Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Hijackthis Log For Dasos


  • Please log in to reply
7 replies to this topic

#1 agnostos

agnostos

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:04:38 PM

Posted 07 March 2008 - 03:10 PM

hello...i have a problem with a hard disk...i install my external disk in my computer, then i put the same disk in another computer to take some files, that computer had a virus - i didnt know it- after that i again put my external hard disk to my computer and then i check that when i am going to MyComputer- (F) Disk that the icon of the external disk had dissapeared and the icon there is the same that all disks have...when i double click on it it opens a window that tell me "which program i want to open that file"

so when i want to see my files i command autoplay and then i can see my files...
any help?
thanks a lot

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:55:59 πμ, on 7/3/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Acer\eManager\anbmServ.exe
C:\Program Files\Apache Group\Apache2\bin\Apache.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Apache Group\Apache2\bin\Apache.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\WINDHellasConnectionManager\Drivers\Automatic\Option Globesurfer Icon\GTFlashSwitch.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\mysql\bin\mysqld-nt.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
C:\Program Files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Apache Group\Apache2\bin\ApacheMonitor.exe
C:\mysql\bin\winmysqladmin.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Adobe\Adobe Dreamweaver CS3\Dreamweaver.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.perisweb.gr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [AnyDVD] "C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe"
O4 - HKLM\..\Run: [basicsmssmenu] "C:\Program Files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-725345543-1454471165-682003330-1003\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-21-725345543-1454471165-682003330-1003\..\RunOnce: [NeroHomeFirstStart] C:\Program Files\Common Files\Ahead\Lib\NMFirstStart.exe (User '?')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: WinMySQLadmin.lnk = C:\mysql\bin\winmysqladmin.exe
O4 - Global Startup: Monitor Apache Servers.lnk = C:\Program Files\Apache Group\Apache2\bin\ApacheMonitor.exe
O4 - Global Startup: Σήμερα.lnk = C:\Program Files\Today\TODAY.EXE
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://periklis83.spaces.live.com/PhotoUpload/MsnPUpld.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{30095C44-145A-4C48-8249-3B4B3D48B5F5}: NameServer = 192.168.0.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{30095C44-145A-4C48-8249-3B4B3D48B5F5}: NameServer = 192.168.0.1
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
O23 - Service: Apache2 - Apache Software Foundation - C:\Program Files\Apache Group\Apache2\bin\Apache.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Basics Service - Seagate Technology LLC - C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GtFlashSwitch Service (GTFlashSwitch) - OptionNV - C:\Program Files\WINDHellasConnectionManager\Drivers\Automatic\Option Globesurfer Icon\GTFlashSwitch.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: MySql - Unknown owner - C:/mysql/bin/mysqld-nt.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe

--
End of file - 9105 bytes

BC AdBot (Login to Remove)

 


m

#2 DASOS

DASOS

    Malware hunter


  • Security Colleague
  • 1,662 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greece loutraki 6 km from korinth canal
  • Local time:11:38 PM

Posted 08 March 2008 - 12:36 PM

Γεια σου άγνωστε.

Κατέβασε στην επιφάνεια εργασίας αυτό το εργαλείο και τρεξτο με διπλό κλικ.
Flash_Disinfector.exe

Πες μου αν έφτιαξε το πρόβλημα.


Η java που έχεις είναι πολύ παλιά και ενδέχεται να κόλλησης κάποιο ιο από εκεί, ακολούθησε τις οδηγίες για να κατεβάσεις την νέα έκδοση.

Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop.
  • Scroll down to where it says "Java Runtime Environment (JRE) 6 Update 5...allows end-users to run Java applications".
  • Click the "Download" button to the right.
  • Select your Platform: "Windows".
  • Select your Language: "English".
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • Click Continue and the page will refresh.
  • Click on the link to download Windows Offline Installation and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u5-windows-i586-p.exe to install the newest version.


Δεν έχεις firewall? Κατέβασε ένα από αυτά τα δωρεάν και καλά!!
Comodo Online Armor or Sygate

Αν έχεις το firewall των XP δεν κάνει τίποτα και για αυτό δεν το συνιστούμε.

Μετά από αυτά ανέβασε ένα νέο HijackThis log και πες μου τι έγινε.

#3 agnostos

agnostos
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:04:38 PM

Posted 27 March 2008 - 08:53 AM

ευχαριστώ για τη βοήθεια, ο σκληρός έφτιαξε, αν και δεν βγάζει και πάλι το εικονίδιο της εταιρείας , δουλεύει οκ

εγκατέστησα το nod32, Ποιο firewall προτείνεις να βάλω?

#4 DASOS

DASOS

    Malware hunter


  • Security Colleague
  • 1,662 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greece loutraki 6 km from korinth canal
  • Local time:11:38 PM

Posted 27 March 2008 - 10:06 AM

Αν θέλεις τρέξε το Flash_Disinfector και πάλι, σύνδεσε και τον εξωτερικό σκληρό και άφησε να τον ψάξει/καθαρίσει και αυτόν.


Παρακαλώ κάνε έναν online έλεγχο ΕΔΩ στο Panda Posted Image ActiveScan
  • Σημείωση: δουλεύει μόνον με IE.
  • Όταν θα μπεις στο site κάνε κλίκ σε αυτό το κουμπί Posted Image
  • Ένα νέο παράθυρο θα ανοίξει.
  • Γράψε χώρα
  • Γράψε e-mail και κάνε κλίκ στο [send]
  • Επέλεξε Home User ή Company
  • Κάνε κλικ στο μεγάλο Posted Image
  • Αν χρειαστεί να εγκαταστήσει ένα ActiveX πρόγραμμα άφησε το.
  • Θα ξεκινήσει το κατέβασμα τον αρχείων που χρειάζεται για τον έλεγχο.( Μπορεί να πάρει λίγο χρόνο.)
  • Όταν τελείωση το κατέβασμα, κάνε κλικ στο Posted Image για να ξεκινήσει ο έλεγχος.
  • Όταν τελειώσει ο έλεγχος, και αν βρεθεί κάποια μόλυνση κάνε κλικ στο κουμπί Posted Image
  • Και μετα στο κουμπι Posted Image αποθήκευσε την αναφορά στην επιφάνεια εργασίας και ανέβασε την στην επόμενη απάντηση σoυ.

Σημείωση: Ίσως να χρειαστεί να απενεργοποιήσεις προσωρινά το antivirus που έχεις για να κατέβει το ActiveX και να γίνει ο έλεγχος.


Για firewall εγώ έχω το Comodo. Εβαλες το Nod32 το AVG το εβγαλες?

#5 agnostos

agnostos
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:04:38 PM

Posted 29 March 2008 - 09:06 AM

λοιπόν, απεγκατέστησα το avg και έβαλα το Nod32 όπως σου είπα
+ ότι έβαλα το armor για firewall

λοιπόν εμφανίστηκαν και κάτι άλλα περιέργα στο Pc, όταν τρέχω το spybot περίπου στη μέση του σκαναρίσματος κλείνει το pc, το ίδιο μου γίνεται όταν μπαίνω σε safe mode και το σκανάρω με το spybot

ακόμα, όταν πάω να παίξω κάποιο avi αρχείο μου βγάζει το μήνυμα που επισυνάπτω στις δύο φώτο:
http://www.perisweb.gr/1.jpg
http://www.perisweb.gr/2.jpg
ενώ σε άλλα pc παίζει κανονικά τα αρχεία avi

έτρεξα το online σκανάρισμα και μου βρήκα κάποια trojan Κλπ, εδώ είναι το report :

