Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 93101 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

my hijackthis log.


  • Please log in to reply
9 replies to this topic

#1 butke

butke

    New Member

  • New Member
  • Pip
  • 5 posts

Posted 05 February 2006 - 11:29 AM

Logfile of HijackThis v1.99.1
Scan saved at 7:27:31 PM, on 2/5/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Aston\aston.exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Aston\XP\internat.exe
C:\Program Files\הפוך על הפוך\hebrew.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
D:\internet\KaZaA lite\My shared folder\1-apps\PREFETCH.exe
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\Kerio\Personal Firewall\persfw.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
F2 - REG:system.ini: Shell=C:\Aston\aston.exe ,svchost.exe
O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 7\SnagItBHO.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {5633EA26-FC7D-45C2-920F-5D4EC42BDB6F} - C:\WINDOWS\System32\msxml332.dll
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 7\SnagItIEAddin.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [Hebrew] C:\Program Files\???? ?? ????\hebrew.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Startup: PREFETCH.exe.lnk = D:\internet\KaZaA lite\My shared folder\1-apps\PREFETCH.exe
O4 - Startup: surf.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: הוסף לצייד הפרסומות - C:\Program Files\Maxthon\config/blacklist.htm
O8 - Extra context menu item: הורד באמצעות פלאש-גט - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: הורד הכל באמצעות פלאש-גט - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: ממיר ג'יבריש לעברית - C:\Program Files\ZiggyHEBconvert\Ziggy G To H Convert.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_06\bin\npjpi142_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_06\bin\npjpi142_06.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\flashget.exe
O9 - Extra button: (no name) - SolidConverterPDF - (no file) (HKCU)
O12 - Plugin for .asp: C:\Program Files\Netscape\Netscape Browser\PLUGINS\npTrident.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: http://download.windowsupdate.com
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.t...all/xscan60.cab
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.co...wnload/cult.cab
O16 - DPF: {41ACD49D-1974-791A-0981-AA9872721044} (Ganymede Board Games) - http://67.15.101.3/g...ds_2_0_0_22.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1121012769234
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {D79B6F43-F214-4E7A-9ECB-CCC8771F2416} (LauncherV1 Class) - http://www.tapuz.co....in/launcher.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{0CD844ED-072B-41D3-8D64-54F048C4EE4B}: NameServer = 192.115.106.35 62.219.186.7
O17 - HKLM\System\CS1\Services\Tcpip\..\{0CD844ED-072B-41D3-8D64-54F048C4EE4B}: NameServer = 192.115.106.35 62.219.186.7
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSN Messenger\msgrapp.dll" (file missing)
O20 - AppInit_DLLs: MsgPlusLoader.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD File System Service (InCDsrv) - AHEAD Software - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\System32\oodag.exe
O23 - Service: Kerio Personal Firewall (PersFw) - Kerio Technologies - C:\Program Files\Kerio\Personal Firewall\persfw.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe
O23 - Service: W - Unknown owner - C:\DOCUME~1\ILANB~1.ILA\LOCALS~1\Temp\W.exe (file missing)
O23 - Service: VNC Server Version 4 (WinVNC4) - Unknown owner - C:\Program Files\RealVNC\VNC4\WinVNC4.exe" -service (file missing)

    Advertisements

Register to Remove


#2 little eagle

little eagle

    spyware hawk

  • Visiting Fellow
  • PipPipPipPipPipPip
  • 8,968 posts
  • Interests:spyware

Posted 05 February 2006 - 12:59 PM

Download System Security Suite v1.04 here
Tutorial here.

Reboot in safe mode. Close all Browser and Program Windows.
Have HijackThis fix the following. Do this by checking the box beside each and then clicking on Fix checked.
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: (no name) - {5633EA26-FC7D-45C2-920F-5D4EC42BDB6F} - C:\WINDOWS\System32\msxml332.dll
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O23 - Service: W - Unknown owner - C:\DOCUME~1\ILANB~1.ILA\LOCALS~1\Temp\W.exe (file missing)


Reboot then Run 3S under “Items To Clear” tab place a checkmark in all of them but user defined folders.
Reboot and Rescan with HJT and post a new log here.
Also please describe how your computer behaves now.

