Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected With: Virus.win32.sality.k; Trojan-proxy.win32.agent.ii


  • Please log in to reply
6 replies to this topic

#1 schag1

schag1

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:01:09 PM

Posted 13 April 2007 - 01:19 AM

Hello!
I have trouble with my computer. I found this forum online and now I hope that you can help me.
I suspected that I had a virus so I installed a anti-virus program. It found files with the names virus.win32.sality.k and trojan-proxy.win32.agent.II on my computer. After desinfecting those files I always got an error message when I turned the computer on. It kept telling me: file vmmdiag32.exe cannot be found. Then I found this forum and saw that other people had the same problem and that this is still a consequence of the virus. I don´t know how to get rid of it.
Then I found your preparation guide for use before posting a hijackthis log, and checked my computer with the programs you adviced. Now that errormessage has disappeared, but I have the impression that my computer doesn´t work properly anymore. It´s getting slower and the anti-virus programm always finds new infected files. Sometimes when I turn the computer on it gets stuck while it is booting up and I have to press F1 to continue.
Now there´s a problem with the audio too - I don´t know if it is also a result of the virus. It tells me: bad directsound driver. please install proper drivers or select another device in configuration. error code: 88780078. and the only sound the computer makes is a terrible peep sound.
I have never had a virus before (I didn´t have internet on my computer), so I´m a little bit helpless and I would really appreciate it if you could help me.

I also did the Hijackthis. here is the result.
Kind regards


Logfile of HijackThis v1.99.1
Scan saved at 13:45:50, on 13.04.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\ZONELABS\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\57350370.tmp
C:\Program Files\Prevx1\PXAgent.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Prevx1\PXConsole.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://de.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://de.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://de.rd.yahoo.com/customize/ie/defaul...earch.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://de.yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Malicious Scripts Scanner - {55EA1964-F5E4-4D6A-B9B2-125B37655FCB} - C:\Documents and Settings\All Users\Application Data\Prevx\pxbho.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [PrevxOne] "C:\Program Files\Prevx1\PXConsole.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: Yahoo! Widget Engine.lnk = C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe
O4 - Startup: Gmail Notifier.lnk = C:\Program Files\Google\Gmail Notifier\gnotify.exe
O9 - Extra button: Statistik für Web-Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www3.snapfish.at/SnapfishActivia.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1176098724406
O16 - DPF: {FB90BA05-66E6-4C56-BCD3-D65B0F7EBA39} (Foto.com SpeedUploader 1.0 Control) - http://webalbum.foto.com/FUploader/SpeedUploader.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" -r (file missing)
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Windows Network Service (MCIService) - Unknown owner - C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\57350370.tmp
O23 - Service: Prevx Agent (PREVXAgent) - Unknown owner - C:\Program Files\Prevx1\PXAgent.exe" -f (file missing)
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZONELABS\vsmon.exe
O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

BC AdBot (Login to Remove)

 


#2 Falu

Falu

  • Security Colleague
  • 3,001 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:12:09 AM

Posted 19 April 2007 - 01:34 PM

Hi schag1, :flowers:

If you still need help please post a fresh HijackThis log and I'll be happy to look at it for you.

Thanks for your patience. :thumbsup:

Edited by Falu, 19 April 2007 - 01:35 PM.


#3 schag1

schag1
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:01:09 PM

Posted 22 April 2007 - 10:46 AM

Hello Falu!
Thank you that you want to help me. I´m not sure now if my computer still has the virus or not. Since I checked my computer with all the programs the preparation guide adviced, my anti-virus program doesn´t find new infected files anymore. I think, especially housecall helped a lot.
now my computer seems to work almost properly again. I was able to fix the audio again (obviously there was a driver file deleted) by reinstalling the driver. The computer doesn´t get stuck while booting up anymore. I don´t get any errormessages anymore. :thumbsup: Only my MS word program I can´t open anymore. there might be a program file deleted too. (Error signature: AppName: winword.exe, AppVer: 9.0.0.2717, ModName: winword.exe, ModVer: 9.0.0.2717, Offset: 000029a9)
Now I checked my computer again with all the adviced programs and made a new hijackthis file.
Thanks a lot for looking at it!
Claudia


Logfile of HijackThis v1.99.1
Scan saved at 23:19:20, on 22.04.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\ZONELABS\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\57350370.tmp
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\Program Files\Prevx1\PXAgent.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Prevx1\PXConsole.exe
C:\WINDOWS\stsystra.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\Winamp\winamp.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://de.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://de.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://de.rd.yahoo.com/customize/ie/defaul...earch.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://de.yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Malicious Scripts Scanner - {55EA1964-F5E4-4D6A-B9B2-125B37655FCB} - C:\Documents and Settings\All Users\Application Data\Prevx\pxbho.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [PrevxOne] "C:\Program Files\Prevx1\PXConsole.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: Yahoo! Widget Engine.lnk = C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe
O4 - Startup: Gmail Notifier.lnk = C:\Program Files\Google\Gmail Notifier\gnotify.exe
O9 - Extra button: Statistik für Web-Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www3.snapfish.at/SnapfishActivia.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1176098724406
O16 - DPF: {FB90BA05-66E6-4C56-BCD3-D65B0F7EBA39} (Foto.com SpeedUploader 1.0 Control) - http://webalbum.foto.com/FUploader/SpeedUploader.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" -r (file missing)
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Windows Network Service (MCIService) - Unknown owner - C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\57350370.tmp
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: Prevx Agent (PREVXAgent) - Unknown owner - C:\Program Files\Prevx1\PXAgent.exe" -f (file missing)
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZONELABS\vsmon.exe
O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

#4 Falu

Falu

  • Security Colleague
  • 3,001 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:12:09 AM

Posted 24 April 2007 - 03:29 AM

Hi schag1, :thumbsup:

Welcome to BleepingComputer Forums and thanks again for your patience.

