Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

help me to clean my PC [RESOLVED]


  • This topic is locked This topic is locked

#1
toutou21

toutou21

    Member

  • Member
  • PipPip
  • 18 posts
hi,

i dont' know how we do with this popups allways appear, this is my hijackthis log file :

Logfile of HijackThis v1.99.1
Scan saved at 16:44:00, on 12/06/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\system32\netdde.exe
D:\WINDOWS\system32\cisvc.exe
D:\WINDOWS\System32\imapi.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\System32\vssvc.exe
D:\WINDOWS\System32\wbem\wmiapsrv.exe
D:\WINDOWS\System32\dmadmin.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\System32\wuauclt.exe
D:\WINDOWS\system32\cidaemon.exe
D:\Program Files\Mozilla Firefox\firefox.exe
D:\WINDOWS\System32\wuauclt.exe
D:\HTJ\hijackthis\HijackThis.exe

O4 - HKLM\..\Run: [checkrun] D:\windows\system32\elitewjf32.exe
O4 - HKLM\..\Run: [HELPER] D:\WINDOWS\System32\temp532.exe -N
O15 - ProtocolDefaults: 'http' protocol is in My Computer Zone, should be Internet Zone
O17 - HKLM\System\CCS\Services\Tcpip\..\{A760F5A3-BB80-4D42-862C-AB65B3D2B149}: NameServer = 10.10.1.202 192.168.20.5

please do sommeting to help me to desinfect my PC !!!
Best regards.
  • 0

Advertisements


#2
Guest_usetobe_*

Guest_usetobe_*
  • Guest
Welcome to Geeks 2 Go. Sorry about the delay in getting to your post, we have been very busy.

Do you still require help or are your problems resolved.

Please let me know and if you still require assistance, please post a fresh HJT log.

Regards,

Usetobe
  • 0

#3
toutou21

toutou21

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
hi,

i still always have the probleme in my pc, this is a fresh HJT log :

Logfile of HijackThis v1.99.1
Scan saved at 09:31:22, on 18/06/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\system32\netdde.exe
D:\WINDOWS\system32\cisvc.exe
D:\WINDOWS\System32\imapi.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\System32\vssvc.exe
D:\WINDOWS\System32\wbem\wmiapsrv.exe
D:\WINDOWS\System32\dmadmin.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\System32\windowsp.exe
D:\Program Files\Mozilla Firefox\firefox.exe
D:\WINDOWS\System32\wuauclt.exe
D:\WINDOWS\system32\cidaemon.exe
D:\HTJ\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:1030
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = ;cgi*.ebay.com;disney.go.com;msa_e1.ebay.com;rhapsody_app*.listen.com;<local>
O2 - BHO: (no name) - {A5366673-E8CA-11D3-9CD9-0090271D075B} - (no file)
O4 - HKLM\..\Run: [checkrun] D:\windows\system32\elitewjf32.exe
O4 - HKLM\..\Run: [HELPER] D:\WINDOWS\System32\temp532.exe -N
O4 - HKLM\..\Run: [winnt DNS ident] windowsp.exe
O4 - HKLM\..\RunServices: [winnt DNS ident] windowsp.exe
O8 - Extra context menu item: Download All by FlashGet - D:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - D:\Program Files\FlashGet\jc_link.htm
O15 - ProtocolDefaults: 'http' protocol is in My Computer Zone, should be Internet Zone
O17 - HKLM\System\CCS\Services\Tcpip\..\{A760F5A3-BB80-4D42-862C-AB65B3D2B149}: NameServer = 81.22.90.29 82.101.136.29

thanks in advance for your help
Best regards
  • 0

#4
Guest_usetobe_*

Guest_usetobe_*
  • Guest
Hi again,

Here we go.

Please read these instructions carefully and print them out! Be sure to follow ALL instructions!

Please download the trial version of Ewido Security Suite here:
http://www.ewido.net/en/download/
Install it, and update the definitions to the newest files. Do NOT run a scan yet.

Please download Cleanup from here:
Cleanup. Do not run it yet.

Set up PC to show hidden files.(Click link if you do not know how)
Show hidden files

Run this online virus scan: ActiveScan - Save the results from the scan!

Next, please reboot your computer in Safe Mode by doing the following:
1) Restart your computer
2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3) Instead of Windows loading as normal, a menu should appear
4) Select the first option, to run Windows in Safe Mode.

For additional help in booting into Safe Mode, see the following site:
http://www.pchell.co.../safemode.shtml

Then please run Ewido, and run a full scan. This may take some time, so go grab a coffee. Once it finds the first issue tick the box for all. Post the log from the scan here for me.

Then please run HijackThis, click Scan, and check the following if found, as some of them may have been removed by earlier processes:

O2 - BHO: (no name) - {A5366673-E8CA-11D3-9CD9-0090271D075B} - (no file)
O4 - HKLM\..\Run: [checkrun] D:\windows\system32\elitewjf32.exe
O4 - HKLM\..\Run: [HELPER] D:\WINDOWS\System32\temp532.exe -N
O4 - HKLM\..\Run: [winnt DNS ident] windowsp.exe
O4 - HKLM\..\RunServices: [winnt DNS ident] windowsp.exe
O15 - ProtocolDefaults: 'http' protocol is in My Computer Zone, should be Internet Zone


Question: Do you use a proxy server? If not, then delete this entry with the others in HijackThis.

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:1030

Close all open windows except for HijackThis and click Fix Checked.

Now using windows explorer locate and delete the following files/folders if found.

