Options

mr

Unknown
edited June 2007 in Spyware & Virus Removal
hi...i am having a damn virus..win32/trojan.downloader.Ani.gen trojan...here is my post...Logfile of HijackThis v1.99.1
Scan saved at 7:46:05 PM, on 6/9/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\VIA\RAID\raid_tool.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\vladimir&vasko\Desktop\hijackthis_199\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.bg/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [RaidTool] C:\Program Files\VIA\RAID\raid_tool.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1180213204421
O17 - HKLM\System\CCS\Services\Tcpip\..\{9B6F7278-1CD3-46FE-B5C8-61512CFA7A47}: NameServer = 212.39.90.42,212.39.90.43,72.21.36.74,75.126.60.131
O17 - HKLM\System\CS1\Services\Tcpip\..\{9B6F7278-1CD3-46FE-B5C8-61512CFA7A47}: NameServer = 212.39.90.42,212.39.90.43,72.21.36.74,75.126.60.131
O17 - HKLM\System\CS2\Services\Tcpip\..\{9B6F7278-1CD3-46FE-B5C8-61512CFA7A47}: NameServer = 212.39.90.42,212.39.90.43,72.21.36.74,75.126.60.131
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe

Comments

  • musicman
    edited June 2007
    Hi vladimir35

    Your log is clean except I have some concerns about the 017 entries. These IPs trace back to Bulgaria ...

    212.39.90.42,
    212.39.90.43

    .....whereas these trace back to the USA ....

    72.21.36.74,
    75.126.60.13

    Please check with your ISP and see which are the valid entries. Let us know what they say (although I think I know the answer already).

    *****************

    Next download and install SUPERAntiSpyware
    • Load SUPERAntiSpyware and click the Check for Updates button.
    • Once the update has finished, exit SUPERAntiSpyware. Please do NOT run a scan yet!

    IMPORTANT: Do NOT open any other windows or programs while SUPERAntiSpyware is scanning, it may interfere with the scanning process.
    • Open SUPERAntiSpyware and click the Scan your Computer button.
    • Check Perform Complete Scan and then click Next.
    • SUPERAntiSpyware will now scan your computer and when it’s finished it will list all the infections it has found.
    • Make sure that they all have a check next to them, and then click Next.
    • Click Finish and you will be taken back to the main interface.
    • It could be possible that it will ask you to reboot your computer in order to delete some files after reboot.
    • I'll need a log afterwards of what has been found.
    • To get the log, click Preferences and then click the Statistics/Logs tab. Click the dated log and press View Log and a text file will appear.
    • Please post the results of the SUPERAntiSpyware log in your next reply along with a fresh HJT scan and the replies from your ISP.


    MM
  • vladimir35
    edited June 2007
    thanx...musicman ..in advance...here is my logs....SUPERAntiSpyware Scan Log
    http://www.superantispyware.com
    Generated 06/16/2007 at 08:19 PM
    Application Version : 3.8.1002
    Core Rules Database Version : 3256
    Trace Rules Database Version: 1267
    Scan type : Complete Scan
    Total Scan Time : 00:25:07
    Memory items scanned : 435
    Memory threats detected : 0
    Registry items scanned : 3569
    Registry threats detected : 0
    File items scanned : 25482
    File threats detected : 186
    Adware.Tracking Cookie
    C:\Documents and Settings\vladimir&vasko\Cookies\vladimir&vasko@www.contra-virus[1].txt
    C:\Documents and Settings\vladimir&vasko\Cookies\vladimir&vasko@paypal.112.2o7[1].txt
    C:\Documents and Settings\vladimir&vasko\Cookies\vladimir&vasko@shortmedia.us.intellitxt[1].txt
    C:\Documents and Settings\vladimir&vasko\Cookies\vladimir&vasko@statcounter[2].txt
    C:\Documents and Settings\vladimir&vasko\Cookies\vladimir&vasko@cgi-bin[1].txt
    C:\Documents and Settings\vladimir&vasko\Cookies\vladimir&vasko@studenti.adbureau[2].txt
    C:\Documents and Settings\vladimir&vasko\Cookies\vladimir&vasko@ad.yieldmanager[1].txt
    C:\Documents and Settings\vladimir&vasko\Cookies\vladimir&vasko@indextools[2].txt
    C:\Documents and Settings\vladimir&vasko\Cookies\vladimir&vasko@rambler[1].txt
    C:\Documents and Settings\vladimir&vasko\Cookies\vladimir&vasko@superstats[1].txt
    C:\Documents and Settings\vladimir&vasko\Cookies\vladimir&vasko@www.burstbeacon[1].txt
    C:\Documents and Settings\vladimir&vasko\Cookies\vladimir&vasko@ad.globalinteractive[2].txt
    C:\Documents and Settings\vladimir&vasko\Cookies\vladimir&vasko@adserver.00web[2].txt
    C:\Documents and Settings\vladimir&vasko\Cookies\vladimir&vasko@www.checkmystats.com[2].txt
    C:\Documents and Settings\vladimir&vasko\Cookies\vladimir&vasko@tripod[2].txt
    C:\Documents and Settings\vladimir&vasko\Cookies\vladimir&vasko@ads.addynamix[1].txt
    C:\Documents and Settings\vladimir&vasko\Cookies\vladimir&vasko@www.burstnet[1].txt
    C:\Documents and Settings\vladimir&vasko\Cookies\vladimir&vasko@keywordelite[1].txt
    C:\Documents and Settings\vladimir&vasko\Cookies\vladimir&vasko@13462519[1].txt
    C:\Documents and Settings\vladimir&vasko\Cookies\vladimir&vasko@fs10.fusestats[1].txt
    C:\Documents and Settings\vladimir&vasko\Cookies\vladimir&vasko@mediaplex[1].txt
    C:\Documents and Settings\vladimir&vasko\Cookies\vladimir&vasko@azjmp[1].txt
    C:\Documents and Settings\vladimir&vasko\Cookies\vladimir&vasko@banner.eurogrand[1].txt
    C:\Documents and Settings\vladimir&vasko\Cookies\vladimir&vasko@adinterax[2].txt
    C:\Documents and Settings\vladimir&vasko\Cookies\vladimir&vasko@tradedoubler[1].txt
    C:\Documents and Settings\vladimir&vasko\Cookies\vladimir&vasko@ad.ent.tbn[2].txt
    C:\Documents and Settings\vladimir&vasko\Cookies\vladimir&vasko@adrevolver[1].txt
    C:\Documents and Settings\vladimir&vasko\Cookies\vladimir&vasko@clickintext[1].txt
    C:\Documents and Settings\vladimir&vasko\Cookies\vladimir&vasko@clickbank[1].txt
    C:\Documents and Settings\vladimir&vasko\Cookies\vladimir&vasko@casalemedia[2].txt
    C:\Documents and Settings\vladimir&vasko\Cookies\vladimir&vasko@ehg-techtarget.hitbox[2].txt
    C:\Documents and Settings\vladimir&vasko\Cookies\vladimir&vasko@adserver[1].txt
    C:\Documents and Settings\vladimir&vasko\Cookies\vladimir&vasko@gostats[2].txt
    C:\Documents and Settings\vladimir&vasko\Cookies\vladimir&vasko@estat[1].txt
    C:\Documents and Settings\vladimir&vasko\Cookies\vladimir&vasko@tripod.lycos[1].txt
    C:\Documents and Settings\vladimir&vasko\Cookies\vladimir&vasko@fastclick[1].txt
    C:\Documents and Settings\vladimir&vasko\Cookies\vladimir&vasko@ads.textbillboards[2].txt
    C:\Documents and Settings\vladimir&vasko\Cookies\vladimir&vasko@goclick[2].txt
    C:\Documents and Settings\vladimir&vasko\Cookies\vladimir&vasko@ads.pointroll[1].txt
    C:\Documents and Settings\vladimir&vasko\Cookies\vladimir&vasko@directtrack[1].txt
    C:\Documents and Settings\vladimir&vasko\Cookies\vladimir&vasko@doubleclick[1].txt
    C:\Documents and Settings\vladimir&vasko\Cookies\vladimir&vasko@list[1].txt
    C:\Documents and Settings\vladimir&vasko\Cookies\vladimir&vasko@www.counter-gratis[1].txt
    C:\Documents and Settings\vladimir&vasko\Cookies\vladimir&vasko@ats[1].txt
    C:\Documents and Settings\vladimir&vasko\Cookies\vladimir&vasko@vhost.oddcast[2].txt
    C:\Documents and Settings\vladimir&vasko\Cookies\vladimir&vasko@zedo[2].txt
    C:\Documents and Settings\vladimir&vasko\Cookies\vladimir&vasko@33645339[2].txt
    C:\Documents and Settings\vladimir&vasko\Cookies\vladimir&vasko@microsoftwga.112.2o7[1].txt
    C:\Documents and Settings\vladimir&vasko\Cookies\vladimir&vasko@mycounter.tinycounter[2].txt
    C:\Documents and Settings\vladimir&vasko\Cookies\vladimir&vasko@www.incentaclick[1].txt
    C:\Documents and Settings\vladimir&vasko\Cookies\vladimir&vasko@hypertracker[1].txt
    C:\Documents and Settings\vladimir&vasko\Cookies\vladimir&vasko@tracker.affistats[1].txt
    C:\Documents and Settings\vladimir&vasko\Cookies\vladimir&vasko@50738952[2].txt
    C:\Documents and Settings\vladimir&vasko\Cookies\vladimir&vasko@cgi-bin[3].txt
    C:\Documents and Settings\vladimir&vasko\Cookies\vladimir&vasko@login.tracking101[1].txt
    C:\Documents and Settings\vladimir&vasko\Cookies\vladimir&vasko@overture[1].txt
    C:\Documents and Settings\vladimir&vasko\Cookies\vladimir&vasko@cgi-bin[7].txt
    C:\Documents and Settings\vladimir&vasko\Cookies\vladimir&vasko@ads.webground[1].txt
    C:\Documents and Settings\vladimir&vasko\Cookies\vladimir&vasko@ads.hispasurf[1].txt
    C:\Documents and Settings\vladimir&vasko\Cookies\vladimir&vasko@commission-junction[2].txt
    C:\Documents and Settings\vladimir&vasko\Cookies\vladimir&vasko@www.smartadserver[1].txt
    C:\Documents and Settings\vladimir&vasko\Cookies\vladimir&vasko@xiti[1].txt
    C:\Documents and Settings\vladimir&vasko\Cookies\vladimir&vasko@track.effiliation[1].txt
    C:\Documents and Settings\vladimir&vasko\Cookies\vladimir&vasko@ad.firstadsolution[2].txt
    C:\Documents and Settings\vladimir&vasko\Cookies\vladimir&vasko@ad[1].txt
    C:\Documents and Settings\vladimir&vasko\Cookies\vladimir&vasko@roiservice[1].txt
    C:\Documents and Settings\vladimir&vasko\Cookies\vladimir&vasko@basic[1].txt
    C:\Documents and Settings\vladimir&vasko\Cookies\vladimir&vasko@cgi-bin[6].txt
    C:\Documents and Settings\vladimir&vasko\Cookies\vladimir&vasko@hitbox[2].txt
    C:\Documents and Settings\vladimir&vasko\Cookies\vladimir&vasko@itxt.vibrantmedia[1].txt
    C:\Documents and Settings\vladimir&vasko\Cookies\vladimir&vasko@55378520[1].txt
    C:\Documents and Settings\vladimir&vasko\Cookies\vladimir&vasko@tdstats[2].txt
    C:\Documents and Settings\vladimir&vasko\Cookies\vladimir&vasko@ad.zanox[2].txt
    C:\Documents and Settings\vladimir&vasko\Cookies\vladimir&vasko@incomewithadsense[1].txt
