Avast WEBforum
Other => Viruses and worms => Topic started by: Amadeumc on December 16, 2004, 07:31:51 PM
-
Hi fellas
How can i remove this trojan forever
im using avast 4.5 home and all updates installed
Plz help me
thanks
-
Click on the link in my signature and visit the malware removal section.
-
Thanks bro !
I installed spybot and some shit was founded
I think my download acellerator was infected, than i remove him
Now i think im clean
thanks
-
Man the trojan is back !
I cant remove or do nothing with the avast
and the spybot dont detect this one
i installed the Spyware Blaster
But this shit is returning
what more can i do ?
thanks
-
Do as I suggested that will remove it. And be carefull with what websites you visit, what you download/install etc.
-
Excuse me for jumping into your post, but I got the same trojan today when trying to download lyrics to a song. A Macromedia window appeared and stated I could not see the site unless I clicked yes. Although something stuck in my mind that it wasn't right about the box, I clicked yes, it started to download, I got panicky and tried to stop it. Avast 4.5 made a warning noise and immediately put a box up on my screen telling me of this virus and recommended moving it to Virus chest. [ Brilliant catch by Avast - really impressed 8) ]
Closed browser, disabled system restore, ran Avast in boot time scan, chose 1. delete [my isp said that the C:\temp\.. files were not vital so could use delete in this instance.]
Ran Adaware = found 4X BlazeFind malware in RegKey[2], RegValue[1], + file in C:\Windows\System32\ide21201.vxd. Got Adaware to delete the regkey and regvalue ones and chose to run spybot to fix the ide21201.vxd file which it did. Re-ran Adaware, Spybot, Avast again and all came up clean.
Now can I go into the Virus Chest and delete the trojan that appears to still be in the chest even though Avast deleted it in boot time, and came up clean when I ran it again?
It says this will delete it irreversibly, ie. not removed to recycle bin.
PS:Adaware also found 3x WindUpdates malware [data miners, TAC8].
Do go on a bit don't I? sorry.
-
Now can I go into the Virus Chest and delete the trojan that appears to still be in the chest even though Avast deleted it in boot time, and came up clean when I ran it again?
It says this will delete it irreversibly, ie. not removed to recycle bin.
Yes, you can delete from Chest.
But, if you're not sure that it was a malware, wait few days to do it.
It won't harm in anyway if it's on the Chest ;)
-
Thanks for the prompt reply Technical :)
My computer is functioning ok. Will leave it in the chest for the moment as I don't feel threatened by it.
I'm living proof that it is the User's actions, more than the OS, which gives you more grief. My first virus! :-[
-
I keep getting the above virus. At 10:37 every night, avast goes off saying that it is infected with the file. I've tried deleting it, says its not valid, try moving to the chest, says its not valid. Tried running all those programs listed on your site Eddy last night, and it came up proptly at 10:37 again tonight. Tried running in safemode tonight and running avast from there, so i guess i'll find out at 10:37 tomorrow if it really got rid of it.. I'm just about to just wipe the whole system and start over. this is the first virus I have ever received, and of course its on my 2 week old brand new computer :( Any other suggestions? I've ran every possible program, avast, antivirus, all those on Eddy's site, ad-aware, lavasoft's program. Nothing will get rid of the Ncasepackage.
-
Have you run HiJackThis and used the log file analyser from Eddy's site? I strongly doubt it, HiJackThis is the best tool for removing items in the registry and this sounds like something is kicking this off (running at 10:37) and that is likely to be a registry entry.
Have you tried scheduling a boot-time scan?
Did you try finding ncase removal tools/advice using google? This is just one of many I found http://www.pchell.com/support/ncase.shtml (http://www.pchell.com/support/ncase.shtml), google is your friend learn to use the tools. Would you care to guess what they are doing to remove this, yes, editing the registry. This is what HiJackThis does without you having to do it manually!
-
Have you disabled system restore before running the applications?
If you follow the instructions on my website, it will be gone. And it won't come back unless you make a mistake. eg by visiting a bad website, install a with malware infected application or such.
-
Yes, I did run Hijack, but i couldn't understand anything it was displaying. After I got the virus again last night i turned off the system restore, so it probably won't fix that until tonight when it goes off again and i try to get rid of it. Thing i dont understand is I can't delete/repair/move to chest via avast.
-
Thing i dont understand is I can't delete/repair/move to chest via avast.
Yes you can, but you must disable the harmfull process first.
-
Have you tried an online virus scan?
Go here for a Trend micro online scan: http://housecall.trendmicro.com/housecall/start_corp.asp
Also, have you tried deleting youe temp files? that might help
-
Try reboot into safe mode command prompt/ or dos.......... depending on your os.
From command prompt type "del c:\temp\*.*" no quotes. press enter!
Reboot into Windows and delete your I.E cache then try a full scan, (or alternative browser's cache)
If you are using M.E. XP, disable system restore first, as posted above.
