Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Help me please! hhnt.exe


  • Please log in to reply
11 replies to this topic

#1 suamplis

suamplis

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:06:43 PM

Posted 16 December 2004 - 06:16 AM

I need yours help!

I have a problem with hijack buldog-search and hhnt.exe. At the end is my log...


I´ve tried to fix

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.buldog-search.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.buldog-search.com/
and
O4 - HKCU\..\Run: [MSAgent] C:\WINDOWS\hhnt.exe

I´ve tried delete C:\WINDOWS\hhnt.exe and when I reboot my system its appear!!
I´ve tried using AdAware, trojanhunter, Xcleaner,spyhunterS, etc.. and no results

Please, anybody give me any idea...

Note: I,ve not the C:\WINDOWS\mshtm.exe file...

Thanks



Logfile of HijackThis v1.98.2
Scan saved at 15:41:38, on 15/12/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Archivos de programa\Trend Micro\OfficeScan Client\ntrtscan.exe
D:\oracle\ora92\bin\omtsreco.exe
C:\Archivos de programa\Trend Micro\OfficeScan Client\ofcdog.exe
C:\Archivos de programa\Reflection\rtsserv.exe
C:\TIBCO\adapter\adsbl\4.2\bin\adsblDTA.exe
C:\WINDOWS\System32\svchost.exe
C:\Archivos de programa\Trend Micro\OfficeScan Client\tmlisten.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\Archivos de programa\Internet Explorer\iexplore.exe
C:\WINDOWS\Explorer.EXE
C:\Archivos de programa\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Archivos de programa\Internet Explorer\iexplore.exe
C:\Archivos de programa\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\userinit.exe
C:\Archivos de programa\Trend Micro\OfficeScan Client\pccntmon.exe
C:\Archivos de programa\Internet Explorer\iexplore.exe
C:\Archivos de programa\Internet Explorer\Iexplore.exe
C:\Archivos de programa\Kerio\Personal Firewall\PERSFW.EXE
C:\Documents and Settings\porgarma\Escritorio\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.buldog-search.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.buldog-search.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Archivos de programa\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\ARCHIV~1\FlashGet\jccatch.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\ARCHIV~1\FlashGet\fgiebar.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [] "C:\Archivos de programa\Trend Micro\OfficeScan Client\"
O4 - HKCU\..\Run: [MSAgent] C:\WINDOWS\hhnt.exe
O8 - Extra context menu item: Descargar con Fl&ashGet - C:\ARCHIV~1\FlashGet\jc_link.htm
O8 - Extra context menu item: Descargar todo con Flas&hGet - C:\ARCHIV~1\FlashGet\jc_all.htm
O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\ARCHIV~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Archivos de programa\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Consola de Sun Java - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Archivos de programa\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\ARCHIV~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\ARCHIV~1\FlashGet\flashget.exe
O12 - Plugin for .rx: C:\Archivos de programa\Internet Explorer\Plugins\iewrqxrx.dll
O12 - Plugin for .rxc: C:\Archivos de programa\Internet Explorer\Plugins\iewrqxrx.dll
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = albura.com
O17 - HKLM\Software\..\Telephony: DomainName = juani.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = juani.com
O21 - SSODL: Web Event Logger - {7CFBACFF-EE01-1231-ABDD-416592E5D639} - C:\WINDOWS\System32\Fodede32.dll

BC AdBot (Login to Remove)

 


m

#2 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,394 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:06:43 PM

Posted 16 December 2004 - 05:45 PM

Hi if you are still having a problem:

You are using an outdated version of hijackthis. Please download the newer version.

Download HijackThis from:

HijackThis Download Site

Then post a new log

#3 suamplis

suamplis
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:06:43 PM

Posted 22 December 2004 - 04:55 AM

Sorry but i have the newest version, so the log is the same... :thumbsup:

Thanks! I´ve been waiting for some help

#4 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,394 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:06:43 PM

Posted 22 December 2004 - 04:21 PM

You have hijackthis version 1.99.0? I should be seeing more stuff on a windows xp machine. Please post a log from that versionof hijackthis

