Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected With Spyware-secure,pc-on-internet.com


  • Please log in to reply
3 replies to this topic

#1 tsapgeo

tsapgeo

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:11:21 AM

Posted 28 December 2007 - 05:01 PM

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:59:28 μμ, on 28/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Lavasoft\Ad-aware 6\Ad-watch.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam10\QuickCam10.exe
C:\Program Files\Java\j2re1.4.2_15\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\CyberLink DVD Solution\Multimedia Launcher\PowerBar.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Γιώργος\Τα έγγραφά μου\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Συνδέσεις
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {5f90c0e3-4c0a-4d54-a8ac-5afe6163a99e} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: Systran40stand.IEPlugIn - {EDDEB5CF-6CC3-11D6-ABAA-00B0D094B576} - C:\Program Files\Systran\4_0\Standard\IEPlugIn.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: (no name) - {1962c5bc-e475-465b-823b-133e711bceb9} - (no file)
O4 - HKLM\..\Run: [Συντόμευση σελίδας ιδιοτήτων του High Definition Audio] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Ad-watch] C:\Program Files\Lavasoft\Ad-aware 6\Ad-watch.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\j2re1.4.2_15\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PowerBar] "C:\Program Files\CyberLink DVD Solution\Multimedia Launcher\PowerBar.exe" /AtBootTime
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
O8 - Extra context menu item: &Search - http://kn.bar.need2find.com/KN/menusearch.html?p=KN
O8 - Extra context menu item: Ε&ξαγωγή στο Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Έρευνα - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1184246956906
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe

--
End of file - 8370 bytes

BC AdBot (Login to Remove)

 


m

#2 tsapgeo

tsapgeo
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:11:21 AM

Posted 29 December 2007 - 04:47 PM

thank you for directions.i followed your advice but adware scan stopped during the process and notified me for a mistake and asked to send a report to lavasoft which i did.panda anti virus got frozen during scanning and never completed scanning.
i post here the scan log from hijack
thankyou in advance


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:33:12 μμ, on 29/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Lavasoft\Ad-aware 6\Ad-watch.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam10\QuickCam10.exe
C:\Program Files\Java\j2re1.4.2_15\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\CyberLink DVD Solution\Multimedia Launcher\PowerBar.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\Γιώργος\Τα έγγραφά μου\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Συνδέσεις
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {5f90c0e3-4c0a-4d54-a8ac-5afe6163a99e} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: Systran40stand.IEPlugIn - {EDDEB5CF-6CC3-11D6-ABAA-00B0D094B576} - C:\Program Files\Systran\4_0\Standard\IEPlugIn.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: (no name) - {1962c5bc-e475-465b-823b-133e711bceb9} - (no file)
O4 - HKLM\..\Run: [Συντόμευση σελίδας ιδιοτήτων του High Definition Audio] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Ad-watch] C:\Program Files\Lavasoft\Ad-aware 6\Ad-watch.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\j2re1.4.2_15\bin\jusched.exe"
O4 - HKLM\..\RunOnce: [Spybot - Search & Destroy] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PowerBar] "C:\Program Files\CyberLink DVD Solution\Multimedia Launcher\PowerBar.exe" /AtBootTime
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
O8 - Extra context menu item: &Search - http://kn.bar.need2find.com/KN/menusearch.html?p=KN
O8 - Extra context menu item: Ε&ξαγωγή στο Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Έρευνα - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1184246956906
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe


i add here the scan log from active scan


Incident Status Location

Potentially unwanted tool:application/bestoffer Not disinfected c:\windows\smdat32m.sys
Potentially unwanted tool:application/need2find Not disinfected c:\program files\Need2Find
Potentially unwanted tool:application/altnet Not disinfected hkey_classes_root\clsid\{9BBCF06C-DCD7-495D-80DF-CDD5399D0FF8}
Adware:adware/savenow Not disinfected Windows Registry
Adware:adware/rxtoolbar Not disinfected Windows Registry
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Γιώργος\Cookies\γιώργος@ads.pointroll[1].txt
Spyware:Cookie/Adtech Not disinfected C:\Documents and Settings\Γιώργος\Cookies\γιώργος@adtech[1].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Γιώργος\Cookies\γιώργος@atdmt[2].txt
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Γιώργος\Cookies\γιώργος@com[1].txt
Spyware:Cookie/HotLog Not disinfected C:\Documents and Settings\Γιώργος\Cookies\γιώργος@hotlog[1].txt
Spyware:Cookie/WUpd Not disinfected C:\Documents and Settings\Γιώργος\Cookies\γιώργος@revenue[1].txt
Spyware:Cookie/Searchportal Not disinfected C:\Documents and Settings\Γιώργος\Cookies\γιώργος@searchportal.information[1].txt
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Γιώργος\Cookies\γιώργος@server.iad.liveperson[2].txt
Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\Γιώργος\Cookies\γιώργος@statse.webtrendslive[2].txt
Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\Γιώργος\Cookies\γιώργος@xiti[1].txt
Spyware:Cookie/Yadro Not disinfected C:\Documents and Settings\Γιώργος\Cookies\γιώργος@yadro[1].txt

#3 tsapgeo

tsapgeo
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:11:21 AM

Posted 29 December 2007 - 04:52 PM

this is the log scan from adware 6.0

Ad-aware Settings
=========================
Set : Activate in-depth scan (Recommended)
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan within archives


Listing running processes
――――――――――――――――――――――――――――――――――――――

#:1 [smss.exe]
FilePath : \SystemRoot\System32\
ThreadCreationTime : 29-12-2007 9:30:07 πμ
BasePriority : Normal


#:2 [winlogon.exe]
FilePath : \??\C:\WINDOWS\system32\
ThreadCreationTime : 29-12-2007 9:30:12 πμ
BasePriority : High


#:3 [services.exe]
FilePath : C:\WINDOWS\system32\
ThreadCreationTime : 29-12-2007 9:30:13 πμ
BasePriority : Normal
FileSize : 106 KB
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
Copyright : Microsoft Corporation. .
CompanyName : Microsoft Corporation
FileDescription :
InternalName : services.exe
OriginalFilename : services.exe
ProductName : Microsoft Windows
Created on : 4/9/2004 4:45:24 πμ
Last accessed : 29/12/2007 1:43:15 μμ
Last modified : 4/9/2004 4:45:24 πμ

#:4 [lsass.exe]
FilePath : C:\WINDOWS\system32\
ThreadCreationTime : 29-12-2007 9:30:13 πμ
BasePriority : Normal
FileSize : 13 KB
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
Copyright : Microsoft Corporation. All rights reserved.
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
OriginalFilename : lsass.exe
ProductName : Microsoft Windows Operating System
Created on : 4/9/2004 4:45:20 πμ
Last accessed : 29/12/2007 1:43:15 μμ
Last modified : 4/9/2004 4:45:20 πμ

#:5 [ati2evxx.exe]
FilePath : C:\WINDOWS\system32\
ThreadCreationTime : 29-12-2007 9:30:15 πμ
BasePriority : Normal
FileSize : 344 KB
FileVersion : 6.14.10.4113
ProductVersion : 6.14.10.4113
Copyright : Copyright 1999-2004 ATI Technologies Inc.
CompanyName : ATI Technologies Inc.
FileDescription : ATI External Event Utility EXE Module
InternalName : ATI2EVXX.EXE
OriginalFilename : ATI2EVXX.EXE
ProductName : ATI External Event Utility for WindowsNT and Windows9X
Created on : 22/2/2005 1:33:36 μμ
Last accessed : 29/12/2007 1:33:10 μμ
Last modified : 22/2/2005 1:33:36 μμ

#:6 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ThreadCreationTime : 29-12-2007 9:30:15 πμ
BasePriority : Normal
FileSize : 14 KB
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
Copyright : Microsoft Corporation. All rights reserved.
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
OriginalFilename : svchost.exe
ProductName : Microsoft Windows Operating System
Created on : 4/9/2004 4:45:24 πμ
Last accessed : 29/12/2007 1:43:15 μμ
Last modified : 4/9/2004 4:45:24 πμ

#:7 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ThreadCreationTime : 29-12-2007 9:30:15 πμ
BasePriority : Normal
FileSize : 14 KB
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
Copyright : Microsoft Corporation. All rights reserved.
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
OriginalFilename : svchost.exe
ProductName : Microsoft Windows Operating System
Created on : 4/9/2004 4:45:24 πμ
Last accessed : 29/12/2007 1:43:15 μμ
Last modified : 4/9/2004 4:45:24 πμ

