PDA

View Full Version : Endless popups by Spybot.



administrator
2007-02-28, 10:54
Endless popups by Spybot.

It displays "Value deleted" (or in german "Wert gelöscht") all the time.
Category: Browser Helper Object.
The deny-Button (in german language "Verweigern") is grey and not klick-able.
If i just close the little Tea-Timer poup it comes up again. Even if i mark the Point "Remember this decision" (in german "Merke diese Entscheidung")
I have done a full system scan with my antivirus Programm named NOD32. No viruses found.

Running Spybot 1.4 with 2007-02-21 update on Windows XP (Build: 2600) Service Pack 2.
Is it necessary to poste the whole "Search result list"? It is really big.
congratulation!: No Spyware was found. (german message: "Gratulation!: Es wurden keine Spione gefunden.")

Sould i download RunAlyzer or RegAlyzer to check someting specific?

It is no problem to wait some days till i get an answer here. I really like your free helpfully work.
I alread read "BEFORE you POST" ... I hope, it is nothing wrong with my post!
I did not found any matchable Problem-Post of someone else in this forum. Is there still a post?

Finally i hope you excuse my "german-english"

Yours, Admin.

administrator
2007-02-28, 21:35
I checked a little bit.
The entry is the same on every Spybot-popup.

Entry (in german "Eintrag"): {53707962-6F74-2D53-2644-206D7942484F}

I found the value in my registry. (german os)

Arbeitsplatz
HKEY_CURRENT_USER
Software
Microsoft
Windows
CurrentVersion
Ext
Stats
{53707962-6F74-2D53-2644-206D7942484F}

There also is an sub-folder in the "{53707962-6F74-2D53-2644-206D7942484F}" folder.
The subfolder is named "iexplore". This subfolder contains the follwing:

(Standard) -- REG_SZ -- (Wert nicht gesetzt)
Count -- REG_DWORD -- 0x00000586 (1414)
Time -- REG_BINARY -- d7 07 02 00 02 00 1b 00 14 00 01 00 18 00 77 01
Type -- REG_DWORD -- 0x00000003 (3)

:rolleyes:

... may this inforation will help somebody to help me.
I just want to know my system clean and help to improve SpyBot S&D.

Yours, Admin.

administrator
2007-03-01, 12:29
Tonight i turned my computer off. This morning the popups have stopped.
No more Spybot-Popups. But i do not think that the problem now is solved.
I remember a few weeks ago - there was the same Problem on my PC.
... nearby: my Taskmanager looks strange since a longer time.

Now i done a HiJackThis Check:

Logfile of HijackThis v1.99.1
Scan saved at 11:23:44, on 01.03.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
D:\PROGRA~1\NVIDIA\NETWOR~1\Apache Group\Apache2\bin\apache.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe
D:\Programme 2\nod\nod32krn.exe
D:\PROGRA~1\NVIDIA\NETWOR~1\bin\nSvcIp.exe
D:\PROGRA~1\NVIDIA\NETWOR~1\bin\nSvcLog.exe
C:\Programme\Gemeinsame Dateien\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
D:\PROGRA~1\NVIDIA\NETWOR~1\Apache Group\Apache2\bin\apache.exe
C:\WINDOWS\system32\svchost.exe
D:\PROGRA~1\NVIDIA\NETWOR~1\bin\nSvcAppFlt.exe
C:\WINDOWS\Explorer.EXE
D:\PROGRA~1\NVIDIA\NETWOR~1\bin\nTrayFw.exe
D:\programme 2\powerstrip\pstrip.exe
D:\Programme 2\PowerDVD\PDVDServ.exe
D:\Programme 2\nod\nod32kui.exe
C:\WINDOWS\system32\ctfmon.exe
D:\Programme 2\Spybot - Search & Destroy\TeaTimer.exe
C:\Programme\Internet Explorer\IEXPLORE.EXE
E:\Temp0\HiJackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://metager2.de/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://localhost:3476/cgi-bin/ncgir.exe?ONAMX=menu/index.html&DNAMX=ncgir.exe?html/fire_profile.html
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.0.1:80
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Programme 2\pdf\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.5.0_10\bin\ssv.dll
O4 - HKLM\..\Run: [NVMixerTray] "C:\Programme\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [nTrayFw] D:\PROGRA~1\NVIDIA\NETWOR~1\bin\nTrayFw.exe
O4 - HKLM\..\Run: [PowerStrip] d:\programme 2\powerstrip\pstrip.exe
O4 - HKLM\..\Run: [RemoteControl] "D:\Programme 2\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [nod32kui] "D:\Programme 2\nod\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] D:\Programme 2\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: PowerStrip.lnk = D:\Programme 2\PowerStrip\pstrip.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_10\bin\ssv.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.2.100.cab
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v4.cab
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - D:\PROGRA~1\NVIDIA\NETWOR~1\bin\nSvcAppFlt.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Unknown owner - D:\PROGRA~1\NVIDIA\NETWOR~1\Apache Group\Apache2\bin\apache.exe" -k runservice (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: License Management Service ESD - element5 - C:\Programme\Gemeinsame Dateien\element5 Shared\Service\Licence Manager ESD.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - D:\Programme 2\nod\nod32krn.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - D:\PROGRA~1\NVIDIA\NETWOR~1\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA - D:\PROGRA~1\NVIDIA\NETWOR~1\bin\nSvcLog.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Programme\Gemeinsame Dateien\Sonic Shared\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Programme\Gemeinsame Dateien\Sonic Shared\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Programme\Gemeinsame Dateien\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Programme\Gemeinsame Dateien\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Programme\Gemeinsame Dateien\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Programme\Gemeinsame Dateien\SureThing Shared\stllssvr.exe

