Jump to content

Do i still have any kind of malware?


Recommended Posts

got my wow account hacked so i cleaned my computer, ofc you can not be totally sure that your clean cause the scanner says so, even if you got mutliple anti viruses and anti spyware programs so i want you to take a look at my hjt log, would be nice if you could pin point everything that i can safely turn off to make the computer faster too! here goes the log.

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 17:52:05, on 2008-10-25

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16735)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\Program\AVG\AVG8\avgrsx.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Program\Panda Software\Panda Internet Security 2007\pavsrv51.exe

C:\Program\Panda Software\Panda Internet Security 2007\AVENGINE.EXE

C:\WINDOWS\system32\svchost.exe

C:\Program\Panda Software\Panda Internet Security 2007\TPSrv.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\Program\Lavasoft\Ad-Aware\aawservice.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Program\Delade filer\Autodesk Shared\Service\AdskScSrv.exe

C:\Program\Eset\nod32krn.exe

C:\WINDOWS\stsystra.exe

C:\Program\Panda Software\Panda Internet Security 2007\PsCtrls.exe

C:\Program\Panda Software\Panda Internet Security 2007\PavFnSvr.exe

C:\Program\Panda Software\Panda Internet Security 2007\APVXDWIN.EXE

C:\Program\Microsoft IntelliPoint\ipoint.exe

C:\Program\Delade filer\Panda Software\PavShld\pavprsrv.exe

C:\Program\Panda Software\Panda Internet Security 2007\AntiSpam\pskmssvc.exe

C:\Program\Delade filer\Real\Update_OB\realsched.exe

C:\WINDOWS\system32\PnkBstrA.exe

c:\program\panda software\panda internet security 2007\firewall\PSHOST.EXE

C:\Program\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE

C:\Program\Microsoft IntelliType Pro\itype.exe

C:\Program\Panda Software\Panda Internet Security 2007\psimsvc.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program\Windows Live\Messenger\msnmsgr.exe

C:\Program\WhatPulse\WhatPulse.exe

C:\Documents and Settings\

Link to post
Share on other sites

  • Root Admin

You're NOT clean....

Hello Lingon_ and Welcome to Malwarebytes.org

Please read and follow the instructions provided here: Pre- HJT Post Instructions

When ready please post your logs back here.

During this scan and cleanup process you should not install any other software unless requested to do so.

Link to post
Share on other sites

sorry for writing it wrong..here is the MBAM log

Malwarebytes' Anti-Malware 1.30Database version: 1316Windows 5.1.2600 Service Pack 3
2008-10-26 12:19:17mbam-log-2008-10-26 (12-19-17).txt
Scan type: Quick ScanObjects scanned: 56886Time elapsed: 2 minute(s), 44 second(s)
Memory Processes Infected: 0Memory Modules Infected: 0Registry Keys Infected: 0Registry Values Infected: 0Registry Data Items Infected: 0Folders Infected: 0Files Infected: 0
Memory Processes Infected:(No malicious items detected)
Memory Modules Infected:(No malicious items detected)
Registry Keys Infected:(No malicious items detected)
Registry Values Infected:(No malicious items detected)
Registry Data Items Infected:(No malicious items detected)
Folders Infected:(No malicious items detected)
Files Infected:(No malicious items detected)
Link to post
Share on other sites

hm i cant get panda active scan to work, i've followed the guide here in the forums but i just get stuck on download, just say cant download. I've tried in both FF and IE with java and activeX enabled and the activeX plugin is installed...is a log from panda internet security 07 good enough as a replacement?

Link to post
Share on other sites

i cant find any button to paste a log out of the eset scanner ... here's how it looks after the scann

esetscannov3.th.pngthpix.gif

and finally my HJT log:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 18:12:26, on 2008-10-26

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16735)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\Program\AVG\AVG8\avgrsx.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Program\Panda Software\Panda Internet Security 2007\pavsrv51.exe

C:\Program\Panda Software\Panda Internet Security 2007\AVENGINE.EXE

C:\WINDOWS\system32\svchost.exe

C:\Program\Panda Software\Panda Internet Security 2007\TPSrv.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Program\Lavasoft\Ad-Aware\aawservice.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Program\Delade filer\Autodesk Shared\Service\AdskScSrv.exe