#:8 [incdsrv.exe]
FilePath : C:\Program Files\Ahead\InCD\
ThreadCreationTime : 29-12-2007 9:30:15 πμ
BasePriority : Normal
FileSize : 1124 KB
FileVersion : 4, 2, 12, 1
ProductVersion : 4, 2, 12, 1
Copyright : Copyright 1995-2004 Ahead Software AG and its licensors. All Rights Reserved.
CompanyName : Ahead Software AG
FileDescription : incdsrv
InternalName : incdsrv
OriginalFilename : incdsrv.exe
ProductName : Ahead Software AG incdsrv
Created on : 10/5/2005 4:16:08 μμ
Last accessed : 29/12/2007 1:33:08 μμ
Last modified : 7/9/2004 1:25:12 μμ

#:9 [aawservice.exe]
FilePath : C:\Program Files\Lavasoft\Ad-Aware 2007\
ThreadCreationTime : 29-12-2007 9:30:17 πμ
BasePriority : Normal
FileSize : 573 KB
FileVersion : 7, 0, 2, 5
ProductVersion : 7, 0, 2, 5
Copyright : Copyright 2007
CompanyName : Lavasoft AB
FileDescription : Ad-Aware 2007 Service
InternalName : Ad-Aware
OriginalFilename : Ad-Aware.exe
ProductName : Ad-Aware 2007 Service
Created on : 29/10/2007 11:27:04 πμ
Last accessed : 29/12/2007 1:33:10 μμ
Last modified : 29/10/2007 11:27:04 πμ

#:10 [ati2evxx.exe]
FilePath : C:\WINDOWS\system32\
ThreadCreationTime : 29-12-2007 9:30:21 πμ
BasePriority : Normal
FileSize : 344 KB
FileVersion : 6.14.10.4113
ProductVersion : 6.14.10.4113
Copyright : Copyright 1999-2004 ATI Technologies Inc.
CompanyName : ATI Technologies Inc.
FileDescription : ATI External Event Utility EXE Module
InternalName : ATI2EVXX.EXE
OriginalFilename : ATI2EVXX.EXE
ProductName : ATI External Event Utility for WindowsNT and Windows9X
Created on : 22/2/2005 1:33:36 μμ
Last accessed : 29/12/2007 1:33:10 μμ
Last modified : 22/2/2005 1:33:36 μμ

#:11 [explorer.exe]
FilePath : C:\WINDOWS\
ThreadCreationTime : 29-12-2007 9:30:21 πμ
BasePriority : Normal
FileSize : 1012 KB
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
Copyright : Microsoft Corporation. .
CompanyName : Microsoft Corporation
FileDescription : Windows
InternalName : explorer
OriginalFilename : EXPLORER.EXE
ProductName : Microsoft Windows
Created on : 4/9/2004 4:45:20 πμ
Last accessed : 29/12/2007 12:49:00 μμ
Last modified : 4/9/2004 4:45:20 πμ

#:12 [spoolsv.exe]
FilePath : C:\WINDOWS\system32\
ThreadCreationTime : 29-12-2007 9:30:21 πμ
BasePriority : Normal
FileSize : 56 KB
FileVersion : 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)
ProductVersion : 5.1.2600.2696
Copyright : Microsoft Corporation. All rights reserved.
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
OriginalFilename : spoolsv.exe
ProductName : Microsoft Windows Operating System
Created on : 4/9/2004 4:45:24 πμ
Last accessed : 29/12/2007 1:43:16 μμ
Last modified : 10/6/2005 11:53:32 μμ

#:13 [lvprcsrv.exe]
FilePath : c:\program files\common files\logishrd\lvmvfm\
ThreadCreationTime : 29-12-2007 9:30:21 πμ
BasePriority : Normal
FileSize : 106 KB
FileVersion : 10.5.1.2027
ProductVersion : 10.5.1.2027
Copyright : 1996-2007 Logitech. All rights reserved.
CompanyName : Logitech Inc.
FileDescription : Logitech LVPrcSrv Module.
InternalName : LVPrcSrv.exe
OriginalFilename : LVPrcSrv.exe
ProductName : Logitech QuickCam
Created on : 6/2/2007 2:45:26 μμ
Last accessed : 29/12/2007 1:33:09 μμ
Last modified : 6/2/2007 2:45:26 μμ