:rolleyes:

The reg-Key is in the HiJackThis - Log. Should i delete it?

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - (no file)

Mr_JAk3
2007-03-10, 20:12
Hello administrator and sorry for the long wait...

I noticed your post in the waiting room.

Please post a fresh HijackThis log to here :bigthumb:

administrator
2007-03-17, 16:18
:bigthumb:

Logfile of HijackThis v1.99.1
Scan saved at 15:17:39, on 17.03.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
D:\PROGRA~1\NVIDIA\NETWOR~1\Apache Group\Apache2\bin\apache.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe
D:\Programme 2\nod\nod32krn.exe
D:\PROGRA~1\NVIDIA\NETWOR~1\bin\nSvcIp.exe
D:\PROGRA~1\NVIDIA\NETWOR~1\bin\nSvcLog.exe
C:\Programme\Gemeinsame Dateien\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
D:\PROGRA~1\NVIDIA\NETWOR~1\Apache Group\Apache2\bin\apache.exe
C:\WINDOWS\system32\svchost.exe
D:\PROGRA~1\NVIDIA\NETWOR~1\bin\nSvcAppFlt.exe
C:\WINDOWS\Explorer.EXE
D:\PROGRA~1\NVIDIA\NETWOR~1\bin\nTrayFw.exe
D:\programme 2\powerstrip\pstrip.exe
D:\Programme 2\PowerDVD\PDVDServ.exe
D:\Programme 2\nod\nod32kui.exe
C:\WINDOWS\system32\ctfmon.exe
D:\Programme 2\Spybot - Search & Destroy\TeaTimer.exe
C:\Programme\Internet Explorer\IEXPLORE.EXE
C:\Programme\Internet Explorer\IEXPLORE.EXE
E:\Temp0\HiJackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://metager2.de/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://localhost:3476/cgi-bin/ncgir.exe?ONAMX=menu/index.html&DNAMX=ncgir.exe?html/fire_profile.html
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.0.1:80
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Programme 2\pdf\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.5.0_10\bin\ssv.dll
O4 - HKLM\..\Run: [NVMixerTray] "C:\Programme\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [nTrayFw] D:\PROGRA~1\NVIDIA\NETWOR~1\bin\nTrayFw.exe
O4 - HKLM\..\Run: [PowerStrip] d:\programme 2\powerstrip\pstrip.exe
O4 - HKLM\..\Run: [RemoteControl] "D:\Programme 2\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [nod32kui] "D:\Programme 2\nod\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] D:\Programme 2\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: PowerStrip.lnk = D:\Programme 2\PowerStrip\pstrip.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_10\bin\ssv.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.2.100.cab
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v4.cab
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - D:\PROGRA~1\NVIDIA\NETWOR~1\bin\nSvcAppFlt.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Unknown owner - D:\PROGRA~1\NVIDIA\NETWOR~1\Apache Group\Apache2\bin\apache.exe" -k runservice (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: License Management Service ESD - element5 - C:\Programme\Gemeinsame Dateien\element5 Shared\Service\Licence Manager ESD.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - D:\Programme 2\nod\nod32krn.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - D:\PROGRA~1\NVIDIA\NETWOR~1\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA - D:\PROGRA~1\NVIDIA\NETWOR~1\bin\nSvcLog.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Programme\Gemeinsame Dateien\Sonic Shared\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Programme\Gemeinsame Dateien\Sonic Shared\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Programme\Gemeinsame Dateien\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Programme\Gemeinsame Dateien\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Programme\Gemeinsame Dateien\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Programme\Gemeinsame Dateien\SureThing Shared\stllssvr.exe