1. To begin with it's important for you to know that the infections you mentioned in your original post are very dangerous:

www.ca.com

Steals System Information

Some Sality variants collect information about the infected system and e-mail this information to the domain mail.ru.

The information sent includes, but is not limited to, the following:

* OS version
* IP address
* Computer name
* Recent URLs visited
* Passwords
* ISP Dial up Connection details and Password


McAfee

..download additional malware from various pre-defined servers - they may be Adware-SpySheriff , BackDoor, Proxy, KeyLogger or other PUPs and trojans.


In short you should know that sensitive info may have gone into someone else's hands. I would counsel you to disconnect this PC from the Internet immediately until it's clean. If you do any banking or other financial transactions on the PC or it if it contains any other sensitive information, please get to a known clean computer and change all passwords where applicable and it would be wise to contact those same financial institutions to apprise them of your situation.

Unfortunately there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of Trojan, the best course of action would be a reformat and reinstall of the OS.

Should you decide not to follow that advice, we will of course do our best to clean the computer of any infections that we can see but, as I already stated, we can in no way guarantee it to be trustworthy.

Visit the following sites for more information on internet theft and when to reformat!

If you have questions please feel free to ask.

2.

Only my MS word program I can´t open anymore. there might be a program file deleted too.


You could de- and re-install it and see if that makes a difference.

3. Let's look for some more information on a file. Go to Jotti's , click on Browse, and upload the following file for analysis:

C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\57350370.tmp

Then click Submit. Allow the file to be scanned, and then please copy and paste the results here for me to see.

4. I see you are running Teatimer. Of course this is very good but now you have to disable it because it can interfere with the changes you'll make on your system. When your log is clean, you can enable it again: I will let you know.

> Run Spybot S&D, go to the Mode menu and select Advanced Mode;
> On the left hand side choose Tools > Resident;
> Uncheck Resident Teatimer and click Ok (close Spybot).

5. Download ATF Cleaner by Atribune. Do not run it yet.

6. Download, install, and update AVG Anti-Spyware 7.5

1. Save the installer to desktop
2. Double click the installer, select your language, and then select OK
3. Click NEXT>>Do or don't read the "User License Agreement"
Select I Agree>>>NEXT>>>INSTALL
4. AVG will now install and afterwards click FINISH
5. AVG Anti-Spyware 7.5 should now Load
6. Click the Update tab at the top. Under Manual Update click Start update.
7. After the update finishes (the status bar at the bottom will display "Update successful")
8. Close AVG Anti-Spyware 7.5. Do not run it yet.

7. Run HijackThis, click Scan and checkmark the following entries:

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O23 - Service: Windows Network Service (MCIService) - Unknown owner - C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\57350370.tmp


Close all browsers and windows, except for HijackThis and click the Fix Checked button; close HijackThis!

8. Go to Start->Run, type CMD (if it's not already in the text box) and click Ok.

Alternatively, Press Ctrl+Alt+Delete to bring the Task Manager. While holding down the Ctrl key, click on New Task. Once the MSDOS Window comes up, minimize the Task Manager.
At the prompt type the following and press Enter after each line:

SC Stop MCIService
SC Delete MCIService
Exit

9. Reboot your computer into Safe Mode. To boot into Safe Mode, please restart your computer. Tap F8 before Windows loads. Select Safe Mode at the top, on the screen that appears.
Sign in with your normal user account.

10. Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.

If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

11. Then run AVG Anti-Spyware 7.5 and click on the Scanner tab at the top
  • Click the "Settings" tab and then change the recommended action to Quarantine and ensure that Automatically generate report after every scan is selected and uncheck "Only if Threats are found"
  • Click back to the "Scan" tab and then click on Complete System Scan.
    This scan can take quite a while to run, so be prepared.
  • AVG Anti-Spyware 7.5 will list any infections found on the left hand side. When the scan has finished, it will automatically set the recommended action. Click the Apply all actions button. AVG Anti-Spyware 7.5 will display "All actions have been applied" on the right hand side.
  • Click on "Save Report", then "Save Report As". This will create a text file. Make sure you know where to find this file again (like on the Desktop).
12. Reboot to go back into Normal mode!

13. You're using an outdated version of Java (latest one is Java Runtime Environment (JRE) 6u1). Older versions have vulnerabilities that malware can use to infect your system. Please update and remove the older versions. Do the following:
  • Go to Start > Control Panel double-click on the Software icon > add/remove programs.
  • Search in the list for all previous installed versions of Java. (J2SE Runtime Environment.... )

    It should have next icon next to it: Posted Image
    Select it and click Remove.
  • Then Download and install the newest version from here:

    Java Runtime Environment (JRE) 6u1
Please post the AVG report together with the Jotti results and a fresh HijackThis log!

#5 schag1

schag1
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:01:09 PM

Posted 24 April 2007 - 08:30 AM

Hello Falu!
Thank´s for all your information and advice. I did all the things you told me to do. But I´m going to take your advice and reformate my whole computer. I do use my computer for more than only music and pictures, and since you told me that this virus is quite dangerous, I´m quite scared.
If I reformate and reinstall it, will all the virus be completely deleted then? Do you know where I might have got this virus from, so that I can avvoid to get it again after reinstalling the OS?

Anyway here I send all the results.

Regards,
Claudia


JOTTI RESULT:
Scanner results
Scan taken on 24 Apr 2007 09:21:03 (GMT)
A-Squared
Found nothing
AntiVir
Found DIAL/15896
ArcaVir
Found nothing
Avast
Found nothing
AVG Antivirus
Found nothing
BitDefender
Found nothing
ClamAV
Found nothing
Dr.Web
Found nothing
F-Prot Antivirus
Found nothing
F-Secure Anti-Virus
Found nothing
Fortinet
Found nothing
Kaspersky Anti-Virus
Found nothing
NOD32
Found nothing
Norman Virus Control
Found nothing
Panda Antivirus
Found nothing
Rising Antivirus
Found nothing
VirusBuster
Found nothing
VBA32
Found nothing


---------------------------------------------------------
AVG Anti-Spyware - Scan-Bericht
---------------------------------------------------------

+ Erstellt um: 20:37:24 24.04.2007

+ Scan-Ergebnis:



:mozilla.10:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\gbl2vdoi.default\cookies-13.txt -> TrackingCookie.2o7 : Gesäubert.
:mozilla.13:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\gbl2vdoi.default\cookies-19.txt -> TrackingCookie.2o7 : Gesäubert.
:mozilla.13:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\gbl2vdoi.default\cookies-20.txt -> TrackingCookie.2o7 : Gesäubert.
:mozilla.21:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\gbl2vdoi.default\cookies-17.txt -> TrackingCookie.2o7 : Gesäubert.
:mozilla.24:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\gbl2vdoi.default\cookies-18.txt -> TrackingCookie.2o7 : Gesäubert.
:mozilla.26:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\gbl2vdoi.default\cookies-1.txt -> TrackingCookie.2o7 : Gesäubert.
:mozilla.30:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\gbl2vdoi.default\cookies-2.txt -> TrackingCookie.2o7 : Gesäubert.
:mozilla.30:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\gbl2vdoi.default\cookies-3.txt -> TrackingCookie.2o7 : Gesäubert.
:mozilla.30:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\gbl2vdoi.default\cookies-4.txt -> TrackingCookie.2o7 : Gesäubert.
:mozilla.30:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\gbl2vdoi.default\cookies-5.txt -> TrackingCookie.2o7 : Gesäubert.
:mozilla.33:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\gbl2vdoi.default\cookies-6.txt -> TrackingCookie.2o7 : Gesäubert.
:mozilla.33:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\gbl2vdoi.default\cookies-7.txt -> TrackingCookie.2o7 : Gesäubert.
:mozilla.33:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\gbl2vdoi.default\cookies-8.txt -> TrackingCookie.2o7 : Gesäubert.
:mozilla.34:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\gbl2vdoi.default\cookies-10.txt -> TrackingCookie.2o7 : Gesäubert.
:mozilla.34:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\gbl2vdoi.default\cookies-9.txt -> TrackingCookie.2o7 : Gesäubert.
:mozilla.41:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\gbl2vdoi.default\cookies-14.txt -> TrackingCookie.2o7 : Gesäubert.
:mozilla.41:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\gbl2vdoi.default\cookies-15.txt -> TrackingCookie.2o7 : Gesäubert.
:mozilla.44:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\gbl2vdoi.default\cookies-16.txt -> TrackingCookie.2o7 : Gesäubert.
:mozilla.6:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\gbl2vdoi.default\cookies-11.txt -> TrackingCookie.2o7 : Gesäubert.
:mozilla.6:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\gbl2vdoi.default\cookies-12.txt -> TrackingCookie.2o7 : Gesäubert.
:mozilla.12:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\gbl2vdoi.default\cookies-10.txt -> TrackingCookie.Advertising : Gesäubert.
:mozilla.12:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\gbl2vdoi.default\cookies-9.txt -> TrackingCookie.Advertising : Gesäubert.
:mozilla.13:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\gbl2vdoi.default\cookies-10.txt -> TrackingCookie.Advertising : Gesäubert.
:mozilla.13:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\gbl2vdoi.default\cookies-9.txt -> TrackingCookie.Advertising : Gesäubert.
:mozilla.14:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\gbl2vdoi.default\cookies-16.txt -> TrackingCookie.Advertising : Gesäubert.
:mozilla.14:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\gbl2vdoi.default\cookies-8.txt -> TrackingCookie.Advertising : Gesäubert.
:mozilla.15:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\gbl2vdoi.default\cookies-16.txt -> TrackingCookie.Advertising : Gesäubert.
:mozilla.15:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\gbl2vdoi.default\cookies-8.txt -> TrackingCookie.Advertising : Gesäubert.
:mozilla.17:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\gbl2vdoi.default\cookies-6.txt -> TrackingCookie.Advertising : Gesäubert.
:mozilla.17:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\gbl2vdoi.default\cookies-7.txt -> TrackingCookie.Advertising : Gesäubert.
:mozilla.18:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\gbl2vdoi.default\cookies-6.txt -> TrackingCookie.Advertising : Gesäubert.
:mozilla.18:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\gbl2vdoi.default\cookies-7.txt -> TrackingCookie.Advertising : Gesäubert.
:mozilla.20:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\gbl2vdoi.default\cookies-16.txt -> TrackingCookie.Advertising : Gesäubert.
:mozilla.20:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\gbl2vdoi.default\cookies-8.txt -> TrackingCookie.Advertising : Gesäubert.
:mozilla.22:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\gbl2vdoi.default\cookies-17.txt -> TrackingCookie.Advertising : Gesäubert.
:mozilla.23:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\gbl2vdoi.default\cookies-17.txt -> TrackingCookie.Advertising : Gesäubert.