#:14 [cli.exe]
FilePath : C:\Program Files\ATI Technologies\ATI.ACE\
ThreadCreationTime : 29-12-2007 9:30:24 πμ
BasePriority : Normal
FileSize : 32 KB
FileVersion : 1.1.1879.40242
ProductVersion : 1.1.1879.40242
Copyright : 2002-2004
CompanyName : ATI Technologies Inc.
FileDescription : CLI Application (Command Line Interface)
InternalName : CLI.exe
OriginalFilename : CLI.exe
ProductName : Catalyst Control Centre
Created on : 22/2/2005 7:21:26 μμ
Last accessed : 29/12/2007 1:43:16 μμ
Last modified : 22/2/2005 7:21:26 μμ

#:15 [incd.exe]
FilePath : C:\Program Files\Ahead\InCD\
ThreadCreationTime : 29-12-2007 9:30:24 πμ
BasePriority : Normal
FileSize : 1368 KB
FileVersion : 4, 2, 12, 1
ProductVersion : 4, 2, 12, 1
Copyright : Copyright 1995-2004 Ahead Software AG and its licensors. All Rights Reserved.
CompanyName : Ahead Software AG
FileDescription : InCD
InternalName : InCD
OriginalFilename : InCD.exe
ProductName : Ahead Software AG InCD
Created on : 10/5/2005 4:16:08 μμ
Last accessed : 29/12/2007 1:43:16 μμ
Last modified : 7/9/2004 1:25:58 μμ

#:16 [pdvdserv.exe]
FilePath : C:\Program Files\CyberLink\PowerDVD\
ThreadCreationTime : 29-12-2007 9:30:24 πμ
BasePriority : Normal
FileSize : 32 KB
FileVersion : 6.00.1027
ProductVersion : 6.00.1027
Copyright : Copyright CyberLink Corp. 1997-2004
CompanyName : Cyberlink Corp.
FileDescription : PowerDVD RC Service
InternalName : PowerDVD RC Service
OriginalFilename : PDVDSERV.EXE
ProductName : PowerDVD
Created on : 11/5/2005 7:32:52 πμ
Last accessed : 29/12/2007 1:43:16 μμ
Last modified : 2/11/2004 5:24:46 μμ

#:17 [ad-watch.exe]
FilePath : C:\Program Files\Lavasoft\Ad-aware 6\
ThreadCreationTime : 29-12-2007 9:30:24 πμ
BasePriority : Normal
FileSize : 387 KB
FileVersion : 3.1.2.17
ProductVersion : 3.0
Copyright : 2001-2003 Team Lavasoft
CompanyName : Lavasoft Sweden
FileDescription : Ad-watch Monitor
InternalName : Ad-watch.exe
OriginalFilename : Ad-watch.exe
ProductName : Ad-aware 6
Created on : 11/5/2005 7:38:39 πμ
Last accessed : 29/12/2007 1:43:16 μμ
Last modified : 31/1/2003 6:06:46 μμ

#:18 [nod32kui.exe]
FilePath : C:\Program Files\Eset\
ThreadCreationTime : 29-12-2007 9:30:24 πμ
BasePriority : Normal
FileSize : 928 KB
FileVersion : 2, 70, 16
ProductVersion : 2, 70, 16
Copyright : Copyright 1992-2005 Eset
CompanyName : Eset
FileDescription : NOD32 Control Center GUI
InternalName : NOD32 Control Center GUI
OriginalFilename : nod32kui.exe
ProductName : NOD32 Antivirus System
Created on : 4/4/2007 1:08:12 μμ
Last accessed : 29/12/2007 1:43:17 μμ
Last modified : 4/4/2007 1:07:45 μμ

#:19 [winampa.exe]
FilePath : C:\Program Files\Winamp\
ThreadCreationTime : 29-12-2007 9:30:24 πμ
BasePriority : Normal
FileSize : 33 KB
Created on : 20/12/2004 6:41:22 μμ
Last accessed : 29/12/2007 1:43:17 μμ
Last modified : 20/12/2004 6:41:22 μμ