Incident Status Location

Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\50qeood2.default\cookies.txt[.doubleclick.net/]
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\periklis\Application Data\Mozilla\Firefox\Profiles\fpakmllx.default\cookies.txt[.go.com/]
Spyware:Cookie/Toplist Not disinfected C:\Documents and Settings\periklis\Application Data\Mozilla\Firefox\Profiles\fpakmllx.default\cookies.txt[.toplist.cz/]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\periklis\Application Data\Mozilla\Firefox\Profiles\fpakmllx.default\cookies.txt[server.iad.liveperson.net/hc/14115341]
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\periklis\Cookies\periklis@atwola[1].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\periklis\Cookies\periklis@doubleclick[1].txt
Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\periklis\Cookies\periklis@xiti[1].txt
Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\Documents and Settings\periklis\Local Settings\Temp\nircmd.exe
Virus:Generic Malware Not disinfected F:\periklis\programs\1.Click.And.Lock.v2.9.WinALL.Incl.Keygen-BRD\br1cal29.rar[keygen\keygen.exe]
Virus:Generic Malware Not disinfected F:\periklis\programs\1.Click.And.Lock.v2.9.WinALL.Incl.Keygen-BRD\br1cal29.zip[br1cal29.rar][keygen\keygen.exe]
Potentially unwanted tool:Application/NirCmd.A Not disinfected F:\periklis\programs\security\Flash_Disinfector.exe[nircmd.exe]
Virus:Generic Backdoor Not disinfected F:\periklis\programs\VSO.ConvertXtoDVD.Multilanguage.v2.0.11.WinALL.Cracked-ENGiNE.rar[VSO.ConvertXtoDVD.Multilanguage.v2.0.11.WinALL.Cracked-ENGiNE\Crack\Convertxtodvd.v2.011_Crk.exe]

#6 DASOS

DASOS

    Malware hunter


  • Security Colleague
  • 1,662 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greece loutraki 6 km from korinth canal
  • Local time:11:38 PM

Posted 29 March 2008 - 02:11 PM

Αυτά που βρήκε το Panda είναι crack και τα βρίσκει στον F που μάλλον είναι ο εξωτερικός σκληρός.

Virus:Generic Malware Not disinfected F:\periklis\programs\1.Click.And.Lock.v2.9.WinALL.Incl.Keygen-BRD\br1cal29.rar[keygen\keygen.exe]
Virus:Generic Malware Not disinfected F:\periklis\programs\1.Click.And.Lock.v2.9.WinALL.Incl.Keygen-BRD\br1cal29.zip[br1cal29.rar][keygen\keygen.exe]
Virus:Generic Backdoor Not disinfected F:\periklis\programs\VSO.ConvertXtoDVD.Multilanguage.v2.0.11.WinALL.Cracked-ENGiNE.rar[VSO.ConvertXtoDVD.Multilanguage.v2.0.11.WinALL.Cracked-ENGiNE\Crack\Convertxtodvd.v2.011_Crk.exe]


Αν συνέχισης να κατεβάζεις Crack και keygen κάποια μέρα δεν θα καθαρίζει το PC σου.
Από εκεί κολλούν οι περισσότεροι τους πιο πολλούς ιούς, θα σου συνιστούσα να τα διαγράψεις, μπορείς να βρεις εναλλακτικά δωρεάν προγράμματα εδώ: Freeware Replacements For Common Commercial Apps

Το Nod32 τρέχει κανονικά? Μόνον το spybot το κάνει αυτό? Ίσως να υπάρχει κάποια διένεξη με το armor.

Ανέβασε ένα νέο HijackThis log.

#7 agnostos

agnostos
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:04:38 PM

Posted 29 March 2008 - 02:49 PM

όντως αυτό με το crack έχεις δίκιο, τα έχω στον εξωτερικό σκληρό και θα τα διάγραψω, έτσι και αλλιώς δεν τα χρησιμοποιώ

έχεις καμιά ιδέα για τις δύο φώτος που σου έδειξα και τα avi αρχεία?