:mozilla.23:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\gbl2vdoi.default\cookies-6.txt -> TrackingCookie.Advertising : Gesäubert.
:mozilla.23:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\gbl2vdoi.default\cookies-7.txt -> TrackingCookie.Advertising : Gesäubert.
:mozilla.24:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\gbl2vdoi.default\cookies-10.txt -> TrackingCookie.Advertising : Gesäubert.
:mozilla.24:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\gbl2vdoi.default\cookies-9.txt -> TrackingCookie.Advertising : Gesäubert.
:mozilla.25:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\gbl2vdoi.default\cookies-18.txt -> TrackingCookie.Advertising : Gesäubert.
:mozilla.26:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\gbl2vdoi.default\cookies-11.txt -> TrackingCookie.Advertising : Gesäubert.
:mozilla.26:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\gbl2vdoi.default\cookies-19.txt -> TrackingCookie.Advertising : Gesäubert.
:mozilla.26:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\gbl2vdoi.default\cookies-20.txt -> TrackingCookie.Advertising : Gesäubert.
:mozilla.27:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\gbl2vdoi.default\cookies-11.txt -> TrackingCookie.Advertising : Gesäubert.
:mozilla.27:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\gbl2vdoi.default\cookies-18.txt -> TrackingCookie.Advertising : Gesäubert.
:mozilla.27:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\gbl2vdoi.default\cookies-19.txt -> TrackingCookie.Advertising : Gesäubert.
:mozilla.27:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\gbl2vdoi.default\cookies-20.txt -> TrackingCookie.Advertising : Gesäubert.
:mozilla.28:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\gbl2vdoi.default\cookies-17.txt -> TrackingCookie.Advertising : Gesäubert.
:mozilla.28:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\gbl2vdoi.default\cookies-18.txt -> TrackingCookie.Advertising : Gesäubert.
:mozilla.28:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\gbl2vdoi.default\cookies-19.txt -> TrackingCookie.Advertising : Gesäubert.
:mozilla.28:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\gbl2vdoi.default\cookies-20.txt -> TrackingCookie.Advertising : Gesäubert.
:mozilla.29:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\gbl2vdoi.default\cookies-12.txt -> TrackingCookie.Advertising : Gesäubert.
:mozilla.29:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\gbl2vdoi.default\cookies-13.txt -> TrackingCookie.Advertising : Gesäubert.
:mozilla.30:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\gbl2vdoi.default\cookies-12.txt -> TrackingCookie.Advertising : Gesäubert.
:mozilla.30:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\gbl2vdoi.default\cookies-13.txt -> TrackingCookie.Advertising : Gesäubert.
:mozilla.39:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\gbl2vdoi.default\cookies-11.txt -> TrackingCookie.Advertising : Gesäubert.
:mozilla.39:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\gbl2vdoi.default\cookies-12.txt -> TrackingCookie.Advertising : Gesäubert.
:mozilla.42:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\gbl2vdoi.default\cookies-13.txt -> TrackingCookie.Advertising : Gesäubert.
:mozilla.43:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\gbl2vdoi.default\cookies-1.txt -> TrackingCookie.Advertising : Gesäubert.
:mozilla.44:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\gbl2vdoi.default\cookies-1.txt -> TrackingCookie.Advertising : Gesäubert.
:mozilla.45:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\gbl2vdoi.default\cookies-14.txt -> TrackingCookie.Advertising : Gesäubert.
:mozilla.45:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\gbl2vdoi.default\cookies-15.txt -> TrackingCookie.Advertising : Gesäubert.
:mozilla.46:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\gbl2vdoi.default\cookies-14.txt -> TrackingCookie.Advertising : Gesäubert.
:mozilla.46:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\gbl2vdoi.default\cookies-15.txt -> TrackingCookie.Advertising : Gesäubert.
:mozilla.47:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\gbl2vdoi.default\cookies-14.txt -> TrackingCookie.Advertising : Gesäubert.
:mozilla.47:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\gbl2vdoi.default\cookies-15.txt -> TrackingCookie.Advertising : Gesäubert.
:mozilla.47:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\gbl2vdoi.default\cookies-2.txt -> TrackingCookie.Advertising : Gesäubert.
:mozilla.47:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\gbl2vdoi.default\cookies-3.txt -> TrackingCookie.Advertising : Gesäubert.
:mozilla.47:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\gbl2vdoi.default\cookies-4.txt -> TrackingCookie.Advertising : Gesäubert.
:mozilla.47:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\gbl2vdoi.default\cookies-5.txt -> TrackingCookie.Advertising : Gesäubert.
:mozilla.48:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\gbl2vdoi.default\cookies-2.txt -> TrackingCookie.Advertising : Gesäubert.
:mozilla.48:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\gbl2vdoi.default\cookies-3.txt -> TrackingCookie.Advertising : Gesäubert.
:mozilla.48:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\gbl2vdoi.default\cookies-4.txt -> TrackingCookie.Advertising : Gesäubert.
:mozilla.48:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\gbl2vdoi.default\cookies-5.txt -> TrackingCookie.Advertising : Gesäubert.
:mozilla.49:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\gbl2vdoi.default\cookies-1.txt -> TrackingCookie.Advertising : Gesäubert.
:mozilla.49:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\gbl2vdoi.default\cookies-2.txt -> TrackingCookie.Advertising : Gesäubert.