Mr_JAk3
2007-03-17, 23:13
Ok nothing fishy in the HijackThis log...

Please do an online scan with Kaspersky WebScanner (http://www.kaspersky.com/virusscanner)

Click on Kaspersky Online Scanner

You will be promted to install an ActiveX component from Kaspersky, Click Yes.
The program will launch and then begin downloading the latest definition files:
Once the files have been downloaded click on NEXT

Now click on Scan Settings
In the scan settings make that the following are selected:
Scan using the following Anti-Virus database:
Extended (if available otherwise Standard)

Scan Options:
Scan Archives
Scan Mail Bases

Click OK
Now under select a target to scan:Select My Computer

This will program will start and scan your system.
The scan will take a while so be patient and let it run.
Once the scan is complete it will display if your system has been infected.
Now click on the Save as Text button:
Save the file to your desktop.
Copy and paste that information in your next post.

administrator
2007-03-19, 14:01
-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Monday, March 19, 2007 12:43:04 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 19/03/2007
Kaspersky Anti-Virus database records: 283007
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\
E:\
F:\
G:\

Scan Statistics:
Total number of scanned objects: 61919
Number of viruses found: 3
Number of infected objects: 22 / 0
Number of suspicious objects: 0
Duration of the scan process: 00:56:57

Infected Object Name / Virus Name / Last Action
C:\Dokumente und Einstellungen\l3b3w3s3n\Cookies\index.dat Object is locked skipped
C:\Dokumente und Einstellungen\l3b3w3s3n\Lokale Einstellungen\Anwendungsdaten\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Dokumente und Einstellungen\l3b3w3s3n\Lokale Einstellungen\Anwendungsdaten\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Dokumente und Einstellungen\l3b3w3s3n\Lokale Einstellungen\Temp\~ROMFN_000009C4 Object is locked skipped
C:\Dokumente und Einstellungen\l3b3w3s3n\Lokale Einstellungen\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Dokumente und Einstellungen\l3b3w3s3n\Lokale Einstellungen\Temporary Internet Files\Content.IE5\NLOGCGU7\headlines[1].swf Object is locked skipped
C:\Dokumente und Einstellungen\l3b3w3s3n\Lokale Einstellungen\Verlauf\History.IE5\index.dat Object is locked skipped
C:\Dokumente und Einstellungen\l3b3w3s3n\Lokale Einstellungen\Verlauf\History.IE5\MSHist012007031920070320\index.dat Object is locked skipped
C:\Dokumente und Einstellungen\l3b3w3s3n\NTUSER.DAT Object is locked skipped
C:\Dokumente und Einstellungen\l3b3w3s3n\ntuser.dat.LOG Object is locked skipped
C:\Dokumente und Einstellungen\LocalService\Cookies\index.dat Object is locked skipped
C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Verlauf\History.IE5\index.dat Object is locked skipped
C:\Dokumente und Einstellungen\LocalService\NTUSER.DAT Object is locked skipped
C:\Dokumente und Einstellungen\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Dokumente und Einstellungen\NetworkService\Lokale Einstellungen\Anwendungsdaten\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Dokumente und Einstellungen\NetworkService\Lokale Einstellungen\Anwendungsdaten\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Dokumente und Einstellungen\NetworkService\NTUSER.DAT Object is locked skipped
C:\Dokumente und Einstellungen\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Programme\Microsoft SQL Server\80\Tools\Binn\OSQL.EXE Infected: not-a-virus:NetTool.Win32.SQLServ.a skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\WINDOWS\CSC\00000001 Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\app_filter_ui.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edbtmp.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\ACEEvent.evt Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\system32\_nvidia_xxx_.log Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