D:\windows\system32\elitewjf32.exe
D:\WINDOWS\System32\temp532.exe
D:\WINDOWS\System32\windowsp.exe


Now run Cleanup

Restart your computer in normal mode and please post a new HijackThis log, as well as the log from the Ewido scan and panda scan
  • 0

#5
toutou21

toutou21

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
hi,
i do what you told me, but i can't send you ewido log, because always an occurred error appear and a message told me to close when i start ewido scan so, this is htj and active scan logs :

hijackthis log :
Logfile of HijackThis v1.99.1
Scan saved at 16:02:21, on 20/06/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\system32\netdde.exe
D:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
D:\WINDOWS\system32\cisvc.exe
D:\Program Files\ewido\security suite\ewidoctrl.exe
D:\Program Files\ewido\security suite\ewidoguard.exe
D:\WINDOWS\System32\imapi.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\System32\vssvc.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\System32\wbem\wmiapsrv.exe
D:\WINDOWS\System32\dmadmin.exe
D:\Program Files\Mozilla Firefox\firefox.exe
D:\WINDOWS\system32\cidaemon.exe
D:\Program Files\Windows NT\Accessoires\WORDPAD.EXE
D:\HTJ\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = ;cgi*.ebay.com;disney.go.com;msa_e1.ebay.com;rhapsody_app*.listen.com;<local>
O8 - Extra context menu item: Download All by FlashGet - D:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - D:\Program Files\FlashGet\jc_link.htm
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{A760F5A3-BB80-4D42-862C-AB65B3D2B149}: NameServer = 10.10.1.202 192.168.20.5
O23 - Service: BlueSoleil Hid Service - Unknown owner - D:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: ewido security suite control - ewido networks - D:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - D:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: Network DDE Client (NetDDEclnt) - Unknown owner - D:\WINDOWS\System32\netddeclnt.exe (file missing)



Active scan log :