    C:\Documents and Settings\vladimir&vasko\Cookies\vladimir&vasko@achmedia[1].txt
    C:\Documents and Settings\vladimir&vasko\Cookies\vladimir&vasko@statse.webtrendslive[1].txt
    C:\Documents and Settings\vladimir&vasko\Cookies\vladimir&vasko@adlegend[2].txt
    C:\Documents and Settings\vladimir&vasko\Cookies\vladimir&vasko@68096641[1].txt
    C:\Documents and Settings\vladimir&vasko\Cookies\vladimir&vasko@burstnet[2].txt
    C:\Documents and Settings\vladimir&vasko\Cookies\vladimir&vasko@hc2.humanclick[1].txt
    C:\Documents and Settings\vladimir&vasko\Cookies\vladimir&vasko@spylog[1].txt
    C:\Documents and Settings\vladimir&vasko\Cookies\vladimir&vasko@toplist[1].txt
    C:\Documents and Settings\vladimir&vasko\Cookies\vladimir&vasko@[2].txt
    C:\Documents and Settings\vladimir&vasko\Cookies\vladimir&vasko@www.getcounter[2].txt
    C:\Documents and Settings\vladimir&vasko\Cookies\vladimir&vasko@nextstat[1].txt
    C:\Documents and Settings\vladimir&vasko\Cookies\vladimir&vasko@www.etracker[2].txt
    C:\Documents and Settings\vladimir&vasko\Cookies\vladimir&vasko@ad.itbe[2].txt
    C:\Documents and Settings\vladimir&vasko\Cookies\vladimir&vasko@adopt.euroclick[1].txt
    C:\Documents and Settings\vladimir&vasko\Cookies\vladimir&vasko@ad.text.tbn[2].txt
    C:\Documents and Settings\vladimir&vasko\Cookies\vladimir&vasko@ads.adbrite[1].txt
    C:\Documents and Settings\vladimir&vasko\Cookies\vladimir&vasko@ads.128b[2].txt
    C:\Documents and Settings\vladimir&vasko\Cookies\vladimir&vasko@indexstats[2].txt
    C:\Documents and Settings\vladimir&vasko\Cookies\vladimir&vasko@cgi-bin[2].txt
    C:\Documents and Settings\vladimir&vasko\Cookies\vladimir&vasko@ads.blog[1].txt
    C:\Documents and Settings\vladimir&vasko\Cookies\vladimir&vasko@targetnet[1].txt
    C:\Documents and Settings\vladimir&vasko\Cookies\vladimir&vasko@www.tns-counter[1].txt
    C:\Documents and Settings\vladimir&vasko\Cookies\vladimir&vasko@www.zanox-affiliate[1].txt
    C:\Documents and Settings\vladimir&vasko\Cookies\vladimir&vasko@tacoda[2].txt
    C:\Documents and Settings\vladimir&vasko\Cookies\vladimir&vasko@3.adbrite[1].txt
    C:\Documents and Settings\vladimir&vasko\Cookies\vladimir&vasko@weborama[2].txt
    C:\Documents and Settings\vladimir&vasko\Cookies\vladimir&vasko@partners.webmasterplan[2].txt
    C:\Documents and Settings\vladimir&vasko\Cookies\vladimir&vasko@digitaldevelopment.directtrack[1].txt
    C:\Documents and Settings\vladimir&vasko\Cookies\vladimir&vasko@tribalfusion[2].txt
    C:\Documents and Settings\vladimir&vasko\Cookies\vladimir&vasko@advertising-page[2].txt
    C:\Documents and Settings\vladimir&vasko\Cookies\vladimir&vasko@1070963509[1].txt
    C:\Documents and Settings\vladimir&vasko\Cookies\vladimir&vasko@www.webhostingcounter[2].txt
    C:\Documents and Settings\vladimir&vasko\Cookies\vladimir&vasko@onlinemediasales[2].txt
    C:\Documents and Settings\vladimir&vasko\Cookies\vladimir&vasko@AdServer[2].txt
    C:\Documents and Settings\vladimir&vasko\Cookies\vladimir&vasko@questionmarket[2].txt
    C:\Documents and Settings\vladimir&vasko\Cookies\vladimir&vasko@rotator.adjuggler[2].txt
    C:\Documents and Settings\vladimir&vasko\Cookies\vladimir&vasko@www.powastats[2].txt
    C:\Documents and Settings\vladimir&vasko\Cookies\vladimir&vasko@14130865[1].txt
    C:\Documents and Settings\vladimir&vasko\Cookies\vladimir&vasko@a.websponsors[2].txt
    C:\Documents and Settings\vladimir&vasko\Cookies\vladimir&vasko@as-eu.falkag[1].txt