:mozilla.49:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\gbl2vdoi.default\cookies-3.txt -> TrackingCookie.Advertising : Gesäubert.
:mozilla.49:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\gbl2vdoi.default\cookies-4.txt -> TrackingCookie.Advertising : Gesäubert.
:mozilla.49:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\gbl2vdoi.default\cookies-5.txt -> TrackingCookie.Advertising : Gesäubert.
:mozilla.65:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\gbl2vdoi.default\cookies-1.txt -> TrackingCookie.Atdmt : Gesäubert.
:mozilla.65:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\gbl2vdoi.default\cookies-2.txt -> TrackingCookie.Atdmt : Gesäubert.
:mozilla.65:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\gbl2vdoi.default\cookies-3.txt -> TrackingCookie.Atdmt : Gesäubert.
:mozilla.65:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\gbl2vdoi.default\cookies-4.txt -> TrackingCookie.Atdmt : Gesäubert.
:mozilla.65:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\gbl2vdoi.default\cookies-5.txt -> TrackingCookie.Atdmt : Gesäubert.
:mozilla.65:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\gbl2vdoi.default\cookies-6.txt -> TrackingCookie.Atdmt : Gesäubert.
:mozilla.65:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\gbl2vdoi.default\cookies-7.txt -> TrackingCookie.Atdmt : Gesäubert.
:mozilla.65:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\gbl2vdoi.default\cookies-8.txt -> TrackingCookie.Atdmt : Gesäubert.
:mozilla.66:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\gbl2vdoi.default\cookies-10.txt -> TrackingCookie.Atdmt : Gesäubert.
:mozilla.66:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\gbl2vdoi.default\cookies-11.txt -> TrackingCookie.Atdmt : Gesäubert.
:mozilla.66:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\gbl2vdoi.default\cookies-12.txt -> TrackingCookie.Atdmt : Gesäubert.
:mozilla.66:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\gbl2vdoi.default\cookies-9.txt -> TrackingCookie.Atdmt : Gesäubert.
:mozilla.69:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\gbl2vdoi.default\cookies-13.txt -> TrackingCookie.Atdmt : Gesäubert.
:mozilla.70:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\gbl2vdoi.default\cookies-20.txt -> TrackingCookie.Atdmt : Gesäubert.
:mozilla.71:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\gbl2vdoi.default\cookies-14.txt -> TrackingCookie.Atdmt : Gesäubert.
:mozilla.71:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\gbl2vdoi.default\cookies-15.txt -> TrackingCookie.Atdmt : Gesäubert.
:mozilla.71:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\gbl2vdoi.default\cookies-16.txt -> TrackingCookie.Atdmt : Gesäubert.
:mozilla.71:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\gbl2vdoi.default\cookies-17.txt -> TrackingCookie.Atdmt : Gesäubert.
:mozilla.71:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\gbl2vdoi.default\cookies-18.txt -> TrackingCookie.Atdmt : Gesäubert.
:mozilla.71:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\gbl2vdoi.default\cookies-19.txt -> TrackingCookie.Atdmt : Gesäubert.
:mozilla.42:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\gbl2vdoi.default\cookies-1.txt -> TrackingCookie.Googleadservices : Gesäubert.
:mozilla.46:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\gbl2vdoi.default\cookies-2.txt -> TrackingCookie.Googleadservices : Gesäubert.
:mozilla.46:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\gbl2vdoi.default\cookies-3.txt -> TrackingCookie.Googleadservices : Gesäubert.
:mozilla.46:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\gbl2vdoi.default\cookies-4.txt -> TrackingCookie.Googleadservices : Gesäubert.
:mozilla.46:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\gbl2vdoi.default\cookies-5.txt -> TrackingCookie.Googleadservices : Gesäubert.
:mozilla.49:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\gbl2vdoi.default\cookies-6.txt -> TrackingCookie.Googleadservices : Gesäubert.
:mozilla.49:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\gbl2vdoi.default\cookies-7.txt -> TrackingCookie.Googleadservices : Gesäubert.
:mozilla.49:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\gbl2vdoi.default\cookies-8.txt -> TrackingCookie.Googleadservices : Gesäubert.
:mozilla.50:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\gbl2vdoi.default\cookies-10.txt -> TrackingCookie.Googleadservices : Gesäubert.
:mozilla.50:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\gbl2vdoi.default\cookies-9.txt -> TrackingCookie.Googleadservices : Gesäubert.
:mozilla.54:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\gbl2vdoi.default\cookies-11.txt -> TrackingCookie.Googleadservices : Gesäubert.
:mozilla.54:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\gbl2vdoi.default\cookies-12.txt -> TrackingCookie.Googleadservices : Gesäubert.
:mozilla.57:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\gbl2vdoi.default\cookies-13.txt -> TrackingCookie.Googleadservices : Gesäubert.
:mozilla.58:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\gbl2vdoi.default\cookies-20.txt -> TrackingCookie.Googleadservices : Gesäubert.
:mozilla.59:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\gbl2vdoi.default\cookies-14.txt -> TrackingCookie.Googleadservices : Gesäubert.
:mozilla.59:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\gbl2vdoi.default\cookies-15.txt -> TrackingCookie.Googleadservices : Gesäubert.
:mozilla.59:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\gbl2vdoi.default\cookies-16.txt -> TrackingCookie.Googleadservices : Gesäubert.
:mozilla.59:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\gbl2vdoi.default\cookies-17.txt -> TrackingCookie.Googleadservices : Gesäubert.
