Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Please Analyze My Log2


  • Please log in to reply
22 replies to this topic

#1 cordor

cordor

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:11:05 AM

Posted 16 May 2008 - 05:29 PM

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:33:49, on 16.05.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\RTHDCPL.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\DOCUME~1\Q\LOCALS~1\Temp\RtkBtMnt.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Documents and Settings\Q\Desktop\msnmsgr.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Q\Desktop\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Bağlantılar
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Oturum Açma Yardım Aracı - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [iexplore] C:\WINDOWS\iexplore.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{27A05E4B-C2B0-4B3E-AD8A-8917BF182179}: NameServer = 195.175.39.39,195.175.39.40
O17 - HKLM\System\CCS\Services\Tcpip\..\{EC45B7A3-B45F-40F6-B3C4-7C7F2BB997A8}: NameServer = 195.175.39.39,195.175.39.40
O17 - HKLM\System\CS1\Services\Tcpip\..\{27A05E4B-C2B0-4B3E-AD8A-8917BF182179}: NameServer = 195.175.39.39,195.175.39.40
O17 - HKLM\System\CS2\Services\Tcpip\..\{27A05E4B-C2B0-4B3E-AD8A-8917BF182179}: NameServer = 195.175.39.39,195.175.39.40
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

--
End of file - 4032 bytes


Thank you very much

BC AdBot (Login to Remove)

 


#2 bamajim

bamajim

  • Members
  • 894 posts
  • OFFLINE
  •  
  • Local time:11:05 AM

Posted 23 May 2008 - 08:46 AM

cordor

Sorry for the delay.

Could you post a fresh Hiajckthis log?
Posted Image
Microsoft MVP - Windows Security

#3 cordor

cordor
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:11:05 AM

Posted 23 May 2008 - 08:07 PM

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 04:07:18, on 24.05.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\RTHDCPL.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Q\Desktop\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Bağlantılar
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Oturum Açma Yardım Aracı - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [iexplore] C:\WINDOWS\iexplore.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{27A05E4B-C2B0-4B3E-AD8A-8917BF182179}: NameServer = 195.175.39.39,195.175.39.40
O17 - HKLM\System\CS1\Services\Tcpip\..\{27A05E4B-C2B0-4B3E-AD8A-8917BF182179}: NameServer = 195.175.39.39,195.175.39.40
O17 - HKLM\System\CS2\Services\Tcpip\..\{27A05E4B-C2B0-4B3E-AD8A-8917BF182179}: NameServer = 195.175.39.39,195.175.39.40
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

--
End of file - 3912 bytes



No Problem :thumbsup: Thanx for your help.

#4 cordor

cordor
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:11:05 AM

Posted 25 May 2008 - 03:50 PM

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:50:10, on 25.05.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\RTHDCPL.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Xfire\xfire.exe
C:\Documents and Settings\Q\Desktop\msnmsgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Q\Desktop\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Bağlantılar
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Oturum Açma Yardım Aracı - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [iexplore] C:\WINDOWS\iexplore.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{27A05E4B-C2B0-4B3E-AD8A-8917BF182179}: NameServer = 195.175.39.39,195.175.39.40
O17 - HKLM\System\CS1\Services\Tcpip\..\{27A05E4B-C2B0-4B3E-AD8A-8917BF182179}: NameServer = 195.175.39.39,195.175.39.40
O17 - HKLM\System\CS2\Services\Tcpip\..\{27A05E4B-C2B0-4B3E-AD8A-8917BF182179}: NameServer = 195.175.39.39,195.175.39.40
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

--
End of file - 3962 bytes

#5 bamajim

bamajim

  • Members
  • 894 posts
  • OFFLINE
  •  
  • Local time:11:05 AM

Posted 26 May 2008 - 07:42 AM

cordor

1. Rerun Hijackthis (scan only) and place checks beside the following entries R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Baglantilar
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [iexplore] C:\WINDOWS\iexplore.exe

Close all other open windows except Hijackthis and Select "Fix checked"

Close Hijackthis

Next Using Windows Explorer(Right click on "Start," select "Explore," and you will see the "tree' of file folders in the left side of the window. Click on the "+" next to any folder name to expand its contents)
Locate and Delete the following fileC:\WINDOWS\iexplore.exe <<- Make sure it is this file in this location.
Close windows explorer ->> Reboot your PC ->> Rerun Hijackthis and post a fresh Hijackthis log.
Posted Image
Microsoft MVP - Windows Security