#5 needhelp

needhelp

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:06:43 PM

Posted 23 December 2004 - 09:01 AM

please help me it drives me mad :thumbsup:(((

i tried to do what you explained but it seems that it doesn't work


R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.fr/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.buldog-search.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.buldog-search.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.wanadoo.fr
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wanadoo.fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {E42C556F-CADF-E80D-89AA-E0ABAE740DE2} - E:\WINDOWS.0\System32\huix.dll
O4 - HKLM\..\Run: [MSConfig] E:\WINDOWS.0\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [TkBellExe] "E:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] D:\javasnoop\jre\bin\jusched.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SO5 Integrator Pass Two] E:\WINDOWS.0\SOINTGR.EXE
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NVIDIA nForce APU1 Utilities] NVATray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [NeroCheck] E:\WINDOWS.0\system32\NeroCheck.exe
O4 - HKLM\..\Run: [GSICONEXE] GSICON.EXE
O4 - HKLM\..\Run: [DSLAGENTEXE] DSLAGENT.EXE
O4 - HKLM\..\Run: [AVGCtrl] E:\Program Files\AVPersonal\AVGNT.EXE /min
O4 - HKLM\..\Run: [TPP Auto Loader] E:\WINDOWS.0\tppaldr.exe
O4 - HKLM\..\Run: [IE Menu Extension toolbar] rundll32.exe "E:\PROGRA~1\IEMENU~1\tbextn.dll" DllShowTB
O4 - HKCU\..\Run: [Umts] E:\Documents and Settings\westcoast\Application Data\nomp.exe
O4 - HKCU\..\Run: [MsnMsgr] "E:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Mcggwq] E:\WINDOWS.0\System32\??oolsv.exe
O4 - HKCU\..\Run: [MSAgent] E:\WINDOWS.0\hhnt.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = E:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = D:\office\Office10\OSA.EXE
O4 - Global Startup: AOL 8.0 Icône AOL.lnk = E:\Program Files\AOL 8.0\aoltray.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\office\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\javasnoop\jre\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\javasnoop\jre\bin\npjpi150.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - E:\WINDOWS.0\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - E:\WINDOWS.0\web\related.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\MSMSGS.EXE (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\MSMSGS.EXE (file missing)
O12 - Plugin for .spop: E:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=about:blank
O15 - Trusted Zone: *.skoobidoo.com
O15 - Trusted IP range: 67.19.178.84
O15 - Trusted IP range: 67.19.178.84 (HKLM)
O16 - DPF: fdjeux - https://www.fdjeux.net/classes/fdjeux.cab
O16 - DPF: Interface Chat Voila - http://chat14.x-echo.com/version3/Applet/vchatsign.cab
O16 - DPF: {00000000-0000-0000-0000-000020030000} - http://www.advnt01.com/dialer/france_new.exe
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/CDTInc/ie/bridge-c15.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/EP...l_v1-0-3-17.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/25d15f4bdfc80c...RdxIE601_fr.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {79849612-A98F-45B8-95E9-4D13C7B6B35C} (Loader2 Control) - http://209.8.20.130/tb/loader2.ocx
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} (MediaTicketsInstaller Control) - http://www.mt-download.com/MediaTicketsIns....cab?refid=3680
O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.com/players/play365.cab
O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} (EPSImageControl Class) - http://tools.ebayimg.com/eps/activex/EPSControl_v1-0-3-0.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{1D5D9457-A636-419A-97B8-28272B990B86}: NameServer = 80.10.246.130 80.10.246.3
O23 - Service: Adobe LM Service - Unknown - E:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AntiVir Service - H+BEDV Datentechnik GmbH - E:\Program Files\AVPersonal\AVGUARD.EXE
O23 - Service: AntiVir Update - H+BEDV Datentechnik GmbH, Germany - E:\Program Files\AVPersonal\AVWUPSRV.EXE
O23 - Service: Service d'administration du Gestionnaire de disque logique - Unknown - E:\WINDOWS.0\System32\dmadmin.exe
O23 - Service: Journal des événements - Unknown - E:\WINDOWS.0\system32\services.exe
O23 - Service: Service COM de gravage de CD IMAPI - Unknown - E:\WINDOWS.0\System32\imapi.exe
O23 - Service: Macromedia Licensing Service - Unknown - E:\Program Files\Fichiers communs\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Partage de Bureau à distance NetMeeting - Unknown - E:\WINDOWS.0\System32\mnmsrvc.exe
O23 - Service: DDE réseau - Unknown - E:\WINDOWS.0\system32\netdde.exe
O23 - Service: DSDM DDE réseau - Unknown - E:\WINDOWS.0\system32\netdde.exe
O23 - Service: NVIDIA Driver Helper Service - NVIDIA Corporation - E:\WINDOWS.0\System32\nvsvc32.exe
O23 - Service: Plug-and-Play - Unknown - E:\WINDOWS.0\system32\services.exe
O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance - Unknown - E:\WINDOWS.0\system32\sessmgr.exe
O23 - Service: Prise en charge des cartes à puces - Unknown - E:\WINDOWS.0\System32\SCardSvr.exe
O23 - Service: Carte à puce - Unknown - E:\WINDOWS.0\System32\SCardSvr.exe
O23 - Service: Journaux et alertes de performance - Unknown - E:\WINDOWS.0\system32\smlogsvc.exe
O23 - Service: Cliché instantané de volume - Unknown - E:\WINDOWS.0\System32\vssvc.exe
O23 - Service: WAN Miniport (ATW) Service - America Online, Inc. - E:\WINDOWS.0\wanmpsvc.exe
O23 - Service: Carte de performance WMI - Unknown - E:\WINDOWS.0\System32\wbem\wmiapsrv.exe