#:20 [rthdcpl.exe]
FilePath : C:\WINDOWS\
ThreadCreationTime : 29-12-2007 9:30:24 πμ
BasePriority : Normal
FileSize : 15889 KB
FileVersion : 2.1.1.1
ProductVersion : 2.1.1.1
Copyright : Copyright 2004 Realtek Semiconductor Corp.
CompanyName : Realtek Semiconductor Corp.
FileDescription : Realtek HD Audio Control Panel
OriginalFilename : RTHDCPL.EXE
ProductName : Realtek HD Audio Sound Effect Manager
Created on : 10/5/2005 3:53:01 μμ
Last accessed : 29/12/2007 1:43:18 μμ
Last modified : 14/11/2006 9:21:00 πμ

#:21 [realsched.exe]
FilePath : C:\Program Files\Common Files\Real\Update_OB\
ThreadCreationTime : 29-12-2007 9:30:25 πμ
BasePriority : Normal
FileSize : 181 KB
FileVersion : 0.1.0.3760
ProductVersion : 0.1.0.3760
Copyright : Copyright RealNetworks, Inc. 1995-2004
CompanyName : RealNetworks, Inc.
FileDescription : RealNetworks Scheduler
InternalName : schedapp
OriginalFilename : realsched.exe
ProductName : RealPlayer (32-bit)
Created on : 16/4/2007 11:58:35 πμ
Last accessed : 29/12/2007 1:43:18 μμ
Last modified : 16/4/2007 11:58:35 πμ

#:22 [communications_helper.exe]
FilePath : C:\Program Files\Common Files\LogiShrd\LComMgr\
ThreadCreationTime : 29-12-2007 9:30:25 πμ
BasePriority : Normal
FileSize : 477 KB
FileVersion : 1.4.7.2031
ProductVersion : 1.4.7.2031
Copyright : 1996-2007 Logitech. All rights reserved.
CompanyName : Logitech Inc.
FileDescription : Communications Manager
InternalName : Communications_Helper.exe
OriginalFilename : Communications_Helper.exe
ProductName : Logitech
Created on : 7/2/2007 10:12:48 μμ
Last accessed : 29/12/2007 1:43:18 μμ
Last modified : 7/2/2007 10:12:48 μμ

#:23 [quickcam10.exe]
FilePath : C:\Program Files\Logitech\QuickCam10\
ThreadCreationTime : 29-12-2007 9:30:25 πμ
BasePriority : Normal
FileSize : 756 KB
Created on : 7/2/2007 10:13:48 μμ
Last accessed : 29/12/2007 1:43:18 μμ
Last modified : 7/2/2007 10:13:48 μμ

#:24 [jusched.exe]
FilePath : C:\Program Files\Java\j2re1.4.2_15\bin\
ThreadCreationTime : 29-12-2007 9:30:25 πμ
BasePriority : Normal
FileSize : 32 KB
Created on : 22/5/2007 3:39:10 μμ
Last accessed : 29/12/2007 1:43:18 μμ
Last modified : 22/5/2007 3:39:09 μμ

#:25 [ctfmon.exe]
FilePath : C:\WINDOWS\system32\
ThreadCreationTime : 29-12-2007 9:30:25 πμ
BasePriority : Normal
FileSize : 15 KB
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
Copyright : Microsoft Corporation. All rights reserved.
CompanyName : Microsoft Corporation
FileDescription : CTF Loader
InternalName : CTFMON
OriginalFilename : CTFMON.EXE
ProductName : Microsoft Windows Operating System
Created on : 4/9/2004 4:45:20 πμ
Last accessed : 29/12/2007 1:43:18 μμ
Last modified : 4/9/2004 4:45:20 πμ

#:26 [powerbar.exe]
FilePath : C:\Program Files\CyberLink DVD Solution\Multimedia Launcher\
ThreadCreationTime : 29-12-2007 9:30:26 πμ
BasePriority : Normal
FileSize : 84 KB
FileVersion : 1.01.0421
ProductVersion : 1.01.0421
Copyright : Copyright 2001 Cyberlink, Corp. All Rights Reserved.
CompanyName : Cyberlink, Corp.
FileDescription : PowerBar Application
InternalName : PowerBar
OriginalFilename : PowerBar.EXE
ProductName : PowerBar Application
Created on : 10/5/2005 4:15:16 μμ
Last accessed : 29/12/2007 1:42:35 μμ
Last modified : 21/4/2004 7:26:28 πμ