D:\Programme 2\mIRC\mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.617 skipped
D:\Programme 2\nod\cache\CACHE.NDB Object is locked skipped
D:\Programme 2\nod\logs\virlog.dat Object is locked skipped
D:\Programme 2\nod\logs\warnlog.dat Object is locked skipped
D:\Programme 2\NVIDIA\NetworkAccessManager\Apache Group\Apache2\logs\access_log Object is locked skipped
D:\Programme 2\NVIDIA\NetworkAccessManager\Apache Group\Apache2\logs\error.log Object is locked skipped
D:\Programme 2\NVIDIA\NetworkAccessManager\Apache Group\Apache2\logs\error_log Object is locked skipped
D:\Programme 2\NVIDIA\NetworkAccessManager\Apache Group\Apache2\logs\ssl_request_log Object is locked skipped
D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
E:\Programme 3\Shareaza PRO\Downloads\shareaza_pro_free.exe/Stream/data0145/data.rar/whAgent.exe Infected: not-a-virus:AdWare.Win32.WebHancer.390 skipped
E:\Programme 3\Shareaza PRO\Downloads\shareaza_pro_free.exe/Stream/data0145/data.rar/whInstaller.exe Infected: not-a-virus:AdWare.Win32.WebHancer.390 skipped
E:\Programme 3\Shareaza PRO\Downloads\shareaza_pro_free.exe/Stream/data0145/data.rar/webhdll.dll Infected: not-a-virus:AdWare.Win32.WebHancer.390 skipped
E:\Programme 3\Shareaza PRO\Downloads\shareaza_pro_free.exe/Stream/data0145/data.rar/whiehlpr.dll Infected: not-a-virus:AdWare.Win32.WebHancer.390 skipped
E:\Programme 3\Shareaza PRO\Downloads\shareaza_pro_free.exe/Stream/data0145/data.rar Infected: not-a-virus:AdWare.Win32.WebHancer.390 skipped
E:\Programme 3\Shareaza PRO\Downloads\shareaza_pro_free.exe/Stream/data0145 Infected: not-a-virus:AdWare.Win32.WebHancer.390 skipped
E:\Programme 3\Shareaza PRO\Downloads\shareaza_pro_free.exe/Stream Infected: not-a-virus:AdWare.Win32.WebHancer.390 skipped
E:\Programme 3\Shareaza PRO\Downloads\shareaza_pro_free.exe Inno: infected - 7 skipped
E:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
E:\Temp0\Vegas 6.0\mediamgr\msde\Setup\SqlRun.cab/OSQL.EXE.0C7570D6_6225_4960_B951_4D16DD906838 Infected: not-a-virus:NetTool.Win32.SQLServ.a skipped
E:\Temp0\Vegas 6.0\mediamgr\msde\Setup\SqlRun.cab CAB: infected - 1 skipped
F:\Stuff\Multimedia\Tools, Addons\fileshare\shareaza\shareaza_pro_free.exe/Stream/data0145/data.rar/whAgent.exe Infected: not-a-virus:AdWare.Win32.WebHancer.390 skipped
F:\Stuff\Multimedia\Tools, Addons\fileshare\shareaza\shareaza_pro_free.exe/Stream/data0145/data.rar/whInstaller.exe Infected: not-a-virus:AdWare.Win32.WebHancer.390 skipped
F:\Stuff\Multimedia\Tools, Addons\fileshare\shareaza\shareaza_pro_free.exe/Stream/data0145/data.rar/webhdll.dll Infected: not-a-virus:AdWare.Win32.WebHancer.390 skipped
F:\Stuff\Multimedia\Tools, Addons\fileshare\shareaza\shareaza_pro_free.exe/Stream/data0145/data.rar/whiehlpr.dll Infected: not-a-virus:AdWare.Win32.WebHancer.390 skipped
F:\Stuff\Multimedia\Tools, Addons\fileshare\shareaza\shareaza_pro_free.exe/Stream/data0145/data.rar Infected: not-a-virus:AdWare.Win32.WebHancer.390 skipped
F:\Stuff\Multimedia\Tools, Addons\fileshare\shareaza\shareaza_pro_free.exe/Stream/data0145 Infected: not-a-virus:AdWare.Win32.WebHancer.390 skipped
F:\Stuff\Multimedia\Tools, Addons\fileshare\shareaza\shareaza_pro_free.exe/Stream Infected: not-a-virus:AdWare.Win32.WebHancer.390 skipped
F:\Stuff\Multimedia\Tools, Addons\fileshare\shareaza\shareaza_pro_free.exe Inno: infected - 7 skipped
F:\Stuff\Multimedia\Tools, Addons\Messenger, Chat\mirc\mirc617.exe/data0001.bin Infected: not-a-virus:Client-IRC.Win32.mIRC.617 skipped
F:\Stuff\Multimedia\Tools, Addons\Messenger, Chat\mirc\mirc617.exe mIRC: infected - 1 skipped
F:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

Scan process completed.

