|
Hi Cronos, there is the contents of the file: You canFunde fьr "infected" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Mon May 23 23:38:00 2005 => File C:\WINDOWS\svchost.dll infected by "Trojan.Win32.Agent.cl" Virus! Action Taken: No Action Taken. Mon May 23 23:39:37 2005 => File C:\WINDOWS\cmssx.dll infected by "Trojan.Win32.Agent.cl" Virus! Action Taken: No Action Taken. Mon May 23 23:39:38 2005 => File C:\WINDOWS\geffge.dll infected by "Trojan.Win32.Agent.cl" Virus! Action Taken: No Action Taken. Mon May 23 23:39:38 2005 => File C:\WINDOWS\hgfrre.dll infected by "Trojan.Win32.Agent.cl" Virus! Action Taken: No Action Taken. Mon May 23 23:39:42 2005 => File C:\WINDOWS\lsasss.dll infected by "Trojan.Win32.Agent.cl" Virus! Action Taken: No Action Taken. Mon May 23 23:39:46 2005 => File C:\WINDOWS\sddda.dll infected by "Trojan.Win32.Agent.cl" Virus! Action Taken: No Action Taken. Mon May 23 23:39:46 2005 => File C:\WINDOWS\smssrs.dll infected by "Trojan.Win32.Agent.cl" Virus! Action Taken: No Action Taken. Mon May 23 23:39:47 2005 => File C:\WINDOWS\svchos1at.exe infected by "Trojan-Downloader.Win32.Agent.no" Virus! Action Taken: No Action Taken. Mon May 23 23:39:48 2005 => File C:\WINDOWS\uytlkk.dll infected by "Trojan.Win32.Agent.cl" Virus! Action Taken: No Action Taken. Mon May 23 23:39:52 2005 => File C:\WINDOWS\wqgff.dll infected by "Trojan.Win32.Agent.cl" Virus! Action Taken: No Action Taken. Tue May 24 00:18:09 2005 => File C:\Program Files\PestPatrol\Quarantine\20050521115046.zip infected by "Trojan.Win32.Agent.cl" Virus! Action Taken: No Action Taken. Tue May 24 00:18:09 2005 => File C:\Program Files\PestPatrol\Quarantine\20050523113707.zip infected by "Trojan.Win32.Agent.cl" Virus! Action Taken: No Action Taken. Tue May 24 00:36:38 2005 => File C:\WINDOWS\cmssx.dll infected by "Trojan.Win32.Agent.cl" Virus! Action Taken: No Action Taken. Tue May 24 00:38:43 2005 => File C:\WINDOWS\geffge.dll infected by "Trojan.Win32.Agent.cl" Virus! Action Taken: No Action Taken. Tue May 24 00:57:37 2005 => File C:\WINDOWS\hgfrre.dll infected by "Trojan.Win32.Agent.cl" Virus! Action Taken: No Action Taken. Tue May 24 01:09:28 2005 => File C:\WINDOWS\lsasss.dll infected by "Trojan.Win32.Agent.cl" Virus! Action Taken: No Action Taken. Tue May 24 01:27:21 2005 => File C:\WINDOWS\sddda.dll infected by "Trojan.Win32.Agent.cl" Virus! Action Taken: No Action Taken. Tue May 24 01:31:48 2005 => File C:\WINDOWS\smssrs.dll infected by "Trojan.Win32.Agent.cl" Virus! Action Taken: No Action Taken. Tue May 24 01:32:32 2005 => File C:\WINDOWS\svchos1at.exe infected by "Trojan-Downloader.Win32.Agent.no" Virus! Action Taken: No Action Taken. Tue May 24 01:40:09 2005 => File C:\WINDOWS\uytlkk.dll infected by "Trojan.Win32.Agent.cl" Virus! Action Taken: No Action Taken. Tue May 24 01:40:20 2005 => File C:\WINDOWS\wqgff.dll infected by "Trojan.Win32.Agent.cl" Virus! Action Taken: No Action Taken. Tue May 24 01:40:24 2005 => D:\BP\Plamen\Galin\ai.doc possibly infected and removed by background antivirus package! Tue May 24 01:40:24 2005 => File D:\BP\Plamen\Galin\ai.doc infected by "BkCln.Unknown" Virus! Action Taken: No Action Taken. Tue May 24 01:40:24 2005 => D:\BP\Rado\ai.doc possibly infected and removed by background antivirus package! Tue May 24 01:40:24 2005 => File D:\BP\Rado\ai.doc infected by "BkCln.Unknown" Virus! Action Taken: No Action Taken. Tue May 24 01:40:25 2005 => D:\BP\Veneta\Georgi\ai.doc possibly infected and removed by background antivirus package! Tue May 24 01:40:25 2005 => File D:\BP\Veneta\Georgi\ai.doc infected by "BkCln.Unknown" Virus! Action Taken: No Action Taken. Tue May 24 01:45:17 2005 => Total Disinfected Files: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Funde fьr "tagged" |
Download Killbox 1. Start your PC in the save mode and deactivate the system recovery. 2.Open Killbox 3. Copy the first file mentionend "infected" by th eScan_neu.txt and paste it into Killbox 3.Choose "Delete on reboot" 4. Press the red x 5.Answer the next question with "yes" the following with "no" 6. Copy&paste the other files mentioned "infected" the same way 7. If you reached the last file answer both questions with "yes" Now your PC will reboot. Boot in the "normal mode" and post a new Hijackthis Logfile. |