#6 cordor

cordor
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:11:05 AM

Posted 26 May 2008 - 10:40 AM

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:39:26, on 26.05.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\RTHDCPL.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Xfire\xfire.exe
C:\DOCUME~1\Q\LOCALS~1\Temp\RtkBtMnt.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Documents and Settings\Q\Desktop\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O2 - BHO: Windows Live Oturum Açma Yardım Aracı - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{27A05E4B-C2B0-4B3E-AD8A-8917BF182179}: NameServer = 195.175.39.39,195.175.39.40
O17 - HKLM\System\CS1\Services\Tcpip\..\{27A05E4B-C2B0-4B3E-AD8A-8917BF182179}: NameServer = 195.175.39.39,195.175.39.40
O17 - HKLM\System\CS2\Services\Tcpip\..\{27A05E4B-C2B0-4B3E-AD8A-8917BF182179}: NameServer = 195.175.39.39,195.175.39.40
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

--
End of file - 3639 bytes


Thank you very much for your help :thumbsup:

#7 bamajim

bamajim

  • Members
  • 894 posts
  • OFFLINE
  •  
  • Local time:11:05 AM

Posted 26 May 2008 - 10:50 AM

cordor

You are most welcome

Run an online virus scan called Kaspersky from HERE.1. Click on "Kaspersky Online Scanner"
2. A new smaller window will pop up. Press on "Accept". After reading the contents.
3. Now Kaspersky will update the anti-virus database. Let it run.
4. Click on "Next"->>"Scan Settings", and make sure the database is set to "extended". And check both the scan options. Then click OK.
5. Then click on "My Computer". And the scan will start.
6. When the scan is complete Select "Save error report as"
Then in the file name just type in kaspersky
Under "save as type" select text .txt
Save it to your Desktop.
Copy and post the results of the Kaspersky Online scan
Posted Image
Microsoft MVP - Windows Security

#8 cordor

cordor
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:11:05 AM

Posted 26 May 2008 - 02:49 PM

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Monday, May 26, 2008 10:48:18 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 26/05/2008
Kaspersky Anti-Virus database records: 801040
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\
E:\
F:\

Scan Statistics:
Total number of scanned objects: 64212
Number of viruses found: 4
Number of infected objects: 41
Number of suspicious objects: 0
Duration of the scan process: 01:04:27

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Q\Belgelerim\Alınan Dosyalarım\legal_xp.rar/legal_xp/legal xp.exe/AutoPlay/Docs/keyfinder.exe/data.rar/xpkey.exe Infected: not-a-virus:PSWTool.Win32.RAS.a skipped
C:\Documents and Settings\Q\Belgelerim\Alınan Dosyalarım\legal_xp.rar/legal_xp/legal xp.exe/AutoPlay/Docs/keyfinder.exe/data.rar/officekey.exe Infected: not-a-virus:PSWTool.Win32.RAS.a skipped
C:\Documents and Settings\Q\Belgelerim\Alınan Dosyalarım\legal_xp.rar/legal_xp/legal xp.exe/AutoPlay/Docs/keyfinder.exe/data.rar Infected: not-a-virus:PSWTool.Win32.RAS.a skipped
C:\Documents and Settings\Q\Belgelerim\Alınan Dosyalarım\legal_xp.rar/legal_xp/legal xp.exe/AutoPlay/Docs/keyfinder.exe Infected: not-a-virus:PSWTool.Win32.RAS.a skipped
C:\Documents and Settings\Q\Belgelerim\Alınan Dosyalarım\legal_xp.rar/legal_xp/legal xp.exe Infected: not-a-virus:PSWTool.Win32.RAS.a skipped
C:\Documents and Settings\Q\Belgelerim\Alınan Dosyalarım\legal_xp.rar RAR: infected - 5 skipped
C:\Documents and Settings\Q\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Q\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped
C:\Documents and Settings\Q\Local Settings\Application Data\Microsoft\Messenger\zonaice@hotmail.com\SharingMetadata\Logs\Dfsr00005.log Object is locked skipped
C:\Documents and Settings\Q\Local Settings\Application Data\Microsoft\Messenger\zonaice@hotmail.com\SharingMetadata\pending.dat Object is locked skipped
C:\Documents and Settings\Q\Local Settings\Application Data\Microsoft\Messenger\zonaice@hotmail.com\SharingMetadata\Working\database_2C78_2CC5_782C_901E\dfsr.db Object is locked skipped
C:\Documents and Settings\Q\Local Settings\Application Data\Microsoft\Messenger\zonaice@hotmail.com\SharingMetadata\Working\database_2C78_2CC5_782C_901E\fsr.log Object is locked skipped
C:\Documents and Settings\Q\Local Settings\Application Data\Microsoft\Messenger\zonaice@hotmail.com\SharingMetadata\Working\database_2C78_2CC5_782C_901E\fsrtmp.log Object is locked skipped
C:\Documents and Settings\Q\Local Settings\Application Data\Microsoft\Messenger\zonaice@hotmail.com\SharingMetadata\Working\database_2C78_2CC5_782C_901E\tmp.edb Object is locked skipped
C:\Documents and Settings\Q\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Q\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Q\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Q\Local Settings\History\History.IE5\MSHist012008052620080527\index.dat Object is locked skipped
C:\Documents and Settings\Q\Local Settings\Temp\ir_ext_temp_0\AutoPlay\Docs\keyfinder.exe/data.rar/xpkey.exe Infected: not-a-virus:PSWTool.Win32.RAS.a skipped
C:\Documents and Settings\Q\Local Settings\Temp\ir_ext_temp_0\AutoPlay\Docs\keyfinder.exe/data.rar/officekey.exe Infected: not-a-virus:PSWTool.Win32.RAS.a skipped
C:\Documents and Settings\Q\Local Settings\Temp\ir_ext_temp_0\AutoPlay\Docs\keyfinder.exe/data.rar Infected: not-a-virus:PSWTool.Win32.RAS.a skipped
C:\Documents and Settings\Q\Local Settings\Temp\ir_ext_temp_0\AutoPlay\Docs\keyfinder.exe RarSFX: infected - 3 skipped
C:\Documents and Settings\Q\Local Settings\Temp\mirc631.exe/stream/data0014 Infected: not-a-virus:Client-IRC.Win32.mIRC.631 skipped
C:\Documents and Settings\Q\Local Settings\Temp\mirc631.exe/stream Infected: not-a-virus:Client-IRC.Win32.mIRC.631 skipped
C:\Documents and Settings\Q\Local Settings\Temp\mirc631.exe NSIS: infected - 2 skipped
C:\Documents and Settings\Q\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents and Settings\Q\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Q\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Q\ntuser.dat.LOG Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\aswResp.dat Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\Avast4.db Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\log\AshWebSv.ws Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\log\aswMaiSv.log Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\log\nshield.log Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\log\selfdef.log Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\report\Yerleşik koruma.txt Object is locked skipped
C:\Program Files\mIRC\mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.631 skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{F303D94E-8EBC-4241-845F-66D64C121B67}\RP16\A0002797.exe/stream/data0050 Infected: not-a-virus:AdWare.Win32.Shopper.r skipped
C:\System Volume Information\_restore{F303D94E-8EBC-4241-845F-66D64C121B67}\RP16\A0002797.exe/stream Infected: not-a-virus:AdWare.Win32.Shopper.r skipped
C:\System Volume Information\_restore{F303D94E-8EBC-4241-845F-66D64C121B67}\RP16\A0002797.exe NSIS: infected - 2 skipped
C:\System Volume Information\_restore{F303D94E-8EBC-4241-845F-66D64C121B67}\RP30\A0008380.exe/AutoPlay/Docs/keyfinder.exe/data.rar/xpkey.exe Infected: not-a-virus:PSWTool.Win32.RAS.a skipped
C:\System Volume Information\_restore{F303D94E-8EBC-4241-845F-66D64C121B67}\RP30\A0008380.exe/AutoPlay/Docs/keyfinder.exe/data.rar/officekey.exe Infected: not-a-virus:PSWTool.Win32.RAS.a skipped
C:\System Volume Information\_restore{F303D94E-8EBC-4241-845F-66D64C121B67}\RP30\A0008380.exe/AutoPlay/Docs/keyfinder.exe/data.rar Infected: not-a-virus:PSWTool.Win32.RAS.a skipped
C:\System Volume Information\_restore{F303D94E-8EBC-4241-845F-66D64C121B67}\RP30\A0008380.exe/AutoPlay/Docs/keyfinder.exe Infected: not-a-virus:PSWTool.Win32.RAS.a skipped
C:\System Volume Information\_restore{F303D94E-8EBC-4241-845F-66D64C121B67}\RP30\A0008380.exe ZIP: infected - 4 skipped
C:\System Volume Information\_restore{F303D94E-8EBC-4241-845F-66D64C121B67}\RP43\A0013073.exe/AutoPlay/Docs/keyfinder.exe/data.rar/xpkey.exe Infected: not-a-virus:PSWTool.Win32.RAS.a skipped
C:\System Volume Information\_restore{F303D94E-8EBC-4241-845F-66D64C121B67}\RP43\A0013073.exe/AutoPlay/Docs/keyfinder.exe/data.rar/officekey.exe Infected: not-a-virus:PSWTool.Win32.RAS.a skipped
C:\System Volume Information\_restore{F303D94E-8EBC-4241-845F-66D64C121B67}\RP43\A0013073.exe/AutoPlay/Docs/keyfinder.exe/data.rar Infected: not-a-virus:PSWTool.Win32.RAS.a skipped
C:\System Volume Information\_restore{F303D94E-8EBC-4241-845F-66D64C121B67}\RP43\A0013073.exe/AutoPlay/Docs/keyfinder.exe Infected: not-a-virus:PSWTool.Win32.RAS.a skipped
C:\System Volume Information\_restore{F303D94E-8EBC-4241-845F-66D64C121B67}\RP43\A0013073.exe ZIP: infected - 4 skipped
C:\System Volume Information\_restore{F303D94E-8EBC-4241-845F-66D64C121B67}\RP56\A0024764.exe/stream/data0001/stream/data0014 Infected: not-a-virus:Client-IRC.Win32.mIRC.631 skipped
C:\System Volume Information\_restore{F303D94E-8EBC-4241-845F-66D64C121B67}\RP56\A0024764.exe/stream/data0001/stream Infected: not-a-virus:Client-IRC.Win32.mIRC.631 skipped
C:\System Volume Information\_restore{F303D94E-8EBC-4241-845F-66D64C121B67}\RP56\A0024764.exe/stream/data0001 Infected: not-a-virus:Client-IRC.Win32.mIRC.631 skipped
C:\System Volume Information\_restore{F303D94E-8EBC-4241-845F-66D64C121B67}\RP56\A0024764.exe/stream Infected: not-a-virus:Client-IRC.Win32.mIRC.631 skipped
C:\System Volume Information\_restore{F303D94E-8EBC-4241-845F-66D64C121B67}\RP56\A0024764.exe NSIS: infected - 4 skipped
C:\System Volume Information\_restore{F303D94E-8EBC-4241-845F-66D64C121B67}\RP62\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\EXPL0RER.exe Infected: Worm.Win32.AutoRun.dbi skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{F62E800E-9A3D-403D-902E-83E1D992BE9B}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\Antivirus.Evt Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\drivers\sptd.sys Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\Temp\Perflib_Perfdata_704.dat Object is locked skipped
C:\WINDOWS\Temp\_avast4_\Webshlock.txt Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
D:\setuplar\daemon4121-lite.exe/stream/data0050 Infected: not-a-virus:AdWare.Win32.Shopper.r skipped
D:\setuplar\daemon4121-lite.exe/stream Infected: not-a-virus:AdWare.Win32.Shopper.r skipped
D:\setuplar\daemon4121-lite.exe NSIS: infected - 2 skipped
D:\setuplar\legal_xp\legal xp.exe/AutoPlay/Docs/keyfinder.exe/data.rar/xpkey.exe Infected: not-a-virus:PSWTool.Win32.RAS.a skipped
D:\setuplar\legal_xp\legal xp.exe/AutoPlay/Docs/keyfinder.exe/data.rar/officekey.exe Infected: not-a-virus:PSWTool.Win32.RAS.a skipped
D:\setuplar\legal_xp\legal xp.exe/AutoPlay/Docs/keyfinder.exe/data.rar Infected: not-a-virus:PSWTool.Win32.RAS.a skipped
D:\setuplar\legal_xp\legal xp.exe/AutoPlay/Docs/keyfinder.exe Infected: not-a-virus:PSWTool.Win32.RAS.a skipped
D:\setuplar\legal_xp\legal xp.exe ZIP: infected - 4 skipped
D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