Incident Status Location

Virus:W32/Gaobot.HVU.worm Disinfected Operating system
Spyware:Spyware/Cydoor No disinfected D:\WINDOWS\cache277
Spyware:Spyware/BargainBuddy No disinfected D:\WINDOWS\System32\exclean.exe
Adware:Adware/Gator No disinfected D:\DOCUME~1\BENTEB~1\LOCALS~1\Temp\fsg_tmp
Adware:Adware/nCase No disinfected D:\Temp\FLEOK
Spyware:Spyware/AdClicker No disinfected D:\WINDOWS\usta33.ini
Spyware:Spyware/Dyfuca No disinfected Windows Registry
Spyware:Spyware/ISTbar No disinfected D:\DOCUME~1\BENTEB~1\LOCALS~1\Temp\Shortcuts.txt
Adware:Adware/PowerScan No disinfected Windows Registry
Adware:Adware/SAHAgent No disinfected D:\WINDOWS\unstall.exe
Adware:Adware/CWS No disinfected Windows Registry
Spyware:Spyware/Media-motor No disinfected D:\WINDOWS\mm??.ocx
Adware:Adware/Twain-Tech No disinfected D:\WINDOWS\smdat32m.sys
Adware:Adware/WUpd No disinfected D:\Program Files\AdTools Service
Spyware:Spyware/Altnet No disinfected D:\WINDOWS\Temp\Adware
Adware:Adware/EliteBar No disinfected D:\WINDOWS\Downloaded Program Files\v?.dll
Adware:Adware/ExactSearch No disinfected Windows Registry
Adware:Adware/TopConvert No disinfected D:\WINDOWS\downloaded program files\loader2.ocx
Adware:Adware/SearchRelevancy No disinfected Windows Registry
Spyware:Spyware/Petro-Line No disinfected D:\Documents and Settings\Benteboula Toufik\Favoris\Sites about\Ab scissor.url
Virus:Trj/Downloader.ALQ Disinfected Operating system
Adware:Adware/P2PNetworking No disinfected D:\WINDOWS\System32\P2P Networking
Adware:Adware/NaviPromo No disinfected Windows Registry
Adware:Adware/Startpage.AAO No disinfected D:\WINDOWS\System32\XPSP2FW.EXE
Adware:Adware/Searchcat No disinfected D:\Documents and Settings\Benteboula Toufik\Favoris\Free Hardcore [bleep]
Adware:Adware/Need2Find No disinfected Windows Registry
Adware:Adware/SLAgent No disinfected C:\_RESTORE\TEMP\A0007471.CPY
Virus:Trojan Horse Disinfected C:\_RESTORE\TEMP\A0007704.CPY
Virus:Trj/Ranky.BS Disinfected C:\WINDOWS\SYSTEM32\windra.exe
Virus:Trj/Downloader.BTV Disinfected C:\WINDOWS\SYSTEM32\telnet.exe
Virus:Trj/Downloader.PD Disinfected C:\WINDOWS\Downloaded Program Files\WebInstall.dll
Possible Virus. No disinfected C:\WINDOWS\DialerAutoLoader.dll
Virus:Bck/Jeemp.B Disinfected C:\Program Files\Internet Explorer\ntwdma.exe
Virus:Trj/Downloader.AUV Disinfected C:\Program Files\Internet Explorer\vihma.exe
Virus:Bck/Webber.AI Disinfected C:\Program Files\Internet Explorer\ijmogqtx.exe
Virus:Trj/Downloader.BTV Disinfected C:\Program Files\Internet Explorer\ocydcxsq.exe
Virus:Trj/Small.AG Disinfected C:\Recycled\1.exe
Adware:Adware/CWS.Aboutblank No disinfected C:\Recycled\Q330995.exe
Adware:Adware/Startpage.FP No disinfected C:\Recycled\Q330994.exe
Adware:Adware/Startpage.OY No disinfected C:\Recycled\Q340925.exe
Adware:Adware/MediaTickets No disinfected C:\ied_s7m.cab[ied.exe]
Virus:Trj/Small.LS Disinfected C:\tp.exe
Virus:Trj/Lowzones.AP Disinfected C:\lsass.exe
Adware:Adware/MediaTickets No disinfected C:\p.exe[re11.REG]
Virus:Trj/LowZones.S Disinfected C:\microsoft.exe
Spyware:Spyware/ISTbar No disinfected D:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\HVFIMHWY\naufnauf[1].htm
Adware:Adware/EliteBar No disinfected D:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\HVFIMHWY\3[1].cab[v3.dll]
Adware:Adware/EliteBar No disinfected D:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\HVFIMHWY\3[1].cab[v3cab.inf]
Spyware:Spyware/BargainBuddy No disinfected D:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\HVFIMHWY\bb[1].exe
Spyware:Spyware/Dyfuca No disinfected D:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\HVFIMHWY\actalert[1].exe
Adware:Adware/Startpage.SJ No disinfected D:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\HVFIMHWY\protector[1].exe
Spyware:Spyware/BargainBuddy No disinfected D:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\HVFIMHWY\casino[1].bmp
Spyware:Spyware/BargainBuddy No disinfected D:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\HVFIMHWY\drugs[1].bmp
Virus:Trj/Downloader.ADB Disinfected D:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\PO4JWAXD\newlc[1].exe
Virus:Trj/Small.AK Disinfected D:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\PO4JWAXD\newc4t[1].exe
Spyware:Spyware/XXXToolbar No disinfected D:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\PO4JWAXD\prompt[1].htm
Adware:Adware/EliteBar No disinfected D:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\PO4JWAXD\silent_install[1].exe
Spyware:Spyware/BargainBuddy No disinfected D:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\PO4JWAXD\dating[1].bmp
Spyware:Spyware/BargainBuddy No disinfected D:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\PO4JWAXD\fav[1].bmp
Spyware:Spyware/BargainBuddy No disinfected D:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\PO4JWAXD\dating-ico[1].bmp
