« previous next »
Pages: 1 [2]

Author Topic: win32 p2p worm alcan  (Read 2121 times)

Offline mrdiggbert

  • Newbie
  • *
  • Posts: 18
  • Karma: +0/-0
    • View Profile
win32 p2p worm alcan
« Reply #20 on: November 11, 2006, 03:24:42 AM »
sorry about the delay. dont worry about the website i got on to the hosting company and sorted it out. thanks anyway.
here is the new combofix file.

LEE - 06-11-11  9:10:05,60    Service Pack 2
ComboFix 06.10.19 - Running from: "C:\Documents and Settings\LEE\Bureau"

(((((((((((((((((((((((((((((((   Files Created from 2006-10-11 to 2006-11-11  ))))))))))))))))))))))))))))))))))
 
 
2006-11-05    20:58    2,776    --a------    C:\WINDOWS\system32\tmp.reg
2006-11-05    20:57    53,248    --a------    C:\WINDOWS\system32\Process.exe
2006-11-05    20:57    40,960    --a------    C:\WINDOWS\system32\swsc.exe
2006-11-05    20:57    288,417    --a------    C:\WINDOWS\system32\SrchSTS.exe
2006-11-05    20:57    135,168    --a------    C:\WINDOWS\system32\swreg.exe
2006-11-05    18:05    69,632    --a------    C:\WINDOWS\system32\xmltok.dll
2006-11-05    18:05    36,864    --a------    C:\WINDOWS\system32\xmlparse.dll
2006-11-05    18:05    26,088    --a------    C:\WINDOWS\system32\xmlinst.exe
2006-11-03    21:57    3,968    --a------    C:\WINDOWS\system32\drivers\AvgAsCln.sys
2006-10-23    07:51    0    --a------    C:\WINDOWS\system32\Ultra.dll
2006-10-23    07:44    178,408    --a------    C:\WINDOWS\system32\muweb.dll
2006-10-23    07:44    128,744    --a------    C:\WINDOWS\system32\mucltui.dll
2006-10-22    09:02    73,216    --a------    C:\WINDOWS\ST6UNST.EXE
2006-10-22    09:02    245,760    ---------    C:\WINDOWS\Setup1.exe
2006-10-20    04:28    28,672    --a------    C:\WINDOWS\system32\nnr.dll
2006-10-15    11:09    84,480    --a------    C:\WINDOWS\system32\KTzlib.dll
2006-10-15    11:09    802,816    --a------    C:\WINDOWS\system32\KTlibeay32_0.9.7.2.dll
2006-10-15    11:09    159,744    --a------    C:\WINDOWS\system32\KTssleay32_0.9.7.2.dll
2006-10-15    11:09    1,126,400    --a------    C:\WINDOWS\system32\KTiconv.dll
2006-10-15    11:07    59,392    --a------    C:\WINDOWS\system32\drivers\kvpndrv.sys


((((((((((((((((((((((((((((((((((((((((((((((((   Find3M Report   )))))))))))))))))))))))))))))))))))))))))))))))))))))    