please i was interupted 7 times while doing this message

#6 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,394 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:06:43 PM

Posted 23 December 2004 - 10:13 AM

Print out these instructions and then close all windows including Internet Explorer.

Then I want you to fix some of those entries. Please do the following:

Please make sure that you can view all hidden files. Instructions on how to do this can be found here:

How to see hidden files in Windows

Run Hijackthis again, click scan, and Put a checkmark next to each of these. Then click the Fix button:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.buldog-search.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.buldog-search.com/
O2 - BHO: (no name) - {E42C556F-CADF-E80D-89AA-E0ABAE740DE2} - E:\WINDOWS.0\System32\huix.dll
O4 - HKLM\..\Run: [IE Menu Extension toolbar] rundll32.exe "E:\PROGRA~1\IEMENU~1\tbextn.dll" DllShowTB
O4 - HKCU\..\Run: [Umts] E:\Documents and Settings\westcoast\Application Data\nomp.exe
O4 - HKCU\..\Run: [Mcggwq] E:\WINDOWS.0\System32\??oolsv.exe
O4 - HKCU\..\Run: [MSAgent] E:\WINDOWS.0\hhnt.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\MSMSGS.EXE (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\MSMSGS.EXE (file missing)
O14 - IERESET.INF: START_PAGE_URL=about:blank
O15 - Trusted Zone: *.skoobidoo.com
O15 - Trusted IP range: 67.19.178.84
O15 - Trusted IP range: 67.19.178.84 (HKLM)
O16 - DPF: fdjeux - https://www.fdjeux.net/classes/fdjeux.cab
O16 - DPF: Interface Chat Voila - http://chat14.x-echo.com/version3/Applet/vchatsign.cab
O16 - DPF: {00000000-0000-0000-0000-000020030000} - http://www.advnt01.com/dialer/france_new.exe
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/CDTInc/ie/bridge-c15.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/25d15f4bdfc80c...RdxIE601_fr.cab
O16 - DPF: {79849612-A98F-45B8-95E9-4D13C7B6B35C} (Loader2 Control) - http://209.8.20.130/tb/loader2.ocx
O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} (MediaTicketsInstaller Control) - http://www.mt-download.com/MediaTicketsIns....cab?refid=3680

Reboot your computer into Safe Mode

Then delete these files or directories (Do not be concerned if they do not exist)

E:\WINDOWS.0\System32\huix.dll
E:\PROGRAM FILES\IEMENU~1\
E:\Documents and Settings\westcoast\Application Data\nomp.exe
E:\WINDOWS.0\hhnt.exe


Reboot your computer to go back to normal mode and post a new log.

