Hello, i have a big problem of viruses.. It seems i have the Win32:Zlob-BM virus, it's a trojan horse. I keep deleting it but always come back OR don't delete it at all !! I saw somewhere that i needed to do a scan with Smitfraudfix. I did it and here the results. ---------------------------------------------------------------- SmitFraudFix v2.53 Scan done at 17:41:46,29, 2006-06-01 Run from C:\Documents and Settings\Alexandre\Desktop\Smitfraudfix\SmitfraudFix OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT Fix ran in normal mode »»»»»»»»»»»»»»»»»»»»»»»» C:\ »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS C:\WINDOWS\q*_disk.dll FOUND ! »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32 C:\WINDOWS\system32\date.ico FOUND ! C:\WINDOWS\system32\dcomcfg.exe FOUND ! C:\WINDOWS\system32\ld????.tmp FOUND ! C:\WINDOWS\system32\network.ico FOUND ! C:\WINDOWS\system32\ot.ico FOUND ! C:\WINDOWS\system32\pharm.ico FOUND ! C:\WINDOWS\system32\regperf.exe FOUND ! C:\WINDOWS\system32\simpole.tlb FOUND ! C:\WINDOWS\system32\spam.ico FOUND ! C:\WINDOWS\system32\spyware.ico FOUND ! C:\WINDOWS\system32\stdole3.tlb FOUND ! C:\WINDOWS\system32\ts.ico FOUND ! C:\WINDOWS\system32\wp.bmp FOUND ! C:\WINDOWS\system32\1024\ FOUND ! »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Alexandre\Application Data »»»»»»»»»»»»»»»»»»»»»»»» Start Menu »»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\ALEXAN~1\FAVORI~1 C:\DOCUME~1\ALEXAN~1\FAVORI~1\Antivirus Test Online.url FOUND ! »»»»»»»»»»»»»»»»»»»»»»»» Desktop »»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files »»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys HKLM\SOFTWARE\PSGuard.com FOUND ! »»»»»»»»»»»»»»»»»»»»»»»» Desktop Components [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0] "Source"="About:Home" "SubscribedURL"="About:Home" "FriendlyName"="My Current Home Page" »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler !!!Attention, following keys are not inevitably infected!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler] "{0c7416f0-dd23-420f-97f5-aae352ea2bf1}"="glochid" [HKEY_CLASSES_ROOT\CLSID\{0c7416f0-dd23-420f-97f5-aae352ea2bf1}\InProcServer32] @="C:\WINDOWS\System32\wfkduei.dll" [HKEY_CURRENT_USER\Software\Classes\CLSID\{0c7416f0-dd23-420f-97f5-aae352ea2bf1}\InProcServer32] @="C:\WINDOWS\System32\wfkduei.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler] "{e5b1e382-817e-4b74-8a96-ec78751e6acf}"="incatenate" [HKEY_CLASSES_ROOT\CLSID\{e5b1e382-817e-4b74-8a96-ec78751e6acf}\InProcServer32] @="C:\WINDOWS\System32\imfdfcj.dll" [HKEY_CURRENT_USER\Software\Classes\CLSID\{e5b1e382-817e-4b74-8a96-ec78751e6acf}\InProcServer32] @="C:\WINDOWS\System32\imfdfcj.dll" »»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection C:\WINDOWS\system32\wininet.dll infected ! »»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll backup Volume in drive C has no label. Volume Serial Number is AC53-4921 Directory of C:\WINDOWS\$NtUninstallKB834707-IE6-20040929.115007$ 2001-08-23 12:00 593ÿ920 wininet.dll 1 File(s) 593ÿ920 bytes Directory of C:\WINDOWS\LastGood\System32 2004-01-08 16:23 585ÿ216 WININET.DLL 1 File(s) 585ÿ216 bytes Directory of C:\WINDOWS\LastGood\System32\DllCache 2004-01-08 16:23 585ÿ216 WININET.DLL 1 File(s) 585ÿ216 bytes Directory of C:\WINDOWS\LastGood.Tmp\System32 2001-08-23 12:00 593ÿ920 WININET.DLL 1 File(s) 593ÿ920 bytes Directory of C:\WINDOWS\LastGood.Tmp\System32\DllCache 2001-08-23 12:00 593ÿ920 WININET.DLL 1 File(s) 593ÿ920 bytes Directory of C:\WINDOWS\system32 2004-01-08 16:23 585ÿ216 wininet.dll 1 File(s) 585ÿ216 bytes Directory of C:\WINDOWS\system32\dllcache 2004-01-08 16:23 585ÿ216 WININET.DLL 1 File(s) 585ÿ216 bytes »»»»»»»»»»»»»»»»»»»»»»»» End ---------------------------------------------------------- I really hope this can work :S Someone has an answer ? Thanks a lot
And here's the log for HiJackthis --------------------------------------------------- Logfile of HijackThis v1.99.1 Scan saved at 18:31:05, on 2006-06-01 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\runservice.exe C:\WINDOWS\System32\nvsvc32.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\WINDOWS\System32\rundll32.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\explorer.exe C:\WINDOWS\System32\dcomcfg.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\HJT\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.updatesearches.com/search.php?qq=%1 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://www.updatesearches.com/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: URLLink - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Program Files\NewDotNet\newdotnet7_22.dll O2 - BHO: (no name) - {6ab7158b-4bff-4160-ad7d-4d622df548cf} - C:\WINDOWS\System32\hp100.tmp (file missing) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [anvshell] anvshell.exe O4 - HKLM\..\Run: [LiveNote] livenote.exe O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" O4 - HKLM\..\Run: [Generic Host Process32g System Backup] scvhost32cg.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [MSNPluginSrvcs] p6.exe O4 - HKLM\..\Run: [ohwrwzmb] C:\WINDOWS\ohwrwzmb.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [PSGuard] C:\Program Files\PSGuard\PSGuard.exe O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [WhenUSearchWHSE] "C:\Program Files\WhenUSearch\whse.exe" O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,ClientStartup -s O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [VIRIT LITE MONITOR] C:\VEXPLITE\MONLITE.EXE O4 - HKLM\..\RunServices: [Generic Host Process32g System Backup] scvhost32cg.exe O4 - HKLM\..\RunServices: [MSNPluginSrvcs] p6.exe O4 - HKCU\..\Run: [Generic Host Process32g System Backup] scvhost32cg.exe O4 - HKCU\..\Run: [MSNPluginSrvcs] p6.exe O4 - Startup: Eurobarre.lnk = ? O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Microsoft AntiSpyware helper - {A1F38CA3-AB0B-4C5D-B0D2-4DD0EA492F4F} - C:\WINDOWS\System32\wldr.dll (file missing) O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {A1F38CA3-AB0B-4C5D-B0D2-4DD0EA492F4F} - C:\WINDOWS\System32\wldr.dll (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O9 - Extra button: Microsoft AntiSpyware helper - {A1F38CA3-AB0B-4C5D-B0D2-4DD0EA492F4F} - C:\WINDOWS\System32\wldr.dll (file missing) (HKCU) O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {A1F38CA3-AB0B-4C5D-B0D2-4DD0EA492F4F} - C:\WINDOWS\System32\wldr.dll (file missing) (HKCU) O10 - Hijacked Internet access by New.Net O10 - Hijacked Internet access by New.Net O10 - Hijacked Internet access by New.Net O10 - Hijacked Internet access by New.Net O10 - Hijacked Internet access by New.Net O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab O20 - AppInit_DLLs: c:\windows\system32\hk.dll O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - C:\WINDOWS\runservice.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: Virit eXplorer Lite (viritsvclite) - TG Soft Sas www.tgsoft.it - C:\VEXPLITE\viritsvc.exe
Hi metalgod. You got a quite nice malware collection there... You don't have a firewall on your computer. Download and install one firewall. These are good (free) firewalls: ZoneAlarm --> http://www.zonelabs.com Kerio--> http://www.sunbelt-software.com/Kerio.cfm Outpost-> http://www.agnitum.com Cleaning instructions: Download and install Ewido anti-malware -> http://www.ewido.net/en/download Update it, but do NOT run a scan yet. We'll use it later. Donwload LSPFix -> http://www.cexx.org/lspfix.htm to yuor desktop. Don't run this program yet. This program is used only if you lost your internet connection during the cleaning. Go to Control Panel -> Add/Remove programs -> Remove New.Net, NewDotNet, WhenUSearch if found --->IF New.Net or NewDotNet ain't listed in add/or remove programs, do this<--- 1.Un-plug your internet cable. 2.Disable your antispyware and antivirus 3.Download NNuninstall to your desktop http://www.new.net/support/NNuninstall.exe 4.Run NNuninstall.exe file. ->It asks if you want to remove New.Net ->Click Yes. ->When it is done click OK. ->Restart your computer 5.Restart your antivirus 6.Plug your internet cable back. 7.Empty the recycle bin. (IF you lost your internet connection during the new.net removal, doubleclik LSPFix.exe. Check "I know what I'm doing" option.You see two panels; If something is listed in "Remove" panel on the right side, leave it there and press "Finish>>". Then restart your computer and the connection should work. If nothing is listed in "Remove" panel, DO NOTHING, close LSPFix. Go to some different machine to get help. (This is just a precaution. Usually the internet connection stays ok ) -->Then continue from here<--- Run HijackThis. Press Do a system scan only, then close all other windows, checkmark the following entries and press Fix checked R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.updatesearches.com/search.php?qq=%1 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://www.updatesearches.com/ O2 - BHO: URLLink - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Program Files\NewDotNet\newdotnet7_22.dll O4 - HKLM\..