|
| ||
| Virus problems.. Hi I did read some threads here in daniweb, but i decided to register and make an own thread. I have weak english but i'll try.. i've had problems with slowness of my computer and pop-ups etc. and i think it's becoming worse all the time. i read this forum and tried some anti-virus programs but those didn't help much. One reason is, that some of those programs ''crashed'' when cleaning the infected files/spyware etc. damn it, i can't explain it with my english so i'll just post my current Hijackthis log: Logfile of HijackThis v1.99.1 Scan saved at 11:41:50, on 7.1.2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\mousecrm.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\wdfmgr.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\D-Tools\daemon.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe C:\WINDOWS\system32\d3hb.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\ntzu32.exe C:\Program Files\Internet Explorer\iexplore.exe F:\HiJackThis!\hijackthis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\qbjhp.dll/sp.html#88449%resultposition.net R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\qbjhp.dll/sp.html#88449%resultposition.net R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\qbjhp.dll/sp.html#88449%resultposition.net R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\qbjhp.dll/sp.html#88449%resultposition.net R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\qbjhp.dll/sp.html#88449%resultposition.net R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit R3 - Default URLSearchHook is missing O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: Class - {86D7905C-C44D-D7AE-4E46-A2432F1DEF26} - C:\WINDOWS\system32\nttr32.dll O2 - BHO: Class - {8C515B6E-2ACB-2FD2-4CE4-82655F4C0C9F} - C:\WINDOWS\system32\mfcht32.dll O2 - BHO: Class - {AA3DFBA3-794F-4010-B3F3-C48392777851} - C:\WINDOWS\system32\systk32.dll O2 - BHO: Class - {D24C63AD-A963-E031-6313-22AD11D24EF1} - C:\WINDOWS\system32\ipfq32.dll O2 - BHO: Class - {E11A3644-18B0-1DC5-DA37-CB9FB027B7A0} - C:\WINDOWS\javavl32.dll (file missing) O2 - BHO: Class - {F52A683D-86BC-5DC9-8231-5370AB157678} - C:\WINDOWS\system32\ipua.dll O2 - BHO: Class - {F6BFC595-569B-A80C-DEE4-5AE687AF21D2} - C:\WINDOWS\system32\winxq32.dll O2 - BHO: Class - {F6EE5F6F-2DB0-5CE5-4CBE-0DB05DBFBB07} - C:\WINDOWS\system32\apipf32.dll O3 - Toolbar: Zango Toolbar - {EA0D26BD-9029-431A-86E0-83152D67828A} - C:\Program Files\Zango Programs\Zango Toolbar\ZangoTB.dll (file missing) O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "D:\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [BO1HelperStartUp] C:\PROGRA~1\BUTTER~1\BO1HEL~1.EXE /partner BO1 O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [Chizme] C:\Program Files\Ydvbdse\Kvxp.exe O4 - HKLM\..\Run: [noC=] C:\windows\mrjj.exe O4 - HKLM\..\Run: [F ma] C:\windows\mrjj.exe O4 - HKLM\..\Run: [REGRUN32] C:\windowsupdate.exe O4 - HKLM\..\Run: [MediaPipe P2P Loader] "C:\Program Files\p2pnetworks\mpp2pl.exe" /H O4 - HKLM\..\Run: [Notification Utility] "C:\Program Files\altpayV2\altpayV2.exe" O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd O4 - HKLM\..\Run: [EZfTgfO2] C:\WINDOWS\bykih.exe O4 - HKLM\..