@guchev I don't understand your really. Zitat:
Why do you remain with total compromitzed PC online? Please read here once more: http://www.trojaner-board.de/showpos...39&postcount=7 |
I have a software on my computer which can be installed only in Bulgaria and i am dont know when i will be going there. I need the software for my business. Plus the system even compromised works. I did read the article you sent me , the author suggests that the system MIGHT be compromised. And as i mentioned it works it disconects me only if i use iexplorer. The system is stable with Firefox. Plus i have to pay respect to CRONOS and try his metod of removing the bug.He apperantly belive it COULD be done. Where are YOU from? Best regards |
Hi Cronos, Very good instructions. All done. Is it OK? I am going to play volayball now and will be back i 2hrs to see how the system performs. Thnaks Logfile of HijackThis v1.99.1 Scan saved at 20:38:07, on 24/05/2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\svchost.exe C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe C:\WINDOWS\system32\tcpsvcs.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\sony\vaio power management\SPMgr.exe C:\Program Files\Sony\HotKey Utility\HKserv.exe C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe C:\Program Files\Trend Micro\Internet Security 2005\pccguide.exe C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe C:\Program Files\Sony\HotKey Utility\HKWnd.exe C:\WINDOWS\msexploren.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\SpeedTouch\Dr SpeedTouch\drst.exe C:\WINDOWS\system32\wuauclt.exe C:\Documents and Settings\Do\Desktop\HijackThis.exe C:\WINDOWS\System32\wbem\wmiprvse.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Wanadoo O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: CDllBho Object - {5A5B6916-ED71-4531-8018-E792DD44156E} - C:\WINDOWS\dd.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: Wanadoo - {8B68564D-53FD-4293-B80C-993A9F3988EE} - C:\PROGRA~1\Wanadoo\WSBar\WSBar.dll O4 - HKLM\..\Run: [SonyPowerCfg] C:\Program Files\sony\vaio power management\SPMgr.exe O4 - HKLM\..\Run: [HKSERV.EXE] C:\Program Files\Sony\HotKey Utility\HKserv.exe O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2005\pccguide.exe" O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon O4 - HKLM\..\Run: [WinAmpAgent] C:\WINDOWS\msexploren.exe /i O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [STManager] "C:\Program Files\SpeedTouch\Dr SpeedTouch\drst.exe" -b O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Search with Wanadoo - res://C:\PROGRA~1\Wanadoo\WSBar\WSBar.dll/VSearch.htm O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://www.wanadoo.co.uk/ O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.co...?1101113700534 O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{6A6CAAD3-568E-458F-89BF-6112A909EBF6}: NameServer = 195.92.195.95 195.92.195.94 O17 - HKLM\System\CCS\Services\Tcpip\..\{790AD587-6869-42D7-B3FA-185119EFE956}: NameServer = 192.168.1.5 O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe |
@ guchev Sorry but your PC is infected with that one. O4 - HKLM\..\Run: [WinAmpAgent] C:\WINDOWS\msexploren.exe /i http://www.sophos.com/virusinfo/anal...ojbdooreb.html I think you should really think about flatten rebuild as rene-gad mentioned before. Was quite unsafe in your case but now I am sure theres no other way to go. Sry |
Thanks to everybody who participated in the atempt of resolving my problem. I will clean my computer asap. I am busy and i havent got much time to experiment and play so i am not quite sure what is the best protection available at the moment. I mean protection from Viruses, Trojans, Spyware etc. Bear in mind i do like my computer to work fast as well not beeing clogged with a lot of programs. THANK you agaian |
Try to flatten&rebuild your system by that link: http://www.trojaner-board.de/showthread.php?t=12154 I´ll think you will get that link.Otherwise use P.Ms to contact me! Perhaps we´ll dance in Sofia :crazy: with my deepest regrets for your system Cronos P.S: In July I will be in Eire...-> Dublin |
| Alle Zeitangaben in WEZ +1. Es ist jetzt 03:26 Uhr. |
Copyright ©2000-2025, Trojaner-Board