\Run: [Generic Host Process32g System Backup] scvhost32cg.exe O4 - HKLM\..\Run: [MSNPluginSrvcs] p6.exe O4 - HKLM\..\Run: [ohwrwzmb] C:\WINDOWS\ohwrwzmb.exe O4 - HKLM\..\Run: [WhenUSearchWHSE] "C:\Program Files\WhenUSearch\whse.exe" O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,ClientStartup -s O4 - HKLM\..\RunServices: [Generic Host Process32g System Backup] scvhost32cg.exe O4 - HKLM\..\RunServices: [MSNPluginSrvcs] p6.exe O4 - HKCU\..\Run: [Generic Host Process32g System Backup] scvhost32cg.exe O4 - HKCU\..\Run: [MSNPluginSrvcs] p6.exe O9 - Extra button: Microsoft AntiSpyware helper - {A1F38CA3-AB0B-4C5D-B0D2-4DD0EA492F4F} - C:\WINDOWS\System32\wldr.dll (file missing) O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {A1F38CA3-AB0B-4C5D-B0D2-4DD0EA492F4F} - C:\WINDOWS\System32\wldr.dll (file missing) O9 - Extra button: Microsoft AntiSpyware helper - {A1F38CA3-AB0B-4C5D-B0D2-4DD0EA492F4F} - C:\WINDOWS\System32\wldr.dll (file missing) (HKCU) O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {A1F38CA3-AB0B-4C5D-B0D2-4DD0EA492F4F} - C:\WINDOWS\System32\wldr.dll (file missing) (HKCU) O20 - AppInit_DLLs: c:\windows\system32\hk.dll <- if you haven't installed any keyloggers yourself Make your hidden files visible -> http://www.bleepingcomputer.com/tutorials/tutorial62.html Restart your computer to the safemode -> http://www.pchell.com/support/safemode.shtml Delete these folders (if found): C:\Program Files\NewDotNet C:\Program Files\WhenUSearch Delete these files (if found): C:\WINDOWS\System32\wldr.dll C:\WINDOWSohwrwzmb.exe C:\Windows\system32\hk.dll <- if you haven't installed any keyloggers yourself Use the Windows "search" function -> Start -> Search -> All files and folders -> More advanced options Checkmark these options: - "Search system folders" - "Search hidden files and folders" - "Search subfolders" ->Search for this and delete if found: scvhost32cg.exe ->Search for this and delete if found: p6.exe Clean the Recycle bin and make your hidden files visible again. When in safemode, open SmitfraudFix folder and doubleclick the file smitfraudfix.cmd Choose option #2 - Clean by typing 2 and pressing "Enter" in order to remove the infected files. You are asked: "Registry cleaning - Do you want to clean the registry ?"; answer "Yes" by typing Y and press "Enter" in order to remove your desktop wallpaper and the infected registry keys. The tool checks if wininet.dll file is infected. You might be asked to replace the infected .dll (if found); answer "Yes" by typing Y and press "Enter". The tool might have to restart your computer; if it won't do it, restart your computer back to normal mode. A textfile will appear after the cleaning process, copy this file and paste it to here. Tha log is saved to your local diskdrive, usually C:\rapport.txt. Warning : Running option 2 in a clean computer will delete your desktop wallpaper. Scan and clean your computer with Ewido and save the report. Download F-Secure Blacklight and save it to your desktop -> http://www.f-secure.com/blacklight/try.shtml Doubleclick blbeta.exe, accept the agreement, click Scan, then click Next You'll see a list what have been found. A log will appear to your desktop, it is named fsbl.xxxxxxx.log (xxxxxxx will be random numbers). DON'T choose Rename if something was found! Post the contents of fsbl.xxxx.log to here (blacklight log from your desktop) Post the following logs to here: -> a fresh HijackThis log -> Ewido's log -> contents of C:\rapport.txt -> Blacklight log
Ok, i did all that you told me to do.. Here's the logs ! --------------------------------------------------------------- Logfile of HijackThis v1.99.1 Scan saved at 14:47:34, on 2006-06-02 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\Program Files\ewido anti-malware\ewidoctrl.exe C:\Program Files\ewido anti-malware\ewidoguard.exe C:\WINDOWS\runservice.exe C:\WINDOWS\System32\nvsvc32.exe C:\VEXPLITE\viritsvc.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\iPod\bin\iPodService.exe C:\HJT\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: (no name) - {6ab7158b-4bff-4160-ad7d-4d622df548cf} - C:\WINDOWS\System32\hp100.tmp (file missing) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [anvshell] anvshell.exe O4 - HKLM\..\Run: [LiveNote] livenote.exe O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [VIRIT LITE MONITOR] C:\VEXPLITE\MONLITE.EXE O4 - Startup: Eurobarre.lnk = ? O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - C:\WINDOWS\runservice.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: Virit eXplorer Lite (viritsvclite) - TG Soft Sas www.tgsoft.it - C:\VEXPLITE\viritsvc.exe ---------------------------------------------------------------- --------------------------------------------------------- ewido anti-malware - Scan report --------------------------------------------------------- + Created on: 14:40:36, 2006-06-02 + Report-Checksum: E9B841F1 + Scan result: HKLM\SOFTWARE\Classes\WUSN.1 -> Adware.SaveNow : Cleaned with backup HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\ins -> Adware.WebRebates : Cleaned with backup HKU\S-1-5-21-746137067-1637723038-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID\{0c7416f0-dd23-420f-97f5-aae352ea2bf1} -> Trojan.Small : Cleaned with backup :mozilla.20:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\bxkkjb17.default\cookies.txt -> TrackingCookie.Sextracker : Cleaned with backup :mozilla.21:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\bxkkjb17.default\cookies.txt -> TrackingCookie.Sextracker : Cleaned with backup :mozilla.35:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\bxkkjb17.default\cookies.txt -> TrackingCookie.Weborama : Cleaned with backup :mozilla.36:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\bxkkjb17.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup :mozilla.38:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\bxkkjb17.default\cookies.txt -> TrackingCookie.Sexlist : Cleaned with backup :mozilla.39:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\bxkkjb17.default\cookies.txt -> TrackingCookie.Sexlist : Cleaned with backup :mozilla.40:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\bxkkjb17.default\cookies.txt -> TrackingCookie.Sexlist : Cleaned with backup :mozilla.41:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\bxkkjb17.default\cookies.txt -> TrackingCookie.Sexlist : Cleaned with backup :mozilla.42:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\bxkkjb17.default\cookies.txt -> TrackingCookie.Sexlist : Cleaned with backup :mozilla.43:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\bxkkjb17.default\cookies.txt -> TrackingCookie.Sexlist : Cleaned with backup :mozilla.44:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\bxkkjb17.default\cookies.txt -> TrackingCookie.Sexlist : Cleaned with backup :mozilla.45:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\bxkkjb17.default\cookies.txt -> TrackingCookie.Sexlist : Cleaned with backup :mozilla.46:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\bxkkjb17.default\cookies.txt -> TrackingCookie.Sexlist : Cleaned with backup :mozilla.47:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\bxkkjb17.default\cookies.txt -> TrackingCookie.Sexlist : Cleaned with backup :mozilla.48:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\bxkkjb17.default\cookies.txt -> TrackingCookie.Sexlist : Cleaned with backup :mozilla.49:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\bxkkjb17.default\cookies.txt -> TrackingCookie.Sexlist : Cleaned with backup :mozilla.50:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\bxkkjb17.default\cookies.txt -> TrackingCookie.Sexlist : Cleaned with backup :mozilla.51:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\bxkkjb17.default\cookies.txt -> TrackingCookie.Sexlist : Cleaned with backup :mozilla.52:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\bxkkjb17.default\cookies.txt -> TrackingCookie.Sexlist : Cleaned with backup :mozilla.53:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\bxkkjb17.default\cookies.txt -> TrackingCookie.Sexlist : Cleaned with backup :mozilla.54:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\bxkkjb17.default\cookies.txt -> TrackingCookie.Sexlist : Cleaned with backup :mozilla.55:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\bxkkjb17.default\cookies.txt -> TrackingCookie.Sexlist : Cleaned with backup :mozilla.56:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\bxkkjb17.default\cookies.txt -> TrackingCookie.Sexlist : Cleaned with backup :mozilla.57:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\bxkkjb17.default\cookies.txt -> TrackingCookie.Sexlist : Cleaned with backup :mozilla.58:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\bxkkjb17.default\cookies.txt -> TrackingCookie.Sexlist : Cleaned with backup :mozilla.59:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\bxkkjb17.default\cookies.txt -> TrackingCookie.Sexlist : Cleaned with backup :mozilla.60:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\bxkkjb17.default\cookies.txt -> TrackingCookie.Sexlist : Cleaned with backup :mozilla.61:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\bxkkjb17.default\cookies.txt -> TrackingCookie.Sexlist : Cleaned with backup :mozilla.62:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\bxkkjb17.default\cookies.txt -> TrackingCookie.Sexlist : Cleaned with backup :mozilla.63:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\bxkkjb17.default\cookies.txt -> TrackingCookie.Sexlist : Cleaned with backup :mozilla.64:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\bxkkjb17.default\cookies.txt -> TrackingCookie.Sexlist : Cleaned with backup :mozilla.65:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\bxkkjb17.default\cookies.txt -> TrackingCookie.Sexlist : Cleaned with backup :mozilla.66:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\bxkkjb17.default\cookies.txt -> TrackingCookie.Sexlist : Cleaned with backup :mozilla.67:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\bxkkjb17.default\cookies.txt -> TrackingCookie.Sexlist : Cleaned with backup :mozilla.68:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\bxkkjb17.default\cookies.txt -> TrackingCookie.Sexlist : Cleaned with backup :mozilla.69:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\bxkkjb17.default\cookies.txt -> TrackingCookie.Sexlist : Cleaned with backup :mozilla.70:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\bxkkjb17.default\cookies.txt -> TrackingCookie.Sexlist : Cleaned with backup :mozilla.71:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\bxkkjb17.default\cookies.txt -> TrackingCookie.Sexlist : Cleaned with backup :mozilla.72:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\bxkkjb17.default\cookies.txt -> TrackingCookie.Sexlist : Cleaned with backup :mozilla.73:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\bxkkjb17.default\cookies.txt -> TrackingCookie.Sexlist : Cleaned with backup :mozilla.74:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\bxkkjb17.default\cookies.txt -> TrackingCookie.Sexlist : Cleaned with backup :mozilla.75:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\bxkkjb17.default\cookies.txt -> TrackingCookie.Paycounter : Cleaned with backup :mozilla.76:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\bxkkjb17.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup :mozilla.77:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\bxkkjb17.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup :mozilla.78:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\bxkkjb17.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup :mozilla.79:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\bxkkjb17.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup :mozilla.80:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\bxkkjb17.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup :mozilla.81:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\bxkkjb17.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup :mozilla.82:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\bxkkjb17.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup :mozilla.83:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\bxkkjb17.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup :mozilla.84:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\bxkkjb17.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup :mozilla.85:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\bxkkjb17.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup :mozilla.86:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\bxkkjb17.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup :mozilla.87:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\bxkkjb17.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup :mozilla.88:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\bxkkjb17.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup :mozilla.89:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\bxkkjb17.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup :mozilla.90:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\bxkkjb17.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup :mozilla.91:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\bxkkjb17.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup :mozilla.92:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\bxkkjb17.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup :mozilla.93:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\bxkkjb17.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup :mozilla.94:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\bxkkjb17.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup :mozilla.95:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\bxkkjb17.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup :mozilla.96:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\bxkkjb17.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup :mozilla.97:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\bxkkjb17.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup :mozilla.98:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\bxkkjb17.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup :mozilla.99:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\bxkkjb17.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup :mozilla.100:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\bxkkjb17.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup :mozilla.101:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\bxkkjb17.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup :mozilla.102:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\bxkkjb17.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup :mozilla.103:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\bxkkjb17.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup :mozilla.104:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\bxkkjb17.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup :mozilla.105:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\bxkkjb17.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup :mozilla.106:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\bxkkjb17.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup :mozilla.107:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\bxkkjb17.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup :mozilla.108:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\bxkkjb17.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup :mozilla.109:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\bxkkjb17.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup :mozilla.110:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\bxkkjb17.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup :mozilla.111:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\bxkkjb17.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup :mozilla.112:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\bxkkjb17.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup :mozilla.113:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\bxkkjb17.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup :mozilla.114:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\bxkkjb17.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup :mozilla.115:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\bxkkjb17.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup :mozilla.116:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\bxkkjb17.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup :mozilla.117:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\bxkkjb17.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup :mozilla.118:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\bxkkjb17.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup :mozilla.119:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\bxkkjb17.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup :mozilla.120:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\bxkkjb17.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup :mozilla.121:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\bxkkjb17.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup :mozilla.122:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\bxkkjb17.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup :mozilla.123:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\bxkkjb17.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup :mozilla.124:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\bxkkjb17.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup :mozilla.125:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\bxkkjb17.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup :mozilla.126:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\bxkkjb17.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup :mozilla.127:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\bxkkjb17.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup :mozilla.149:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\bxkkjb17.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup :mozilla.150:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\bxkkjb17.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup :mozilla.151:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\bxkkjb17.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup :mozilla.152:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\bxkkjb17.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup :mozilla.162:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\bxkkjb17.default\cookies.txt -> TrackingCookie.Tracking101 : Cleaned with backup :mozilla.165:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\bxkkjb17.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup :mozilla.166:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\bxkkjb17.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup :mozilla.167:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\bxkkjb17.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup :mozilla.168:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\bxkkjb17.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup :mozilla.169:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\bxkkjb17.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup :mozilla.170:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\bxkkjb17.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup :mozilla.171:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\bxkkjb17.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup :mozilla.191:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\bxkkjb17.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup :mozilla.192:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\bxkkjb17.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup :mozilla.193:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\bxkkjb17.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup :mozilla.240:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\bxkkjb17.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup :mozilla.241:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\bxkkjb17.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup :mozilla.242:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\bxkkjb17.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup :mozilla.243:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\bxkkjb17.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup :mozilla.244:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\bxkkjb17.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup :mozilla.245:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\bxkkjb17.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup :mozilla.246:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\bxkkjb17.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup :mozilla.249:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\bxkkjb17.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup :mozilla.253:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\bxkkjb17.default\cookies.txt -> TrackingCookie.Smartadserver : Cleaned with backup :mozilla.254:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\bxkkjb17.default\cookies.txt -> TrackingCookie.Smartadserver : Cleaned with backup :mozilla.255:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\bxkkjb17.default\cookies.txt -> TrackingCookie.Smartadserver : Cleaned with backup :mozilla.262:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\bxkkjb17.default\cookies.txt -> TrackingCookie.Masterstats : Cleaned with backup :mozilla.265:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\bxkkjb17.default\cookies.txt -> TrackingCookie.Clickzs : Cleaned with backup :mozilla.266:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\bxkkjb17.default\cookies.txt -> TrackingCookie.Clickzs : Cleaned with backup :mozilla.281:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\bxkkjb17.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup :mozilla.282:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\bxkkjb17.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup :mozilla.283:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\bxkkjb17.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup :mozilla.284:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\bxkkjb17.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup :mozilla.285:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\bxkkjb17.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup :mozilla.286:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\bxkkjb17.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup :mozilla.287:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\bxkkjb17.default\cookies.txt -> TrackingCookie.Clickzs : Cleaned with backup :mozilla.288:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\bxkkjb17.default\cookies.txt -> TrackingCookie.Clickzs : Cleaned with backup :mozilla.289:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\bxkkjb17.default\cookies.txt -> TrackingCookie.Clickzs : Cleaned with backup :mozilla.290:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\bxkkjb17.default\cookies.txt -> TrackingCookie.Clickzs : Cleaned with backup :mozilla.291:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\bxkkjb17.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup :mozilla.292:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\bxkkjb17.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup :mozilla.293:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\bxkkjb17.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup :mozilla.294:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\bxkkjb17.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup :mozilla.295:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\bxkkjb17.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup :mozilla.296:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\bxkkjb17.default\cookies.txt -> TrackingCookie.Com : Cleaned with backup :mozilla.297:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\bxkkjb17.default\cookies.txt -> TrackingCookie.Com : Cleaned with backup :mozilla.304:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\bxkkjb17.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup :mozilla.345:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\bxkkjb17.default\cookies.txt -> TrackingCookie.Adocean : Cleaned with backup :mozilla.346:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\bxkkjb17.default\cookies.txt -> TrackingCookie.Adocean : Cleaned with backup :mozilla.350:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\bxkkjb17.default\cookies.txt -> TrackingCookie.Revenue : Cleaned with backup :mozilla.367:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\bxkkjb17.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup :mozilla.369:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\bxkkjb17.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned with backup :mozilla.371:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\bxkkjb17.default\cookies.txt -> TrackingCookie.Coremetrics : Cleaned with backup :mozilla.378:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\bxkkjb17.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned with backup :mozilla.379:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\bxkkjb17.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned with backup :mozilla.380:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\bxkkjb17.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned with backup :mozilla.381:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\bxkkjb17.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned with backup :mozilla.382:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\bxkkjb17.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned with backup :mozilla.383:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\bxkkjb17.