C:\Program\Panda Software\Panda Internet Security 2007\PsCtrls.exe

C:\WINDOWS\stsystra.exe

C:\Program\Panda Software\Panda Internet Security 2007\PavFnSvr.exe

C:\Program\Panda Software\Panda Internet Security 2007\APVXDWIN.EXE

C:\Program\Delade filer\Panda Software\PavShld\pavprsrv.exe

C:\Program\Microsoft IntelliPoint\ipoint.exe

C:\Program\Delade filer\Real\Update_OB\realsched.exe

C:\Program\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE

C:\Program\Panda Software\Panda Internet Security 2007\AntiSpam\pskmssvc.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\WINDOWS\system32\ctfmon.exe

c:\program\panda software\panda internet security 2007\firewall\PSHOST.EXE

C:\Program\Panda Software\Panda Internet Security 2007\psimsvc.exe

C:\Program\Windows Live\Messenger\msnmsgr.exe

C:\Program\WhatPulse\WhatPulse.exe

C:\Program\DAEMON Tools Lite\daemon.exe

C:\WINDOWS\system32\svchost.exe

C:\Program\ATITool\ATITool.exe

C:\WINDOWS\System32\alg.exe

C:\Program\Panda Software\Panda Internet Security 2007\SRVLOAD.EXE

C:\Program\ATI Technologies\ATI.ACE\Core-Static\ccc.exe

C:\Program\Panda Software\Panda Internet Security 2007\WebProxy.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Program\Panda Software\Panda Internet Security 2007\PavBckPT.exe

C:\Program\Internet Explorer\iexplore.exe

C:\Program\Delade filer\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\Program\Mozilla Firefox\firefox.exe

C:\Program\Windows Media Player\wmplayer.exe

C:\Program\Steam\Steam.exe

c:\program\steam\steamapps\lingon_\counter-strike\hl.exe

C:\Program\Steam\GameOverlayUI.exe

C:\WINDOWS\system32\svchost.exe

C:\Program\Trend Micro\HijackThis\HijackThis.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.se/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = L

Link to post
Share on other sites

  • Root Admin

Current logs do not appear to contain anything obvious.

Please download and run the Trend Micro Sysclean Package on your computer.

NOTE! This scan will probably take a long time to run on your computer so be patient and don't use it while it's scanning.

  • As an example on 2008-10-17 the files to download are:
    sysclean.com
    |
    lpt605.zip
    |
    ssapiptn697.zip
  • NOTE!
    These file names are examples and you must visit Trend Micro for the very latest files which may have different names.

  • Create a brand new folder to copy these files to.

  • As an example:
    C:\DCE

  • Then open each of the zipped archive files and copy their contents to
    C:\DCE

  • Copy the file
    sysclean.com
    to the new folder
    C:\DCE
    as well.

  • Double-click on the file
    sysclean.com
    that is in the
    C:\DCE
    folder and follow the on-screen instructions.

    After doing all of this, please post back your results, including the log file
    sysclean.log
    that will be left behind by sysclean.

  • This self-extracting archive is a stand-alone fix package that incorporates the Trend Micro VSAPI Malware and Spyware scanning engines as well as the Trend Micro Damage Cleanup Engine and Template.

    This tool supports the following features:

    o Terminate all detected malware/spyware instances in memory

    o Remove malware/spyware registry entries

    o Remove malware/spyware entries from system files

    o Scan for and delete all detected malware/spyware copies in all local drives

Link to post
Share on other sites

  • Root Admin

Since there has been no response in 5 days I will close the thread to prevent others from posting into it. If you need assistance please start your own topic and someone will be happy to assist you.

The fixes and advice in this thread are for this machine only. Do not apply to your machine unless you
Fully Understand

how these programs work and what you're doing. Please start a thread of your own and someone will be happy to help you, just follow the Pre-Hijackthis instructions found here before posting
Pre- HJT Post Instructions

Also don't forget that we offer
FREE
assistance with General PC questions and repair here
PC Help

If you're pleased with the product
Malwarebytes
and the service provided you, please let your friends, family, and co-workers know.
http://www.malwarebytes.org

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.