Spyware:Spyware/BargainBuddy No disinfected D:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\PO4JWAXD\drugs-ico[1].bmp
Spyware:Spyware/ISTbar No disinfected D:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\PO4JWAXD\istdownload[2].exe
Virus:Trj/Small.DB Disinfected D:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\MLGMPSTM\keepwalkin[1].exe
Adware:Adware/EliteBar No disinfected D:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\MLGMPSTM\silent_install[1].exe
Spyware:Spyware/BargainBuddy No disinfected D:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\MLGMPSTM\fav-ico[1].bmp
Adware:Adware/WUpd No disinfected D:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\QDNOBRI5\dade[1].htm
Adware:Adware/EliteBar No disinfected D:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\QDNOBRI5\js[1].htm
Virus:Trj/Downloader.ANG Disinfected D:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\QDNOBRI5\dl[1].exe
Adware:Adware/Tracking No disinfected D:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\QDNOBRI5\advertising[1].htm
Adware:Adware/Startpage.SJ No disinfected D:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\QDNOBRI5\protector_update[1].exe
Spyware:Spyware/BargainBuddy No disinfected D:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\QDNOBRI5\virus[1].bmp
Spyware:Spyware/BargainBuddy No disinfected D:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\QDNOBRI5\casino-ico[1].bmp
Adware:Adware/Transponder No disinfected D:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\QDNOBRI5\thin-143-1-x-x[1].exe
Virus:Trojan Horse Disinfected D:\WINDOWS\system32\drivers\etc\hosts
Virus:Trj/Delf.K Disinfected D:\WINDOWS\system32\ShellExt\d.EXE
Virus:Trj/Ranky.CA Disinfected D:\WINDOWS\system32\msgrsv32.exe
Virus:W32/Gaobot.COL.worm Disinfected D:\WINDOWS\system32\mssams.exe
Virus:W32/Gaobot.ECV.worm Disinfected D:\WINDOWS\system32\TFTP220
Virus:W32/Gaobot.AJM.worm Disinfected D:\WINDOWS\system32\taskman.exe
Virus:Trj/Lowzones.AD Disinfected D:\WINDOWS\system32\ltwin32.exe
Virus:W32/Gaobot.CPA.worm Disinfected D:\WINDOWS\system32\p3.exe
Virus:W32/Gaobot.CLD.worm Disinfected D:\WINDOWS\system32\scvhost.exe
Virus:Trj/Downloader.SG Disinfected D:\WINDOWS\system32\ntdsmosd.exe
Virus:Trj/Agent.NU Disinfected D:\WINDOWS\system32\etevui1.exe
Virus:Bck/Webber.AI Disinfected D:\WINDOWS\system32\Ihihdpje.exe
Adware:Adware/ExactSearch No disinfected D:\WINDOWS\system32\mqexdlm.srg
Virus:W32/Sdbot.BLM.worm Disinfected D:\WINDOWS\system32\msc32.exe
Virus:W32/Gaobot.AZF.worm Disinfected D:\WINDOWS\system32\navapq32.exe
Adware:Adware/IESearchBar No disinfected D:\WINDOWS\system32\tmp.exe
Virus:Trj/Agent.NU Disinfected D:\WINDOWS\system32\avk3lsa.exe
Virus:Bck/Webber.AH Disinfected D:\WINDOWS\system32\Cpnbepbj.dll
Virus:Trj/Downloader.SG Disinfected D:\WINDOWS\system32\mhsvorsv.exe
Virus:Trj/Juntador.A Disinfected D:\WINDOWS\system32\cpdst.exe
Virus:W32/Sdbot.DYS.worm Disinfected D:\WINDOWS\system32\swwhost.exe
Virus:Trj/Downloader.ABR Disinfected D:\WINDOWS\system32\wuclient.exe
Virus:Trj/Downloader.ABR Disinfected D:\WINDOWS\system32\xpsp2fw.exe
Virus:Trj/Downloader.CIX Disinfected D:\WINDOWS\system32\2658.exe
Virus:Trj/Downloader.ABR Disinfected D:\WINDOWS\system32\mscapxts.dll
Virus:Trj/Downloader.ABR Disinfected D:\WINDOWS\system32\sockdle.dll
Virus:Trj/Agent.NU Disinfected D:\WINDOWS\system32\inrappru.exe
Virus:W32/Gaobot.ECV.worm Disinfected D:\WINDOWS\system32\TFTP680
Virus:Trj/Downloader.SG Disinfected D:\WINDOWS\system32\_32mpru.exe
Adware:Adware/ISearch No disinfected D:\WINDOWS\system32\dust.exe
Virus:W32/Gaobot.ECV.worm Disinfected D:\WINDOWS\system32\TFTP1972
Virus:W32/Sdbot.BSV.worm Disinfected D:\WINDOWS\system32\msup32a.exe
Virus:W32/Gaobot.ECV.worm Disinfected D:\WINDOWS\system32\TFTP2456
Adware:Adware/ExactSearch No disinfected D:\WINDOWS\system32\exclean.exe
Virus:Bck/Sdbot.BYB Disinfected D:\WINDOWS\system32\winasp.exe
Spyware:Spyware/BargainBuddy No disinfected D:\WINDOWS\system32\vx1x.nls
Virus:W32/Gaobot.ECV.worm Disinfected D:\WINDOWS\system32\TFTP4988
Virus:W32/Gaobot.EUF.worm Disinfected D:\WINDOWS\system32\pwn
Adware:Adware/SearchAid No disinfected D:\WINDOWS\system32\syssj.exe
Spyware:Spyware/BargainBuddy No disinfected D:\WINDOWS\system32\vx1.nls
Spyware:Spyware/BargainBuddy No disinfected D:\WINDOWS\system32\mac80ex.idf
Spyware:Spyware/BargainBuddy No disinfected D:\WINDOWS\system32\mac80ex.idf[msbe.dll]
Spyware:Spyware/BargainBuddy No disinfected D:\WINDOWS\system32\mac80ex.idf[bargains.exe]
Spyware:Spyware/BargainBuddy No disinfected D:\WINDOWS\system32\mac80ex.idf[adv.exe]
Spyware:Spyware/BargainBuddy No disinfected D:\WINDOWS\system32\mac80ex.idf[adx.exe]
Spyware:Spyware/BargainBuddy No disinfected D:\WINDOWS\system32\vx0.nls
Virus:Trj/Agent.DW Disinfected D:\WINDOWS\system32\d3re32.dll
Virus:W32/Gaobot.HVU.worm Disinfected D:\WINDOWS\system32\windowsp.exe
Adware:Adware/WUpd No disinfected D:\WINDOWS\system32\loudc.exe