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned with backup C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\gjue2y7f.Alex\Cache\D536F5E0d01 -> Not-A-Virus.Exploit.HTML.CodeBaseExec : Cleaned with backup C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\gjue2y7f.Alex\Cache\EFA351F7d01 -> Adware.NewDotNet : Cleaned with backup :mozilla.16:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\gjue2y7f.Alex\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup :mozilla.32:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\gjue2y7f.Alex\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup :mozilla.33:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\gjue2y7f.Alex\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup :mozilla.43:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\gjue2y7f.Alex\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup :mozilla.44:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\gjue2y7f.Alex\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup :mozilla.45:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\gjue2y7f.Alex\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup :mozilla.46:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\gjue2y7f.Alex\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup :mozilla.47:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\gjue2y7f.Alex\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup :mozilla.48:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\gjue2y7f.Alex\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup :mozilla.49:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\gjue2y7f.Alex\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup :mozilla.50:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\gjue2y7f.Alex\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup :mozilla.51:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\gjue2y7f.Alex\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup :mozilla.52:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\gjue2y7f.Alex\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup :mozilla.53:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\gjue2y7f.Alex\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup :mozilla.54:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\gjue2y7f.Alex\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup :mozilla.59:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\gjue2y7f.Alex\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup :mozilla.65:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\gjue2y7f.Alex\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup :mozilla.66:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\gjue2y7f.Alex\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup :mozilla.67:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\gjue2y7f.Alex\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup :mozilla.68:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\gjue2y7f.Alex\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup :mozilla.69:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\gjue2y7f.Alex\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup :mozilla.70:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\gjue2y7f.Alex\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup :mozilla.72:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\gjue2y7f.Alex\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup :mozilla.79:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\gjue2y7f.Alex\cookies.txt -> TrackingCookie.Adjuggler : Cleaned with backup :mozilla.81:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\gjue2y7f.Alex\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup :mozilla.82:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\gjue2y7f.Alex\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup :mozilla.83:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\gjue2y7f.Alex\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup :mozilla.88:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\gjue2y7f.Alex\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup :mozilla.90:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\gjue2y7f.Alex\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup :mozilla.91:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\gjue2y7f.Alex\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup :mozilla.93:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\gjue2y7f.Alex\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup :mozilla.94:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\gjue2y7f.Alex\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup :mozilla.108:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\gjue2y7f.Alex\cookies.txt -> TrackingCookie.Centrport : Cleaned with backup :mozilla.112:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\gjue2y7f.Alex\cookies.txt -> TrackingCookie.Mediaplex : Cleaned with backup :mozilla.113:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\gjue2y7f.Alex\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup :mozilla.114:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\gjue2y7f.Alex\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup :mozilla.117:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\gjue2y7f.Alex\cookies.txt -> TrackingCookie.Revenue : Cleaned with backup :mozilla.118:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\gjue2y7f.Alex\cookies.txt -> TrackingCookie.Revenue : Cleaned with backup :mozilla.119:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\gjue2y7f.Alex\cookies.txt -> TrackingCookie.Revenue : Cleaned with backup :mozilla.120:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\gjue2y7f.Alex\cookies.txt -> TrackingCookie.247realmedia : Cleaned with backup :mozilla.121:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\gjue2y7f.Alex\cookies.txt -> TrackingCookie.247realmedia : Cleaned with backup :mozilla.122:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\gjue2y7f.Alex\cookies.txt -> TrackingCookie.247realmedia : Cleaned with backup :mozilla.132:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\gjue2y7f.Alex\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup :mozilla.133:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\gjue2y7f.Alex\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup :mozilla.134:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\gjue2y7f.Alex\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup :mozilla.136:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\gjue2y7f.Alex\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup :mozilla.137:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\gjue2y7f.Alex\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup :mozilla.138:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\gjue2y7f.Alex\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup :mozilla.139:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\gjue2y7f.Alex\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup :mozilla.142:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\gjue2y7f.Alex\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup :mozilla.143:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\gjue2y7f.Alex\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup :mozilla.144:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\gjue2y7f.Alex\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup :mozilla.145:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\gjue2y7f.Alex\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup :mozilla.146:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\gjue2y7f.Alex\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup :mozilla.147:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\gjue2y7f.Alex\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup :mozilla.148:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\gjue2y7f.Alex\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup :mozilla.149:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\gjue2y7f.Alex\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup :mozilla.150:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\gjue2y7f.Alex\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup :mozilla.151:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\gjue2y7f.Alex\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup :mozilla.152:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\gjue2y7f.Alex\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup :mozilla.153:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\gjue2y7f.Alex\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup :mozilla.154:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\gjue2y7f.Alex\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup :mozilla.155:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\gjue2y7f.Alex\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup :mozilla.156:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\gjue2y7f.Alex\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup :mozilla.157:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\gjue2y7f.Alex\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup :mozilla.158:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\gjue2y7f.Alex\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup :mozilla.159:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\gjue2y7f.Alex\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup :mozilla.160:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\gjue2y7f.Alex\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup :mozilla.161:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\gjue2y7f.Alex\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup :mozilla.162:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\gjue2y7f.Alex\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup :mozilla.163:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\gjue2y7f.Alex\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup :mozilla.164:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\gjue2y7f.Alex\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup :mozilla.165:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\gjue2y7f.Alex\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup :mozilla.166:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\gjue2y7f.Alex\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup :mozilla.167:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\gjue2y7f.Alex\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup :mozilla.168:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\gjue2y7f.Alex\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup :mozilla.169:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\gjue2y7f.Alex\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup :mozilla.170:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\gjue2y7f.Alex\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup :mozilla.171:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\gjue2y7f.Alex\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup :mozilla.172:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\gjue2y7f.Alex\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup :mozilla.173:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\gjue2y7f.Alex\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup :mozilla.174:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\gjue2y7f.Alex\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup :mozilla.175:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\gjue2y7f.Alex\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup :mozilla.176:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\gjue2y7f.Alex\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup :mozilla.177:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\gjue2y7f.Alex\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup :mozilla.178:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\gjue2y7f.Alex\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup :mozilla.179:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\gjue2y7f.Alex\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup :mozilla.180:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\gjue2y7f.Alex\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup :mozilla.181:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\gjue2y7f.Alex\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup :mozilla.182:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\gjue2y7f.Alex\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup :mozilla.183:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\gjue2y7f.Alex\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup :mozilla.184:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\gjue2y7f.Alex\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup :mozilla.185:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\gjue2y7f.Alex\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup :mozilla.186:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\gjue2y7f.Alex\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup :mozilla.187:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\gjue2y7f.Alex\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup :mozilla.188:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\gjue2y7f.Alex\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup :mozilla.189:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\gjue2y7f.Alex\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup :mozilla.190:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\gjue2y7f.Alex\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup :mozilla.191:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\gjue2y7f.Alex\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup :mozilla.192:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\gjue2y7f.Alex\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup :mozilla.195:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\gjue2y7f.Alex\cookies.txt -> TrackingCookie.Sexlist : Cleaned with backup :mozilla.196:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\gjue2y7f.Alex\cookies.txt -> TrackingCookie.Sexlist : Cleaned with backup :mozilla.197:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\gjue2y7f.Alex\cookies.txt -> TrackingCookie.Sexlist : Cleaned with backup :mozilla.198:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\gjue2y7f.Alex\cookies.txt -> TrackingCookie.Sexlist : Cleaned with backup :mozilla.199:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\gjue2y7f.Alex\cookies.txt -> TrackingCookie.Sexlist : Cleaned with backup :mozilla.200:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\gjue2y7f.Alex\cookies.txt -> TrackingCookie.Sexlist : Cleaned with backup :mozilla.201:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\gjue2y7f.Alex\cookies.txt -> TrackingCookie.Sexlist : Cleaned with backup :mozilla.202:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\gjue2y7f.Alex\cookies.txt -> TrackingCookie.Sexlist : Cleaned with backup :mozilla.240:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\gjue2y7f.Alex\cookies.txt -> TrackingCookie.Paycounter : Cleaned with backup :mozilla.260:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\gjue2y7f.Alex\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup :mozilla.261:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\gjue2y7f.Alex\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup :mozilla.262:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\gjue2y7f.Alex\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup :mozilla.263:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\gjue2y7f.Alex\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup :mozilla.264:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\gjue2y7f.Alex\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup :mozilla.265:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\gjue2y7f.Alex\cookies.txt -> TrackingCookie.Burstbeacon : Cleaned with backup :mozilla.268:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\gjue2y7f.Alex\cookies.txt -> TrackingCookie.Yadro : Cleaned with backup :mozilla.278:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\gjue2y7f.Alex\cookies.txt -> TrackingCookie.Targetnet : Cleaned with backup :mozilla.279:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\gjue2y7f.Alex\cookies.txt -> TrackingCookie.Targetnet : Cleaned with backup :mozilla.290:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\gjue2y7f.Alex\cookies.txt -> TrackingCookie.Com : Cleaned with backup :mozilla.314:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\gjue2y7f.Alex\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup :mozilla.315:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\gjue2y7f.Alex\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup :mozilla.321:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\gjue2y7f.Alex\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup :mozilla.322:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\gjue2y7f.Alex\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup :mozilla.329:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\gjue2y7f.Alex\cookies.txt -> TrackingCookie.Weborama : Cleaned with backup :mozilla.330:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\gjue2y7f.Alex\cookies.txt -> TrackingCookie.Smartadserver : Cleaned with backup :mozilla.331:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\gjue2y7f.Alex\cookies.txt -> TrackingCookie.Smartadserver : Cleaned with backup :mozilla.332:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\gjue2y7f.Alex\cookies.txt -> TrackingCookie.Smartadserver : Cleaned with backup :mozilla.350:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\gjue2y7f.Alex\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup :mozilla.351:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\gjue2y7f.Alex\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup :mozilla.352:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\gjue2y7f.Alex\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup :mozilla.353:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\gjue2y7f.Alex\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup :mozilla.354:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\gjue2y7f.Alex\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup :mozilla.365:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\gjue2y7f.Alex\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup :mozilla.395:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\gjue2y7f.Alex\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup :mozilla.396:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\gjue2y7f.Alex\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup :mozilla.397:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\gjue2y7f.Alex\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup :mozilla.398:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\gjue2y7f.Alex\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup :mozilla.403:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\gjue2y7f.Alex\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup :mozilla.409:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\gjue2y7f.Alex\cookies.txt -> TrackingCookie.Euroclick : Cleaned with backup :mozilla.410:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\gjue2y7f.Alex\cookies.txt -> TrackingCookie.Euroclick : Cleaned with backup :mozilla.411:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\gjue2y7f.Alex\cookies.txt -> TrackingCookie.Euroclick : Cleaned with backup :mozilla.414:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\gjue2y7f.Alex\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup :mozilla.415:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\gjue2y7f.Alex\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup :mozilla.417:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\gjue2y7f.Alex\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup :mozilla.443:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\gjue2y7f.Alex\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup :mozilla.445:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\gjue2y7f.Alex\cookies.txt -> TrackingCookie.Qksrv : Cleaned with backup :mozilla.448:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\gjue2y7f.Alex\cookies.txt -> TrackingCookie.Qksrv : Cleaned with backup C:\Documents and Settings\Alexandre\Cookies\alexandre@aavalue[2].txt -> TrackingCookie.Aavalue : Cleaned with backup C:\Documents and Settings\Alexandre\Cookies\alexandre@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned with backup C:\Documents and Settings\Alexandre\Cookies\alexandre@ads.realcastmedia[2].txt -> TrackingCookie.Realcastmedia : Cleaned with backup C:\Documents and Settings\Alexandre\Cookies\alexandre@ads1.revenue[2].txt -> TrackingCookie.Revenue : Cleaned with backup C:\Documents and Settings\Alexandre\Cookies\alexandre@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned with backup C:\Documents and Settings\Alexandre\Cookies\alexandre@com[2].txt -> TrackingCookie.Com : Cleaned with backup C:\Documents and Settings\Alexandre\Cookies\alexandre@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned with backup C:\Documents and Settings\Alexandre\Cookies\alexandre@getmusicfree.aavalue[1].txt -> TrackingCookie.Aavalue : Cleaned with backup C:\Documents and Settings\Alexandre\Cookies\alexandre@grouplotto.aavalue[2].txt -> TrackingCookie.Aavalue : Cleaned with backup C:\Documents and Settings\Alexandre\Cookies\alexandre@h.starware[2].txt -> TrackingCookie.Starware : Cleaned with backup C:\Documents and Settings\Alexandre\Cookies\alexandre@rotator.adjuggler[1].txt -> TrackingCookie.Adjuggler : Cleaned with backup C:\Documents and Settings\Alexandre\Cookies\alexandre@www.starware[1].txt -> TrackingCookie.Starware : Cleaned with backup C:\Documents and Settings\Fidele\Start Menu\Programs\Power Scan -> Adware.PowerScan : Cleaned with backup C:\msn8ba.exe -> Heuristic.Win32.Morphine-Crypted : Cleaned with backup C:\Program Files\FastTorrent\nngluz564.exe -> Adware.NewDotNet : Cleaned with backup C:\Program Files\FastTorrent\TBGLZ127Q.exe -> Adware.Quick : Cleaned with backup C:\RECYCLER\S-1-5-21-746137067-1637723038-839522115-1003\Dc9.exe -> Adware.NewDotNet : Cleaned with backup C:\rez.exe -> Heuristic.Win32.Morphine-Crypted : Cleaned with backup C:\WINDOWS\NDNuninstall6_90.exe -> Adware.NewDotNet : Cleaned with backup C:\WINDOWS\NDNuninstall6_98.exe -> Adware.NewDotNet : Cleaned with backup C:\WINDOWS\NDNuninstall7_14.exe -> Adware.NewDotNet : Cleaned with backup C:\WINDOWS\NDNuninstall7_22.exe -> Adware.NewDotNet : Cleaned with backup ::Report End ----------------------------------------------------------------- SmitFraudFix v2.53 Scan done at 13:46:51,10, 2006-06-02 Run from C:\Documents and Settings\Alexandre\Desktop\Smitfraudfix\SmitfraudFix OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT Fix ran in safe mode »»»»»»»»»»»»»»»»»»»»»»»» Before SmitFraudFix !!!Attention, following keys are not inevitably infected!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler] "{0c7416f0-dd23-420f-97f5-aae352ea2bf1}"="glochid" [HKEY_CLASSES_ROOT\CLSID\{0c7416f0-dd23-420f-97f5-aae352ea2bf1}\InProcServer32] @="C:\WINDOWS\System32\wfkduei.dll" [HKEY_CURRENT_USER\Software\Classes\CLSID\{0c7416f0-dd23-420f-97f5-aae352ea2bf1}\InProcServer32] @="C:\WINDOWS\System32\wfkduei.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler] "{e5b1e382-817e-4b74-8a96-ec78751e6acf}"="incatenate" [HKEY_CLASSES_ROOT\CLSID\{e5b1e382-817e-4b74-8a96-ec78751e6acf}\InProcServer32] @="C:\WINDOWS\System32\imfdfcj.dll" [HKEY_CURRENT_USER\Software\Classes\CLSID\{e5b1e382-817e-4b74-8a96-ec78751e6acf}\InProcServer32] @="C:\WINDOWS\System32\imfdfcj.dll" »»»»»»»»»»»»»»»»»»»»»»»» Killing process »»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files C:\WINDOWS\q*_disk.dll Deleted C:\WINDOWS\system32\atmclk.exe Deleted C:\WINDOWS\system32\date.ico Deleted C:\WINDOWS\system32\dcomcfg.exe Deleted C:\WINDOWS\system32\hp???.tmp Deleted C:\WINDOWS\system32\ld????.tmp Deleted C:\WINDOWS\system32\network.ico Deleted C:\WINDOWS\system32\ot.ico Deleted C:\WINDOWS\system32\pharm.ico Deleted C:\WINDOWS\system32\regperf.exe Deleted C:\WINDOWS\system32\simpole.tlb Deleted C:\WINDOWS\system32\spam.ico Deleted C:\WINDOWS\system32\spyware.ico Deleted C:\WINDOWS\system32\stdole3.tlb Deleted C:\WINDOWS\system32\ts.ico Deleted C:\WINDOWS\system32\wp.bmp Deleted C:\WINDOWS\system32\1024\ Deleted C:\DOCUME~1\ALEXAN~1\FAVORI~1\Antivirus Test Online.url Deleted »»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix GenericRenosFix by S!Ri C:\WINDOWS\System32\wfkduei.dll -> Missing File C:\WINDOWS\System32\imfdfcj.dll -> Missing File »»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files »»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning HKLM\SOFTWARE\PSGuard.com Deleted Registry Cleaning done. »»»»»»»»»»»»»»»»»»»»»»»» After SmitFraudFix !!!Attention, following keys are not inevitably infected!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll C:\WINDOWS\system32\wininet.dll infected ! Searching wininet.dll backup file... C:\WINDOWS\$NtUninstallKB834707-IE6-20040929.115007$\wininet.dll C:\WINDOWS\LastGood\System32\WININET.DLL C:\WINDOWS\LastGood\System32\DllCache\WININET.DLL C:\WINDOWS\LastGood.Tmp\System32\WININET.DLL C:\WINDOWS\LastGood.Tmp\System32\DllCache\WININET.DLL C:\WINDOWS\system32\wininet.dll C:\WINDOWS\system32\dllcache\WININET.DLL File Found : C:\WINDOWS\system32\dllcache\\wininet.dll System Version : 6.0.2737.800 BackUp Version : 6.0.2737.800 Wininet.dll Remplacement (reboot necessary) »»»»»»»»»»»»»»»»»»»»»»»» End --------------------------------------------------------------- 06/02/06 14:44:10 [Info]: BlackLight Engine 1.0.37 initialized 06/02/06 14:44:10 [Info]: OS: 5.1 build 2600 () 06/02/06 14:44:10 [Note]: 7019 4 06/02/06 14:44:10 [Note]: 7005 0 06/02/06 14:44:17 [Note]: 7006 0 06/02/06 14:44:17 [Note]: 7011 1548 06/02/06 14:44:18 [Note]: 7026 0 06/02/06 14:44:18 [Note]: 7026 0 06/02/06 14:44:27 [Note]: FSRAW library version 1.7.1015 06/02/06 14:46:55 [Note]: 2000 1006 06/02/06 14:46:55 [Note]: 2000 1006 06/02/06 14:47:04 [Note]: 7007 0 ----------------------------------------------------------- Is this ok ? I'm free of malware and the virus i mentionned ? Looking for an answer Thanks !