#3 butke

butke

    New Member

  • New Member
  • Pip
  • 5 posts

Posted 05 February 2006 - 02:32 PM

thank you very much my friend.
i did as i was told & here is the new log. i dont feel any change in my pc for now:

Logfile of HijackThis v1.99.1
Scan saved at 10:01:25 PM, on 2/5/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\userinit.exe
C:\Aston\aston.exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Aston\XP\internat.exe
C:\Program Files\הפוך על הפוך\hebrew.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
D:\internet\KaZaA lite\My shared folder\1-apps\PREFETCH.exe
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\Kerio\Personal Firewall\persfw.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Program Files\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
F2 - REG:system.ini: Shell=C:\Aston\aston.exe ,svchost.exe
O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 7\SnagItBHO.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 7\SnagItIEAddin.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [Hebrew] C:\Program Files\???? ?? ????\hebrew.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Startup: PREFETCH.exe.lnk = D:\internet\KaZaA lite\My shared folder\1-apps\PREFETCH.exe
O4 - Startup: surf.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: הוסף לצייד הפרסומות - C:\Program Files\Maxthon\config/blacklist.htm
O8 - Extra context menu item: הורד באמצעות פלאש-גט - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: הורד הכל באמצעות פלאש-גט - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: ממיר ג'יבריש לעברית - C:\Program Files\ZiggyHEBconvert\Ziggy G To H Convert.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_06\bin\npjpi142_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_06\bin\npjpi142_06.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\flashget.exe
O9 - Extra button: (no name) - SolidConverterPDF - (no file) (HKCU)
O12 - Plugin for .asp: C:\Program Files\Netscape\Netscape Browser\PLUGINS\npTrident.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: http://download.windowsupdate.com
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.t...all/xscan60.cab
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.co...wnload/cult.cab
O16 - DPF: {41ACD49D-1974-791A-0981-AA9872721044} (Ganymede Board Games) - http://67.15.101.3/g...ds_2_0_0_22.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1121012769234
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {D79B6F43-F214-4E7A-9ECB-CCC8771F2416} (LauncherV1 Class) - http://www.tapuz.co....in/launcher.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{0CD844ED-072B-41D3-8D64-54F048C4EE4B}: NameServer = 192.115.106.35 62.219.186.7
O17 - HKLM\System\CS1\Services\Tcpip\..\{0CD844ED-072B-41D3-8D64-54F048C4EE4B}: NameServer = 192.115.106.35 62.219.186.7
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSN Messenger\msgrapp.dll" (file missing)
O20 - AppInit_DLLs: MsgPlusLoader.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD File System Service (InCDsrv) - AHEAD Software - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\System32\oodag.exe
O23 - Service: Kerio Personal Firewall (PersFw) - Kerio Technologies - C:\Program Files\Kerio\Personal Firewall\persfw.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - Unknown owner - C:\Program Files\RealVNC\VNC4\WinVNC4.exe" -service (file missing)

#4 little eagle

little eagle

    spyware hawk

  • Visiting Fellow
  • PipPipPipPipPipPip
  • 8,968 posts
  • Interests:spyware

Posted 05 February 2006 - 04:54 PM

Download Ewido Security Suite it is a trial version of the program.
  • Install ewido security suite
  • Launch ewido, there should be an icon on your desktop double-click it.
  • The program will now go to the main screen
You will need to update ewido to the latest definition files.
  • On the left hand side of the main screen click update
  • Then click on Start Update
The update will start and a progress bar will show the updates being installed.
If you are having problems with the updater, you can use this link to manually update Ewido.
Ewido manual updates

Once the updates are installed do the following:
  • Click on scanner
  • Click on Complete System Scan and the scan will begin.
  • During some scans with ewido it is finding cases of false positives.
  • You will need to step through the process of cleaning files one-by-one.
  • If ewido detects a file you KNOW to be legitimate, select none as the action.
  • DO NOT select "Perform action on all infections"
  • If you are unsure of any entry found select none for now.
Once the scan has completed, there will be a button located on the bottom of the screen named Save report
Click Save report.
Save the report .txt file to your desktop.
Now close ewido security suite and post the results here.

#5 butke

butke

    New Member

  • New Member
  • Pip
  • 5 posts

Posted 05 February 2006 - 05:53 PM

here is the ewido test results: --------------------------------------------------------- ewido anti-malware - Scan report --------------------------------------------------------- + Created on: 1:52:18 AM, 2/6/2006 + Report-Checksum: 5D5DE9B9 + Scan result: :mozilla.10:C:\Documents and Settings\ilan b.ILAN\Application Data\Mozilla\Firefox\Profiles\kcqf2nzt.default\cookies.txt -> Spyware.Cookie.Pro-market : Cleaned with backup :mozilla.11:C:\Documents and Settings\ilan b.ILAN\Application Data\Mozilla\Firefox\Profiles\kcqf2nzt.default\cookies.txt -> Spyware.Cookie.Pro-market : Cleaned with backup :mozilla.12:C:\Documents and Settings\ilan b.ILAN\Application Data\Mozilla\Firefox\Profiles\kcqf2nzt.default\cookies.txt -> Spyware.Cookie.Pro-market : Cleaned with backup :mozilla.23:C:\Documents and Settings\ilan b.ILAN\Application Data\Mozilla\Firefox\Profiles\kcqf2nzt.default\cookies.txt -> Spyware.Cookie.Ivwbox : Cleaned with backup :mozilla.27:C:\Documents and Settings\ilan b.ILAN\Application Data\Mozilla\Firefox\Profiles\kcqf2nzt.default\cookies.txt -> Spyware.Cookie.Adtech : Cleaned with backup :mozilla.28:C:\Documents and Settings\ilan b.ILAN\Application Data\Mozilla\Firefox\Profiles\kcqf2nzt.default\cookies.txt -> Spyware.Cookie.Adtech : Cleaned with backup :mozilla.55:C:\Documents and Settings\ilan b.ILAN\Application Data\Mozilla\Firefox\Profiles\kcqf2nzt.default\cookies.txt -> Spyware.Cookie.Doubleclick : Cleaned with backup :mozilla.56:C:\Documents and Settings\ilan b.ILAN\Application Data\Mozilla\Firefox\Profiles\kcqf2nzt.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup :mozilla.114:C:\Documents and Settings\ilan b.ILAN\Application Data\Mozilla\Firefox\Profiles\kcqf2nzt.default\cookies.txt -> Spyware.Cookie.247realmedia : Cleaned with backup :mozilla.115:C:\Documents and Settings\ilan b.ILAN\Application Data\Mozilla\Firefox\Profiles\kcqf2nzt.default\cookies.txt -> Spyware.Cookie.Smartadserver : Cleaned with backup :mozilla.116:C:\Documents and Settings\ilan b.ILAN\Application Data\Mozilla\Firefox\Profiles\kcqf2nzt.default\cookies.txt -> Spyware.Cookie.Smartadserver : Cleaned with backup :mozilla.117:C:\Documents and Settings\ilan b.ILAN\Application Data\Mozilla\Firefox\Profiles\kcqf2nzt.default\cookies.txt -> Spyware.Cookie.Smartadserver : Cleaned with backup :mozilla.125:C:\Documents and Settings\ilan b.ILAN\Application Data\Mozilla\Firefox\Profiles\kcqf2nzt.default\cookies.txt -> Spyware.Cookie.Bluestreak : Cleaned with backup :mozilla.139:C:\Documents and Settings\ilan b.ILAN\Application Data\Mozilla\Firefox\Profiles\kcqf2nzt.default\cookies.txt -> Spyware.Cookie.Overture : Cleaned with backup :mozilla.140:C:\Documents and Settings\ilan b.ILAN\Application Data\Mozilla\Firefox\Profiles\kcqf2nzt.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup :mozilla.165:C:\Documents and Settings\ilan b.ILAN\Application Data\Mozilla\Firefox\Profiles\kcqf2nzt.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup :mozilla.170:C:\Documents and Settings\ilan b.ILAN\Application Data\Mozilla\Firefox\Profiles\kcqf2nzt.default\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup :mozilla.195:C:\Documents and Settings\ilan b.ILAN\Application Data\Mozilla\Firefox\Profiles\kcqf2nzt.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup :mozilla.16:C:\Documents and Settings\ilan b.ILAN\Application Data\Netscape\NSB\Profiles\i7wv3u2d.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup :mozilla.17:C:\Documents and Settings\ilan b.ILAN\Application Data\Netscape\NSB\Profiles\i7wv3u2d.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup :mozilla.18:C:\Documents and Settings\ilan b.ILAN\Application Data\Netscape\NSB\Profiles\i7wv3u2d.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup :mozilla.20:C:\Documents and Settings\ilan b.ILAN\Application Data\Netscape\NSB\Profiles\i7wv3u2d.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup :mozilla.21:C:\Documents and Settings\ilan b.ILAN\Application Data\Netscape\NSB\Profiles\i7wv3u2d.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup :mozilla.23:C:\Documents and Settings\ilan b.ILAN\Application Data\Netscape\NSB\Profiles\i7wv3u2d.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup C:\Documents and Settings\ilan b.ILAN\Application Data\Opera\Opera\Mail\lexicon\lexicon_2.dat -> Dropper.Small.u : Cleaned with backup C:\Documents and Settings\ilan b.ILAN\Cookies\ilan b@paypopup[1].txt -> Spyware.Cookie.Paypopup : Cleaned with backup C:\Documents and Settings\ilan b.ILAN\Local Settings\Temp\CrystalPlayer_FileIcons.dat -> Dropper.VB.ax : Cleaned with backup C:\Program Files\hijackthis\backups\backup-20060205-215339-203.dll -> Trojan.BHO.b : Cleaned with backup C:\System Volume Information\_restore{1E1AD40A-61EE-4900-B582-631020533480}\RP594\A0342479.dll -> Trojan.BHO.b : Cleaned with backup ::Report End thanks. am i getting my pc cleaner ?