Virus:W32/Gaobot.gen.worm Disinfected D:\WINDOWS\system32\wmpa36c.exe
Virus:W32/Gaobot.DSO.worm Disinfected D:\WINDOWS\system32\msfwe1.exe
Virus:W32/Sdbot.BSJ.worm Disinfected D:\WINDOWS\system32\rundlI32.exe
Adware:Adware/P2PNetworking No disinfected D:\WINDOWS\system32\P2P Networking v126.cpl
Virus:W32/Gaobot.DSO.worm Disinfected D:\WINDOWS\system32\mcafeeAV.exe
Virus:Trojan Horse Disinfected D:\WINDOWS\system32\mslagent.exe
Virus:W32/Sasser.ftp Disinfected D:\WINDOWS\system32\cmd.ftp
Virus:Trj/Datei.A Disinfected D:\WINDOWS\system32\scopedll.exe
Adware:Adware/SLAgent No disinfected D:\WINDOWS\system32\Mservice.dll
Adware:Adware/EliteBar No disinfected D:\WINDOWS\Temp\ICD1.tmp\v3.dll
Adware:Adware/EliteBar No disinfected D:\WINDOWS\Temp\ICD1.tmp\v3cab.inf
Virus:W32/Gaobot.batch Disinfected D:\WINDOWS\Temp\u.bat
Spyware:Spyware/ISTbar No disinfected D:\WINDOWS\Temp\fDpCfmG.exe
Spyware:Spyware/ISTbar No disinfected D:\WINDOWS\Temp\fft1ydJ.exe
Adware:Adware/Sqwire No disinfected D:\WINDOWS\Temp\targetsaver.exe
Adware:Adware/Sqwire No disinfected D:\WINDOWS\Temp\GLFDGLFD.EXE
Spyware:Spyware/BargainBuddy No disinfected D:\WINDOWS\Temp\bb.exe
Spyware:Spyware/ISTbar No disinfected D:\WINDOWS\Temp\fGCdZb6.exe
Virus:W32/Gaobot.DCQ.worm Disinfected D:\WINDOWS\Temp\x[-][-].exe
Adware:Adware/WUpd No disinfected D:\WINDOWS\Temp\naufnauf.exe
Virus:W32/Sdbot.BXP.worm Disinfected D:\WINDOWS\Temp\[][].exe
Spyware:Spyware/ISTbar No disinfected D:\WINDOWS\Temp\fkdZ9Ah.exe
Adware:Adware/nCase No disinfected D:\WINDOWS\180ax.exe
Spyware:Spyware/ISTbar No disinfected D:\WINDOWS\toolx.exe
Virus:Trj/Agent.DW Disinfected D:\WINDOWS\pugesx.dat
Adware:Adware/WUpd No disinfected D:\WINDOWS\dalin.exe
Spyware:Spyware/ISTbar No disinfected D:\WINDOWS\tool1.exe
Virus:Bck/Webdor.G Disinfected D:\WINDOWS\winagent.exe
Spyware:Spyware/ISTbar No disinfected D:\WINDOWS\toolk.exe
Spyware:Spyware/Media-motor No disinfected D:\WINDOWS\mm63.ocx
Adware:Adware/WUpd No disinfected D:\WINDOWS\dalins.exe
Spyware:Spyware/ISTbar No disinfected D:\WINDOWS\toolj.exe
Virus:Trj/Downloader.ALQ Disinfected D:\WINDOWS\lsass.exe
Spyware:Spyware/AdClicker No disinfected D:\WINDOWS\usta33.ini
Virus:Trj/Downloader.ZN Disinfected D:\WINDOWS\Downloaded Program Files\loader2.ocx
Adware:Adware/EliteBar No disinfected D:\WINDOWS\Downloaded Program Files\v3.dll
Spyware:Spyware/ISTbar No disinfected D:\WINDOWS\test.exe
Adware:Adware/SAHAgent No disinfected D:\WINDOWS\unstall.exe
Adware:Adware/Twain-Tech No disinfected D:\WINDOWS\smdat32m.sys
Spyware:Spyware/Altnet No disinfected D:\WINDOWS\smdat32a.sys
Adware:Adware/Transponder No disinfected D:\WINDOWS\thin-143-1-x-x.exe
Virus:Trj/Agent.DW Disinfected D:\WINDOWS\bizglm.dat
Adware:Adware/SideFind No disinfected D:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\RLE5VRFG\sfbho13[1].dll
Spyware:Spyware/ISTbar No disinfected D:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\RLE5VRFG\istdownload[2].exe
Adware:Adware/Sqwire No disinfected D:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\URQX4T2L\targetsaver[1].exe
Spyware:Spyware/Dyfuca No disinfected D:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\URQX4T2L\actalert[1].exe
Spyware:Spyware/ISTbar No disinfected D:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\URQX4T2L\istbar_mainstream[1].dll
Virus:Trj/Downloader.ANG Disinfected D:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\URQX4T2L\dl[1].exe
Adware:Adware/Sqwire No disinfected D:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\6N0VER6L\tsupdate[1].ini
Adware:Adware/SideFind No disinfected D:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\6N0VER6L\sidefind13[1].dll
Spyware:Spyware/Dyfuca No disinfected D:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\WH6VKDIF\optimize[1].exe
Virus:W32/Gaobot.batch Disinfected D:\Documents and Settings\Benteboula Toufik\Local Settings\Temp\u.bat
Spyware:Spyware/ISTbar No disinfected D:\Documents and Settings\Benteboula Toufik\Local Settings\Temp\fdFSV4B.exe
Adware:Adware/SideFind No disinfected D:\Documents and Settings\Benteboula Toufik\Local Settings\Temp\temp.frD16A\update\sidefind.exe
Adware:Adware/EliteBar No disinfected D:\Documents and Settings\Benteboula Toufik\Local Settings\Temp\temp.exe
Virus:Trj/Dropper.DT Disinfected D:\Documents and Settings\Benteboula Toufik\Local Settings\Temporary Internet Files\Content.IE5\QPMZGLSR\silent_install[1].exe
Adware:Adware/EliteBar No disinfected D:\Documents and Settings\Benteboula Toufik\Local Settings\Temporary Internet Files\Content.IE5\QPMZGLSR\js[1].htm
Adware:Adware/EliteBar No disinfected D:\Documents and Settings\Benteboula Toufik\Local Settings\Temporary Internet Files\Content.IE5\QPMZGLSR\kwlist2[1].exe
Spyware:Spyware/BargainBuddy No disinfected D:\Documents and Settings\Benteboula Toufik\Local Settings\Temporary Internet Files\Content.IE5\QPMZGLSR\fav[1].bmp
Spyware:Spyware/BargainBuddy
  • 0

