it.
add text box
rss feed
help other
Latest Spyware Threats: Internet Security 2012 | Win 7 Total security 2012 | System Check | Win 7 Internet Security 2012 | Win 7 Home Security 2012 | Win 7 Antivirus 2012 | Win 7 Antispyware 2012 | Vista Security 2012 | Vista Antivirus 2012 | Vista Antispyware 2012 | XP Antispyware 2012 | XP Antivirus 2012 | XP Security 2012 | XP Home Security 2012 | Security Shield
Agreement of Use | Privacy policy | Webmasters | Contact us | RSS Feeds
© 2001-2011 2-spyware.com All Rights Reserved. Reproduction in part or whole without written permission is prohibited. Powered by: eSolutions.