#:27 [googletoolbarnotifier.exe]
FilePath : C:\Program Files\Google\GoogleToolbarNotifier\
ThreadCreationTime : 29-12-2007 9:30:26 πμ
BasePriority : Normal
FileSize : 67 KB
FileVersion : 2, 0, 301, 1654
ProductVersion : 2, 0, 301, 1654
Copyright : Copyright 2005-2007
CompanyName : Google Inc.
FileDescription : GoogleToolbarNotifier
OriginalFilename : GoogleToolbarNotifier.exe
ProductName : GoogleToolbarNotifier
Created on : 19/7/2007 6:46:22 μμ
Last accessed : 29/12/2007 1:43:18 μμ
Last modified : 19/7/2007 6:46:22 μμ

#:28 [skype.exe]
FilePath : C:\Program Files\Skype\Phone\
ThreadCreationTime : 29-12-2007 9:30:26 πμ
BasePriority : Normal
FileSize : 22343 KB
FileVersion : 3.5.0.239
ProductVersion : 3.5
Copyright : Skype Technologies S.A.
CompanyName : Skype Technologies S.A.
FileDescription : Skype. Take a deep breath
InternalName : Skype.exe
OriginalFilename : Skype.exe
ProductName : Skype
Created on : 13/9/2007 10:31:38 πμ
Last accessed : 29/12/2007 1:43:18 μμ
Last modified : 13/9/2007 10:31:38 πμ

#:29 [cli.exe]
FilePath : C:\Program Files\ATI Technologies\ATI.ACE\
ThreadCreationTime : 29-12-2007 9:30:27 πμ
BasePriority : Normal
FileSize : 32 KB
FileVersion : 1.1.1879.40242
ProductVersion : 1.1.1879.40242
Copyright : 2002-2004
CompanyName : ATI Technologies Inc.
FileDescription : CLI Application (Command Line Interface)
InternalName : CLI.exe
OriginalFilename : CLI.exe
ProductName : Catalyst Control Centre
Created on : 22/2/2005 7:21:26 μμ
Last accessed : 29/12/2007 1:43:16 μμ
Last modified : 22/2/2005 7:21:26 μμ

#:30 [lvcomsx.exe]
FilePath : C:\Program Files\Common Files\LogiShrd\LComMgr\
ThreadCreationTime : 29-12-2007 9:30:31 πμ
BasePriority : Normal
FileSize : 246 KB
FileVersion : 10.5.1.2027
ProductVersion : 10.5.1.2027
Copyright : 1996-2007 Logitech. All rights reserved.
CompanyName : Logitech Inc.
FileDescription : LVCom Server
InternalName : LVComS.exe
OriginalFilename : LVComS.exe
ProductName : Logitech QuickCam
Created on : 6/2/2007 2:43:26 μμ
Last accessed : 29/12/2007 1:43:20 μμ
Last modified : 6/2/2007 2:43:26 μμ

#:31 [cocimanager.exe]
FilePath : C:\Program Files\Common Files\Logishrd\LQCVFX\
ThreadCreationTime : 29-12-2007 9:30:35 πμ
BasePriority : Normal
FileSize : 225 KB
FileVersion : 10.5.1.2029
ProductVersion : 10.5.1.2029
Copyright : 1996-2007 Logitech. All rights reserved.
CompanyName : Logitech Inc.
FileDescription : Camera Control Interface
InternalName : COCIManager.exe
OriginalFilename : COCIManager.exe
ProductName : Logitech QuickCam
Created on : 7/2/2007 10:12:20 μμ
Last accessed : 29/12/2007 1:43:20 μμ
Last modified : 7/2/2007 10:12:20 μμ