Scan process completed.

#9 bamajim

bamajim

  • Members
  • 894 posts
  • OFFLINE
  •  
  • Local time:11:05 AM

Posted 26 May 2008 - 03:37 PM

cordor

Re Run HijackthisAt the Main window select "Open the misc tool section"
Then select "Open uninstall manager"
Then "save list" and save it to your desktop
Copy and paste that list as a reply to this thread
Posted Image
Microsoft MVP - Windows Security

#10 cordor

cordor
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:11:05 AM

Posted 26 May 2008 - 04:19 PM

Acer Crystal Eye webcam
Adobe Flash Player ActiveX
Adobe Flash Player Plugin
Adobe Reader 8.1.2
Adobe Shockwave Player
Ahead Nero 6 Demo
avast! Antivirus
Broadcom Gigabit Integrated Controller
Canon EOS Kiss_N REBEL_XT 350D WIA Driver
GIMP 2.4.5
High Definition Audio Driver Package - KB888111
HijackThis 2.0.2
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB926239)
Intel® Graphics Media Accelerator Driver
Java™ 6 Update 4
Kaspersky Online Scanner
LimeWire 4.16.6
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Professional Edition 2003
Microsoft User-Mode Driver Framework Feature Pack 1.0
mIRC
Mozilla Firefox (2.0.0.14)
MSXML 4.0 SP2 (KB936181)
Realtek High Definition Audio Driver
RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01
SAMSUNG CDMA Modem Driver Set
SAMSUNG Mobile Composite Device Software
Samsung Mobile phone USB driver Software
SAMSUNG Mobile USB Modem 1.0 Software
SAMSUNG Mobile USB Modem Software
Samsung PC Studio
Samsung PC Studio 3 USB Driver Installer
Skype™ 3.6
Synaptics Pointing Device Driver
The Sims™ Castaway Stories
VideoLAN VLC media player 0.8.6d
Windows Driver Package - Intel (NETw4x32) net (09/26/2007 11.5.0.32)
Windows Driver Package - Intel (w29n51) net (07/25/2007 9.0.4.37)
Windows Driver Package - Intel net (09/26/2007 11.5.0.32)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Live installer
Windows Live Messenger
Windows Live Oturum Açma Yardımcısı
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player (KB911564) için Güvenlik Güncelleştirmesi
Windows Media Player 11
Windows Media Player 11
Windows Media Player 11 (KB936782) için Güvenlik Güncelleştirmesi
Windows Media Player 11 (KB939683) için Düzeltme
Windows Media Player 6.4 (KB925398) için Güvenlik Güncelleştirmesi
Windows Media Player 9 (KB936782) için Güvenlik Güncelleştirmesi
Windows XP (KB941569) için Güvenlik Güncelleştirmesi
Windows XP Düzeltme - KB873339
Windows XP Düzeltme - KB885835
Windows XP Düzeltme - KB885836
Windows XP Düzeltme - KB886185
Windows XP Düzeltme - KB887472
Windows XP Düzeltme - KB888302
Windows XP Düzeltme - KB890859
Windows XP Düzeltme - KB891781
Windows XP için Düzeltme (KB935448)
Windows XP için Güncelleştirme (KB894391)
Windows XP için Güncelleştirme (KB898461)
Windows XP için Güncelleştirme (KB900485)
Windows XP için Güncelleştirme (KB908531)
Windows XP için Güncelleştirme (KB910437)
Windows XP için Güncelleştirme (KB911280)
Windows XP için Güncelleştirme (KB916595)
Windows XP için Güncelleştirme (KB920872)
Windows XP için Güncelleştirme (KB922582)
Windows XP için Güncelleştirme (KB927891)
Windows XP için Güncelleştirme (KB930916)
Windows XP için Güncelleştirme (KB936357)
Windows XP için Güncelleştirme (KB938828)
Windows XP için Güncelleştirme (KB942763)
Windows XP için Güncelleştirme (KB942840)
Windows XP için Güvenlik Güncelleştirmesi (KB890046)
Windows XP için Güvenlik Güncelleştirmesi (KB893756)
Windows XP için Güvenlik Güncelleştirmesi (KB896358)
Windows XP için Güvenlik Güncelleştirmesi (KB896423)
Windows XP için Güvenlik Güncelleştirmesi (KB896428)