ορίστε το hijack :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:48:10 μμ, on 29/3/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Tall Emu\Online Armor\oasrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
C:\Program Files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Tall Emu\Online Armor\oaui.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Apache Group\Apache2\bin\ApacheMonitor.exe
C:\mysql\bin\winmysqladmin.exe
C:\Acer\eManager\anbmServ.exe
C:\Program Files\Apache Group\Apache2\bin\Apache.exe
C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\Program Files\Apache Group\Apache2\bin\Apache.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\WINDHellasConnectionManager\Drivers\Automatic\Option Globesurfer Icon\GTFlashSwitch.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\mysql\bin\mysqld-nt.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.perisweb.gr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [AnyDVD] "C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe"
O4 - HKLM\..\Run: [basicsmssmenu] "C:\Program Files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [OnlineArmor GUI] "C:\Program Files\Tall Emu\Online Armor\oaui.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: WinMySQLadmin.lnk = C:\mysql\bin\winmysqladmin.exe
O4 - Global Startup: Monitor Apache Servers.lnk = C:\Program Files\Apache Group\Apache2\bin\ApacheMonitor.exe
O4 - Global Startup: Σήμερα.lnk = C:\Program Files\Today\TODAY.EXE
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Broken Internet access because of LSP provider 'c:\program files\bonjour\mdnsnsp.dll' missing
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1206487702343
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://periklis83.spaces.live.com/PhotoUpload/MsnPUpld.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://plugin.driveragent.com/files/driveragent.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{30095C44-145A-4C48-8249-3B4B3D48B5F5}: NameServer = 192.168.0.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{30095C44-145A-4C48-8249-3B4B3D48B5F5}: NameServer = 192.168.0.1
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
O23 - Service: Apache2 - Apache Software Foundation - C:\Program Files\Apache Group\Apache2\bin\Apache.exe
O23 - Service: Basics Service - Seagate Technology LLC - C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Unknown owner - C:\Program Files\Bonjour\mDNSResponder.exe (file missing)
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GtFlashSwitch Service (GTFlashSwitch) - OptionNV - C:\Program Files\WINDHellasConnectionManager\Drivers\Automatic\Option Globesurfer Icon\GTFlashSwitch.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: MySql - Unknown owner - C:/mysql/bin/mysqld-nt.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Online Armor (SvcOnlineArmor) - Tall Emu - C:\Program Files\Tall Emu\Online Armor\oasrv.exe

--
End of file - 9979 bytes

#8 DASOS

DASOS

    Malware hunter


  • Security Colleague
  • 1,662 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greece loutraki 6 km from korinth canal
  • Local time:11:38 PM

Posted 29 March 2008 - 03:10 PM

Όχι δεν είμαι σίγουρος για αυτό το πρόβλημα, καλύτερη βοήθεια θα βρεις εάν κάνεις ένα καινούργιο topιc εδώ.

Windows XP Home and Professional

Κατά τα άλλα το PC δείχνει καθαρό, ακολούθησε σε παρακαλώ και τις οδηγίες κάτωθι.

You are using Windows XP then you should disable and enable system restore to make sure there are no infected files found in a restore point.

You can find instructions on how to disable and enable system restore here:

Windows XP System Restore Guide

Renable system restore with instructions from tutorial above


Next,

This process will clean out your Temp files and your Temporary Internet Files. Please do both steps:

Step 1:Delete Temp Files
To clean out your temp files, click on Start and then run, and type %temp% and press the ok button.

This should open up the temp directory that your machine uses. Please delete all files that are found there. If you get an error when deleting a file, skip that file and delete all the others. If you had trouble deleting a file, reboot into Safe Mode and follow this step again. You should now be able to delete all the files.

Step 2: Delete Temporary Internet Files
Now I want you to open up Internet Explorer, and click on the Tools menu and then Internet Options. At the General tab, which should be the first tab you are currently on, click on the Delete Files button and put a checkmark in Delete offline content. Then press the OK button. This may take quite a while, so do not be alarmed with how long it takes. When it is done, your Temporary Internet Files will now be deleted.

Finally, and definitely the MOST IMPORTANT step, click on the following tutorial and follow each step listed there:

Simple and easy ways to keep your computer safe and secure on the Internet


Glad I was able to help and if there any other problems related to your computer please feel free to post them in the appropriate forum. Though we help people with spyware and viruses here at BC, we also help people with other computer problems! Do not forget to tell your friends about us!

:thumbsup:




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users