Jump to content


Photo

017 HIJACKER ????


  • Please log in to reply
3 replies to this topic

#1 im spartacas

im spartacas

    spyware+virus prevention is better than cure

  • Full Member
  • Pip
  • 26 posts

Posted 29 May 2007 - 10:39 PM

i first noticed i could not log on to a couple of sites ,then i could not send emails from my gmail acc.
the first 2 days i just thought it was my poor connection GPRS(no phone lines where i live)..
i scaned with everthing all clean every time thats why i still thought it was bad connection after 3 days..
i then used hjt saw the 017 fixed it but it just kept coming back.. by the time i tried to post on the site i could not add any atccments then could not post at all ..
i have reformated and im in the middle of getting everythimg back to norm, i have noticed they are back ..
everytime i connect they are there !!! even after i fix them with HJT
every time i try to install sun java it gets to a point it cant connect to get the files, im really woried about this so am posting now to try and find out if it is a hijacking or something else

thanks anybody for taking the time to help me with this problem :cool:


i will have to copy and paste hjt log as i cant add attc again..

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 10:27:08 AM, on 5/30/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Comodo\CBOClean\BOCORE.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\PROGRA~1\Comodo\CBOClean\BOC423.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SpeedFan\speedfan.exe
C:\Program Files\mobile PhoneTools\mPhonetools.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HJT 2\HiJackThis_v2.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.th/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://fwalerts.zone...oduct=ZoneAlarm
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [BOC-423] C:\PROGRA~1\Comodo\CBOClean\BOC423.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'Default user')
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{05FBCCFB-47E3-4B8E-8034-61769DCD0C11}: NameServer = 203.146.237.237 203.149.0.2
O17 - HKLM\System\CS1\Services\Tcpip\..\{05FBCCFB-47E3-4B8E-8034-61769DCD0C11}: NameServer = 203.146.237.237 203.149.0.2
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: BOCore - COMODO - C:\Program Files\Comodo\CBOClean\BOCORE.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 4841 bytes
windows xp pro,sp2,most updates,vga inno fx5200,1G ram,
REALTIME: zone alarm firewall,avast pro antivirus,spyware terminator,peerguardian 2,spyware blaster,firefox 2: ON DEMAND: spybot search and destroy,superantispyware,bitdefender 8,security task manager ,code stuff starter,AVG anti-rootkit , hijackthis beta 2.0, advanced windows care v2 personal

#2 SWI Support Robot

SWI Support Robot

    Helper robot

  • SWI Bot
  • PipPipPipPipPip
  • 23,523 posts

Posted 01 June 2007 - 06:30 AM

Welcome to SWI. We apologize for the delay; our helpers have been very busy.
If you have not received help after 3 days, please CLICK HERE, and post a link to your log and the date it was originally posted.

Thank you for your patience.

[this is an automated reply]
This is an automated message. It does not count as help.

#3 dave38

dave38

    Devout Murphyite!

  • Emeritus
  • PipPipPipPipPip
  • 8,508 posts

Posted 03 June 2007 - 05:08 PM

Those o17 entries are for your ISP and are quite OK.
Be wary of strong drink. It may make you shoot at tax collectors, and miss!
Please support SWI forum

#4 im spartacas

im spartacas

    spyware+virus prevention is better than cure

  • Full Member
  • Pip
  • 26 posts

Posted 03 June 2007 - 07:44 PM

Those o17 entries are for your ISP and are quite OK.

yep things are ok now , had someone else check it out say the same thing ...
thanks for the reply ..
windows xp pro,sp2,most updates,vga inno fx5200,1G ram,
REALTIME: zone alarm firewall,avast pro antivirus,spyware terminator,peerguardian 2,spyware blaster,firefox 2: ON DEMAND: spybot search and destroy,superantispyware,bitdefender 8,security task manager ,code stuff starter,AVG anti-rootkit , hijackthis beta 2.0, advanced windows care v2 personal




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button