Ok looking quite good Install a Firewall... Fix this entry with HijackThis: O2 - BHO: (no name) - {6ab7158b-4bff-4160-ad7d-4d622df548cf} - C:\WINDOWS\System32\hp100.tmp (file missing) Open the folder SmitfraudFix and doubleclick smitfraudfix.cmd Choose option #1 - Search by typing 1 and pressing "Enter"; a textfile opens and lists the infected files (if those exist) Post the contents of this textfile to here. You had so many infections there that you could run a one more scanner. This is because there might be something left behind. Download eScan to your desktop -> http://www.spywareinfo.dk/download/mwav.exe Run the file mwav.exe and unzip it to its default location, C:\Kaspersky 1. Updating the scanner (close the eScan window if open) -> Go to My Computer -> C:\ -> Kaspersky -> Run the file kavupd.exe, it starts downloading updates -> When downloading is finished, go to C:\Downloads -> Copy all the files in the Downloads folder by pressing CTRL+A and then CTRL+C -> Then go back to the C:\Kaspersky folder and paste the files by pressing CTRL+V -> Answer Yes to all when it asks about replacing files -> Now the scanner has been updated 2. Scanner settings -> Go to folder C:\Kaspersky and run the file mwavscan.com (or mwavscan.exe) -> The scanner window opens -> Select the same settings than in this picture -> http://koti.mbnet.fi/pattaya1/eScan6.jpg -> When ready, press the Scan Clean button -> Scanning for infections begins 3. Posting the results -> When the scan has finished (scan may take a quite long time), you'll need to post the findings -> Copy all the text in this field -> http://koti.mbnet.fi/pattaya1/eScan10.jpg -> Click the field, press CTRL+A, CTRL+C -> Then open Notepad and paste the findings into a new document by pressing CTRL+V -> Save the document to your desktop -> Post the contents of that textfile to here
Ok thanks a lot, i will do it when i'm home.. I'll be home tomorrow night, so i'll give you an update about it ! Thanks
Ok here's the logs: Smitfraudfix: SmitFraudFix v2.53 Scan done at 0:14:18,57, 2006-06-05 Run from C:\Documents and Settings\Alexandre\Desktop\Smitfraudfix\SmitfraudFix OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT Fix ran in normal mode »»»»»»»»»»»»»»»»»»»»»»»» C:\ »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32 »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Alexandre\Application Data »»»»»»»»»»»»»»»»»»»»»»»» Start Menu »»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\ALEXAN~1\FAVORI~1 »»»»»»»»»»»»»»»»»»»»»»»» Desktop »»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files »»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys »»»»»»»»»»»»»»»»»»»»»»»» Desktop Components »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler !!!Attention, following keys are not inevitably infected!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection »»»»»»»»»»»»»»»»»»»»»»»» End -------------------------------------------------------------- -------------------------------------------------------------- eScan Anti-virus File C:\Documents and Settings\Alexandre\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-66caba6e-418afad0.zip infected by "Exploit.Java.ByteVerify" Virus. Action Taken: File Renamed. File C:\Documents and Settings\Alexandre\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\javainstaller.jar-3cc46f89-28ca6e82.zip infected by "Trojan-Downloader.Java.OpenStream.w" Virus. Action Taken: File Deleted. File C:\Documents and Settings\Alexandre\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\javainstaller.jar-5ad1bcbe-1504587e.zip infected by "Trojan-Downloader.Java.OpenStream.w" Virus. Action Taken: File Deleted. That's it ? How does it look ? And i had a question.. Wich anti-spyware/malware AND anti-virus should i use ? Because you make me download a lot and all that.. I downloaded ZoneAlarm now, that's my firewall.. I'm using Avast! Antivirus, and i have like 4-5 anti-spyware/malware that you told me to download.. Wich ones i keep and use regularly and wich ones i delete ? Thanks !
Ok looking quite good, please post a one more HijackThis log to here. And you should at least keep a firewall and an antivirus. Ewido is a good malware scanner too. The other programs you can remove, most of them were just tools that we needed in the cleaning process. So post a one more HjT log so I can verify that you're clean
Logfile of HijackThis v1.99.1 Scan saved at 12:48:01, on 2006-06-05 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\Program Files\ewido anti-malware\ewidoctrl.exe C:\Program Files\ewido anti-malware\ewidoguard.exe C:\WINDOWS\runservice.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\PROGRA~1\MOZILL~1\FIREFOX.EXE C:\HJT\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [anvshell] anvshell.exe O4 - HKLM\..\Run: [LiveNote] livenote.exe O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe O4 - Startup: Eurobarre.lnk = ? O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - C:\WINDOWS\runservice.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe ----------------------- How does it look ?
You're clean You should update your Windows and Internet Explorer by visiting Windows Update -> http://windowsupdate.microsoft.com -> Firstly, install Service Pack 1 update -> Reboot -> Secondly, install Service back 2 update -> Reboot -> Thirdly, install all remaining important updates You should update your Java (old version has all kinds of vulnerabilities) 1. Click "Start"-> "Control panel" -> Double-click Java icon (coffee cup) 2. Move to "Update" tab and update Java by clicking "Update Now". After that do a restart. 3. If you can't make automatic update, get new version manually from here -> http://java.sun.com/j2se/1.5.0/download.jsp 4. After updating, uninstall the old Java if found from Add/Remove Programs, named as J2SE Runtime Environment 5.0 Update 6 Now that you're clean, here are some tips how to stay clean. -> Stand Up and Be Counted, Malware Complaints -> http://www.malwarecomplaints.info The site offers people who have been (or are) victims of malware the opportunity to document their story and, in that way, launch a complaint against the malware and the makers of the malware. -> Clear your system restore -> http://www.microsoft.com/windowsxp/using/helpandsupport/learnmore/tips/mcgill1.mspx This will clear the system restore folders from possible malware that was left behind during the cleaning process. Remember to create a new restore point after the cleaning. -> Use CCleaner -> http://www.ccleaner.com Download and install CCleaner. Clean your registry and temporary files with it regularly. -> Use Ad-Aware -> http://www.bleepingcomputer.com/forums/?showtutorial=48 Download and install Ad-Aware. Update it and scan your computer regularly with it. -> Use Ewido -> http://www.ewido.net/en Download and install Ewido. Update it and scan your computer regularly with it. -> Install SpywareBlaster -> http://www.javacoolsoftware.com/spywareblaster.html SpywareBlaster will prevent spyware from being installed to your computer. -> Install MVPS Hosts file -> http://mvps.org/winhelp2002/hosts.htm This prevents your computer from connecting to harmful sites. -> Change your browser to Firefox -> http://www.mozilla.org Firefox is faster, safer and quicker browser than Internet Explorer. -> Keep your systen up-to-date -> http://windowsupdate.microsoft.com Visit Windows Update regularly. -> Keep your antivirus and firewall up-to-date Scan your computer regularly with your antivirus. -> Read this article by TonyKlein -> http://castlecops.com/postlite7736-.html So how did I get infected in the first place? Stay clean
THANKS so much man ! Now my computer's normal, everything's fine.. Better that than format my computer Thanks a lot