    C:\Documents and Settings\vladimir&vasko\Cookies\vladimir&vasko@specificclick[2].txt
    C:\Documents and Settings\vladimir&vasko\Cookies\vladimir&vasko@adrevolver[3].txt
    C:\Documents and Settings\vladimir&vasko\Cookies\vladimir&vasko@advertising[2].txt
    C:\Documents and Settings\vladimir&vasko\Cookies\vladimir&vasko@4.adbrite[1].txt
    C:\Documents and Settings\vladimir&vasko\Cookies\vladimir&vasko@cgi-bin[5].txt
    C:\Documents and Settings\vladimir&vasko\Cookies\vladimir&vasko@61084510[1].txt
    C:\Documents and Settings\vladimir&vasko\Cookies\vladimir&vasko@www.jackpotmadness[1].txt
    C:\Documents and Settings\vladimir&vasko\Cookies\vladimir&vasko@ad.cibleclick[2].txt
    C:\Documents and Settings\vladimir&vasko\Cookies\vladimir&vasko@adserver.easyad[2].txt
    C:\Documents and Settings\vladimir&vasko\Cookies\vladimir&vasko@incentreward.directtrack[1].txt
    C:\Documents and Settings\vladimir&vasko\Cookies\vladimir&vasko@8495858[1].txt
    C:\Documents and Settings\vladimir&vasko\Cookies\vladimir&vasko@apmebf[2].txt
    C:\Documents and Settings\vladimir&vasko\Cookies\vladimir&vasko@revenue[1].txt
    C:\Documents and Settings\vladimir&vasko\Cookies\vladimir&vasko@hotlog[1].txt
    C:\Documents and Settings\vladimir&vasko\Cookies\vladimir&vasko@adbrite[2].txt
    C:\Documents and Settings\vladimir&vasko\Cookies\vladimir&vasko@atdmt[1].txt
    C:\Documents and Settings\vladimir&vasko\Cookies\vladimir&vasko@www.cibleclick[1].txt
    C:\Documents and Settings\vladimir&vasko\Cookies\vladimir&vasko@2o7[1].txt
    C:\Documents and Settings\vladimir&vasko\Cookies\vladimir&vasko@cgi-bin[4].txt
    C:\Documents and Settings\vladimir&vasko\Cookies\vladimir&vasko@yadro[1].txt
    C:\Documents and Settings\vladimir&vasko\Cookies\vladimir&vasko@ads.rampidads[1].txt
    C:\Documents and Settings\vladimir&vasko\Cookies\vladimir&vasko@klik.klikadvertising[2].txt
    C:\Documents and Settings\vladimir&vasko\Cookies\vladimir&vasko@88x31[2].txt
    C:\Documents and Settings\vladimir&vasko\Cookies\vladimir&vasko@counter.top.dating[1].txt
    C:\Documents and Settings\vladimir&vasko\Cookies\vladimir&vasko@ad.realcastmedia[2].txt
    C:\Documents and Settings\vladimir&vasko\Cookies\vladimir&vasko@www.drivecleaner[2].txt
    C:\Documents and Settings\vladimir&vasko\Cookies\vladimir&vasko@server.iad.liveperson[1].txt
    C:\Documents and Settings\vladimir&vasko\Cookies\vladimir&vasko@adtech[2].txt
    C:\Documents and Settings\vladimir&vasko\Cookies\vladimir&vasko@softclick.com[1].txt
    C:\Documents and Settings\vladimir&vasko\Cookies\vladimir&vasko@ad.axill[2].txt
    C:\Documents and Settings\vladimir&vasko\Cookies\vladimir&vasko@euros4click[2].txt
    C:\Documents and Settings\vladimir&vasko\Cookies\vladimir&vasko@ehg-telecomitalia.hitbox[1].txt
    C:\Documents and Settings\vladimir&vasko\Cookies\vladimir&vasko@1.adbrite[1].txt
    C:\Documents and Settings\vladimir&vasko\Cookies\vladimir&vasko@bs.serving-sys[1].txt
    C:\Documents and Settings\vladimir&vasko\Cookies\vladimir&vasko@adopt.specificclick[2].txt
    C:\Documents and Settings\vladimir&vasko\Cookies\vladimir&vasko@realmedia[1].txt
    C:\Documents and Settings\vladimir&vasko\Cookies\vladimir&vasko@edge.ru4[1].txt
    C:\Documents and Settings\vladimir&vasko\Cookies\vladimir&vasko@as1.falkag[1].txt
    C:\Documents and Settings\vladimir&vasko\Cookies\vladimir&vasko@www.gmbtrack[1].txt
    C:\Documents and Settings\vladimir&vasko\Cookies\vladimir&vasko@counter.hitslink[1].txt
    C:\Documents and Settings\vladimir&vasko\Cookies\vladimir&vasko@adsrevenue[2].txt