#6 little eagle

little eagle

    spyware hawk

  • Visiting Fellow
  • PipPipPipPipPipPip
  • 8,968 posts
  • Interests:spyware

Posted 05 February 2006 - 10:06 PM

Can you post another log from hijackthis please.

#7 butke

butke

    New Member

  • New Member
  • Pip
  • 5 posts

Posted 06 February 2006 - 12:25 AM

good morning & thank you , here is the current log:

Logfile of HijackThis v1.99.1
Scan saved at 8:22:56 AM, on 2/6/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Aston\aston.exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Aston\XP\internat.exe
C:\Program Files\הפוך על הפוך\hebrew.exe
C:\Program Files\Eset\nod32kui.exe
D:\internet\KaZaA lite\My shared folder\1-apps\PREFETCH.exe
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\Kerio\Personal Firewall\persfw.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
F2 - REG:system.ini: Shell=C:\Aston\aston.exe ,svchost.exe
O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 7\SnagItBHO.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 7\SnagItIEAddin.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [Hebrew] C:\Program Files\???? ?? ????\hebrew.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Startup: PREFETCH.exe.lnk = D:\internet\KaZaA lite\My shared folder\1-apps\PREFETCH.exe
O4 - Startup: surf.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: הוסף לצייד הפרסומות - C:\Program Files\Maxthon\config/blacklist.htm
O8 - Extra context menu item: הורד באמצעות פלאש-גט - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: הורד הכל באמצעות פלאש-גט - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: ממיר ג'יבריש לעברית - C:\Program Files\ZiggyHEBconvert\Ziggy G To H Convert.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_06\bin\npjpi142_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_06\bin\npjpi142_06.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\flashget.exe
O9 - Extra button: (no name) - SolidConverterPDF - (no file) (HKCU)
O12 - Plugin for .asp: C:\Program Files\Netscape\Netscape Browser\PLUGINS\npTrident.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: http://download.windowsupdate.com
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.t...all/xscan60.cab
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.co...wnload/cult.cab
O16 - DPF: {41ACD49D-1974-791A-0981-AA9872721044} (Ganymede Board Games) - http://67.15.101.3/g...ds_2_0_0_22.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1121012769234
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {D79B6F43-F214-4E7A-9ECB-CCC8771F2416} (LauncherV1 Class) - http://www.tapuz.co....in/launcher.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{0CD844ED-072B-41D3-8D64-54F048C4EE4B}: NameServer = 192.115.106.35 62.219.186.7
O17 - HKLM\System\CS1\Services\Tcpip\..\{0CD844ED-072B-41D3-8D64-54F048C4EE4B}: NameServer = 192.115.106.35 62.219.186.7
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSN Messenger\msgrapp.dll" (file missing)
O20 - AppInit_DLLs: MsgPlusLoader.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD File System Service (InCDsrv) - AHEAD Software - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\System32\oodag.exe
O23 - Service: Kerio Personal Firewall (PersFw) - Kerio Technologies - C:\Program Files\Kerio\Personal Firewall\persfw.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - Unknown owner - C:\Program Files\RealVNC\VNC4\WinVNC4.exe" -service (file missing)

#8 little eagle

little eagle

    spyware hawk

  • Visiting Fellow
  • PipPipPipPipPipPip
  • 8,968 posts
  • Interests:spyware

Posted 06 February 2006 - 08:30 AM

If I were you I would get rid of KaZaA lite. Log looks clean now how is it running.

#9 butke

butke

    New Member

  • New Member
  • Pip
  • 5 posts

Posted 06 February 2006 - 11:17 AM

first , thank you very much for your help. i don't have kazaalite at all , i just use it's old folder for my media files. it's 3 years there & never ran it. i feel a little better when surfing now. again , thank you for your help.

#10 little eagle

little eagle

    spyware hawk

  • Visiting Fellow
  • PipPipPipPipPipPip
  • 8,968 posts
  • Interests:spyware

Posted 07 February 2006 - 12:22 AM

Glad we could be of assistance. This topic is now closed. If you wish it reopened, please send us an email (Click for address) with a link to your thread.

Do not bother contacting us if you are not the topic starter. A valid, working link to the closed topic is required along with the user name used. If the user name does not match the one in the thread linked, the email will be deleted.
Make sure you use proper prevention to keep from having problems occur to your computer in the future.

Coyote's Installed programs for prevention:

http://forums.tomcoy...showtopic=31418

The help you receive here is free. If you wish to show your appreciation, then you may donate to help keep us online.

Visit the CoyoteStore http://TomCoyote.org/coyotestore.php

Also follow the recommendations in Tony Klein's article
So how did I get infected in the first place?

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users