Click Giftload and Hello

**Guy19550** · 2011-04-20, 02:54

I'm clean now, i'm sure. I did a new image of C, restored it, and run spybot again. Nothing was found (only a double click, without consequences).

Donation is done.

**ken545** · 2011-04-20, 10:32

Hi,

I'm clean now, i'm sure.

If you want to be sure run OTL and post the log please

**Guy19550** · 2011-04-22, 10:05

Sorry for my bad english. I don't know qhat OTL is, but maybe it is this, what you want :

.
DDS (Ver_11-03-05.01) - FAT32x86
Run by DG at 9:59:58,10 on ven. 22/04/2011
Internet Explorer: 6.0.2900.2180
Microsoft Windows XP Professionnel 5.1.2600.2.1252.33.1036.18.1791.1333 [GMT 2:00]
.
AV: avast! antivirus 4.7.1098 [VPS 110419-1] *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
SVCHOST.EXE
C:\WINDOWS\System32\svchost.exe -k netsvcs
SVCHOST.EXE
SVCHOST.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Ulead Systems\Ulead Photo Explorer 7.0\Monitor.exe
C:\WINDOWS\system32\rundll32.exe
C:\Documents and Settings\DG\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\REALTEK\11n USB Wireless LAN Utility\RtWLan.exe
C:\Program Files\DOSPRN\DOSprn.exe
C:\Program Files\Application Updater\ApplicationUpdater.exe
SVCHOST.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Documents and Settings\DG\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\DG\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\DG\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\DG\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\DG\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\DG\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
c:\Cinema 1\dds.com
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
uURLSearchHooks: pdfforge Toolbar: {b922d405-6d13-4a2b-ae89-08a030da4402} - c:\program files\pdfforge toolbar\ie\4.1\pdfforgeToolbarIE.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\fichiers communs\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: pdfforge Toolbar: {b922d405-6d13-4a2b-ae89-08a030da4402} - c:\program files\pdfforge toolbar\ie\4.1\pdfforgeToolbarIE.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: pdfforge Toolbar: {b922d405-6d13-4a2b-ae89-08a030da4402} - c:\program files\pdfforge toolbar\ie\4.1\pdfforgeToolbarIE.dll
uRun: [Google Update] "c:\documents and settings\dg\local settings\application data\google\update\GoogleUpdate.exe" /c
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
mRun: [Ulead Memory Card Detector] c:\program files\ulead systems\ulead photo explorer 7.0\Monitor.exe
mRun: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\fichiers communs\adobe\arm\1.0\AdobeARM.exe"
mRun: [<NO NAME>]
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\dg\menudé~1\progra~1\démarr~1\dosprn.lnk - c:\program files\dosprn\DOSprn.exe
StartupFolder: c:\docume~1\alluse~1\menudé~1\progra~1\démarr~1\realte~1.lnk - c:\program files\realtek\11n usb wireless lan utility\RtWLan.exe
IE: {5067A26B-1337-4436-8AFE-EE169C2DA79F} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} - hxxp://fichiers.touslesdrivers.com/maconfig/MaConfig_4_0_1_3.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\fichie~1\skype\SKYPE4~1.DLL
Hosts: 127.0.0.1 www.spywareinfo.com
.
============= SERVICES / DRIVERS ===============
.
R0 cfadisk;CompactFlash Filter Driver;c:\windows\system32\drivers\cfadisk.sys [2002-12-24 3712]
R2 Application Updater;Application Updater;c:\program files\application updater\ApplicationUpdater.exe [2010-10-22 386560]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast4\ashServ.exe [2008-2-13 140664]
R2 SBKUPNT;SBKUPNT;c:\windows\system32\drivers\SBKUPNT.SYS [2010-5-17 14976]
R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast4\ashMaiSv.exe [2008-2-13 247160]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast4\ashWebSv.exe [2008-2-13 345464]
R3 camfilt2;camfilt2;c:\windows\system32\drivers\camfilt2.sys [2009-7-3 98432]
S2 DCamUSB20;TRUST USB2 AUDIO VIDEO EDITOR;c:\windows\system32\drivers\CsMini20.sys [2008-7-25 46216]
S3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8192su.sys [2010-8-12 605856]
.
=============== Created Last 30 ================
.
2011-04-19 23:25:53 -------- d-----w- c:\docume~1\dg\applic~1\Malwarebytes
2011-04-19 23:25:45 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
.
==================== Find3M ====================
.
2009-11-10 20:23:34 7100928 ----a-w- c:\program files\PocketDivXEncoder_0.3.96.exe
2008-12-01 04:09:48 305664 ----a-w- c:\program files\Xtremsplit1.2.exe
2008-02-10 14:33:58 253952 ----a-w- c:\program files\file_recovery.exe
2006-05-03 09:06:54 163328 --sh--r- c:\windows\system32\flvDX.dll
2007-02-21 10:47:16 31232 --sh--r- c:\windows\system32\msfDX.dll
2008-03-16 12:30:52 216064 --sh--r- c:\windows\system32\nbDX.dll
.
============= FINISH: 10:00:15,78 ===============

**ken545** · 2011-04-22, 10:54

Yes thats what I wanted DDS and the log looks fine . How is your system running now ?

**Guy19550** · 2011-04-22, 20:38

He's fine again, tank you once more

**ken545** · 2011-04-22, 20:45

Your very welcome

How did I get infected in the first place ?
Read these links and find out how to prevent getting infected again.
Tutorial for System Restore <-- Do this first to prevent yourself from being reinfected.
WhattheTech
Grinler BleepingComputer
GeeksTo Go
Dslreports

Safe Surfn
Ken

Thread: Click Giftload and Hello

Thread Tools

Display

Posting Permissions