#:32 [mdm.exe]
FilePath : C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\
ThreadCreationTime : 29-12-2007 9:30:36 πμ
BasePriority : Normal
FileSize : 314 KB
FileVersion : 7.00.9466
ProductVersion : 7.00.9466
Copyright : Microsoft Corporation. All rights reserved.
CompanyName : Microsoft Corporation
FileDescription : Machine Debug Manager
InternalName : mdm.exe
OriginalFilename : mdm.exe
ProductName : Microsoft Visual Studio .NET
Created on : 19/6/2003 8:25:00 μμ
Last accessed : 29/12/2007 1:33:09 μμ
Last modified : 19/6/2003 8:25:00 μμ

#:33 [nod32krn.exe]
FilePath : C:\Program Files\Eset\
ThreadCreationTime : 29-12-2007 9:30:37 πμ
BasePriority : Normal
FileSize : 536 KB
FileVersion : 2, 70, 16
ProductVersion : 2, 70, 16
Copyright : Copyright 1992-2005 Eset
CompanyName : Eset
FileDescription : NOD32 Kernel Service
InternalName : NOD32 Kernel
OriginalFilename : nod32krn.exe
ProductName : NOD32 Antivirus System
Created on : 4/4/2007 1:08:12 μμ
Last accessed : 29/12/2007 1:33:09 μμ
Last modified : 4/4/2007 1:07:45 μμ

#:34 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ThreadCreationTime : 29-12-2007 9:30:38 πμ
BasePriority : Normal
FileSize : 14 KB
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
Copyright : Microsoft Corporation. All rights reserved.
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
OriginalFilename : svchost.exe
ProductName : Microsoft Windows Operating System
Created on : 4/9/2004 4:45:24 πμ
Last accessed : 29/12/2007 1:43:15 μμ
Last modified : 4/9/2004 4:45:24 πμ

#:35 [wscntfy.exe]
FilePath : C:\WINDOWS\system32\
ThreadCreationTime : 29-12-2007 9:30:52 πμ
BasePriority : Normal
FileSize : 13 KB
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
Copyright : Microsoft Corporation. All rights reserved.
CompanyName : Microsoft Corporation
FileDescription : Windows Security Center Notification App
InternalName : wscntfy.exe
OriginalFilename : wscntfy.exe
ProductName : Microsoft Windows Operating System
Created on : 4/9/2004 4:45:26 πμ
Last accessed : 29/12/2007 1:43:20 μμ
Last modified : 4/9/2004 4:45:26 πμ

#:36 [skypepm.exe]
FilePath : C:\Program Files\Skype\Plugin Manager\
ThreadCreationTime : 29-12-2007 9:30:53 πμ
BasePriority : Normal
FileSize : 1992 KB
FileVersion : 1.5.0.3
ProductVersion : 1.0.0.0
Copyright : Skype Limited
CompanyName : Skype Technologies
FileDescription : Skype Extras Manager
Created on : 13/9/2007 10:31:40 πμ
Last accessed : 29/12/2007 1:43:20 μμ
Last modified : 13/9/2007 10:31:40 πμ

#:37 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ThreadCreationTime : 29-12-2007 9:30:58 πμ
BasePriority : Normal
FileSize : 14 KB
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
Copyright : Microsoft Corporation. All rights reserved.
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
OriginalFilename : svchost.exe
ProductName : Microsoft Windows Operating System
Created on : 4/9/2004 4:45:24 πμ
Last accessed : 29/12/2007 1:43:15 μμ
Last modified : 4/9/2004 4:45:24 πμ

#:38 [iexplore.exe]
FilePath : C:\Program Files\Internet Explorer\
ThreadCreationTime : 29-12-2007 1:33:40 μμ
BasePriority : Normal
FileSize : 91 KB
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
Copyright : Microsoft Corporation. .
CompanyName : Microsoft Corporation
FileDescription : Internet Explorer
InternalName : iexplore
OriginalFilename : IEXPLORE.EXE
ProductName : Microsoft Windows
Created on : 10/5/2005 3:40:42 μμ
Last accessed : 29/12/2007 1:36:48 μμ
Last modified : 4/9/2004 4:45:20 πμ

#:39 [ad-aware.exe]
FilePath : C:\Program Files\Lavasoft\Ad-aware 6\
ThreadCreationTime : 29-12-2007 1:42:55 μμ
BasePriority : Normal
FileSize : 732 KB
FileVersion : 6.0.1.164
ProductVersion : 6.0.0.0
Copyright : Copyright Lavasoft Sweden
CompanyName : Lavasoft Sweden
FileDescription : Ad-aware 6 core application
InternalName : Ad-aware.exe
OriginalFilename : Ad-aware.exe
ProductName : Lavasoft Ad-aware Plus
Created on : 11/5/2005 7:38:39 πμ
Last accessed : 29/12/2007 1:42:56 μμ
Last modified : 8/2/2003 6:18:32 μμ

