Thread: HJT Please help me remove virus
View Single Post
Join Date: Oct 2007
Posts: 3
Reputation: Trojaninfected is an unknown quantity at this point 
Solved Threads: 0
Trojaninfected Trojaninfected is offline Offline
Newbie Poster

Re: HJT Please help me remove virus

 
0
  #5
Nov 6th, 2007
SmitFraudFix v2.250

Scan done at 10:18:16.60, Tue 11/06/2007
Run from C:\Documents and Settings\Owner\Desktop\SmitfraudFix\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{34ec76b6-53c4-4686-822f-910c790683fb}"="evangeliarium"


»»»»»»»»»»»»»»»»»»»»»»»» Killing process


»»»»»»»»»»»»»»»»»»»»»»»» hosts


127.0.0.1 localhost

»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix

S!Ri's WS2Fix: LSP not Found.


»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

C:\WINDOWS\bndsrpfn.dll Deleted
C:\WINDOWS\netadv.dll Deleted
C:\WINDOWS\privacy_danger\ Deleted
C:\WINDOWS\sysdx.dll Deleted
Deleting [HKEY_CLASSES_ROOT\CLSID\{40B77EC5-1ECB-40E2-AEC3-FAE3B9353C55}]
Deleting [HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{40B77EC5-1ECB-40E2-AEC3-FAE3B9353C55}]
C:\WINDOWS\system32\flirek.dll Deleted
C:\DOCUME~1\Owner\Desktop\Error Cleaner.url Deleted
C:\DOCUME~1\Owner\Desktop\Privacy Protector.url Deleted
C:\DOCUME~1\Owner\Desktop\Spyware?Malware Protection.url Deleted
C:\DOCUME~1\Owner\FAVORI~1\Error Cleaner.url Deleted
C:\DOCUME~1\Owner\FAVORI~1\Privacy Protector.url Deleted
C:\DOCUME~1\Owner\FAVORI~1\Spyware?Malware Protection.url Deleted
C:\Program Files\Online Video Add-on\ Deleted
C:\Program Files\VideoAccessCodec\ Deleted

»»»»»»»»»»»»»»»»»»»»»»»» DNS

HKLM\SYSTEM\CCS\Services\Tcpip\..\{534BCFE7-14C3-4C70-A6AA-15EBDADB81F1}: DhcpNameServer=85.255.116.150,85.255.112.152
HKLM\SYSTEM\CCS\Services\Tcpip\..\{9D42D7C5-01FA-40E8-AA22-D73FB61EE87F}: NameServer=85.255.116.150,85.255.112.152
HKLM\SYSTEM\CCS\Services\Tcpip\..\{E1642865-DB2E-48CB-9AAB-519F9D9714D0}: NameServer=85.255.116.150,85.255.112.152
HKLM\SYSTEM\CCS\Services\Tcpip\..\{E6158D56-A0BC-4CFE-BCD2-BA0E291034DC}: DhcpNameServer=85.255.116.150,85.255.112.152
HKLM\SYSTEM\CCS\Services\Tcpip\..\{E6158D56-A0BC-4CFE-BCD2-BA0E291034DC}: NameServer=85.255.116.150,85.255.112.152
HKLM\SYSTEM\CS1\Services\Tcpip\..\{534BCFE7-14C3-4C70-A6AA-15EBDADB81F1}: DhcpNameServer=85.255.116.150,85.255.112.152
HKLM\SYSTEM\CS1\Services\Tcpip\..\{9D42D7C5-01FA-40E8-AA22-D73FB61EE87F}: NameServer=85.255.116.150,85.255.112.152
HKLM\SYSTEM\CS1\Services\Tcpip\..\{E1642865-DB2E-48CB-9AAB-519F9D9714D0}: NameServer=85.255.116.150,85.255.112.152
HKLM\SYSTEM\CS1\Services\Tcpip\..\{E6158D56-A0BC-4CFE-BCD2-BA0E291034DC}: DhcpNameServer=85.255.116.150,85.255.112.152
HKLM\SYSTEM\CS1\Services\Tcpip\..\{E6158D56-A0BC-4CFE-BCD2-BA0E291034DC}: NameServer=85.255.116.150,85.255.112.152
HKLM\SYSTEM\CS3\Services\Tcpip\..\{534BCFE7-14C3-4C70-A6AA-15EBDADB81F1}: DhcpNameServer=85.255.116.150,85.255.112.152
HKLM\SYSTEM\CS3\Services\Tcpip\..\{9D42D7C5-01FA-40E8-AA22-D73FB61EE87F}: NameServer=85.255.116.150,85.255.112.152
HKLM\SYSTEM\CS3\Services\Tcpip\..\{E1642865-DB2E-48CB-9AAB-519F9D9714D0}: NameServer=85.255.116.150,85.255.112.152
HKLM\SYSTEM\CS3\Services\Tcpip\..\{E6158D56-A0BC-4CFE-BCD2-BA0E291034DC}: DhcpNameServer=85.255.116.150,85.255.112.152
HKLM\SYSTEM\CS3\Services\Tcpip\..\{E6158D56-A0BC-4CFE-BCD2-BA0E291034DC}: NameServer=85.255.116.150,85.255.112.152
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: NameServer=85.255.116.150 85.255.112.152
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: NameServer=85.255.116.150 85.255.112.152
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: NameServer=85.255.116.150 85.255.112.152


»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"="kdpqb.exe"

»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» Reboot

C:\WINDOWS\system32\kdpqb.exe Deleted

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» End
Reply With Quote