\Run: [Blondes] C:\Program Files\hbt\Dialers\Blondes\Blondes.exe /dontdial O4 - HKLM\..\Run: [addlc.exe] C:\WINDOWS\addlc.exe O4 - HKLM\..\Run: [9.tmp] C:\DOCUME~1\ESA~1.KUK\LOCALS~1\Temp\9.tmp.exe O4 - HKLM\..\Run: [A.tmp] C:\DOCUME~1\ESA~1.KUK\LOCALS~1\Temp\A.tmp.exe O4 - HKLM\..\Run: [9.tmp.exe] C:\DOCUME~1\ESA~1.KUK\LOCALS~1\Temp\9.tmp.exe O4 - HKLM\..\Run: [A.tmp.exe] C:\DOCUME~1\ESA~1.KUK\LOCALS~1\Temp\A.tmp.exe O4 - HKLM\..\Run: [sdkro.exe] C:\WINDOWS\sdkro.exe O4 - HKLM\..\Run: [d3yj.exe] C:\WINDOWS\system32\d3yj.exe O4 - HKLM\..\Run: [sdkun.exe] C:\WINDOWS\sdkun.exe O4 - HKLM\..\Run: [netvp.exe] C:\WINDOWS\system32\netvp.exe O4 - HKLM\..\Run: [sdkkn32.exe] C:\WINDOWS\sdkkn32.exe O4 - HKLM\..\Run: [d3pc32.exe] C:\WINDOWS\d3pc32.exe O4 - HKLM\..\Run: [SpyFighterMonitor] "E:\SpyFighter\SpyFighter.exe" monitor O4 - HKLM\..\Run: [SpyFighterUpdate] "E:\SpyFighter\AutoUpdate.exe" silent O4 - HKLM\..\Run: [iphy.exe] C:\WINDOWS\iphy.exe O4 - HKLM\..\Run: [apihc.exe] C:\WINDOWS\system32\apihc.exe O4 - HKLM\..\Run: [crxf.exe] C:\WINDOWS\system32\crxf.exe O4 - HKLM\..\Run: [atlit32.exe] C:\WINDOWS\system32\atlit32.exe O4 - HKLM\..\Run: [iewb.exe] C:\WINDOWS\system32\iewb.exe O4 - HKLM\..\Run: [ipec32.exe] C:\WINDOWS\system32\ipec32.exe O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.2\THGuard.exe" O4 - HKLM\..\Run: [d3hb.exe] C:\WINDOWS\system32\d3hb.exe O4 - HKLM\..\RunOnce: [ntzu32.exe] C:\WINDOWS\system32\ntzu32.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - Startup: Deer Hunter 2005 Registration.lnk = E:\Deer Hunter 2005\ATR1.EXE O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Trend Micro Anti-Spyware.lnk = E:\Tmas\Tmas.exe O8 - Extra context menu item: &Google-haku - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: &Käännä englanninkielinen sana - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html O8 - Extra context menu item: Linkit taaksepäin - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Samankaltaisia sivuja - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html O8 - Extra context menu item: Välimuistissa oleva kuvakaappaus sivusta - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing) O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing) O16 - DPF: {0D62A517-E7C6-4E1F-A577-07D4AC549A48} (Progetto1.int_ver32) - http://advnt01.com/dialer/int_ver32n.CAB O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by13fd.bay13.hotmail.msn.com/...s/MsnPUpld.cab O16 - DPF: {7C559105-9ECF-42B8-B3F7-832E75EDD959} - http://www.tbcode.com/ist/softwares/...06_regular.cab O16 - DPF: {8FCDF9D9-A28B-480F-8C3D-581F119A8AB8} (MediaGatewayX) - http://static.zangocash.com/cab/Zango/ie/bridge-c46.cab O16 - DPF: {91433D86-9F27-402C-B5E3-DEBDD122C339} - http://www.playqames.com/default.cab...21&ex&1s&ppd=4 O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Mouse Cursor Monitor (mousecrm) - Unknown owner - C:\WINDOWS\System32\mousecrm.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: Power Manager (PowerManager) - Unknown owner - C:\WINDOWS\svchost.exe (file missing) O23 - Service: SmartFinder Uninstall (SmartFinder_Uninstall) - Unknown owner - E:\SFUninstaller.exe" service (file missing) I know there's much wrong in my computer, hope you can help me out. Thanks. |
| ||
| Re: Virus problems.. Quote:
|
| ||
| Re: Virus problems.. Download ewido - http://www.ewido.net/en/ MS Antispyware - http://www.majorgeeks.com/download.php?det=4466 CW Shredder - http://www.intermute.com/spysubtract..._download.html install them, update them and also update ur antivirus if u have one. or download McAfee Avert Stinger http://vil.nai.com/vil/stinger/ Disconnet from LAN, Reboot ur computer, enter into Safe Mode by hitting F8 at startup Disable system restore(Mycomputer-Properties-system restore-turn off system restore on all drives) Perform a complete system scan with all the above utilities Empty temporary internet files and folders and recycle bin. Restart ur computer and post ur new hijackthis log |
| ||
| Re: Virus problems.. I did about:buster scan and now my computer runs faster and there's no pop ups anymore. Search Extender etc has been vanished. Now i scanned all my drivers with BitDefender Online Scan, it found 38 viruses, 1167 infected files, one suspect file. It disinfected 220 files and deleted 1046. Virus names: Backdoor.Agent.MO Win32.Jeefo.A.dam Trojan.Proxy.Ranky.CB GenPack:Trojan.Downloader.Agent.TD Trojan.Win32.Favadd.F Java.Trojan.Exploit.Bytverify Java.Trojan.Exploit.Bytverify.C Application.Cometsystems.A Trojan.Java.ClassLoader.D Trojan.Downloader.Vb.OV Backdoor.Agent.MO Trojan.Exploit.Java.Bytverify Trojan.Purityad.BP Win32.Worm.Kelvir.Gen Exploit.Phel.Gen Trojan.Pokapoka62.C Win32.Worm.Kelvir.DV Trojan.Downloader.2489.C Trojan.Downloader.Istbar.LI Trojan.Win32.Favadd.F Trojan.Downloader.WinShow.L GenPack:Trojan.Agent.BI Application.Adware.SpySheriff Win32.Worm.Kelvir.AV Trojan.Purityad.E Backdoor.Sdbot.ABS Trojan.Dyfuca.52104.B Win32.ExplorerHijack Trojan.Lowzones.CA JS.Trojan.Downloader.IstBar.A HTML.MediaTickets.A Trojan.Dialer.Premium Adware.Gator.A (these are what i found from the bitdefender scan log) I don't put the whole scan log here now, becouse it's so damn long :( But i can show it if it's neccessary. Most of the infected files are infected by Win32.Jeefo.A.dam and GenPack:Trojan.Downloader.Agent.TD. And most of the infected files are in System Volume Information -files. I guess many of those viruses have been quite a long while in my computer, but i haven't found any problems caused by them (if i remember this right now.). I also did some other scans (Trend micro online scan, ad-aware se scans etc.) and they did clean/remove most of the problems what they found. Here's my Kaspersky online scan's log: ------------------------------------------------------------------------------- KASPERSKY ON-LINE SCANNER REPORT Saturday, January 07, 2006 19:25:15 Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600) Kaspersky On-line Scanner version: 5.0.67.0 Kaspersky Anti-Virus database last update: 7/01/2006 Kaspersky Anti-Virus database records: 169658 ------------------------------------------------------------------------------- Scan Settings: Scan using the following antivirus database: extended Scan Archives: true Scan Mail Bases: true Scan Target - My Computer: A:\ C:\ D:\ E:\ F:\ G:\ H:\ I:\ J:\ K:\ L:\ Scan Statistics: Total number of scanned objects: 192010 Number of viruses found: 27 Number of infected objects: 53 Number of suspicious objects: 0 Duration of the scan process: 8847 sec Infected Object Name - Virus Name C:\Documents and Settings\Eemeli.KUKKO-AK7JKOEOQ\.housecall\Quarantine\22A2626E-99E4-4040-BA60-E2B656.bac_a00604 Infected: not-a-virus:AdWare.Win32.VirtualBouncer.g C:\Documents and Settings\Eemeli.KUKKO-AK7JKOEOQ\.housecall\Quarantine\alaunch[1].cab.bac_a00604/gsda.dll Infected: not-a-virus:Downloader.Win32.SpyGame C:\Documents and Settings\Eemeli.KUKKO-AK7JKOEOQ\.housecall\Quarantine\alaunch[1].cab.bac_a00604 Infected: not-a-virus:Downloader.Win32.SpyGame C:\Documents and Settings\Eemeli.KUKKO-AK7JKOEOQ\.housecall\Quarantine\CMEIIAPI.dll.tcf.bac_a00604 Infected: not-a-virus:AdWare.Win32.Gator.6041 C:\Documents and Settings\Eemeli.KUKKO-AK7JKOEOQ\.housecall\Quarantine\CMESys.exe.bac_a00604 Infected: not-a-virus:AdWare.Win32.Gator.6034 C:\Documents and Settings\Eemeli.KUKKO-AK7JKOEOQ\.housecall\Quarantine\count.jar-928db51-121edd92.zip.bac_a00604/BlackBox.class Infected: Exploit.Java.ByteVerify C:\Documents and Settings\Eemeli.KUKKO-AK7JKOEOQ\.housecall\Quarantine\count.jar-928db51-121edd92.zip.bac_a00604/VerifierBug.class Infected: Exploit.Java.ByteVerify C:\Documents and Settings\Eemeli.KUKKO-AK7JKOEOQ\.housecall\Quarantine\count.jar-928db51-121edd92.zip.bac_a00604/Beyond.class Infected: Trojan-Downloader.Java.OpenConnection.aa C:\Documents and Settings\Eemeli.KUKKO-AK7JKOEOQ\.housecall\Quarantine\count.jar-928db51-121edd92.zip.bac_a00604 Infected: Trojan-Downloader.Java.OpenConnection.aa C:\Documents and Settings\Eemeli.KUKKO-AK7JKOEOQ\.housecall\Quarantine\Del29.tmp.bac_a00604 Infected: Trojan-Downloader.Win32.Small.asf C:\Documents and Settings\Eemeli.KUKKO-AK7JKOEOQ\.housecall\Quarantine\EGIEProcess.dll.bac_a00604 Infected: not-a-virus:AdWare.Win32.Gator.6041 C:\Documents and Settings\Eemeli.KUKKO-AK7JKOEOQ\.housecall\Quarantine\kw[1].exe.bac_a00604 Infected: not-a-virus:AdWare.Win32.EliteBar.ao C:\Documents and Settings\Eemeli.KUKKO-AK7JKOEOQ\Local Settings\Temporary Internet Files\Content.IE5\2Z0FULYX\OiUninstaller[1].exe/data0003 Infected: not-a-virus:AdWare.Win32.PurityScan.bu C:\Documents and Settings\Eemeli.KUKKO-AK7JKOEOQ\Local Settings\Temporary Internet Files\Content.IE5\2Z0FULYX\OiUninstaller[1].exe Infected: not-a-virus:AdWare.Win32.PurityScan.bu C:\Documents and Settings\Eemeli.KUKKO-AK7JKOEOQ\Työpöytä\OiUninstaller.exe/data0003 Infected: not-a-virus:AdWare.Win32.PurityScan.bu C:\Documents and Settings\Eemeli.KUKKO-AK7JKOEOQ\Työpöytä\OiUninstaller.exe Infected: not-a-virus:AdWare.Win32.PurityScan.bu C:\Documents and Settings\Esa\Local Settings\Temporary Internet Files\Content.IE5\OHWNG7KB\index[1].exe/data.rar/10a.exe Infected: not-a-virus:AdWare.Win32.WinAD.bf C:\Documents and Settings\Esa\Local Settings\Temporary Internet Files\Content.IE5\OHWNG7KB\index[1].exe/data.rar/vonner.exe Infected: Trojan.Win32.EliteBar.a C:\Documents and Settings\Esa\Local Settings\Temporary Internet Files\Content.IE5\OHWNG7KB\index[1].exe/data.rar Infected: Trojan.Win32.EliteBar.a C:\Documents and Settings\Esa\Local Settings\Temporary Internet Files\Content.IE5\OHWNG7KB\index[1].exe Infected: Trojan.Win32.EliteBar.a C:\Documents and Settings\Jake.KUKKO-AK7JKOEOQ\Local Settings\Temp\!update.exe Infected: not-a-virus:AdWare.Win32.PurityScan.cu C:\Documents and Settings\Jake.KUKKO-AK7JKOEOQ\Local Settings\Temp\res2A.tmp Infected: not-a-virus:AdWare.Win32.180Solutions.g C:\Documents and Settings\Jake.KUKKO-AK7JKOEOQ\Local Settings\Temporary Internet Files\Content.IE5\WXIJKTYJ\content25360-0[1].htm Infected: not-a-virus:AdWare.Win32.Gator.k C:\Documents and Settings\Maarit.KUKKO-AK7JKOEOQ\Local Settings\Temporary Internet Files\Content.IE5\2SO2GA7B\alaunch[1].cab/gsda.dll Infected: not-a-virus:Downloader.Win32.SpyGame C:\Documents and Settings\Maarit.KUKKO-AK7JKOEOQ\Local Settings\Temporary Internet Files\Content.IE5\2SO2GA7B\alaunch[1].cab Infected: not-a-virus:Downloader.Win32.SpyGame C:\Documents and Settings\Vieras\Local Settings\Temporary Internet Files\Content.IE5\O5AN0L2J\content23599-0[1].htm Infected: not-a-virus:AdWare.Win32.Gator.k C:\Program Files\Microsoft AntiSpyware\Quarantine\326DC0E2-BBE9-4DE8-9794-B42B08\6891859C-7CCC-46E4-99DC-C6B590 Infected: not-a-virus:AdWare.Win32.180Solutions.b C:\Program Files\mIRC\mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.616 C:\WINDOWS\noC=.exe/data.rar/mrjj.exe Infected: Trojan.Win32.LowZones.am C:\WINDOWS\noC=.exe/data.rar Infected: Trojan.Win32.LowZones.am C:\WINDOWS\noC=.exe Infected: Trojan.Win32.LowZones.am C:\WINDOWS\SK@J:exsglm:$DATA Infected: Trojan.Win32.Agent.bi C:\WINDOWS\SK@J:vqsazq:$DATA Infected: Trojan.Win32.Agent.bi C:\WINDOWS\system32\int_ver32b.oc$ Infected: not-a-virus:Porn-Dialer.Win32.Creazione.x C:\WINDOWS\system32\mousecrm.exe Infected: Backdoor.Win32.Agent.mo C:\WINDOWS\system32\ysbactivex.dll.tc$ Infected: Trojan-Downloader.Win32.IstBar.gen C:\WINDOWS\Temp\MT\PornAttitude[1].exe Infected: not-a-virus:Porn-Dialer.Win32.CapreDeam.c C:\winstall.exe.tcf Infected: not-virus:Hoax.Win32.Renos.al D:\Documents and Settings\Esa.MORDOR\local\dmproxy.dll.tcf Infected: not-a-virus:AdWare.Win32.Comet.p D:\Program Files\Common Files\CMEII\GIocl.dll Infected: not-a-virus:AdWare.Win32.Gator.6041 D:\Program Files\Common Files\CMEII\GMTProxy.dll Infected: not-a-virus:AdWare.Win32.Gator.6041 D:\Program Files\Common Files\CMEII\GObjs.dll Infected: not-a-virus:AdWare.Win32.Gator.6041 D:\Program Files\Common Files\CMEII\GStoreServer.dll Infected: not-a-virus:AdWare.Win32.Gator.6041 D:\Program Files\Common Files\CMEII\Gtools.dll Infected: not-a-virus:AdWare.Win32.Gator.6041 D:\Program Files\Common Files\GMT\GatorRes.dll Infected: not-a-virus:AdWare.Win32.Gator.6041 E:\DC++\extfix.exe Infected: not-a-virus:RiskTool.Win32.ExtUnlock.a E:\DC++\FOOTBALL MANAGER 2006 CRACK .rar/FOOTBALL MANAGER 2006 FRENCH CRACK NOCD+SERIAL+KEYGEN/La 1ère astuce pour tricher avec eurobarre/Eurofake.exe Infected: IM-Worm.Win32.Kelvir.bp E:\DC++\FOOTBALL MANAGER 2006 CRACK .rar Infected: IM-Worm.Win32.Kelvir.bp E:\DC++\mirc616.exe/data0001.bin Infected: not-a-virus:Client-IRC.Win32.mIRC.616 E:\DC++\mirc616.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.616 F:\mIRC\mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.612 F:\My Received Files\My Received Files\mirc612.exe/data0001.bin Infected: not-a-virus:Client-IRC.Win32.mIRC.612 F:\My Received Files\My Received Files\mirc612.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.612 Scan process completed. And my current HJT log: Logfile of HijackThis v1.99.1 Scan saved at 20:02:51, on 7.1.2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\Explorer.EXE C:\Program Files\D-Tools\daemon.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe F:\HiJackThis!\hijackthis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fi/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit R3 - Default URLSearchHook is missing O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: Class - {86D7905C-C44D-D7AE-4E46-A2432F1DEF26} - C:\WINDOWS\system32\nttr32.dll (file missing) O2 - BHO: Class - {8C515B6E-2ACB-2FD2-4CE4-82655F4C0C9F} - C:\WINDOWS\system32\mfcht32.dll (file missing) O2 - BHO: Class - {AA3DFBA3-794F-4010-B3F3-C48392777851} - C:\WINDOWS\system32\systk32.dll (file missing) O2 - BHO: Class - {D24C63AD-A963-E031-6313-22AD11D24EF1} - C:\WINDOWS\system32\ipfq32.dll (file missing) O2 - BHO: Class - {E11A3644-18B0-1DC5-DA37-CB9FB027B7A0} - C:\WINDOWS\javavl32.dll (file missing) O2 - BHO: Class - {F52A683D-86BC-5DC9-8231-5370AB157678} - C:\WINDOWS\system32\ipua.dll (file missing) O2 - BHO: Class - {F6BFC595-569B-A80C-DEE4-5AE687AF21D2} - C:\WINDOWS\system32\winxq32.dll (file missing) O2 - BHO: Class - {F6EE5F6F-2DB0-5CE5-4CBE-0DB05DBFBB07} - C:\WINDOWS\system32\apipf32.dll (file missing) O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "D:\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [BO1HelperStartUp] C:\PROGRA~1\BUTTER~1\BO1HEL~1.EXE /partner BO1 O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [Chizme] C:\Program Files\Ydvbdse\Kvxp.exe O4 - HKLM\..\Run: [noC=] C:\windows\mrjj.exe O4 - HKLM\..\Run: [F ma] C:\windows\mrjj.exe O4 - HKLM\..\Run: [REGRUN32] C:\windowsupdate.exe O4 - HKLM\..\Run: [MediaPipe P2P Loader] "C:\Program Files\p2pnetworks\mpp2pl.exe" /H O4 - HKLM\..\Run: [Notification Utility] "C:\Program Files\altpayV2\altpayV2.exe" O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd O4 - HKLM\..\Run: [EZfTgfO2] C:\WINDOWS\bykih.exe O4 - HKLM\..\Run: [Blondes] C:\Program Files\hbt\Dialers\Blondes\Blondes.exe /dontdial O4 - HKLM\..\Run: [addlc.exe] C:\WINDOWS\addlc.exe O4 - HKLM\..\Run: [9.tmp] C:\DOCUME~1\ESA~1.KUK\LOCALS~1\Temp\9.tmp.exe O4 - HKLM\..\Run: [A.tmp] C:\DOCUME~1\ESA~1.KUK\LOCALS~1\Temp\A.tmp.exe O4 - HKLM\..\Run: [9.tmp.exe] C:\DOCUME~1\ESA~1.KUK\LOCALS~1\Temp\9.tmp.exe O4 - HKLM\..\Run: [A.tmp.exe] C:\DOCUME~1\ESA~1.KUK\LOCALS~1\Temp\A.tmp.exe O4 - HKLM\..\Run: [sdkro.exe] C:\WINDOWS\sdkro.exe O4 - HKLM\..\Run: [d3yj.exe] C:\WINDOWS\system32\d3yj.exe O4 - HKLM\..\Run: [sdkun.exe] C:\WINDOWS\sdkun.exe O4 - HKLM\..\Run: [netvp.exe] C:\WINDOWS\system32\netvp.exe O4 - HKLM\..\Run: [sdkkn32.exe] C:\WINDOWS\sdkkn32.exe O4 - HKLM\..\Run: [SpyFighterMonitor] "E:\SpyFighter\SpyFighter.exe" monitor O4 - HKLM\..\Run: [SpyFighterUpdate] "E:\SpyFighter\AutoUpdate.exe" silent O4 - HKLM\..\Run: [iphy.exe] C:\WINDOWS\iphy.exe O4 - HKLM\..\Run: [apihc.exe] C:\WINDOWS\system32\apihc.exe O4 - HKLM\..\Run: [crxf.exe] C:\WINDOWS\system32\crxf.exe O4 - HKLM\..\Run: [atlit32.exe] C:\WINDOWS\system32\atlit32.exe O4 - HKLM\..\Run: [iewb.exe] C:\WINDOWS\system32\iewb.exe O4 - HKLM\..\Run: [ipec32.exe] C:\WINDOWS\system32\ipec32.