#6
Guest_usetobe_*

Guest_usetobe_*
  • Guest
Rescan with Panda active scan please and post the log back
  • 0

#7
toutou21

toutou21

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
hi,
this is my new activescan log, you find it also in attached file .

Incident Status Location

Spyware:Spyware/Cydoor No disinfected D:\WINDOWS\cache277
Spyware:Spyware/BargainBuddy No disinfected D:\WINDOWS\System32\vx0.nls
Adware:Adware/nCase No disinfected Windows Registry
Spyware:Spyware/AdClicker No disinfected D:\WINDOWS\usta33.ini
Spyware:Spyware/Dyfuca No disinfected Windows Registry
Adware:Adware/Twain-Tech No disinfected D:\WINDOWS\smdat32m.sys
Adware:Adware/WUpd No disinfected D:\Program Files\AdTools Service
Spyware:Spyware/Altnet No disinfected Windows Registry
Adware:Adware/EliteBar No disinfected D:\WINDOWS\EliteSideBar
Adware:Adware/ExactSearch No disinfected Windows Registry
Spyware:Spyware/Petro-Line No disinfected D:\Documents and Settings\Benteboula Toufik\Favoris\Sites about\Ab scissor.url
Adware:Adware/P2PNetworking No disinfected D:\WINDOWS\System32\P2P Networking
Adware:Adware/NaviPromo No disinfected Windows Registry
Adware:Adware/Searchcat No disinfected D:\Documents and Settings\Benteboula Toufik\Favoris\Free Hardcore [bleep]
Adware:Adware/Need2Find No disinfected Windows Registry
Possible Virus. No disinfected C:\WINDOWS\DialerAutoLoader.dll
Adware:Adware/CWS.Aboutblank No disinfected C:\Recycled\Q330995.exe
Adware:Adware/Startpage.OY No disinfected C:\Recycled\Q340925.exe
Adware:Adware/MediaTickets No disinfected C:\ied_s7m.cab[ied.exe]
Virus:W32/Gaobot.HVU.worm Disinfected D:\WINDOWS\system32\TFTP984
Virus:W32/Gaobot.HVU.worm Disinfected D:\WINDOWS\system32\TFTP2312
Spyware:Spyware/BargainBuddy No disinfected D:\WINDOWS\system32\vx1x.nls
Spyware:Spyware/BargainBuddy No disinfected D:\WINDOWS\system32\vx1.nls
Spyware:Spyware/BargainBuddy No disinfected D:\WINDOWS\system32\vx0.nls
Adware:Adware/P2PNetworking No disinfected D:\WINDOWS\system32\P2P Networking v126.cpl
Spyware:Spyware/AdClicker No disinfected D:\WINDOWS\usta33.ini
Adware:Adware/Twain-Tech No disinfected D:\WINDOWS\smdat32m.sys
Spyware:Spyware/Altnet No disinfected D:\WINDOWS\smdat32a.sys
Spyware:Spyware/BargainBuddy No disinfected D:\WINDOWS\EliteToolBar\xml\images\fav.bmp
Spyware:Spyware/BargainBuddy No disinfected D:\WINDOWS\EliteToolBar\xml\images\dating.bmp
Spyware:Spyware/BargainBuddy No disinfected D:\WINDOWS\EliteToolBar\xml\images\casino.bmp
Spyware:Spyware/BargainBuddy No disinfected D:\WINDOWS\EliteToolBar\xml\images\drugs.bmp
Spyware:Spyware/BargainBuddy No disinfected D:\WINDOWS\EliteToolBar\xml\images\virus.bmp
Adware:Adware/CWS No disinfected D:\Documents and Settings\Benteboula Toufik\Favoris\Power Cleaner.url
Adware:Adware/CWS No disinfected D:\Documents and Settings\Benteboula Toufik\Favoris\Clean Space.url
Adware:Adware/CWS No disinfected D:\Documents and Settings\Benteboula Toufik\Favoris\Teens-dream TGP.url
Adware:Adware/CWS No disinfected D:\Documents and Settings\Benteboula Toufik\Favoris\Automotive resources.url
Adware:Adware/CWS No disinfected D:\Documents and Settings\Benteboula Toufik\Favoris\Medicine resources.url
Adware:Adware/CWS No disinfected D:\Documents and Settings\Benteboula Toufik\Favoris\Fashion and Beauty.url
Spyware:Spyware/Petro-Line No disinfected D:\Documents and Settings\Benteboula Toufik\Favoris\Sites about\Credit counseling.url
Spyware:Spyware/Petro-Line No disinfected D:\Documents and Settings\Benteboula Toufik\Favoris\Sites about\Insurance home.url
Spyware:Spyware/Petro-Line No disinfected D:\Documents and Settings\Benteboula Toufik\Favoris\Sites about\Mortgage life insurance.url
Spyware:Spyware/Petro-Line No disinfected D:\Documents and Settings\Benteboula Toufik\Favoris\Sites about\Help desk software.url
Spyware:Spyware/Petro-Line No disinfected D:\Documents and Settings\Benteboula Toufik\Favoris\Sites about\Ab scissor.url
Spyware:Spyware/Petro-Line No disinfected D:\Documents and Settings\Benteboula Toufik\Favoris\Sites about\Videos.url
Spyware:Spyware/Petro-Line No disinfected D:\Documents and Settings\Benteboula Toufik\Favoris\Sites about\What is hydrocodone.url
Spyware:Spyware/Petro-Line No disinfected D:\Documents and Settings\Benteboula Toufik\Favoris\Sites about\Online gambling casino.url
Spyware:Spyware/Petro-Line No disinfected D:\Documents and Settings\Benteboula Toufik\Favoris\Sites about\Refinancing my mortgage.url
Spyware:Spyware/Petro-Line No disinfected D:\Documents and Settings\Benteboula Toufik\Favoris\Sites about\Debt credit card.url
Spyware:Spyware/Petro-Line No disinfected D:\Documents and Settings\Benteboula Toufik\Favoris\Sites about\Fha.url
Spyware:Spyware/Petro-Line No disinfected D:\Documents and Settings\Benteboula Toufik\Favoris\Sites about\Loan for debt consolidation.url
Spyware:Spyware/Petro-Line No disinfected D:\Documents and Settings\Benteboula Toufik\Favoris\Sites about\Health insurance.url
Spyware:Spyware/Petro-Line No disinfected D:\Documents and Settings\Benteboula Toufik\Favoris\Sites about\Personal loans online.url
Spyware:Spyware/Petro-Line No disinfected D:\Documents and Settings\Benteboula Toufik\Favoris\Sites about\Payroll advance.url
Spyware:Spyware/Petro-Line No disinfected D:\Documents and Settings\Benteboula Toufik\Favoris\Sites about\Marketing email.url
Spyware:Spyware/Petro-Line No disinfected D:\Documents and Settings\Benteboula Toufik\Favoris\Sites about\Prescription Drugs Rx Online.url
Spyware:Spyware/Petro-Line No disinfected D:\Documents and Settings\Benteboula Toufik\Favoris\Sites about\Credit report.url
Spyware:Spyware/Petro-Line No disinfected D:\Documents and Settings\Benteboula Toufik\Favoris\Sites about\Tahoe vacation rental.url
Spyware:Spyware/Petro-Line No disinfected D:\Documents and Settings\Benteboula Toufik\Favoris\Sites about\Escorts.url
Spyware:Spyware/Petro-Line No disinfected D:\Documents and Settings\Benteboula Toufik\Favoris\Sites about\Order phentermine.url
Spyware:Spyware/Petro-Line No disinfected D:\Documents and Settings\Benteboula Toufik\Favoris\Sites about\Mortgage insurance.url
Spyware:Spyware/Petro-Line No disinfected D:\Documents and Settings\Benteboula Toufik\Favoris\Sites about\Personal loans with bad credit.url
Spyware:Spyware/Petro-Line No disinfected D:\Documents and Settings\Benteboula Toufik\Favoris\Sites about\Crm software.url
Spyware:Spyware/Petro-Line No disinfected D:\Documents and Settings\Benteboula Toufik\Favoris\Sites about\Nevada corporations.url
Spyware:Spyware/Petro-Line No disinfected D:\Documents and Settings\Benteboula Toufik\Favoris\Sites about\Unsecured bad credit loans.url
Spyware:Spyware/Petro-Line No disinfected D:\Documents and Settings\Benteboula Toufik\Favoris\Sites about\Loan for people with bad credit.url
Spyware:Spyware/Petro-Line No disinfected D:\Documents and Settings\Benteboula Toufik\Favoris\Sites about\Broadband comparison.url
Spyware:Spyware/Petro-Line No disinfected D:\Documents and Settings\Benteboula Toufik\Favoris\Sites about\Online Betting Site.url
Spyware:Spyware/Petro-Line No disinfected D:\Documents and Settings\Benteboula Toufik\Favoris\Sites about\Online instant loan.url
Spyware:Spyware/ISTbar No disinfected D:\Documents and Settings\Benteboula Toufik\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\javainstaller.jar-3c936701-45541ad6.zip[InstallerApplet.class]
Spyware:Spyware/ISTbar No disinfected D:\Documents and Settings\Benteboula Toufik\blank.html
Adware:Adware/IESearchBar No disinfected D:\HTJ\hijackthis\backups\backup-20050105-134003-194.dll
Spyware:Spyware/Petro-Line No disinfected D:\HTJ\hijackthis\backups\backup-20050109-194047-665.dll
Spyware:Spyware/Petro-Line No disinfected D:\HTJ\hijackthis\backups\backup-20050111-184914-323.dll
Adware:Adware/SideFind No disinfected D:\HTJ\hijackthis\backups\backup-20050131-201030-837.dll
Adware:Adware/EliteBar No disinfected D:\HTJ\hijackthis\backups\backup-20050219-193406-224.dll