-
I have deleted the temp folder, many times. The Trend micro found where it was hiding, i deleted that folder. I'm going to re-run in safe mode again and delete the temp folder from there. I disabled system restore as well. So once this Trend Micro is done scanning, i'll restart in safemode, delete the temp folder in CP, reboot and delete the cache and scan again. *crosses fingers* Whenever i have run avast after the virus went off, it scanned clean even though it was not repaired/deleted/moved to the chest. We shall see tomorrow at 10:37pm :P
-
Bleh ya know, as much problems as this is causing me, i am sure it will be much easier to wipe it. I have had this system for 2 weeks, and i have all of two programs installed on it that I use, Everquest 2 and Teamspeak. Heh. It just figures, i have never got a virus in my entire span of using computers, and i get my brand spanking new one and there we go :D I really appreciate your guys' help, but i figure it will be much easier and less stressful to just wipe it since i have nothing much on the computer in the first place.
-
Ok, if you want that, but be sure to install, since from beginning and before browsing or downloading emails the necessary protection: windows updates, antivirus, antispy, script blocker and firewall ;)
-
WindowsUpdates and/or Firewall MUST be Applied OFFLINE/before EVER connecting to the inet
otherwise, you'd very likely be infected via an Network/inet-Worm within the first half hour after going online (even if you DON'T browse or read Email)
;)
I assume you have XP ?
so get the full Installer for Servicepack2 (280MB)
- from microsoft
- someone with fast connection
- a CD with a PC-magazine
;)
-
Click on the link in my signature and visit the malware removal section.
I cant access your link..:(
I have this same problem! I dont know how to get rid of it.
-
hi and welcome primemadonna
can you see in the last few blue lines below the text (what we call the signature) of the previous message from WHOCARES there are links to help that should steer you in the right direction.
good luck and come back if you need help :)
-
Hi and thanks ginblossom
Does anyone have any suggestion which one i should download to get rid of this Trojano-803 [Trj] C:\temp\NCasePackage.exe? i have no idea about how computer works.
-
can you see in the last few blue lines below the text
Actually, the link in my signature has red letters :D
-
help me check pls which to be delete and which not to be delete and how i also got the Ncase virus and i think i got two different Ncase
Logfile of HijackThis v1.99.0
Scan saved at 11:44:04 PM, on 1/12/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashserv.exe
C:\WINDOWS\System32\ZoneLabs\isafe.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\MSN Apps\Updater\01.02.3000.1001\zh-sg\msnappau.exe
C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE
C:\PROGRA~1\Nokia\NOKIAP~1\TRAYAP~1.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Windows ServeAd\WinServAd.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Windows ServeAd\WinServSuit.exe
C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\PROGRA~1\ZONELA~1\ZONEAL~1\MAILFR~1\mantispm.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\MSN Apps\Updater\01.02.3000.1001\zh-sg\msnappau.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\cheeyang\Desktop\hijackthis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.yahoo.com/search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ycomp/defaults/sp/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
R3 - URLSearchHook: (no name) - {0428FFC7-1931-45b7-95CB-3CBB919777E1} - (no file)
F3 - REG:win.ini: load=???�??? ???�?�?�?�????
F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\Userinit.exe
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_5_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Search Relevancy - {1D7E3B41-23CE-469B-BE1B-A64B877923E1} - C:\PROGRA~1\SEARCH~1\SEARCH~1.DLL (file missing)
O2 - BHO: - {43EECC68-FA34-4E71-A0CF-D840BB29EC37} - C:\WINDOWS\lbbho.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.02.3000.1002\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\zh-sg\msntb.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\zh-sg\msntb.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_5_0.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Microsoft System Checkup] wnetlogin.exe
O4 - HKLM\..\Run: [Microsoft Restore] scrgrd.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKLM\..\Run: [BearShare] "C:\Program Files\BearShare\BearShare.exe" /pause
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [NT Logging Service] syslog32.exe
O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.3000.1001\zh-sg\msnappau.exe"
O4 - HKLM\..\Run: [DataLayer] C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\TRAYAP~1.EXE
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [Windows ServeAd] C:\Program Files\Windows ServeAd\WinServAd.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\RunServices: [Microsoft System Checkup] wnetlogin.exe
O4 - HKLM\..\RunServices: [Microsoft Restore] scrgrd.exe
O4 - HKCU\..\Run: [Microsoft Restore] scrgrd.exe
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: winlogin.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab28578.cab
O16 - DPF: {11111111-1111-1111-1111-111111113456} - file://c:\info6_s.cab
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/ClickYesToContinue/ie/bridge-c3.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab28578.cab
O16 - DPF: {665585FD-2068-4C5E-A6D3-53AC3270ECD4} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/FileSharing/en/filesharingctrl.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab28578.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {B942A249-D1E7-4C11-98AE-FCB76B08747F} (RealArcadeRdxIE Class) - http://games-dl.real.com/gameconsole/Bundler/CAB/RealArcadeRdxIE.cab
O16 - DPF: {C432C4BD-3566-411C-8F3C-E5E0D3AE5D33} (CBrowser Class) - http://www.streamingfaith.com/common/mbrowser/MINIBrowser.CAB
O16 - DPF: {D6FCA8ED-4715-43DE-9BD2-2789778A5B09} (NPKCX Control) - http://guard.gunbound.net/nProtect/keyCrypt/npkcx.cab
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (Yahoo! Companion) - http://us.dl1.yimg.com/download.companion.yahoo.com/dl/toolbar/yiebio5_3_16_0.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by16fd.bay16.hotmail.msn.com/activex/HMAtchmt.ocx
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab28578.cab
O18 - Protocol: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll
O23 - Service: avast! iAVS4 Control Service - Unknown - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown - C:\Program Files\Alwil Software\Avast4\ashserv.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: CA ISafe - Computer Associates International, Inc. - C:\WINDOWS\System32\ZoneLabs\isafe.exe
O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: npkcsvc - INCA Internet Co., Ltd. - C:\WINDOWS\System32\npkcsvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: TrueVector Internet Monitor - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
And one more thing is WindowserveAd a spyware or it is just a normal file and what file are spyware or adware which uses the name windows
-
For an on-line scan of your Hijackthis log file try here http://hijackthis.de/index.php then fix what is highlighted and get back to us again.