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - Startup: Deer Hunter 2005 Registration.lnk = E:\Deer Hunter 2005\ATR1.EXE O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O8 - Extra context menu item: &Google-haku - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: &Käännä englanninkielinen sana - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html O8 - Extra context menu item: Linkit taaksepäin - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Samankaltaisia sivuja - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html O8 - Extra context menu item: Välimuistissa oleva kuvakaappaus sivusta - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing) O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing) O16 - DPF: {0D62A517-E7C6-4E1F-A577-07D4AC549A48} (Progetto1.int_ver32) - http://advnt01.com/dialer/int_ver32n.CAB O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by13fd.bay13.hotmail.msn.com/...s/MsnPUpld.cab O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/reso...an8/oscan8.cab O16 - DPF: {91433D86-9F27-402C-B5E3-DEBDD122C339} - http://www.playqames.com/default.cab...21&ex&1s&ppd=4 O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Mouse Cursor Monitor (mousecrm) - Unknown owner - C:\WINDOWS\System32\mousecrm.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: Power Manager (PowerManager) - Unknown owner - C:\WINDOWS\svchost.exe (file missing) O23 - Service: SmartFinder Uninstall (SmartFinder_Uninstall) - Unknown owner - E:\SFUninstaller.exe" service (file missing) |
| ||
| Re: Virus problems.. Thanks jaishankar, i noticed your reply after doing my new update. I'll try to do that, what you wrote, tomorrow (though i have had problems with safe mode before..). It's late now. |
| ||
| Re: Virus problems.. R3 - Default URLSearchHook is missing O2 - BHO: Class - {86D7905C-C44D-D7AE-4E46-A2432F1DEF26} - C:\WINDOWS\system32\nttr32.dll (file missing) O2 - BHO: Class - {8C515B6E-2ACB-2FD2-4CE4-82655F4C0C9F} - C:\WINDOWS\system32\mfcht32.dll (file missing) O2 - BHO: Class - {AA3DFBA3-794F-4010-B3F3-C48392777851} - C:\WINDOWS\system32\systk32.dll (file missing) O2 - BHO: Class - {D24C63AD-A963-E031-6313-22AD11D24EF1} - C:\WINDOWS\system32\ipfq32.dll (file missing) O2 - BHO: Class - {E11A3644-18B0-1DC5-DA37-CB9FB027B7A0} - C:\WINDOWS\javavl32.dll (file missing) O2 - BHO: Class - {F52A683D-86BC-5DC9-8231-5370AB157678} - C:\WINDOWS\system32\ipua.dll (file missing) O2 - BHO: Class - {F6BFC595-569B-A80C-DEE4-5AE687AF21D2} - C:\WINDOWS\system32\winxq32.dll (file missing) O2 - BHO: Class - {F6EE5F6F-2DB0-5CE5-4CBE-0DB05DBFBB07} - C:\WINDOWS\system32\apipf32.dll (file missing) O4 - HKLM\..\Run: [Blondes] C:\Program Files\hbt\Dialers\Blondes\Blondes.exe /dontdial Put a check mark on the above entries and let HijacktThis fix them. Go to Add Remove Programs in Control Panel and uninstall 'blondes' if u find and also remove the folder from the Program Files directory I think u didn't disable the System Restore b4 performing the scans. If u dont disable it Infections will still be left there and they can reinfect ur system. Just disable it and re-enable it. |
| All times are GMT -4. The time now is 9:51 pm. |
Forum system based on vBulletin Copyright ©2000 - 2009, Jelsoft Enterprises Ltd.
©2003 - 2009 DaniWeb® LLC