2006-11-11 09:07    --------    d--------    C:\Program Files\Mozilla Firefox
2006-11-11 01:32    --------    d--------    C:\Program Files\HijackThis
2006-11-11 00:46    --------    d--------    C:\Program Files\QualityCodec
2006-11-08 14:45    --------    d--------    C:\Program Files\Dofus
2006-11-07 05:34    --------    d--------    C:\Program Files\PCBugDoctor
2006-11-06 20:40    --------    d--------    C:\Program Files\Java
2006-11-06 20:40    --------    d--------    C:\Program Files\Fichiers communs\Java
2006-11-06 20:40    --------    d--------    C:\Program Files\Fichiers communs
2006-11-06 19:53    --------    d--------    C:\Documents and Settings\LEE\Application Data\Wildfire
2006-11-05 18:05    --------    d--------    C:\Program Files\Ubi Soft
2006-11-05 17:52    --------    d--------    C:\Program Files\Yahoo! Games
2006-11-05 17:52    --------    d--------    C:\Program Files\MSN Games
2006-11-05 17:52    --------    d--------    C:\Program Files\Cake Mania
2006-11-03 22:23    --------    d--------    C:\Program Files\eMule
2006-11-03 21:57    --------    d--------    C:\Program Files\Grisoft
2006-11-03 17:31    --------    d--------    C:\Documents and Settings\LEE\Application Data\Magic Match
2006-11-02 17:38    --------    d--------    C:\Program Files\Yahoo!
2006-11-02 17:38    --------    d--------    C:\Program Files\CCleaner
2006-11-02 13:42    --------    d--------    C:\Program Files\Lavasoft
2006-11-02 13:42    --------    d--------    C:\Documents and Settings\LEE\Application Data\Lavasoft
2006-10-27 19:28    --------    d--------    C:\Program Files\Steam
2006-10-26 18:59    --------    d--------    C:\Program Files\Fichiers communs\Sandlot Shared
2006-10-26 17:53    --------    d--------    C:\Documents and Settings\LEE\Application Data\Macromedia
2006-10-23 07:54    --------    d--------    C:\Program Files\MSXML 4.0
2006-10-23 06:50    --------    d--------    C:\Documents and Settings\LEE\Application Data\Canon
2006-10-23 06:49    --------    d--------    C:\Program Files\Windows Live Toolbar
2006-10-23 06:47    --------    d--------    C:\Program Files\Audio Converter
2006-10-23 06:46    --------    d--------    C:\Program Files\3DLivePool_at
2006-10-22 20:44    --------    d--------    C:\Program Files\Google
2006-10-22 20:27    --------    d--------    C:\Program Files\GameHouse
2006-10-22 19:33    --------    d--------    C:\Program Files\Fichiers communs\Microsoft Shared
2006-10-22 19:32    --------    d--------    C:\Program Files\MSN Messenger
2006-10-22 17:55    --------    d--------    C:\Program Files\MadCaps
2006-10-22 09:29    --------    d--------    C:\Program Files\Media Audio Capture
2006-10-22 08:33    --------    d--------    C:\Program Files\IncrediMail
2006-10-21 07:53    --------    d--------    C:\Program Files\Selteco
2006-10-21 07:53    --------    d--------    C:\Program Files\Puzzle Myth
2006-10-20 18:20    --------    d--h-----    C:\Program Files\InstallShield Installation Information
2006-10-20 18:20    --------    d--------    C:\Program Files\Keyboard Driver
2006-10-20 04:28    --------    d--------    C:\Program Files\NetObjects
2006-10-18 17:57    --------    d--------    C:\Program Files\ReflexiveArcade
2006-10-18 16:31    --------    d--------    C:\Program Files\Kerio
2006-10-15 11:12    --------    d--------    C:\Documents and Settings\LEE\Application Data\Kerio
2006-10-07 09:54    --------    d--------    C:\Program Files\Fichiers communs\Ulead Systems
2006-10-07 09:51    --------    d---s----    C:\Program Files\LimeWire
2006-09-30 09:35    --------    d--------    C:\Documents and Settings\LEE\Application Data\ATI
2006-09-30 09:34    --------    d--------    C:\Program Files\ATI Technologies
2006-09-29 18:23    778656    --a------    C:\WINDOWS\system32\drivers\avg7core.sys
2006-09-27 18:30    --------    d--------    C:\Program Files\SPAMfighter
2006-09-27 18:30    --------    d--------    C:\Program Files\Fichiers communs\Application
2006-09-27 18:30    --------    d--------    C:\Program Files\Fichiers communs\Ankiro
2006-09-21 16:05    278528    --a------    C:\WINDOWS\system32\livesnth.dll
2006-09-16 12:30    --------    d--------    C:\Program Files\Gamenext
2006-09-13 06:03    1084416    --a------    C:\WINDOWS\system32\msxml3.dll
2006-09-12 16:51    1245184    --a------    C:\WINDOWS\system32\msxml4.dll
2006-09-12 09:15    --------    d--------    C:\Documents and Settings\LEE\Application Data\AdobeUM
2006-08-29 08:51    1339392    -ra------    C:\WINDOWS\system32\FreeImage.dll
2006-08-25 16:51    617472    --a------    C:\WINDOWS\system32\comctl32.dll
2006-08-23 03:11    307200    --a------    C:\WINDOWS\system32\atiiiexx.dll
2006-08-23 02:53    260096    --a------    C:\WINDOWS\system32\ati2dvag.dll
2006-08-23 02:47    114688    --a------    C:\WINDOWS\system32\atipdlxx.dll
2006-08-23 02:46    86016    --a------    C:\WINDOWS\system32\ati2evxx.dll
2006-08-23 02:46    77824    --a------    C:\WINDOWS\system32\Oemdspif.dll
2006-08-23 02:46    41984    --a------    C:\WINDOWS\system32\ati2edxx.dll
2006-08-23 02:46    26112    --a------    C:\WINDOWS\system32\Ati2mdxx.exe
2006-08-23 02:45    413696    --a------    C:\WINDOWS\system32\ati2evxx.exe
2006-08-23 02:44    53248    --a------    C:\WINDOWS\system32\ATIDDC.DLL
2006-08-23 02:38    2401984    --a------    C:\WINDOWS\system32\ati3duag.dll
2006-08-23 02:33    303104    --a------    C:\WINDOWS\system32\ATIDEMGR.dll
2006-08-23 02:33    2510752    --a------    C:\WINDOWS\system32\ativvaxx.dll
2006-08-23 02:27    6684672    --a------    C:\WINDOWS\system32\atioglx1.dll
2006-08-23 02:24    5140480    --a------    C:\WINDOWS\system32\atioglxx.dll
2006-08-23 02:21    221184    --a------    C:\WINDOWS\system32\atikvmag.dll
2006-08-23 02:19    17408    --a------    C:\WINDOWS\system32\atitvo32.dll
2006-08-23 02:14    290816    --a------    C:\WINDOWS\system32\ati2cqag.dll
2006-08-22 20:05    520192    ---------    C:\WINDOWS\system32\ati2sgag.exe
2006-08-21 13:26    16896    --a------    C:\WINDOWS\system32\fltlib.dll
2006-08-21 10:14    23040    --a------    C:\WINDOWS\system32\fltmc.exe
2006-08-16 12:59    100352    --a------    C:\WINDOWS\system32\6to4svc.dll
 