:spider:

Mr_JAk3
2007-03-19, 21:23
E:\Programme 3\Shareaza PRO\Downloads\shareaza_pro_free.exe/Stream/data0145/data.rar/whAgent.exe Infected: not-a-virus:AdWare.Win32.WebHancer.390 skipped
E:\Programme 3\Shareaza PRO\Downloads\shareaza_pro_free.exe/Stream/data0145/data.rar/whInstaller.exe Infected: not-a-virus:AdWare.Win32.WebHancer.390 skipped
E:\Programme 3\Shareaza PRO\Downloads\shareaza_pro_free.exe/Stream/data0145/data.rar/webhdll.dll Infected: not-a-virus:AdWare.Win32.WebHancer.390 skipped
E:\Programme 3\Shareaza PRO\Downloads\shareaza_pro_free.exe/Stream/data0145/data.rar/whiehlpr.dll Infected: not-a-virus:AdWare.Win32.WebHancer.390 skipped
E:\Programme 3\Shareaza PRO\Downloads\shareaza_pro_free.exe/Stream/data0145/data.rar Infected: not-a-virus:AdWare.Win32.WebHancer.390 skipped
E:\Programme 3\Shareaza PRO\Downloads\shareaza_pro_free.exe/Stream/data0145 Infected: not-a-virus:AdWare.Win32.WebHancer.390 skipped
E:\Programme 3\Shareaza PRO\Downloads\shareaza_pro_free.exe/Stream Infected: not-a-virus:AdWare.Win32.WebHancer.390 skipped
E:\Programme 3\Shareaza PRO\Downloads\shareaza_pro_free.exe Inno: infected - 7 skipped
F:\Stuff\Multimedia\Tools, Addons\fileshare\shareaza\shareaza_pro_free.exe/Stream/data0145/data.rar/whAgent.exe Infected: not-a-virus:AdWare.Win32.WebHancer.390 skipped
F:\Stuff\Multimedia\Tools, Addons\fileshare\shareaza\shareaza_pro_free.exe/Stream/data0145/data.rar/whInstaller.exe Infected: not-a-virus:AdWare.Win32.WebHancer.390 skipped
F:\Stuff\Multimedia\Tools, Addons\fileshare\shareaza\shareaza_pro_free.exe/Stream/data0145/data.rar/webhdll.dll Infected: not-a-virus:AdWare.Win32.WebHancer.390 skipped
F:\Stuff\Multimedia\Tools, Addons\fileshare\shareaza\shareaza_pro_free.exe/Stream/data0145/data.rar/whiehlpr.dll Infected: not-a-virus:AdWare.Win32.WebHancer.390 skipped
F:\Stuff\Multimedia\Tools, Addons\fileshare\shareaza\shareaza_pro_free.exe/Stream/data0145/data.rar Infected: not-a-virus:AdWare.Win32.WebHancer.390 skipped
F:\Stuff\Multimedia\Tools, Addons\fileshare\shareaza\shareaza_pro_free.exe/Stream/data0145 Infected: not-a-virus:AdWare.Win32.WebHancer.390 skipped
F:\Stuff\Multimedia\Tools, Addons\fileshare\shareaza\shareaza_pro_free.exe/Stream Infected: not-a-virus:AdWare.Win32.WebHancer.390 skipped
F:\Stuff\Multimedia\Tools, Addons\fileshare\shareaza\shareaza_pro_free.exe Inno: infected - 7 skipped

Grrrh, you should read this post about P2P -> Link (http://forums.spybot.info/showthread.php?t=282)

Otherwise nothing bad there...


Still getting popups ?

tashi
2007-03-28, 18:55
Glad we could help, as the problem appears to be resolved this topic has been archived.

If you need it re-opened please send me a private message (pm) and provide a link to the thread. Applies only to the original poster, anyone else with similar problems please start a new topic.

Thank you Mr_JAk3.