    C:\Documents and Settings\vladimir&vasko\Cookies\vladimir&vasko@go.drivecleaner[2].txt
    C:\Documents and Settings\vladimir&vasko\Cookies\vladimir&vasko@bluestreak[2].txt
    C:\Documents and Settings\vladimir&vasko\Cookies\vladimir&vasko@1060122969[1].txt
    C:\Documents and Settings\vladimir&vasko\Cookies\vladimir&vasko@perf.overture[1].txt
    C:\Documents and Settings\vladimir&vasko\Cookies\vladimir&vasko@revsci[2].txt
    C:\Documents and Settings\vladimir&vasko\Cookies\vladimir&vasko@ehg-oreilly.hitbox[2].txt
    C:\Documents and Settings\vladimir&vasko\Cookies\vladimir&vasko@ad.pop1.adbn[2].txt
    C:\Documents and Settings\vladimir&vasko\Cookies\vladimir&vasko@analytics.clickpathmedia[1].txt
    C:\Documents and Settings\vladimir&vasko\Cookies\vladimir&vasko@ehg-groupernetworks.hitbox[2].txt
    C:\Documents and Settings\vladimir&vasko\Cookies\vladimir&vasko@ad.103092804[2].txt
    C:\Documents and Settings\vladimir&vasko\Cookies\vladimir&vasko@ad.iconadserver[2].txt
    C:\Documents and Settings\vladimir&vasko\Cookies\vladimir&vasko@ex=1_[2].txt
    C:\Documents and Settings\vladimir&vasko\Cookies\vladimir&vasko@drivecleaner[1].txt
    C:\Documents and Settings\vladimir&vasko\Cookies\vladimir&vasko@1069551092[1].txt
    C:\Documents and Settings\vladimir&vasko\Cookies\vladimir&vasko@h.starware[1].txt
    C:\Documents and Settings\vladimir&vasko\Cookies\vladimir&vasko@enhance[1].txt...........Logfile of HijackThis v1.99.1
    Scan saved at 8:30:01 PM, on 6/16/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\RunDll32.exe
    C:\Program Files\VIA\RAID\raid_tool.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
    C:\Program Files\Eset\nod32kui.exe
    C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
    C:\Program Files\Skype\Phone\Skype.exe
    C:\Program Files\MySpace\IM\MySpaceIM.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\Program Files\Eset\nod32krn.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Skype\Plugin Manager\skypePM.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Documents and Settings\vladimir&vasko\Desktop\hijackthis_199\HijackThis.exe
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.bg/
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
    O4 - HKLM\..\Run: [RaidTool] C:\Program Files\VIA\RAID\raid_tool.exe
    O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
    O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
    O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - HKCU\..\Run: [Uniblue RegistryBooster2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
    O4 - HKCU\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
    O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1180213204421
    O17 - HKLM\System\CCS\Services\Tcpip\..\{9B6F7278-1CD3-46FE-B5C8-61512CFA7A47}: NameServer = 212.39.90.42,212.39.90.43,72.21.36.74,75.126.60.131
    O17 - HKLM\System\CS1\Services\Tcpip\..\{9B6F7278-1CD3-46FE-B5C8-61512CFA7A47}: NameServer = 212.39.90.42,212.39.90.43,72.21.36.74,75.126.60.131
    O17 - HKLM\System\CS2\Services\Tcpip\..\{9B6F7278-1CD3-46FE-B5C8-61512CFA7A47}: NameServer = 212.39.90.42,212.39.90.43,72.21.36.74,75.126.60.131
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
  • vladimir35
    edited June 2007
    this my valid ..isp..........*212.39.90.42,
    212.39.90.43*
  • musicman
    edited June 2007
    (posted in error; ignore)
  • musicman
    edited June 2007
    Please print this out to help you follow the recommendations.