Attached Files


  • 0

#8
Guest_usetobe_*

Guest_usetobe_*
  • Guest
Hi Again,

I need you to copy all of the Killbox file paths below and paste them into Notepad.

D:\WINDOWS\cache277
D:\WINDOWS\System32\vx0.nls
D:\WINDOWS\usta33.ini
D:\WINDOWS\smdat32m.sys
D:\Program Files\AdTools Service
D:\WINDOWS\EliteSideBar
D:\Documents and Settings\Benteboula Toufik\Favoris\Sites about\Ab scissor.url
D:\WINDOWS\System32\P2P Networking
D:\Documents and Settings\Benteboula Toufik\Favoris\Free Hardcore [bleep]
C:\WINDOWS\DialerAutoLoader.dll
C:\Recycled\Q330995.exe
C:\Recycled\Q340925.exe
C:\ied_s7m.cab[ied.exe]
D:\WINDOWS\system32\vx1x.nls
D:\WINDOWS\system32\vx1.nls
D:\WINDOWS\system32\vx0.nls
D:\WINDOWS\system32\P2P Networking v126.cpl
D:\WINDOWS\usta33.ini
D:\WINDOWS\smdat32m.sys
D:\WINDOWS\smdat32a.sys
D:\WINDOWS\EliteToolBar\xml\images\fav.bmp
D:\WINDOWS\EliteToolBar\xml\images\dating.bmp
D:\WINDOWS\EliteToolBar\xml\images\casino.bmp
D:\WINDOWS\EliteToolBar\xml\images\drugs.bmp
D:\WINDOWS\EliteToolBar\xml\images\virus.bmp
D:\Documents and Settings\Benteboula Toufik\Favoris\Power Cleaner.url
D:\Documents and Settings\Benteboula Toufik\Favoris\Clean Space.url
d:\Documents and Settings\Benteboula Toufik\Favoris\Teens-dream TGP.url
D:\Documents and Settings\Benteboula Toufik\Favoris\Automotive resources.url
D:\Documents and Settings\Benteboula Toufik\Favoris\Medicine resources.url
D:\Documents and Settings\Benteboula Toufik\Favoris\Fashion and Beauty.url
D:\Documents and Settings\Benteboula Toufik\Favoris\Sites about\Credit counseling.url
D:\Documents and Settings\Benteboula Toufik\Favoris\Sites about\Insurance home.url
D:\Documents and Settings\Benteboula Toufik\Favoris\Sites about\Mortgage life insurance.url
D:\Documents and Settings\Benteboula Toufik\Favoris\Sites about\Help desk software.url
D:\Documents and Settings\Benteboula Toufik\Favoris\Sites about\Ab scissor.url
D:\Documents and Settings\Benteboula Toufik\Favoris\Sites about\Videos.url
D:\Documents and Settings\Benteboula Toufik\Favoris\Sites about\What is hydrocodone.url
D:\Documents and Settings\Benteboula Toufik\Favoris\Sites about\Online gambling casino.url
D:\Documents and Settings\Benteboula Toufik\Favoris\Sites about\Refinancing my mortgage.url
D:\Documents and Settings\Benteboula Toufik\Favoris\Sites about\Debt credit card.url
D:\Documents and Settings\Benteboula Toufik\Favoris\Sites about\Fha.url
D:\Documents and Settings\Benteboula Toufik\Favoris\Sites about\Loan for debt consolidation.url
D:\Documents and Settings\Benteboula Toufik\Favoris\Sites about\Health insurance.url
D:\Documents and Settings\Benteboula Toufik\Favoris\Sites about\Personal loans online.url
D:\Documents and Settings\Benteboula Toufik\Favoris\Sites about\Payroll advance.url
D:\Documents and Settings\Benteboula Toufik\Favoris\Sites about\Marketing email.url
D:\Documents and Settings\Benteboula Toufik\Favoris\Sites about\Prescription Drugs Rx Online.url
D:\Documents and Settings\Benteboula Toufik\Favoris\Sites about\Credit report.url
D:\Documents and Settings\Benteboula Toufik\Favoris\Sites about\Tahoe vacation rental.url
D:\Documents and Settings\Benteboula Toufik\Favoris\Sites about\Escorts.url
D:\Documents and Settings\Benteboula Toufik\Favoris\Sites about\Order phentermine.url
D:\Documents and Settings\Benteboula Toufik\Favoris\Sites about\Mortgage insurance.url
D:\Documents and Settings\Benteboula Toufik\Favoris\Sites about\Personal loans with bad credit.url
D:\Documents and Settings\Benteboula Toufik\Favoris\Sites about\Crm software.url
D:\Documents and Settings\Benteboula Toufik\Favoris\Sites about\Nevada corporations.url
D:\Documents and Settings\Benteboula Toufik\Favoris\Sites about\Unsecured bad credit loans.url
D:\Documents and Settings\Benteboula Toufik\Favoris\Sites about\Loan for people with bad credit.url
D:\Documents and Settings\Benteboula Toufik\Favoris\Sites about\Broadband comparison.url
D:\Documents and Settings\Benteboula Toufik\Favoris\Sites about\Online Betting Site.url
D:\Documents and Settings\Benteboula Toufik\Favoris\Sites about\Online instant loan.url
D:\Documents and Settings\Benteboula Toufik\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\javainstaller.jar-3c936701-45541ad6.zip[InstallerApplet.class]
D:\Documents and Settings\Benteboula Toufik\blank.html
D:\HTJ\hijackthis\backups\backup-20050105-134003-194.dll
D:\HTJ\hijackthis\backups\backup-20050109-194047-665.dll
D:\HTJ\hijackthis\backups\backup-20050111-184914-323.dll
D:\HTJ\hijackthis\backups\backup-20050131-201030-837.dll
D:\HTJ\hijackthis\backups\backup-20050219-193406-224.dll