:mozilla.59:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\gbl2vdoi.default\cookies-18.txt -> TrackingCookie.Googleadservices : Gesäubert.
:mozilla.59:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\gbl2vdoi.default\cookies-19.txt -> TrackingCookie.Googleadservices : Gesäubert.
:mozilla.51:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\gbl2vdoi.default\cookies-1.txt -> TrackingCookie.Ivwbox : Gesäubert.
:mozilla.51:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\gbl2vdoi.default\cookies-2.txt -> TrackingCookie.Ivwbox : Gesäubert.
:mozilla.51:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\gbl2vdoi.default\cookies-3.txt -> TrackingCookie.Ivwbox : Gesäubert.
:mozilla.51:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\gbl2vdoi.default\cookies-4.txt -> TrackingCookie.Ivwbox : Gesäubert.
:mozilla.51:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\gbl2vdoi.default\cookies-5.txt -> TrackingCookie.Ivwbox : Gesäubert.
:mozilla.51:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\gbl2vdoi.default\cookies-6.txt -> TrackingCookie.Ivwbox : Gesäubert.
:mozilla.51:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\gbl2vdoi.default\cookies-7.txt -> TrackingCookie.Ivwbox : Gesäubert.
:mozilla.51:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\gbl2vdoi.default\cookies-8.txt -> TrackingCookie.Ivwbox : Gesäubert.
:mozilla.52:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\gbl2vdoi.default\cookies-10.txt -> TrackingCookie.Ivwbox : Gesäubert.
:mozilla.52:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\gbl2vdoi.default\cookies-9.txt -> TrackingCookie.Ivwbox : Gesäubert.
:mozilla.56:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\gbl2vdoi.default\cookies-11.txt -> TrackingCookie.Ivwbox : Gesäubert.
:mozilla.56:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\gbl2vdoi.default\cookies-12.txt -> TrackingCookie.Ivwbox : Gesäubert.
:mozilla.59:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\gbl2vdoi.default\cookies-13.txt -> TrackingCookie.Ivwbox : Gesäubert.
:mozilla.60:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\gbl2vdoi.default\cookies-20.txt -> TrackingCookie.Ivwbox : Gesäubert.
:mozilla.61:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\gbl2vdoi.default\cookies-14.txt -> TrackingCookie.Ivwbox : Gesäubert.
:mozilla.61:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\gbl2vdoi.default\cookies-15.txt -> TrackingCookie.Ivwbox : Gesäubert.
:mozilla.61:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\gbl2vdoi.default\cookies-16.txt -> TrackingCookie.Ivwbox : Gesäubert.
:mozilla.61:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\gbl2vdoi.default\cookies-17.txt -> TrackingCookie.Ivwbox : Gesäubert.
:mozilla.61:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\gbl2vdoi.default\cookies-18.txt -> TrackingCookie.Ivwbox : Gesäubert.
:mozilla.61:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\gbl2vdoi.default\cookies-19.txt -> TrackingCookie.Ivwbox : Gesäubert.
:mozilla.78:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\gbl2vdoi.default\cookies-1.txt -> TrackingCookie.Overture : Gesäubert.
:mozilla.78:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\gbl2vdoi.default\cookies-2.txt -> TrackingCookie.Overture : Gesäubert.
:mozilla.78:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\gbl2vdoi.default\cookies-3.txt -> TrackingCookie.Overture : Gesäubert.
:mozilla.78:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\gbl2vdoi.default\cookies-4.txt -> TrackingCookie.Overture : Gesäubert.
:mozilla.78:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\gbl2vdoi.default\cookies-5.txt -> TrackingCookie.Overture : Gesäubert.
:mozilla.78:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\gbl2vdoi.default\cookies-6.txt -> TrackingCookie.Overture : Gesäubert.
:mozilla.78:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\gbl2vdoi.default\cookies-7.txt -> TrackingCookie.Overture : Gesäubert.
:mozilla.78:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\gbl2vdoi.default\cookies-8.txt -> TrackingCookie.Overture : Gesäubert.
:mozilla.79:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\gbl2vdoi.default\cookies-10.txt -> TrackingCookie.Overture : Gesäubert.
:mozilla.79:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\gbl2vdoi.default\cookies-11.txt -> TrackingCookie.Overture : Gesäubert.
:mozilla.79:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\gbl2vdoi.default\cookies-12.txt -> TrackingCookie.Overture : Gesäubert.
:mozilla.79:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\gbl2vdoi.default\cookies-9.txt -> TrackingCookie.Overture : Gesäubert.
:mozilla.82:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\gbl2vdoi.default\cookies-13.txt -> TrackingCookie.Overture : Gesäubert.
:mozilla.83:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\gbl2vdoi.default\cookies-20.txt -> TrackingCookie.Overture : Gesäubert.
:mozilla.84:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\gbl2vdoi.default\cookies-14.txt -> TrackingCookie.Overture : Gesäubert.
:mozilla.84:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\gbl2vdoi.default\cookies-15.txt -> TrackingCookie.Overture : Gesäubert.
:mozilla.84:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\gbl2vdoi.default\cookies-16.txt -> TrackingCookie.Overture : Gesäubert.
:mozilla.84:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\gbl2vdoi.default\cookies-17.txt -> TrackingCookie.Overture : Gesäubert.
:mozilla.84:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\gbl2vdoi.default\cookies-18.txt -> TrackingCookie.Overture : Gesäubert.