#7 needhelp

needhelp

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:06:43 PM

Posted 23 December 2004 - 11:14 AM

thx but...it doesn't work

this is the log after the reboot


R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.fr/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.buldog-search.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.buldog-search.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.wanadoo.fr
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wanadoo.fr
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O4 - HKLM\..\Run: [TkBellExe] "E:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] D:\javasnoop\jre\bin\jusched.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SO5 Integrator Pass Two] E:\WINDOWS.0\SOINTGR.EXE
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NVIDIA nForce APU1 Utilities] NVATray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [NeroCheck] E:\WINDOWS.0\system32\NeroCheck.exe
O4 - HKLM\..\Run: [GSICONEXE] GSICON.EXE
O4 - HKLM\..\Run: [DSLAGENTEXE] DSLAGENT.EXE
O4 - HKLM\..\Run: [AVGCtrl] E:\Program Files\AVPersonal\AVGNT.EXE /min
O4 - Global Startup: Adobe Gamma Loader.lnk = E:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = D:\office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\office\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\javasnoop\jre\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\javasnoop\jre\bin\npjpi150.dll
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/CDTInc/ie/bridge-c15.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.com/players/play365.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{1D5D9457-A636-419A-97B8-28272B990B86}: NameServer = 80.10.246.1 80.10.246.132
O23 - Service: Adobe LM Service - Unknown - E:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AntiVir Service - H+BEDV Datentechnik GmbH - E:\Program Files\AVPersonal\AVGUARD.EXE
O23 - Service: AntiVir Update - H+BEDV Datentechnik GmbH, Germany - E:\Program Files\AVPersonal\AVWUPSRV.EXE
O23 - Service: Service d'administration du Gestionnaire de disque logique - Unknown - E:\WINDOWS.0\System32\dmadmin.exe
O23 - Service: Journal des événements - Unknown - E:\WINDOWS.0\system32\services.exe
O23 - Service: Service COM de gravage de CD IMAPI - Unknown - E:\WINDOWS.0\System32\imapi.exe
O23 - Service: Macromedia Licensing Service - Unknown - E:\Program Files\Fichiers communs\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Partage de Bureau à distance NetMeeting - Unknown - E:\WINDOWS.0\System32\mnmsrvc.exe
O23 - Service: DDE réseau - Unknown - E:\WINDOWS.0\system32\netdde.exe
O23 - Service: DSDM DDE réseau - Unknown - E:\WINDOWS.0\system32\netdde.exe
O23 - Service: NVIDIA Driver Helper Service - NVIDIA Corporation - E:\WINDOWS.0\System32\nvsvc32.exe
O23 - Service: Plug-and-Play - Unknown - E:\WINDOWS.0\system32\services.exe
O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance - Unknown - E:\WINDOWS.0\system32\sessmgr.exe
O23 - Service: Prise en charge des cartes à puces - Unknown - E:\WINDOWS.0\System32\SCardSvr.exe
O23 - Service: Carte à puce - Unknown - E:\WINDOWS.0\System32\SCardSvr.exe
O23 - Service: Journaux et alertes de performance - Unknown - E:\WINDOWS.0\system32\smlogsvc.exe
O23 - Service: Cliché instantané de volume - Unknown - E:\WINDOWS.0\System32\vssvc.exe
O23 - Service: WAN Miniport (ATW) Service - America Online, Inc. - E:\WINDOWS.0\wanmpsvc.exe
O23 - Service: Carte de performance WMI - Unknown - E:\WINDOWS.0\System32\wbem\wmiapsrv.exe


i've never seen a virus like this one before

#8 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,394 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:06:43 PM

Posted 23 December 2004 - 12:23 PM

Patience, this stuff usually takes a few tries.

You are not posting the entire log. I need to see the entire log before i can help you. Please report a new log, without leaving anything out

