Jump to content


Photo

please have a look


  • This topic is locked This topic is locked
3 replies to this topic

#1 hungry

hungry

    Member

  • New Member
  • Pip
  • 1 posts

Posted 15 July 2004 - 06:45 PM

again homepage.cc and alike

please have a look at this log and tell me what do I have to delete

Cya.

Logfile of HijackThis v1.98.0
Scan saved at 1.40.22, on 16/07/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Management\Security\Sygate\SPF\Smc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Management\Security\AVPersonal\AVGUARD.EXE
C:\Programmi\Management\Security\AVPersonal\AVWUPSRV.EXE
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Alcatel\SpeedTouch USB\Dragdiag.exe
C:\Programmi\Management\Security\AVPersonal\AVGNT.EXE
C:\Programmi\Management\Security\hijackthis.exe

F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\Userinit.exe
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\MANAGE~1\Security\SPYBOT~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DOMPeek Class - {834261E1-DD97-4177-853B-C907E5D5BD6E} - C:\WINDOWS\dpe.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programmi\Management\Acrobat\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Programmi\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\MANAGE~1\Security\Sygate\SPF\Smc.exe -startgui
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AVGCtrl] "C:\Programmi\Management\Security\AVPersonal\AVGNT.EXE" /min
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\FRONTP~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.co...wnload/cult.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akama...meInstaller.exe
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://register3.va...OCX/FlashAX.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{0EFBE4B8-A160-4F06-9215-B28B03809BE2}: NameServer = 151.99.125.1 212.216.172.62
O17 - HKLM\System\CS3\Services\Tcpip\..\{0EFBE4B8-A160-4F06-9215-B28B03809BE2}: NameServer = 151.99.125.1 212.216.172.62

#2 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 49,092 posts

Posted 22 July 2004 - 06:35 PM

Hello hungry,

Just so that you know you are not being ignored - I will handle this case for you but
I need to ask for your patience while I review the log.
Please keep an eye on this message for a resolution.
nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760

#3 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 49,092 posts

Posted 22 July 2004 - 09:22 PM

Hello hungry,

Print this topic to make it easier for you to follow the instructions and complete all of the necessary steps.

Download CWShredder.exe CoolWebSearch removal tool from
http://www.spywarein.../CWShredder.exe

Place the download file in it's own folder.

Make sure all browsers and all Windows Explorer windows are closed.

Run the application and be sure to click on the "Fix" button.

When the scan is completed and all files removed, close it.
*
1 - Close all open Explorer windows and browsers
2 - Run HijackThis
3 - Click on the Scan button and when complete
4 - Put a check beside the item listed below if still present
5 - Click on the "Fix Checked" button
6 - When complete and all files removed, close the application

O2 - BHO: DOMPeek Class - {834261E1-DD97-4177-853B-C907E5D5BD6E} - C:\WINDOWS\dpe.dll
*
Reboot, on restart, restart in "Safe Mode".

How To
1 - Restart your computer and start pressing the F8 key on your keyboard. On a computer that is configured for booting to multiple operating systems, you can press the F8 key when you see the Boot Menu.
2 - When the Windows Advanced Options menu appears, select an option, and then press ENTER.
3 - When the Boot menu appears again, and the words "Safe Mode" appear in blue at the bottom, select the installation that you want to start, and then press ENTER.

Remove the files in BOLD if still present.
C:\WINDOWS\dpe.dll <-- file only.
*
Here are some suggestions to reduce the potential for spyware infection in the future. I strongly recommend installing the following :
  • SpywareBlaster - It will prevent most spyware from ever being installed.
  • SpywareGuard - It offers realtime protection from spyware installation attempts.
  • IE-Spyad - IE-Spyad places over 4000 web sites and domains in the IE Restricted list which will severely impair attempts to infect your system. It basically prevents any downloads (cookies etc) from the sites listed, although you will still be able to connect to the sites.
I also recommend reading this article.
How did I get infected in the first place?
http://forums.net-in...?showtopic=3051

Reboot into normal mode and post a fresh log.
nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760

#4 WinHelp2002

WinHelp2002

    Taking back the Internet

  • Global Moderator
  • PipPipPipPipPip
  • 5,365 posts

Posted 18 September 2004 - 10:32 AM

Due to lack of response by the poster this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team an email with the address of the thread. This applies only to the original topic starter. Everyone else please begin a New Topic.
Mike
Former Microsoft MVP Posted Image 1999-2012
"There's no place like 127.0.0.1"
Posted Image
Blocking Malware, Parasites, Hijackers, Trojans, http://www.mvps.org/...p2002/hosts.htm with a HOSTS file




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button