:mozilla.84:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\gbl2vdoi.default\cookies-19.txt -> TrackingCookie.Overture : Gesäubert.
:mozilla.88:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\gbl2vdoi.default\cookies-1.txt -> TrackingCookie.Realmedia : Gesäubert.
:mozilla.88:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\gbl2vdoi.default\cookies-2.txt -> TrackingCookie.Realmedia : Gesäubert.
:mozilla.88:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\gbl2vdoi.default\cookies-3.txt -> TrackingCookie.Realmedia : Gesäubert.
:mozilla.88:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\gbl2vdoi.default\cookies-4.txt -> TrackingCookie.Realmedia : Gesäubert.
:mozilla.88:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\gbl2vdoi.default\cookies-5.txt -> TrackingCookie.Realmedia : Gesäubert.
:mozilla.88:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\gbl2vdoi.default\cookies-6.txt -> TrackingCookie.Realmedia : Gesäubert.
:mozilla.88:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\gbl2vdoi.default\cookies-7.txt -> TrackingCookie.Realmedia : Gesäubert.
:mozilla.88:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\gbl2vdoi.default\cookies-8.txt -> TrackingCookie.Realmedia : Gesäubert.
:mozilla.89:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\gbl2vdoi.default\cookies-10.txt -> TrackingCookie.Realmedia : Gesäubert.
:mozilla.89:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\gbl2vdoi.default\cookies-11.txt -> TrackingCookie.Realmedia : Gesäubert.
:mozilla.89:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\gbl2vdoi.default\cookies-12.txt -> TrackingCookie.Realmedia : Gesäubert.
:mozilla.89:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\gbl2vdoi.default\cookies-9.txt -> TrackingCookie.Realmedia : Gesäubert.
:mozilla.92:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\gbl2vdoi.default\cookies-13.txt -> TrackingCookie.Realmedia : Gesäubert.
:mozilla.93:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\gbl2vdoi.default\cookies-20.txt -> TrackingCookie.Realmedia : Gesäubert.
:mozilla.94:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\gbl2vdoi.default\cookies-14.txt -> TrackingCookie.Realmedia : Gesäubert.
:mozilla.94:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\gbl2vdoi.default\cookies-15.txt -> TrackingCookie.Realmedia : Gesäubert.
:mozilla.94:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\gbl2vdoi.default\cookies-16.txt -> TrackingCookie.Realmedia : Gesäubert.
:mozilla.94:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\gbl2vdoi.default\cookies-17.txt -> TrackingCookie.Realmedia : Gesäubert.
:mozilla.94:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\gbl2vdoi.default\cookies-18.txt -> TrackingCookie.Realmedia : Gesäubert.
:mozilla.94:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\gbl2vdoi.default\cookies-19.txt -> TrackingCookie.Realmedia : Gesäubert.
:mozilla.25:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\gbl2vdoi.default\cookies-14.txt -> TrackingCookie.Tribalfusion : Gesäubert.
:mozilla.25:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\gbl2vdoi.default\cookies-15.txt -> TrackingCookie.Tribalfusion : Gesäubert.
:mozilla.29:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\gbl2vdoi.default\cookies-16.txt -> TrackingCookie.Tribalfusion : Gesäubert.
:mozilla.36:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\gbl2vdoi.default\cookies-17.txt -> TrackingCookie.Tribalfusion : Gesäubert.
:mozilla.36:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\gbl2vdoi.default\cookies-19.txt -> TrackingCookie.Tribalfusion : Gesäubert.
:mozilla.36:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\gbl2vdoi.default\cookies-20.txt -> TrackingCookie.Tribalfusion : Gesäubert.
:mozilla.37:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\gbl2vdoi.default\cookies-18.txt -> TrackingCookie.Tribalfusion : Gesäubert.
:mozilla.41:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\gbl2vdoi.default\cookies-1.txt -> TrackingCookie.Tribalfusion : Gesäubert.
:mozilla.45:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\gbl2vdoi.default\cookies-2.txt -> TrackingCookie.Tribalfusion : Gesäubert.
:mozilla.45:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\gbl2vdoi.default\cookies-3.txt -> TrackingCookie.Tribalfusion : Gesäubert.
:mozilla.45:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\gbl2vdoi.default\cookies-4.txt -> TrackingCookie.Tribalfusion : Gesäubert.
:mozilla.45:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\gbl2vdoi.default\cookies-5.txt -> TrackingCookie.Tribalfusion : Gesäubert.
:mozilla.48:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\gbl2vdoi.default\cookies-6.txt -> TrackingCookie.Tribalfusion : Gesäubert.
:mozilla.48:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\gbl2vdoi.default\cookies-7.txt -> TrackingCookie.Tribalfusion : Gesäubert.
:mozilla.48:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\gbl2vdoi.default\cookies-8.txt -> TrackingCookie.Tribalfusion : Gesäubert.
:mozilla.49:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\gbl2vdoi.default\cookies-10.txt -> TrackingCookie.Tribalfusion : Gesäubert.
:mozilla.49:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\gbl2vdoi.default\cookies-9.txt -> TrackingCookie.Tribalfusion : Gesäubert.
:mozilla.53:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\gbl2vdoi.default\cookies-11.txt -> TrackingCookie.Tribalfusion : Gesäubert.
:mozilla.53:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\gbl2vdoi.default\cookies-12.txt -> TrackingCookie.Tribalfusion : Gesäubert.
:mozilla.56:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\gbl2vdoi.default\cookies-13.txt -> TrackingCookie.Tribalfusion : Gesäubert.