 
((((((((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))
 
*Note* empty entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"NBJ"="\"C:\\PROGRA~1\\Ahead\\NEROBA~1\\NBJ.exe\""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"SpeedTouch USB Diagnostics"="\"C:\\Program Files\\Thomson\\SpeedTouch USB\\Dragdiag.exe\" /icon"
"PinnacleDriverCheck"="C:\\WINDOWS\\System32\\PSDrvCheck.exe -CheckReg"
"AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgcc.exe /STARTUP"
"SPAMfighter Agent"="\"C:\\Program Files\\SPAMfighter\\SFAgent.exe\" update delay 60"
"ATICCC"="\"C:\\Program Files\\ATI Technologies\\ATI.ACE\\CLIStart.exe\""
"KBDriver"="C:\\Program Files\\Keyboard Driver\\OEMDriver.exe"
"!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_09\\bin\\jusched.exe\""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\AutorunsDisabled]
"OPSE reminder"="\"D:\\Program Files\\ScanSoft\\OmniPageSE2.0\\EregFre\\Ereg.exe\" -r \"D:\\Program Files\\ScanSoft\\OmniPageSE2.0\\EregFre\\ereg.ini\""
"OpwareSE2"="\"D:\\Program Files\\ScanSoft\\OmniPageSE2.0\\OpwareSE2.exe\""
"PinnacleDriverCheck"="C:\\WINDOWS\\System32\\PSDrvCheck.exe -CheckReg"
"MessengerPlus3"="\"C:\\Program Files\\MessengerPlus! 3\\MsgPlus.exe\""
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000000

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Pré-chargeur Browseui"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Démon de cache des catégories de composant"
"{553858A7-4922-4e7e-B1C1-97140C1C16EF}"="IE Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableClock"=dword:00000000