Windows XP için Güvenlik Güncelleştirmesi (KB899587)
Windows XP için Güvenlik Güncelleştirmesi (KB899591)
Windows XP için Güvenlik Güncelleştirmesi (KB900725)
Windows XP için Güvenlik Güncelleştirmesi (KB901017)
Windows XP için Güvenlik Güncelleştirmesi (KB901214)
Windows XP için Güvenlik Güncelleştirmesi (KB902400)
Windows XP için Güvenlik Güncelleştirmesi (KB905414)
Windows XP için Güvenlik Güncelleştirmesi (KB905749)
Windows XP için Güvenlik Güncelleştirmesi (KB908519)
Windows XP için Güvenlik Güncelleştirmesi (KB911562)
Windows XP için Güvenlik Güncelleştirmesi (KB911927)
Windows XP için Güvenlik Güncelleştirmesi (KB913580)
Windows XP için Güvenlik Güncelleştirmesi (KB914388)
Windows XP için Güvenlik Güncelleştirmesi (KB914389)
Windows XP için Güvenlik Güncelleştirmesi (KB917344)
Windows XP için Güvenlik Güncelleştirmesi (KB918118)
Windows XP için Güvenlik Güncelleştirmesi (KB918439)
Windows XP için Güvenlik Güncelleştirmesi (KB919007)
Windows XP için Güvenlik Güncelleştirmesi (KB920213)
Windows XP için Güvenlik Güncelleştirmesi (KB920670)
Windows XP için Güvenlik Güncelleştirmesi (KB920683)
Windows XP için Güvenlik Güncelleştirmesi (KB920685)
Windows XP için Güvenlik Güncelleştirmesi (KB922819)
Windows XP için Güvenlik Güncelleştirmesi (KB923191)
Windows XP için Güvenlik Güncelleştirmesi (KB923414)
Windows XP için Güvenlik Güncelleştirmesi (KB923789)
Windows XP için Güvenlik Güncelleştirmesi (KB923980)
Windows XP için Güvenlik Güncelleştirmesi (KB924270)
Windows XP için Güvenlik Güncelleştirmesi (KB924496)
Windows XP için Güvenlik Güncelleştirmesi (KB924667)
Windows XP için Güvenlik Güncelleştirmesi (KB925902)
Windows XP için Güvenlik Güncelleştirmesi (KB926255)
Windows XP için Güvenlik Güncelleştirmesi (KB926436)
Windows XP için Güvenlik Güncelleştirmesi (KB927779)
Windows XP için Güvenlik Güncelleştirmesi (KB927802)
Windows XP için Güvenlik Güncelleştirmesi (KB928255)
Windows XP için Güvenlik Güncelleştirmesi (KB928843)
Windows XP için Güvenlik Güncelleştirmesi (KB929123)
Windows XP için Güvenlik Güncelleştirmesi (KB930178)
Windows XP için Güvenlik Güncelleştirmesi (KB931261)
Windows XP için Güvenlik Güncelleştirmesi (KB931784)
Windows XP için Güvenlik Güncelleştirmesi (KB932168)
Windows XP için Güvenlik Güncelleştirmesi (KB933729)
Windows XP için Güvenlik Güncelleştirmesi (KB935839)
Windows XP için Güvenlik Güncelleştirmesi (KB935840)
Windows XP için Güvenlik Güncelleştirmesi (KB936021)
Windows XP için Güvenlik Güncelleştirmesi (KB937894)
Windows XP için Güvenlik Güncelleştirmesi (KB938127)
Windows XP için Güvenlik Güncelleştirmesi (KB938829)
Windows XP için Güvenlik Güncelleştirmesi (KB941202)
Windows XP için Güvenlik Güncelleştirmesi (KB941568)
Windows XP için Güvenlik Güncelleştirmesi (KB941644)
Windows XP için Güvenlik Güncelleştirmesi (KB941693)
Windows XP için Güvenlik Güncelleştirmesi (KB943055)
Windows XP için Güvenlik Güncelleştirmesi (KB943460)
Windows XP için Güvenlik Güncelleştirmesi (KB943485)
Windows XP için Güvenlik Güncelleştirmesi (KB944338)
Windows XP için Güvenlik Güncelleştirmesi (KB944533)
Windows XP için Güvenlik Güncelleştirmesi (KB944653)
Windows XP için Güvenlik Güncelleştirmesi (KB945553)
Windows XP için Güvenlik Güncelleştirmesi (KB946026)
Windows XP için Güvenlik Güncelleştirmesi (KB947864)
Windows XP için Güvenlik Güncelleştirmesi (KB948590)
Windows XP için Güvenlik Güncelleştirmesi (KB948881)
WinRAR archiver
Xfire (remove only)

Thank you :thumbsup:

#11 bamajim

bamajim

  • Members
  • 894 posts
  • OFFLINE
  •  
  • Local time:11:05 AM

Posted 27 May 2008 - 07:58 AM

cordor

You are most welcome.

This is going to be a little tricky to fix.

You must print out these instructions to continue. This proceedure requires that all Internet connections be closed as well as any open windows. So you will not be able to view these instructions online.

Also please read through all of the instructions before you begin.

1. We need to make sure we can see hidden files and folders

To enable the viewing of Hidden and System files follow these steps: Right click on Start and select Explore.
Select the Tools menu and click Folder Options.
After the new window appears select the View tab.
Put a checkmark in the checkbox labeled Display the contents of system folders.
Under the Hidden files and folders section select the radio button labeled Show hidden files and folders. Remove the checkmark from the checkbox labeled Hide file extensions for known file types.
Remove the checkmark from the checkbox labeled Hide protected operating system files.
Click Yes To confirm
Press the Apply button and then the OK button.
2.Using Windows Explorer(Right click on "Start," select "Explore," and you will see the "tree' of file folders in the left side of the window. Click on the "+" next to any folder name to expand its contents)
Locate the fileC:\Windows\System32\dllcache\explorer.exe
The icon should resemble a little computer and monitor. If the file is there, then continue with the instructions. If is is not there, then stop and reply. If it is there, then close the open window.

3. Rt click a blank space on your desktop ->> Select New ->> Folder. And name it Junk (or what ever you want).

4. Using windows explorer again open the C:\Windows folder. And locate the explorer.exe file (Note, because the file is infected it may not have the same icon. It may not look the same)
You need to reduce the size of the open explorer window so you are able to see the Junk folder you created on your Desktop and the open window at the same time.

Now Hilite the explorer.exe file, Right Click and hold with the mouse and drag the explorer.exe file to the Junk folder on the desktop and drop it.

Within a few seconds (10 at the most) Windows should automatically replace the missing explorer.exe file with a new copy. Scroll to the bottom of the open C:\Windows folder (the open window) and you should see it at the bottom of the list.

If it is there; close the open windows ->> Reboot your PC ->> rerun Hiajckthis and post a fresh Hijackthis log.

If it is not there, then reply without closing any windows
Posted Image
Microsoft MVP - Windows Security

#12 cordor

cordor
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:11:05 AM

Posted 27 May 2008 - 09:30 AM

Dear bamajim,

I finish my work now. But there is problem here.

I found explorer.exe and replaced it to JUNK folder ( My Virus Program Avast, found Explorer.exe with a Trojan but I didnt do anything.). After this, I open C:\Windows folder and there is a Folder called EXPLORER(hidden folder). I thought that was Explorer.exe :thumbsup: And I reboot my computer, but computer not worked :) Whatever I used CTRL+ALT+Del and worked Explorer.exe manuel..

at the end there is no EXPLORER.Exe in C:\Windows folder . ( Only 1 explorer.exe in C:\Windows\System32\dllcache and 1 on Desktop in JUNK Folder.)

Now what must i do?

Thanx and sorry for my bad english.

#13 bamajim

bamajim

  • Members
  • 894 posts
  • OFFLINE
  •  
  • Local time:11:05 AM

Posted 27 May 2008 - 09:42 AM

cordor

Go to C:\Windows\System32\dllcache folder. Locate the file explorer.exe Right Click ->> Select Copy.

Close that window. Go to C:\Windows folder . Rt click a blank spot in the folder ->> Select Paste. And if prompted to overwrite Select Yes. A copy of the file explorer.exe should now be in C:\Windows folder
Posted Image
Microsoft MVP - Windows Security

#14 cordor

cordor
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:11:05 AM

Posted 27 May 2008 - 09:52 AM

Done.

But avast gave warning , C:\WINDOWS\Explorer.exe

Win32:Trojan-gen

Thanx

Edited by cordor, 27 May 2008 - 09:53 AM.


#15 bamajim

bamajim

  • Members
  • 894 posts
  • OFFLINE
  •  
  • Local time:11:05 AM

Posted 27 May 2008 - 09:56 AM

cordor

Did you get that warning from the file in C:\Windows\System32\dllcache ?

And what does the icon look like on explorer.exe in C:\Windows ?
Posted Image
Microsoft MVP - Windows Security




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users