Or use Eddy's hijackthis analyser - Eddy's Website (http://members.home.nl/edeijl/) click the "HiJackThis Section" and also the "Malware removal instructions and applications" section.
-
hmm..HELP ME..i have this trojan..i can't remove them..i try destroy..help..help..i small speak english..
-
hi
how can I clean this trojan I read your instructions
and installed hijackthis and hear log file what must ı do now?
Logfile of HijackThis v1.99.0
Scan saved at 10:39:20, on 13/01/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINNT\system32\drivers\dcfssvc.exe
C:\Program Files\Executive Software\DiskeeperLite\DKService.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\nvsvc32.exe
C:\Program Files\KODAK\KODAK EASYSHARE Software\bin\ptssvc.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\tcpsvcs.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Intel\Intel(R) Active Monitor\imonnt.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\Explorer.EXE
C:\WINNT\essspk.exe
C:\Program Files\Intel\Intel(R) Active Monitor\imontray.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Microsoft Hardware\Keyboard\type32.exe
C:\Program Files\Windows ServeAd\WinServAd.exe
C:\Program Files\Windows ServeAd\WinServSuit.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINNT\system32\ctfmon.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
D:\DOWNLOADS\ÇEŞİTLİ PROGRAMLAR\hijackthis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Ba?lantylar
O2 - BHO: KolayBAR PopUp Blocker - {1C4E26EF-A354-45FE-81B0-62931E90889E} - C:\PROGRA~1\KolayBAR\KBBLOC~1.DLL
O2 - BHO: Search Relevancy - {1D7E3B41-23CE-469B-BE1B-A64B877923E1} - C:\PROGRA~1\SEARCH~1\SEARCH~2.DLL
O3 - Toolbar: @msdxmLC.dll,-1@1055,&Radyo - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O3 - Toolbar: &KolayBAR - {04970F9F-F2AB-4D1E-B842-313E1E2A3078} - C:\PROGRA~1\KolayBAR\KolayBAR.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [EssSpkPhone] essspk.exe
O4 - HKLM\..\Run: [IMONTRAY] C:\Program Files\Intel\Intel(R) Active Monitor\imontray.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [IntelliType] "C:\Program Files\Microsoft Hardware\Keyboard\type32.exe"
O4 - HKLM\..\Run: [Windows ServeAd] C:\Program Files\Windows ServeAd\WinServAd.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe
O8 - Extra context menu item: Microsoft Excel'e Gö&nder - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\system32\msjava.dll
O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} (MetaStreamCtl Class) - http://components.metastream.com/MTSInstallers/MetaStream3.cab
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/ClickYesToContinue/ie/bridge-c1.cab
O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - file://C:\Documents and Settings\Administrator\Local Settings\Temp\EI40_\msxml4.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{EA0CAD1F-9031-4F2D-BF58-57FDFCD54327}: NameServer = 212.156.4.1,212.156.4.6
O23 - Service: avast! iAVS4 Control Service - Unknown - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: Dcfssvc - Eastman Kodak Company - C:\WINNT\system32\drivers\dcfssvc.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\DiskeeperLite\DKService.exe
O23 - Service: Mantyksal Disk Yöneticisi Yönetim Hizmetleri - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: Intel(R) Active Monitor - Intel Corp. - C:\Program Files\Intel\Intel(R) Active Monitor\imonnt.exe
O23 - Service: NVIDIA Display Driver Service - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINNT\system32\HPZipm12.exe
O23 - Service: ptssvc - KODAK - C:\Program Files\KODAK\KODAK EASYSHARE Software\bin\ptssvc.exe
O23 - Service: SoundMAX Agent Service - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
-
Read my previous post and use the links provided.