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
"NoSetFolders"=dword:00000000
"NoSetTaskbar"=dword:00000000
"NoControlPanel"=dword:00000000
"NoRun"=dword:00000000
"NoFind"=dword:00000000
"NoMultiIE"=dword:00000000
"LWA"=dword:00000000
"LWB"=dword:00000000
"LWC"=dword:00000000
"LWD"=dword:00000000
"LWE"=dword:00000000
"LWF"=dword:00000000
"LWG"=dword:00000000
"LWH"=dword:00000000
"LWI"=dword:00000000
"LWJ"=dword:00000000
"LWK"=dword:00000000
"LWL"=dword:00000000
"LWM"=dword:00000000
"LWN"=dword:00000000
"LWO"=dword:00000000
"LWP"=dword:00000000
"LWQ"=dword:00000000
"LWR"=dword:00000000
"LWS"=dword:00000000
"LWT"=dword:00000000
"LWU"=dword:00000000
"LWV"=dword:00000000
"LWW"=dword:00000000
"LWX"=dword:00000000
"LWY"=dword:00000000
"LWZ"=dword:00000000
"NoDrives"=dword:00000000

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"=""
"hkey"="HKLM"
"command"=""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBJ]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NBJ"
"hkey"="HKCU"
"command"="\"C:\\PROGRA~1\\Ahead\\NEROBA~1\\NBJ.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NeroCheck"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="TINTSETP"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\System32\\IME\\TINTLGNT\\TINTSETP.EXE /IMEName"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="TINTSETP"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\System32\\IME\\TINTLGNT\\TINTSETP.EXE /SYNC"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="jusched"
"hkey"="HKLM"
"command"="C:\\Program Files\\Java\\jre1.5.0_06\\bin\\jusched.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SweetIM]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SweetIM"
"hkey"="HKLM"
"command"="C:\\Program Files\\Macrogaming\\SweetIM\\SweetIM.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="realsched"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Fichiers communs\\Real\\Update_OB\\realsched.exe\"  -osboot"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]    
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

Completion time: 06-11-11  9:12:05.73
C:\ComboFix.txt ... 06-11-11 09:12




and the blacklight log....


11/11/06 09:15:17 [Info]: BlackLight Engine 1.0.47 initialized
11/11/06 09:15:17 [Info]: OS: 5.1 build 2600 (Service Pack 2)
11/11/06 09:15:17 [Note]: 7019 4
11/11/06 09:15:17 [Note]: 7005 0
11/11/06 09:15:24 [Note]: 7006 0
11/11/06 09:15:24 [Note]: 7011 480
11/11/06 09:15:24 [Note]: 7026 0
11/11/06 09:15:24 [Note]: 7026 0
11/11/06 09:15:31 [Note]: FSRAW library version 1.7.1020
11/11/06 09:20:52 [Note]: 2000 1012
11/11/06 09:20:52 [Note]: 2000 1012
11/11/06 09:22:25 [Note]: 7007 0
Logged

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
win32 p2p worm alcan
« Reply #21 on: November 11, 2006, 04:33:09 PM »
Sorry for the delay
Can you do the following for me

Delete your version of Smitfraudfix.zip and the Smitfraud folder

Then, REDownload the latest version of  [color=\"red\"]SmitfraudFix[/color][/url] (by S!Ri)
Extract the contents (a folder named SmitfraudFix) to your Desktop.

Open the SmitfraudFix folder and double-click smitfraudfix.cmd
Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
Please copy/paste the content of that report into your next reply along with a Fresh hijackthis log
By default, the log is located Here>>C:\Rapport.txt
« Last Edit: November 11, 2006, 04:33:53 PM by guestolo »
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Offline mrdiggbert

  • Newbie
  • *
  • Posts: 18
  • Karma: +0/-0
    • View Profile
win32 p2p worm alcan
« Reply #22 on: November 11, 2006, 06:27:08 PM »
ok here you go.


SmitFraudFix v2.120

Scan done at  0:23:52,21, 12/11/2006
Run from C:\Documents and Settings\LEE\Bureau\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\LEE


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\LEE\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Start Menu


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\LEE\Favoris


»»»»»»»»»»»»»»»»»»»»»»»» Desktop


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files

C:\Program Files\QualityCodec\ FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components






HJT LOG...

Logfile of HijackThis v1.99.1
Scan saved at 00:25:16, on 12/11/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5450.0004)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\Program Files\SPAMfighter\SFAgent.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Pinnacle\Studio 9\programs\studio.exe
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\HijackThis\HijackThis.exe

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - D:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [KBDriver] C:\Program Files\Keyboard Driver\OEMDriver.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [SPAMfighter Agent] "C:\Program Files\SPAMfighter\SFAgent.exe" update delay 60
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe"  -osboot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NBJ] "C:\PROGRA~1\Ahead\NEROBA~1\NBJ.exe"
O4 - Startup: Stardock ObjectDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat\ObjectDock\ObjectDock.exe
O4 - Startup: ubisoft register.lnk = C:\Program Files\Ubi Soft\Register\schedule.exe
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O8 - Extra context menu item: &Recherche AOL Toolbar - res://c:\program files\macrogaming\sweetimbarforie\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://D:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://D:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://D:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://D:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: (no name) - AutorunsDisabled - (no file)
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {1842B0EE-B597-11D4-8997-00104BD12D94} (iCC Class) - http://www.pcpitstop.com/internet/pcpConnCheck.cab
O16 - DPF: {42E1F024-ECC3-456F-B98A-4CE5ACDBF25C} (ActiveFormX Contrôle) - https://ssl-tb.sitadelle.com/selfcare.ceget...FAutoConfig.ocx
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.Email Removedfr/computercheckup/qdiagcc.cab
O16 - DPF: {56393399-041A-4650-94C7-13DFCB1F4665} (PSFormX Control) - http://www.pcpitstop.com/pestscan/pestscan.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {9732FB42-C321-11D1-836F-00A0C993F125} (mhLabel Class) - http://www.pcpitstop.com/mhLbl.cab
O16 - DPF: {A243F6C2-34D2-4549-BCCD-A7BEF759B236} (Seekford Solutions, Inc.'s ssiPictureUploader Control) - http://img.funtigo.com/images/uploader/ssi...ureUploader.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - http://game08.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab31267.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{061A2C9B-A3FE-42B0-8E6E-225D757D9710}: NameServer = 84.103.237.141 86.64.145.141
O17 - HKLM\System\CS1\Services\Tcpip\..\{061A2C9B-A3FE-42B0-8E6E-225D757D9710}: NameServer = 84.103.237.141 86.64.145.141
O17 - HKLM\System\CS2\Services\Tcpip\..\{061A2C9B-A3FE-42B0-8E6E-225D757D9710}: NameServer = 86.64.145.146 84.103.237.146
O18 - Protocol: CDS300 - {AD43AA67-6860-4531-AC8A-0E68F9CF023E} - (no file)
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
Logged

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
win32 p2p worm alcan
« Reply #23 on: November 11, 2006, 07:58:04 PM »
Can you do the following again with this version of Smitfraudfix
Open the SmitfraudFix folder you extracted to desktop earlier
  • Double-click smitfraudfix.cmd
  • Select option #2 - Clean by typing 2 and press "Enter" to delete infected files.

  • You will be prompted : "Registry cleaning - Do you want to clean the registry ?"; answer "Yes" by typing Y and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection.

  • The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing Y and press "Enter".
The tool may need to restart your computer to finish the cleaning process.  A text file will appear onscreen, with results from the cleaning process
I'll need to see these later, by default it is saved at C:\rapport.txt

Reboot back to Normal windows

Post the new log from Smitfraudfix>>C:\Rapport.txt

Can you also do the following
Let's check on a couple files
Go to either of these links
http://virusscan.jotti.org/
OR
http://www.virustotal.com/flash/index_en.html

Use the browse button and navigate to the file on your harddrive

C:\WINDOWS\system32\Ultra.dll <-this file

Right click on the file and choose Select
Then use the Submit button
Let it finish scanning
Could you post back the results of the scan back here please

Do the same for the next one too
C:\WINDOWS\system32\nnr.dll <-this file,
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Offline mrdiggbert

  • Newbie
  • *
  • Posts: 18
  • Karma: +0/-0
    • View Profile
win32 p2p worm alcan
« Reply #24 on: November 14, 2006, 03:15:30 PM »
ok done that but the problem is with ulra.dll
i tryed to scan the file but i got this message

[color=\"#ff0000\"]The file you uploaded is 0 bytes. It is very likely a firewall or a piece of malware is prohibiting you from uploading this file.[/color]

the other file nnr.dll came back clean.

today i noticed that avg had detected a virus and came back with a pop up window ,  but the window disapered before i could look. i did a compleat san and avg came back clean. STRANGE....


