Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

All spy? What can i delete?


  • Please log in to reply

#1
loudou

loudou

    New Member

  • Member
  • Pip
  • 1 posts
Logfile of HijackThis v1.99.1
Scan saved at 12:50:12, on 30/09/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\sstray.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb11.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\System32\hphmon06.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\PROGRA~1\INCRED~1\bin\IMApp.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\BRAIDA D\Bureau\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.befr.ebay.be/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - URLSearchHook: (no name) - {E371BE82-6303-C52D-6043-305B9E751BAC} - abrek.dll (file missing)
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe ,c:\windows\system32\netupdate.exe
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb11.exe
O4 - HKLM\..\Run: [HPHUPD06] C:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\System32\hphmon06.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [Ulead AutoDetector] C:\Program Files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [dmtwc.exe] C:\WINDOWS\system32\dmtwc.exe
O4 - HKLM\..\Run: [windows_startup] c:\windows\system32\netupdate.exe
O4 - HKLM\..\Run: [kav] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"
O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [windows_startup] c:\windows\system32\netupdate.exe
O4 - HKCU\..\Run: [shell] "C:\Program Files\Fichiers communs\Microsoft Shared\Web Folders\ibm00003.exe"
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Web Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akama...meInstaller.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1157812389984
O16 - DPF: {85D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin class) - http://secure2.comne...login-devel.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{2E88D1C5-2AB1-4F7D-BEF6-62634C530D50}: NameServer = 85.255.116.121,85.255.112.69
O17 - HKLM\System\CCS\Services\Tcpip\..\{BD99DD3B-6D54-4DA0-BE84-AB3D0F3DBEDE}: NameServer = 85.255.116.121,85.255.112.69
O17 - HKLM\System\CCS\Services\Tcpip\..\{F4ADE92B-2C15-4279-818F-8F7D1BC0953C}: NameServer = 85.255.116.121,85.255.112.69
O17 - HKLM\System\CCS\Services\Tcpip\..\{F6342D4E-EC47-4F40-B76F-BD2EAC7E80AF}: NameServer = 85.255.116.121,85.255.112.69
O17 - HKLM\System\CS1\Services\Tcpip\..\{2E88D1C5-2AB1-4F7D-BEF6-62634C530D50}: NameServer = 85.255.116.121,85.255.112.69
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" -r (file missing)
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
  • 0

Advertisements


#2
Wizard

Wizard

    Retired Staff

  • Retired Staff
  • 5,661 posts
Hi loudou and Welcome to GeekstoGo!


Please download FixWareout from one of these sites:
http://downloads.sub.../Fixwareout.exe
http://www.bleepingc.../Fixwareout.exe
  • Save it to your desktop and run it. Click Next, then Install, make sure "Run fixit" is checked and click Finish.
  • The fix will begin; follow the prompts.
  • You will be asked to reboot your computer,
  • Your system may take longer than usual to load; this is normal.
  • Fix WareOut will genrate report.txt,please save that report.
  • Once the desktop loads-> Open HijackThis-> Click "Do a System Scan Only" and put a check by these but DO NOT hit the Fix Checked button yet

    R3 - URLSearchHook: (no name) - {E371BE82-6303-C52D-6043-305B9E751BAC} - abrek.dll (file missing)

    F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe ,c:\windows\system32\netupdate.exe

    O4 - HKLM\..\Run: [dmtwc.exe] C:\WINDOWS\system32\dmtwc.exe

    O4 - HKLM\..\Run: [windows_startup] c:\windows\system32\netupdate.exe

    O4 - HKCU\..\Run: [windows_startup] c:\windows\system32\netupdate.exe

    O4 - HKCU\..\Run: [shell] "C:\Program Files\Fichiers communs\Microsoft Shared\Web Folders\ibm00003.exe"

    O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - <a href="http://a1540.g.akama...eInstaller.exe" target="_blank">http://a1540.g.akama...staller.exe</a>

    O17 - HKLM\System\CCS\Services\Tcpip\..\{2E88D1C5-2AB1-4F7D-BEF6-62634C530D50}: NameServer = 85.255.116.121,85.255.112.69

    O17 - HKLM\System\CCS\Services\Tcpip\..\{BD99DD3B-6D54-4DA0-BE84-AB3D0F3DBEDE}: NameServer = 85.255.116.121,85.255.112.69

    O17 - HKLM\System\CCS\Services\Tcpip\..\{F4ADE92B-2C15-4279-818F-8F7D1BC0953C}: NameServer = 85.255.116.121,85.255.112.69

    O17 - HKLM\System\CCS\Services\Tcpip\..\{F6342D4E-EC47-4F40-B76F-BD2EAC7E80AF}: NameServer = 85.255.116.121,85.255.112.69

    O17 - HKLM\System\CS1\Services\Tcpip\..\{2E88D1C5-2AB1-4F7D-BEF6-62634C530D50}: NameServer = 85.255.116.121,85.255.112.69

    Now Make sure ALL WINDOWS and BROWSERS are CLOSED and hit the Fix Checked Button
Now open the Control Panel-> In the windows control panel. If you are using Windows XP's Category View, select the Network and Internet Connections category otherwise double click on Network Connections. Then right click on your default connection, usually local area connection for cable and dsl, and left click on properties. Click the Networking tab. Double-click on the Internet Protocol (TCP/IP) item and select the radio dial that says Obtain DNS servers automatically

Press OK twice to get out of the properties screen and reboot if it asks.
That option might not be avaiable one some systems.


Next Go start run type cmd and hit OK
type
ipconfig /flushdns
then hit enter, type exit hit enter
(that space between g and / is needed)


Update your Kaspersky Antivirus and do a complete system scan,remove any threats found.


Be sure Windows is Showing Hidden Files
http://www.bleepingc...al62.html#winxp


Delete the following if found:

c:\windows\system32\netupdate.exe<-- File

C:\WINDOWS\system32\dmtwc.exe<-- File

C:\Program Files\Fichiers communs\Microsoft Shared\Web Folders\ibm00003.exe<-- File



Please run the F-Secure Online Scanner

Note: This Scanner is for Internet Explorer Only!
  • Follow the Instruction on the F-Secure page for proper installation.
  • Accept the License Agreement.
  • Once the ActiveX installs,Click Full System Scan
  • Once the download completes,the scan will begin automatically.
  • The scan will take some time to finish,so please be patient.
  • When the scan completes, click the Automatic cleaning (recommended) button.
  • Click the Show Report button and Copy&Paste the entire report in your next reply.
Post back with the following:

Report.txt form Fix WareOut

Fresh HijackThis log

Report from F-Secure Online Scanner

Edited by Cretemonster, 30 September 2006 - 07:14 AM.

  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP