Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

hijackthis problem


  • Please log in to reply
2 replies to this topic

#1 Luky

Luky

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:12:20 AM

Posted 17 May 2005 - 10:15 AM

Excuse me for bad english but I am italian.
My problem: after I have scanned my computer with hijackthis and clic on fixed cecked button, the line checked are not removed. A new scan detect fixed still again.
My computer is windows home edition and user logon is administrator.
I have removed maleware with spybot, adaware, cwshredder, microsoft antispyware and bhodemon. Stopped autorun program with msconfig.

attach my hikackthis log

Tank

Luky

(Moderator Edit: moved from introductions to log forum for team review.jgweed)

Logfile of HijackThis v1.98.2
Scan saved at 12.49.09, on 16/05/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\Programmi\Network Associates\Common Framework\FrameworkService.exe
C:\Programmi\Network Associates\VirusScan\Mcshield.exe
C:\Programmi\Network Associates\VirusScan\VsTskMgr.exe
C:\Programmi\File comuni\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\Messenger\msmsgs.exe
C:\WINDOWS\System32\shnlog.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Programmi\Network Associates\VirusScan\SHSTAT.EXE
C:\Programmi\QuickTime\qttask.exe
C:\Programmi\Network Associates\Common Framework\UpdaterUI.exe
C:\WINDOWS\System32\intmon.exe
C:\Programmi\NETGEAR WG311v2 Adapter\wlancfg5.exe
C:\Programmi\BHODemon 2\BHODemon.exe
C:\Documents and Settings\user\Desktop\HijackThis.exe
C:\WINDOWS\System32\wuauclt.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.quicknavigate.com/search.php?qq=%1
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.quicknavigate.com/bar.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.quicknavigate.com/search.php?qq=%1
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.quicknavigate.com/search.php?qq=%1
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.quicknavigate.com/search.php?qq=%1
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.quicknavigate.com/search.php?qq=%1
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://www.quicknavigate.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - Default URLSearchHook is missing
O2 - BHO: VMHomepage Class - {FFFFFFFF-FFFF-FFFF-FFFF-FFFFFFFFFFFF} - C:\WINDOWS\System32\hp8BF4.tmp
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ShStatEXE] "C:\Prog(rammi\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [Security iGuard] C:\Programmi\Security iGuard\Security iGuard.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [MplSetUp] C:\Programmi\RMClient\MplSetUp.exe
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Programmi\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [JobHisInit] C:\Programmi\RMClient\JobHisInit.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - Startup: BHODemon 2.0.lnk = C:\Programmi\BHODemon 2\BHODemon.exe
O4 - Global Startup: NETGEAR WG311v2 Smart Configuration.lnk = C:\Programmi\NETGEAR WG311v2 Adapter\wlancfg5.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O14 - IERESET.INF: START_PAGE_URL=http://www.olidata.it
O17 - HKLM\System\CCS\Services\Tcpip\..\{72101569-CDD5-4753-BC03-E11C87E2D819}: NameServer = 151.99.125.2,151.99.125.3

Edited by jgweed, 17 May 2005 - 10:20 AM.


BC AdBot (Login to Remove)

 


#2 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,639 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:01:20 AM

Posted 17 May 2005 - 04:25 PM

Please follow the instructions here:

http://www.bleepingcomputer.com/forums/How...tml#entry103417

Reboot and post a new log

#3 Luky

Luky
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:12:20 AM

Posted 18 May 2005 - 10:17 AM

I have resolved the problem tank you very much Grinler.

Luky




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users