oh and by the way i did notice somthing about window system restore but not sure...
« Last Edit: November 14, 2006, 03:19:18 PM by mrdiggbert »
Logged

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
win32 p2p worm alcan
« Reply #25 on: November 14, 2006, 03:56:39 PM »
The file size does show as 0bytes
Can you go ahead and delete
C:\WINDOWS\system32\Ultra.dll <-this file

Also, one last check
Navigate to Hijackthis
C:\Program Files\HijackThis\HijackThis.exe
Right click on Hijackthis.exe and rename it scanner.exe

Do a fresh scan and save logfile with scanner.exe and post a fresh log
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Offline mrdiggbert

  • Newbie
  • *
  • Posts: 18
  • Karma: +0/-0
    • View Profile
win32 p2p worm alcan
« Reply #26 on: November 14, 2006, 11:23:52 PM »
Logfile of HijackThis v1.99.1
Scan saved at 05:20:06, on 15/11/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5450.0004)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\Keyboard Driver\OEMDriver.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\Program Files\SPAMfighter\SFAgent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\WINDOWS\System32\msiexec.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\HijackThis\scanner.exe.exe

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - D:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [KBDriver] C:\Program Files\Keyboard Driver\OEMDriver.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [SPAMfighter Agent] "C:\Program Files\SPAMfighter\SFAgent.exe" update delay 60
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe"  -osboot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NBJ] "C:\PROGRA~1\Ahead\NEROBA~1\NBJ.exe"
O4 - Startup: Stardock ObjectDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat\ObjectDock\ObjectDock.exe
O4 - Startup: ubisoft register.lnk = C:\Program Files\Ubi Soft\Register\schedule.exe
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O8 - Extra context menu item: &Recherche AOL Toolbar - res://c:\program files\macrogaming\sweetimbarforie\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://D:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://D:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://D:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://D:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: (no name) - AutorunsDisabled - (no file)
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {1842B0EE-B597-11D4-8997-00104BD12D94} (iCC Class) - http://www.pcpitstop.com/internet/pcpConnCheck.cab
O16 - DPF: {42E1F024-ECC3-456F-B98A-4CE5ACDBF25C} (ActiveFormX Contrôle) - https://ssl-tb.sitadelle.com/selfcare.ceget...FAutoConfig.ocx
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.Email Removedfr/computercheckup/qdiagcc.cab
O16 - DPF: {56393399-041A-4650-94C7-13DFCB1F4665} (PSFormX Control) - http://www.pcpitstop.com/pestscan/pestscan.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {9732FB42-C321-11D1-836F-00A0C993F125} (mhLabel Class) - http://www.pcpitstop.com/mhLbl.cab
O16 - DPF: {A243F6C2-34D2-4549-BCCD-A7BEF759B236} (Seekford Solutions, Inc.'s ssiPictureUploader Control) - http://img.funtigo.com/images/uploader/ssi...ureUploader.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - http://game08.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab31267.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{061A2C9B-A3FE-42B0-8E6E-225D757D9710}: NameServer = 86.64.145.144 84.103.237.144
O17 - HKLM\System\CS1\Services\Tcpip\..\{061A2C9B-A3FE-42B0-8E6E-225D757D9710}: NameServer = 86.64.145.144 84.103.237.144
O17 - HKLM\System\CS2\Services\Tcpip\..\{061A2C9B-A3FE-42B0-8E6E-225D757D9710}: NameServer = 86.64.145.140 84.103.237.140
O18 - Protocol: CDS300 - {AD43AA67-6860-4531-AC8A-0E68F9CF023E} - (no file)
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
Logged

Offline mrdiggbert

  • Newbie
  • *
  • Posts: 18
  • Karma: +0/-0
    • View Profile
win32 p2p worm alcan
« Reply #27 on: November 16, 2006, 04:27:22 PM »
bump
Logged

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
win32 p2p worm alcan
« Reply #28 on: November 16, 2006, 11:52:28 PM »
Sorry for the delay, how is everything running now?
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Offline mrdiggbert

  • Newbie
  • *
  • Posts: 18
  • Karma: +0/-0
    • View Profile
win32 p2p worm alcan
« Reply #29 on: November 17, 2006, 01:22:32 PM »
everything is perfect.
thank you thank you very much
Logged
Pages: 1 [2]
« previous next »