::Berichtende


HIJACKTHIS:
Logfile of HijackThis v1.99.1
Scan saved at 21:11:28, on 24.04.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\ZONELABS\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\Program Files\Prevx1\PXAgent.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Prevx1\PXConsole.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://de.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://de.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://de.rd.yahoo.com/customize/ie/defaul...earch.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://de.yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Malicious Scripts Scanner - {55EA1964-F5E4-4D6A-B9B2-125B37655FCB} - C:\Documents and Settings\All Users\Application Data\Prevx\pxbho.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [PrevxOne] "C:\Program Files\Prevx1\PXConsole.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: Yahoo! Widget Engine.lnk = C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe
O4 - Startup: Gmail Notifier.lnk = C:\Program Files\Google\Gmail Notifier\gnotify.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll
O9 - Extra button: Statistik für Web-Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www3.snapfish.at/SnapfishActivia.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1176098724406
O16 - DPF: {FB90BA05-66E6-4C56-BCD3-D65B0F7EBA39} (Foto.com SpeedUploader 1.0 Control) - http://webalbum.foto.com/FUploader/SpeedUploader.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" -r (file missing)
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: Prevx Agent (PREVXAgent) - Unknown owner - C:\Program Files\Prevx1\PXAgent.exe" -f (file missing)
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZONELABS\vsmon.exe
O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

#6 Falu

Falu

  • Security Colleague
  • 3,001 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:12:09 AM

Posted 25 April 2007 - 03:00 AM

Hi schag1, :flowers:

Thank´s for all your information and advice.


You're very welcome.

1.

But I´m going to take your advice and reformate my whole computer. I do use my computer for more than only music and pictures, and since you told me that this virus is quite dangerous, I´m quite scared.


A very wise decision.

2.

If I reformate and reinstall it, will all the virus be completely deleted then?


Yes it will as all the other information you have on your computer. In my first post I allready referred to here for tips on reformatting/re-installing. Before doing anything read the information presented.

Do you have an external harddisk or an alternative storage system (USB stick, CD's) large enough to copy your entire disk so you can be sure that you don't lose anything (bookmarks, e-mail, passwords, IP dadresses, usernames etc.)? There are some free programmes to help you do the job like: WinBackup 1.86. But remember to scan files with an antivirus before installing them again on your reformatted computer, since they came from an infected computer.

Furthermore don't forget to change your passwords!

3.

Do you know where I might have got this virus from


Unfortunately I cann't tell you for sure, but for example Win32/Sality Family often comes with the Email-Worm.Win32.Bagle.bb!

4. By the way your AVG report showed a lot of tracking cookies. If you are very active at the internet run ATF Cleaner once every two weeks if not so active do it once every month. It's best to close your browser while running it.

5.

, so that I can avvoid to get it again after reinstalling the OS?


Yes you can do a lot to prevent future problems:

a. Visit Windows Update on a regular basis to stay current with critical updates.

b. Use a Firewall. Without a firewall your computer is susceptible to being hacked and taken over. Simply using a Firewall in its default configuration can lower your risk greatly.

For a tutorial on Firewalls and a listing of some available ones click: Understanding and Using Firewalls!

c. It is very important that your computer has an anti-virus software running (as you have by the way). For your information see this link for a listing of some online & their stand-alone antivirus programs:

Virus, Spyware, and Malware Protection and Removal Resources!

d. Install and run the following free programs:

* Ad-Aware SE
A tutorial on using Ad-Aware to remove spyware from your computer may be found here!

* Spybot-Search & Destroy
A tutorial on using Spybot to remove spyware from your computer may be found
here! Please also remember to enable Spybot's "Immunize" and "TeaTimer" features.

* SpywareBlaster
A tutorial on using SpywareBlaster to prevent spyware from ever installing on your computer may be found here!

* SpywareGuard
A tutorial on using SpywareGuard for realtime protection against spyware and hijackers may be found here!

* IE-SPYAD puts over 5000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all.

Keep all these programs (including your anti-virus) up-to-date and run them regularly.
If you do not update regularly they will not be able to catch any of the new variants that may come out.

e. I recommend you to read Tony Klein's excellent article: So how did I get infected in the first place?

f. If you want to fight back the Malware Writers, please take a look here!

Glad I was able to help and if there are any other problems related to your computer please feel free to post them in the appropriate forum. Though we help people with spyware and viruses here at BleepingComputer Forums, we also help people with other computer problems! Do not forget to tell your friends about us!

Good luck! :thumbsup:

#7 schag1

schag1
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:01:09 PM

Posted 07 May 2007 - 09:32 AM

Hello again!

I reformated my computer and installed the programs you adviced. Thanks again for your help! I appreciate it. You gave me a lot of information and I hope now my computer won´t get infected so easily anymore. But it´s nice to know that I would find help here in this forum again.

:thumbsup:

Best wishes!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users