* Please download the http://www.bleepingc...es/killbox.php]Killbox by Option^Explicit[/url]. *In the event you already have Killbox, this is a new version that I need you to download.

* Save it to your desktop.

* Please double-click Killbox.exe to run it.

* Select "Delete on Reboot".

* Open the Notepad file where you saved the file paths earlier and copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C

* Return to Killbox, go to the File menu, and choose "Paste from Clipboard".

* Click the red-and-white "Delete File" button. Click "Yes" at the Delete on Reboot prompt. Click "No" at the Pending Operations prompt.

If your computer does not restart automatically, please restart it manually.

Rescan with HJT and post the log back
  • 0

#9
toutou21

toutou21

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
hi,
i do what you told me, and this is my new htj logs, thanks again a lot !!!

Logfile of HijackThis v1.99.1
Scan saved at 10:07:47, on 22/06/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\system32\netdde.exe
D:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
D:\WINDOWS\system32\cisvc.exe
D:\Program Files\ewido\security suite\ewidoctrl.exe
D:\Program Files\ewido\security suite\ewidoguard.exe
D:\WINDOWS\System32\imapi.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\System32\vssvc.exe
D:\WINDOWS\System32\wbem\wmiapsrv.exe
D:\WINDOWS\System32\dmadmin.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\System32\wuauclt.exe
D:\Program Files\Mozilla Firefox\firefox.exe
D:\WINDOWS\system32\cidaemon.exe
D:\WINDOWS\System32\wuauclt.exe
D:\HTJ\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:1030
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = ;cgi*.ebay.com;disney.go.com;msa_e1.ebay.com;rhapsody_app*.listen.com;<local>
O8 - Extra context menu item: Download All by FlashGet - D:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - D:\Program Files\FlashGet\jc_link.htm
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{A760F5A3-BB80-4D42-862C-AB65B3D2B149}: NameServer = 81.22.90.29 82.101.136.29
O23 - Service: BlueSoleil Hid Service - Unknown owner - D:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: ewido security suite control - ewido networks - D:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - D:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: Network DDE Client (NetDDEclnt) - Unknown owner - D:\WINDOWS\System32\netddeclnt.exe (file missing)

best regards.
  • 0

#10
Guest_usetobe_*

Guest_usetobe_*
  • Guest
From your log, I see nothing in the ways of trojans, nor any evil entities attempting to possess your computer, except for Windows but it's too late for that one. :tazz:

Congratulations your log now appears to be clean. ;)

Let me know how your PC is running and if you have any problems

Here are some tips, to reduce the potential for spyware infection in the future, I strongly recommend installing the following applications:

Detect and Remove Programs:
  • How to use Ad-Aware to remove Spyware <= If you suspect that you have spyware installed on your computer, here are instructions on how to download, install and then use Ad-Aware.
  • How to use Spybot to remove Spyware <= If you suspect that you have spyware installed on your computer, here are instructions on how to download, install and then use Spybot. Similar to Ad-Aware, I strongly recommend both to catch most spyware.
Prevention Programs:
  • Spywareblaster <= SpywareBlaster will prevent spyware from being installed.
  • Spywareguard <= SpywareGuard offers realtime protection from spyware installation attempts.
  • IE/Spyad <= IE/Spyad places over 4000 websites and domains in the IE Restricted list which will severely impair attempts to infect your system. It basically prevents any downloads (Cookies etc) from the sites listed, although you will still be able to connect to the sites.
  • MVPS Hosts file <= The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your coputer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer
  • Google Toolbar <= Get the free google toolbar to help stop pop up windows.
Other necessary Programs:
  • AntiVirus Program<= An AntiVirus program is a must! Whether it is a free version like AVG or Anti-Vir, or a shareware version like Norton or Kapersky, this is a must have.
  • Firewall<= A firewall is definatley a must have. Two good free versions are Sygate and ZoneLabs.
  • More Secure Browser<= Internet Explorer is not the most secure and best browser. There are safer and better alternatives available. I recommend Firefox, however Opera and SlimBrowsers are good as well.
And also see TonyKlein's good advice
So how did I get infected in the first place? and AntiSpyware Net's spyware article: Spyware, Adware, Malware: What it is, how it got on my computer, how to get rid of it, and how to prevent it.
  • 0

#11
toutou21

toutou21

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
hi,

thanks you for your advise and help, but as you said the pc was running slowly !!! it is normal ?, how i can resolve this problem ??

thanks.
Best regards.
  • 0

#12
Guest_usetobe_*

Guest_usetobe_*
  • Guest
Suggest you Carry out defragmentation of hard drive, which is found in start>programmes>accessories>system tools>defragmentation
  • 0

#13
Guest_usetobe_*

Guest_usetobe_*
  • Guest
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :tazz:

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP