Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

My Log


  • This topic is locked This topic is locked
10 replies to this topic

#1 restless

restless

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:07:43 PM

Posted 27 August 2007 - 12:58 PM

Hello, i am new to this forum. I found your site while i was trying to get rid of zzzip.exe, rrrar.exe. I installed SmitfraudFix and I removed the files C:\WINDOWS\System32\osa9.exe
C:\WINDOWS\System32\ctccw32.dll.

When I restarted, I confronted the message like "unable to start ctccw32". Then I installed FixWareout and here is my log. Previusly(before removing osa9) zzzip.exe, rrrar.exe were in the processes list. Now they are gone but CtrlIOHook and ZoomiNGHook.exe still exist. Also the problem "unable to start ctccw32"
exists when the windows opens. Which antivirus/spyware programs do you suggest?

»»»»»Prerun check

DNS Çözme Önbelleği başarıyla temizlendi.


System was rebooted successfully.

»»»»» Postrun check
HKLM\SOFTWARE\~\Winlogon\ "System"=""
....
....
»»»»» Misc files.
....
»»»»» Checking for older varients.
....

»»»»» Current runs (hklm hkcu "run" Keys Only)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="C:\\WINDOWS\\system32\\igfxtray.exe"
"igfxhkcmd"="C:\\WINDOWS\\system32\\hkcmd.exe"
"igfxpers"="C:\\WINDOWS\\system32\\igfxpers.exe"
"AGRSMMSG"="AGRSMMSG.exe"
"Apoint"="C:\\Program Files\\Apoint2K\\Apoint.exe"
"CeEKEY"="C:\\Program Files\\TOSHIBA\\E-KEY\\CeEKey.exe"
"TPNF"="C:\\Program Files\\TOSHIBA\\TouchPad\\TPTray.exe"
"HWSetup"="C:\\Program Files\\TOSHIBA\\TOSHIBA Applet\\HWSetup.exe hwSetUP"
"SVPWUTIL"="C:\\Program Files\\Toshiba\\Windows Utilities\\SVPWUTIL.exe SVPwUTIL"
"Zooming"="ZoomingHook.exe"
"TCtryIOHook"="TCtrlIOHook.exe"
"TPSMain"="TPSMain.exe"
"SmoothView"="C:\\Program Files\\TOSHIBA\\TOSHIBA Yakınlaştırma Yardımcı Programı\\SmoothView.exe"
"TFncKy"="TFncKy.exe"
"PadTouch"="C:\\Program Files\\TOSHIBA\\Touch and Launch\\PadExe.exe"
"Tvs"="C:\\Program Files\\TOSHIBA\\Tvs\\TvsTray.exe"
"NDSTray.exe"="NDSTray.exe"
"dla"="C:\\WINDOWS\\system32\\dla\\tfswctrl.exe"
"SSC_UserPrompt"="C:\\Program Files\\Common Files\\Symantec Shared\\Security Center\\UsrPrmpt.exe"
"WinampAgent"="C:\\Program Files\\Winamp\\winampa.exe"
"Adobe Reader Speed Launcher"="\"C:\\Program Files\\Adobe\\Reader 8.0\\Reader\\Reader_sl.exe\""
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\QTTask.exe\" -atboottime"
"Office SturtUp"="osa9.exe"
"gfxtray"="rundll32 ctccw32.dll,findwnd"
"SCDEmuApp.exe"="C:\\Program Files\\PowerISO\\SCDEmuApp.exe"
"CFSServ.exe"="CFSServ.exe -NoClient"
"UVS11 Preload"="C:\\Program Files\\Ulead Systems\\Ulead VideoStudio 11\\uvPL.exe"
"SpySweeper"="\"C:\\Program Files\\Webroot\\Spy Sweeper\\SpySweeper.exe\" /startintray"
"SDTray"="C:\\Program Files\\Spyware Doctor\\SDTrayApp.exe"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe"
"TOSCDSPD"="C:\\Program Files\\TOSHIBA\\TOSCDSPD\\toscdspd.exe"
"MsnMsgr"="\"C:\\Program Files\\Windows Live\\Messenger\\MsnMsgr.Exe\" /background"
"ares"="\"C:\\Program Files\\Ares\\Ares.exe\" -h"
"DAEMON Tools"="\"C:\\Program Files\\DAEMON Tools\\daemon.exe\" -lang 1033"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\AdobeUpdater]
....
Hosts file was reset, If you use a custom hosts file please replace it
»»»»» End report »»»»»

BC AdBot (Login to Remove)

 


#2 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:06:43 PM

Posted 05 September 2007 - 05:30 AM

Hi,

Not sure why you ran FixwareOut....

* Download Trend Micro Hijack This™
Doubleclick the HJTInstall.exe to start it.
By default it will install HijackThis in the Program Files\Trendmicro folder and create a desktop shortcut.
HijackThis will open after install. Press the Scan button below.
This will start the scan and open a log.
Copy and paste the contents of the log in your next reply.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#3 restless

restless
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:07:43 PM

Posted 06 September 2007 - 08:13 AM

ty, i did what you suggested, here is my log.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:11:33, on 06.09.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\wdfmgr.exe
c:\wamp\apache2\bin\httpd.exe
c:\wamp\mysql\bin\mysqld-nt.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\wamp\apache2\bin\httpd.exe
C:\Program Files\Spyware Doctor\SDTrayApp.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
C:\WINDOWS\system32\ZoomingHook.exe
C:\WINDOWS\system32\TCtrlIOHook.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\TOSHIBA\TOSHIBA Yakınlaştırma Yardımcı Programı\SmoothView.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
C:\Program Files\TOSHIBA\Tvs\TvsTray.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\PowerISO\SCDEmuApp.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSServ.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\wamp\wampmanager.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Winamp\winamp.exe
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Bağlantılar
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
O4 - HKLM\..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
O4 - HKLM\..\Run: [HWSetup] C:\Program Files\TOSHIBA\TOSHIBA Applet\HWSetup.exe hwSetUP
O4 - HKLM\..\Run: [SVPWUTIL] C:\Program Files\Toshiba\Windows Utilities\SVPWUTIL.exe SVPwUTIL
O4 - HKLM\..\Run: [Zooming] ZoomingHook.exe
O4 - HKLM\..\Run: [TCtryIOHook] TCtrlIOHook.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Yakınlaştırma Yardımcı Programı\SmoothView.exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
O4 - HKLM\..\Run: [Tvs] C:\Program Files\TOSHIBA\Tvs\TvsTray.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Office SturtUp] osa9.exe
O4 - HKLM\..\Run: [gfxtray] rundll32 ctccw32.dll,findwnd
O4 - HKLM\..\Run: [SCDEmuApp.exe] C:\Program Files\PowerISO\SCDEmuApp.exe
O4 - HKLM\..\Run: [CFSServ.exe] CFSServ.exe -NoClient
O4 - HKLM\..\Run: [UVS11 Preload] C:\Program Files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe
O4 - HKLM\..\Run: [SDTray] C:\Program Files\Spyware Doctor\SDTrayApp.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: WampServer.lnk = C:\wamp\wampmanager.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_03\bin\npjpi150_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_03\bin\npjpi150_03.dll
O9 - Extra button: Araştır - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: wampapache - Apache Software Foundation - c:\wamp\apache2\bin\httpd.exe
O23 - Service: wampmysqld - Unknown owner - c:\wamp\mysql\bin\mysqld-nt.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe

--
End of file - 8675 bytes

#4 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:06:43 PM

Posted 06 September 2007 - 08:40 AM

Hi,

* Start HijackThis, close all open windows leaving only HijackThis running. Place a check against each of the following:

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [Office SturtUp] osa9.exe
O4 - HKLM\..\Run: [gfxtray] rundll32 ctccw32.dll,findwnd


* Click on Fix Checked when finished and exit HijackThis.
Make sure your Internet Explorer is closed when you click Fix Checked!

I don't see you are running an Antivirus :thumbsup:

* Please install Avira Antivirus: http://www.free-av.com/

Perform a full scan with Avira and let it delete everything it is finding.
Then reboot.
After reboot, open your Avira and select "reports".
There doubleclick the report from the Full scan you have done. Click the "Report File" button and copy and paste this report in your next reply together with a new Hijackthislog.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#5 restless

restless
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:07:43 PM

Posted 08 September 2007 - 02:01 PM

Hi, the last report:

AntiVir PersonalEdition Classic
Report file date: 08 Eylül 2007 Cumartesi 09:08

Scanning for 740715 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Username: xyz
Computer name: Rrr

Version information:
BUILD.DAT : 247 14437 Bytes 10.05.2007 11:55:00
AVSCAN.EXE : 7.0.4.15 282664 Bytes 20.04.2007 10:37:14
AVSCAN.DLL : 7.0.4.4 33832 Bytes 27.03.2007 10:31:54
LUKE.DLL : 7.0.4.11 143400 Bytes 27.03.2007 10:26:04
LUKERES.DLL : 7.0.4.0 10280 Bytes 19.03.2007 10:18:59
ANTIVIR0.VDF : 6.35.0.1 7371264 Bytes 31.05.2006 12:08:58
ANTIVIR1.VDF : 6.37.1.151 4303360 Bytes 23.02.2007 12:09:01
ANTIVIR2.VDF : 6.38.0.214 729600 Bytes 12.04.2007 12:09:02
ANTIVIR3.VDF : 6.38.0.225 50688 Bytes 16.04.2007 12:09:02
AVEWIN32.DLL : 7.4.0.12 2404864 Bytes 13.04.2007 12:04:24
AVWINLL.DLL : 1.0.0.7 14376 Bytes 26.02.2007 08:36:26
AVPREF.DLL : 7.0.2.1 24616 Bytes 27.03.2007 10:31:50
AVREP.DLL : 7.0.0.1 155688 Bytes 16.04.2007 11:16:24
AVPACK32.DLL : 7.3.0.8 360488 Bytes 27.03.2007 06:48:28
AVREG.DLL : 7.0.1.2 31784 Bytes 15.03.2007 07:05:08
AVEVTLOG.DLL : 7.0.0.18 86056 Bytes 27.03.2007 10:16:05
AVARKT.DLL : 1.0.0.17 278568 Bytes 02.05.2007 09:32:26
NETNT.DLL : 7.0.0.0 7720 Bytes 08.03.2007 09:09:42
RCIMAGE.DLL : 7.0.1.15 2228264 Bytes 13.03.2007 08:46:18
RCTEXT.DLL : 7.0.45.0 86056 Bytes 19.03.2007 10:42:42

Configuration settings for the scan:
Jobname..........................: Local Hard Disks
Configuration file...............: C:\Program Files\AntiVir PersonalEdition Classic\alldiscs.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: off
Scan boot sector.................: on
Boot sectors.....................: E:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium

Start of the scan: 08 Eylül 2007 Cumartesi 09:08

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'usnsvc.exe' - '1' Module(s) have been scanned
Scan process 'firefox.exe' - '1' Module(s) have been scanned
Scan process 'wampmanager.exe' - '1' Module(s) have been scanned
Scan process 'daemon.exe' - '1' Module(s) have been scanned
Scan process 'Ares.exe' - '1' Module(s) have been scanned
Scan process 'TOSCDSPD.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'CFSServ.exe' - '1' Module(s) have been scanned
Scan process 'SCDEmuApp.exe' - '1' Module(s) have been scanned
Scan process 'TPSBattM.exe' - '1' Module(s) have been scanned
Scan process 'winampa.exe' - '1' Module(s) have been scanned
Scan process 'tfswctrl.exe' - '1' Module(s) have been scanned
Scan process 'NDSTray.exe' - '1' Module(s) have been scanned
Scan process 'TvsTray.exe' - '1' Module(s) have been scanned
Scan process 'ApntEx.exe' - '1' Module(s) have been scanned
Scan process 'PadExe.exe' - '1' Module(s) have been scanned
Scan process 'TFncKy.exe' - '1' Module(s) have been scanned
Scan process 'SmoothView.exe' - '1' Module(s) have been scanned
Scan process 'TPSMain.exe' - '1' Module(s) have been scanned
Scan process 'TCtrlIOHook.exe' - '1' Module(s) have been scanned
Scan process 'ZoomingHook.exe' - '1' Module(s) have been scanned
Scan process 'TPTray.exe' - '1' Module(s) have been scanned
Scan process 'CeEKey.exe' - '1' Module(s) have been scanned
Scan process 'Apoint.exe' - '1' Module(s) have been scanned
Scan process 'agrsmmsg.exe' - '1' Module(s) have been scanned
Scan process 'igfxpers.exe' - '1' Module(s) have been scanned
Scan process 'hkcmd.exe' - '1' Module(s) have been scanned
Scan process 'igfxtray.exe' - '1' Module(s) have been scanned
Scan process 'wscntfy.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'SDTrayApp.exe' - '1' Module(s) have been scanned
Scan process 'httpd.exe' - '1' Module(s) have been scanned
Scan process 'SymWSC.exe' - '1' Module(s) have been scanned
Scan process 'mysqld-nt.exe' - '1' Module(s) have been scanned
Scan process 'httpd.exe' - '1' Module(s) have been scanned
Scan process 'wdfmgr.exe' - '1' Module(s) have been scanned
Scan process 'ULCDRSvr.exe' - '1' Module(s) have been scanned
Scan process 'swdsvc.exe' - '1' Module(s) have been scanned
Scan process 'svcntaux.exe' - '1' Module(s) have been scanned
Scan process 'CFSvcs.exe' - '1' Module(s) have been scanned
Scan process 'DevSvc.exe' - '1' Module(s) have been scanned
Scan process 'mDNSResponder.exe' - '1' Module(s) have been scanned
Scan process 'aawservice.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
60 processes with 60 modules were scanned

Start scanning boot sectors:
Boot sector 'C:\'
[NOTE] No virus was found!
Boot sector 'E:\'
[NOTE] No virus was found!

Starting to scan the registry.
The registry was scanned ( '37' files ).


Starting the file scan:

Begin scan in 'C:\'
C:\hiberfil.sys
[WARNING] The file could not be opened!
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\Documents and Settings\xyz\Belgelerim\Downloads\Allok.Video.Joiner.v2.0.2.Keygen..rar
[0] Archive type: RAR
--> keygen\keygen.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\Documents and Settings\xyz\Belgelerim\Downloads\keygen\keygen.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\Program Files\eMule\Incoming\Anti Spywere Webroot Spy Sweeper v4.5.5.607_cracked.zip
[0] Archive type: ZIP
--> Keygen + Fix/keygen/keygen.exe
[DETECTION] Contains signature of the dropper DR/SdBot.537088
[INFO] The file was deleted!
C:\Program Files\eMule\Incoming\Anti Spywere Webroot Spy Sweeper v4.5.5.607_cracked\Keygen + Fix\keygen\keygen.exe
[DETECTION] Contains signature of the dropper DR/SdBot.537088
[INFO] The file was deleted!
C:\WINDOWS\system32\drivers\sptd.sys
[WARNING] The file could not be opened!
Begin scan in 'E:\'


End of the scan: 08 Eylül 2007 Cumartesi 11:12
Used time: 2:04:29 min

The scan has been done completely.

7433 Scanning directories
265906 Files were scanned
4 viruses and/or unwanted programs were found
0 classified as suspicious:
4 files were deleted
0 files were repaired
0 files were moved to quarantine
0 files were renamed
3 Files cannot be scanned
265902 Files not concerned
6723 Archives were scanned
3 Warnings
43 Notes
0 Hidden objects were found

#6 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:06:43 PM

Posted 08 September 2007 - 02:16 PM

Hi,

I see you're not afraid of visiting cracksites and other illegal sites, because some cracks are being flagged as malicious.
If you visit cracksites, use cracks, you'll ALWAYS get infected. This not only because of the crack itself, but because one single click entering that site may already download and install a huge malware bundle.
You really have to change your surfing habits though, because these malware bundles may contain a keylogger, collecting all your passwords and installing other random malware, compromising your system including infecting other computers. And this all, because you visited some illegal sites.
Also, keep in mind, malware DAMAGES A LOT! And the damage can't always be repaired, so a format and reinstall is the only solution in such cases.
So is it really worth it? Get illegal software for "free", but compromise/break your computer instead.... :thumbsup:
Better to avoid this instead and change your surfing habits. Then this wouldn't have happened.

What problems are you still having?
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#7 restless

restless
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:07:43 PM

Posted 08 September 2007 - 02:47 PM

thanks for your help, there seem no problems but i doubt tctrlio.exe and and zoominghook.exe could be trojans. What do you think?

#8 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:06:43 PM

Posted 08 September 2007 - 02:58 PM

The zoominghook.exe is OK. zoominghook.exe is a process associated with Toshiba Zooming Utility for Tablet PC.

tctrlio.exe

I assume you mean TCtrlIOHook.exe? That one is Ok as well. It is the Toshiba Control Utility Hotkey Hook by Toshiba.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#9 restless

restless
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:07:43 PM

Posted 08 September 2007 - 03:14 PM

dear miekiemoes,
thanks for your answers! you really helped me a lot. you rock! :thumbsup:

#10 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:06:43 PM

Posted 08 September 2007 - 03:31 PM

You're most welcome.
Just stay away from illegal software, because you will get reinfected in no time - even with the best Antivirus and Firewall installed.


Please read my Prevention page with lots of info and tips how to prevent this in the future.
And if you want to improve speed/system performance after malware removal, take a look here.

Happy Surfing again!
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#11 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:06:43 PM

Posted 09 September 2007 - 04:09 AM

Since this issue appears resolved ... this Topic is closed.
If you need this topic reopened for continuations of existing problems, please request this by sending me a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users