Memory scan result :
――――――――――――――――――――――――――――――――――――――
New objects : 0
Objects found so far: 0


Started registry scan
――――――――――――――――――――――――――――――――――――――

Registry scan result :
――――――――――――――――――――――――――――――――――――――
New objects : 0
Objects found so far: 0


Started deep registry scan
――――――――――――――――――――――――――――――――――――――

Deep registry scan result :
――――――――――――――――――――――――――――――――――――――
New objects : 0
Objects found so far: 0


Deep scanning and examining files (C:)
――――――――――――――――――――――――――――――――――――――

Tracking Cookie Object recognized!
Type : File
Data : γιώργος@adtech[1].txt
Object : C:\Documents and Settings\Γιώργος\Cookies\

Created on : 27/12/2007 8:51:58 μμ
Last accessed : 29/12/2007 1:45:22 μμ
Last modified : 27/12/2007 8:51:58 μμ



Tracking Cookie Object recognized!
Type : File
Data : γιώργος@atdmt[2].txt
Object : C:\Documents and Settings\Γιώργος\Cookies\

Created on : 28/12/2007 5:49:23 μμ
Last accessed : 29/12/2007 1:45:22 μμ
Last modified : 28/12/2007 5:49:23 μμ



Other Object recognized!
Type : File
Data : γιώργος@cgi-bin[1].txt
Object : C:\Documents and Settings\Γιώργος\Cookies\

Created on : 28/12/2007 7:54:03 μμ
Last accessed : 29/12/2007 1:45:22 μμ
Last modified : 28/12/2007 7:54:03 μμ



Tracking Cookie Object recognized!
Type : File
Data : γιώργος@doubleclick[1].txt
Object : C:\Documents and Settings\Γιώργος\Cookies\

Created on : 29/12/2007 1:27:34 μμ
Last accessed : 29/12/2007 1:27:46 μμ
Last modified : 29/12/2007 1:27:46 μμ



Tracking Cookie Object recognized!
Type : File
Data : γιώργος@hotlog[1].txt
Object : C:\Documents and Settings\Γιώργος\Cookies\

Created on : 27/12/2007 10:01:37 μμ
Last accessed : 29/12/2007 1:45:22 μμ
Last modified : 27/12/2007 10:01:37 μμ



Tracking Cookie Object recognized!
Type : File
Data : γιώργος@server.iad.liveperson[2].txt
Object : C:\Documents and Settings\Γιώργος\Cookies\

Created on : 29/12/2007 10:00:02 πμ
Last accessed : 29/12/2007 12:55:17 μμ
Last modified : 29/12/2007 10:00:02 πμ



Tracking Cookie Object recognized!
Type : File
Data : γιώργος@statse.webtrendslive[2].txt
Object : C:\Documents and Settings\Γιώργος\Cookies\

Created on : 29/12/2007 10:30:30 πμ
Last accessed : 29/12/2007 12:55:17 μμ
Last modified : 29/12/2007 10:30:30 πμ



Disk scan result for C:
――――――――――――――――――――――――――――――――――――――
New objects : 0
Objects found so far: 7

3:51:29 μμ Scan complete

Summary of this scan
――――――――――――――――――――――――――――――――――――――
Total scanning time :00:08:14:375
Objects scanned :81342
Objects identified :7
Objects ignored :0
New objects :7

#4 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,389 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:11:21 AM

Posted 18 January 2008 - 10:33 AM

  • Download Combofix to your desktop.

  • Doubleclick combofix.exe

  • Follow the prompts.
Don't click on the window while the fix is running, because that will cause your system to hang.

When finished, and after reboot if it asks for one, combofix will open again to gather the necessary information for the log. This may take a while so please be patient. When done, Combofix will close and a log should open called combofix.txt.

Post the contents of this log in your next reply along with a new hijackthislog.

Please do not post the ComboFix-quarantined-files.txt unless I ask you to.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users