    Update Superantispyware to the latest definitions and rescan your system. Again, save the scan report and include it in you next post.


    That HJT log is again clean are from those 017 entries. You gave the answer I was more or less expecting.

    Those IPs are still sourcing back to Bulgaria.

    Please do the following.


    1. Create a system restore point. Here's a guide if you need it ...

    http://www.theeldergeek.com/system_restore.htm

    2. Open HJT ... click on 'Do a System Scan Only'... put tick/check marks next to these entries IF still present ...

    O17 - HKLM\System\CCS\Services\Tcpip\..\{9B6F7278-1CD3-46FE-B5C8-61512CFA7A47}: NameServer = 212.39.90.42,212.39.90.43,72.21.36.74,75.126.60.13 1
    O17 - HKLM\System\CS1\Services\Tcpip\..\{9B6F7278-1CD3-46FE-B5C8-61512CFA7A47}: NameServer = 212.39.90.42,212.39.90.43,72.21.36.74,75.126.60.13 1
    O17 - HKLM\System\CS2\Services\Tcpip\..\{9B6F7278-1CD3-46FE-B5C8-61512CFA7A47}: NameServer = 212.39.90.42,212.39.90.43,72.21.36.74,75.126.60.13 1

    3. Remember to close ALL open browser windows – including this one – before clicking on “Fix Checked” at the foot of the HijackThis window.

    4. Reboot your machine to normal mode and use it as would usually would.


    Can you get online? Any sign of that original win32/trojan.downloader.Ani.gen Trojan? If so ... what program is telling you the Trojan is present?

    If you can't get online please reinstall the the programs provided by your ISP.

    If you still can't get online use the system restore to get back to where you were before the above fixes.


    Please then post another fresh HJT log, the superantispyware log and an update on the Trojan.


    MM
  • vladimir35
    edited June 2007
    musicman...thanx...this is my fresh..logs...SUPERAntiSpyware Scan Log
    http://www.superantispyware.com
    Generated 06/22/2007 at 09:50 PM
    Application Version : 3.8.1002
    Core Rules Database Version : 3259
    Trace Rules Database Version: 1270
    Scan type : Complete Scan
    Total Scan Time : 00:29:57
    Memory items scanned : 440
    Memory threats detected : 0
    Registry items scanned : 4544
    Registry threats detected : 0
    File items scanned : 29362
    File threats detected : 0.............Logfile of HijackThis v1.99.1
    Scan saved at 10:00:41 PM, on 6/22/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\RunDll32.exe
    C:\Program Files\VIA\RAID\raid_tool.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
    C:\Program Files\Eset\nod32kui.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Skype\Phone\Skype.exe
    C:\Program Files\MySpace\IM\MySpaceIM.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\Program Files\Eset\nod32krn.exe
    C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Skype\Plugin Manager\skypePM.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Documents and Settings\vladimir&vasko\Desktop\hijackthis_199\HijackThis.exe
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.bg/
    R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O2 - BHO: Ask Search Assistant BHO - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
    O2 - BHO: Ask Toolbar BHO - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: Ask Toolbar - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL
    O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
    O4 - HKLM\..\Run: [RaidTool] C:\Program Files\VIA\RAID\raid_tool.exe
    O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
    O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
    O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - HKCU\..\Run: [Uniblue RegistryBooster2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
    O4 - HKCU\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
    O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1180213204421
    O17 - HKLM\System\CCS\Services\Tcpip\..\{9B6F7278-1CD3-46FE-B5C8-61512CFA7A47}: NameServer = 212.39.90.42,212.39.90.43
    O17 - HKLM\System\CS1\Services\Tcpip\..\{9B6F7278-1CD3-46FE-B5C8-61512CFA7A47}: NameServer = 212.39.90.42,212.39.90.43
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: iPod Service - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
    O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
    O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe...
  • musicman
    edited June 2007
    The logs are now clean.

    How are things working now? Better?

    Are you now operating free of trouble?

    Please let us know.


    MM
Sign In or Register to comment.