#9 needhelp

needhelp

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:06:43 PM

Posted 26 December 2004 - 10:58 AM

ok

Logfile of HijackThis v1.99.0
Scan saved at 17:10:20, on 23/12/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
E:\WINDOWS.0\System32\smss.exe
E:\WINDOWS.0\system32\winlogon.exe
E:\WINDOWS.0\system32\services.exe
E:\WINDOWS.0\system32\lsass.exe
E:\WINDOWS.0\system32\svchost.exe
E:\WINDOWS.0\System32\svchost.exe
E:\WINDOWS.0\system32\spoolsv.exe
E:\Program Files\AVPersonal\AVGUARD.EXE
E:\Program Files\AVPersonal\AVWUPSRV.EXE
E:\WINDOWS.0\System32\svchost.exe
E:\WINDOWS.0\wanmpsvc.exe
E:\WINDOWS.0\Explorer.EXE
E:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
D:\javasnoop\jre\bin\jusched.exe
E:\WINDOWS.0\SOUNDMAN.EXE
E:\WINDOWS.0\SOINTGR.EXE
E:\WINDOWS.0\System32\NVATray.exe
E:\WINDOWS.0\System32\RUNDLL32.EXE
E:\WINDOWS.0\System32\GSICON.EXE
E:\WINDOWS.0\System32\DSLAGENT.EXE
E:\Program Files\AVPersonal\AVGNT.EXE
E:\WINDOWS.0\tppaldr.exe
E:\Program Files\MSN Messenger\MsnMsgr.Exe
E:\WINDOWS.0\System32\wuauclt.exe
E:\WINDOWS.0\System32\msiexec.exe
C:\Documents and Settings\westcoast\Mes documents\Mes fichiers reçus\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.fr/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.buldog-search.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.buldog-search.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.wanadoo.fr
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wanadoo.fr
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O4 - HKLM\..\Run: [TkBellExe] "E:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] D:\javasnoop\jre\bin\jusched.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SO5 Integrator Pass Two] E:\WINDOWS.0\SOINTGR.EXE
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NVIDIA nForce APU1 Utilities] NVATray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [NeroCheck] E:\WINDOWS.0\system32\NeroCheck.exe
O4 - HKLM\..\Run: [GSICONEXE] GSICON.EXE
O4 - HKLM\..\Run: [DSLAGENTEXE] DSLAGENT.EXE
O4 - HKLM\..\Run: [AVGCtrl] E:\Program Files\AVPersonal\AVGNT.EXE /min
O4 - Global Startup: Adobe Gamma Loader.lnk = E:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = D:\office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\office\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\javasnoop\jre\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\javasnoop\jre\bin\npjpi150.dll
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/CDTInc/ie/bridge-c15.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.com/players/play365.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{1D5D9457-A636-419A-97B8-28272B990B86}: NameServer = 80.10.246.1 80.10.246.132
O23 - Service: Adobe LM Service - Unknown - E:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AntiVir Service - H+BEDV Datentechnik GmbH - E:\Program Files\AVPersonal\AVGUARD.EXE
O23 - Service: AntiVir Update - H+BEDV Datentechnik GmbH, Germany - E:\Program Files\AVPersonal\AVWUPSRV.EXE
O23 - Service: Service d'administration du Gestionnaire de disque logique - Unknown - E:\WINDOWS.0\System32\dmadmin.exe
O23 - Service: Journal des événements - Unknown - E:\WINDOWS.0\system32\services.exe
O23 - Service: Service COM de gravage de CD IMAPI - Unknown - E:\WINDOWS.0\System32\imapi.exe
O23 - Service: Macromedia Licensing Service - Unknown - E:\Program Files\Fichiers communs\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Partage de Bureau à distance NetMeeting - Unknown - E:\WINDOWS.0\System32\mnmsrvc.exe
O23 - Service: DDE réseau - Unknown - E:\WINDOWS.0\system32\netdde.exe
O23 - Service: DSDM DDE réseau - Unknown - E:\WINDOWS.0\system32\netdde.exe
O23 - Service: NVIDIA Driver Helper Service - NVIDIA Corporation - E:\WINDOWS.0\System32\nvsvc32.exe
O23 - Service: Plug-and-Play - Unknown - E:\WINDOWS.0\system32\services.exe
O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance - Unknown - E:\WINDOWS.0\system32\sessmgr.exe
O23 - Service: Prise en charge des cartes à puces - Unknown - E:\WINDOWS.0\System32\SCardSvr.exe
O23 - Service: Carte à puce - Unknown - E:\WINDOWS.0\System32\SCardSvr.exe
O23 - Service: Journaux et alertes de performance - Unknown - E:\WINDOWS.0\system32\smlogsvc.exe
O23 - Service: Cliché instantané de volume - Unknown - E:\WINDOWS.0\System32\vssvc.exe
O23 - Service: WAN Miniport (ATW) Service - America Online, Inc. - E:\WINDOWS.0\wanmpsvc.exe
O23 - Service: Carte de performance WMI - Unknown - E:\WINDOWS.0\System32\wbem\wmiapsrv.exe

thx again for your help

#10 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,394 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:06:43 PM

Posted 26 December 2004 - 04:15 PM

Fix these with hijackthis, reboot and post a new log:


R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.buldog-search.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.buldog-search.com/
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/CDTInc/ie/bridge-c15.cab
O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.com/players/play365.cab

#11 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,394 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:06:43 PM

Posted 31 December 2004 - 03:28 PM

alpsemercioz,

Please create a new topic for your problem. Do not add your topic to an existing one

#12 alpsemercioz

alpsemercioz

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:06:43 PM

Posted 31 December 2004 - 07:37 PM

sorry, i'm new here, i will create a new topic. thanx..




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users