win 32

M

migdonas

New member
hello there
i am from Greece so i apologized for my bad English.
i do have a problem with my pc .
i use Avast against virus, so a couple of days i have a alert about Win32:adan 094 ,Win32:adan-078, Win32:small-ek (trj), Win32:agent-Iu (trj), Win32:trojano-1269.
i came into your forum and i saw a previum post , so i download and run ''fixwareout.exe"
after two or three day i still have the same alert's..from the same Virus

i post the report from the last run of fixwareout.exe
is it a dangerus situation from my pc or not ?

i hope for same help to remove the virus form my pc

thanks in advance
sam
 
hello again
here is the result ...i din't post it before


Logfile of HijackThis v1.99.1
Scan saved at 2:50:38 πμ, on 20/7/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2800.1106)

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\csrss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
D:\Program Files\Alwil Software\Avast4\ashServ.exe
D:\Program Files\AVPersonal\AVWUPSRV.EXE
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\System32\svchost.exe
D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
D:\Program Files\Alwil Software\Avast4\ashWebSv.exe
D:\WINDOWS\System32\alg.exe
D:\WINDOWS\system32\ctfmon.exe
D:\Program Files\OTEnet Security Kit\Common\FSM32.EXE
D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
D:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
D:\Program Files\Internet Explorer\iexplore.exe
C:\Ληφθέντα αρχεία\Program's\Anti-aware\spywarebegone\SpywareBeGone.exe
D:\Program Files\SAGEM\OTEnet-SAGEM Fast 800-840\dslmon.exe
C:\PROGRA~1\WINZIP\winzip32.exe
D:\Documents and Settings\sam\Local Settings\Temp\HijackThis.exe
D:\WINDOWS\system32\NOTEPAD.EXE

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - D:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat

7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O2 - BHO: XBTB00577 Class - {E822F1E1-BD04-4f20-B944-DD1DF2792010} - D:\PROGRA~1\TAXHEA~1\TAXHEA~1.DLL
O3 - Toolbar: Taxheaven - {C4F54343-9494-4754-8D35-440B49325FD5} - D:\Program Files\Taxheaven\taxheaven6.dll
O3 - Toolbar: Taxheaven_toolbar - {EAD33BFA-1A76-4882-BBDC-FEFC24D3690C} - D:\PROGRA~1\TAXHEA~2\TAXTOO~1.DLL
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [F-Secure Startup Wizard] "D:\Program Files\OTEnet Security Kit\FSGUI\FSSW.EXE" /reboot
O4 - HKLM\..\Run: [F-Secure Manager] "D:\Program Files\OTEnet Security Kit\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [avast!] D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] D:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [NeroFilterCheck] D:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [EXE32EXE] sysmon12.exe
O4 - HKLM\..\Run: [_ctcp] BoundRec.exe
O4 - HKLM\..\Run: [azqvo.exe] D:\WINDOWS\system32\azqvo.exe
O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Spyware Begone] "C:\Ληφθέντα αρχεία\Program's\Anti-aware\spywarebegone\SpywareBeGone.exe" -FastScan
O4 - HKCU\..\Run: [AliceSD] AppMasterCenter.exe
O4 - HKCU\..\Run: [StartCpl] backorif.exe
O4 - HKCU\..\Run: [slamm] TForm1.exe
O4 - Global Startup: DSLMON.lnk = D:\Program Files\SAGEM\OTEnet-SAGEM Fast 800-840\dslmon.exe
O8 - Extra context menu item: Ε&ξαγωγή στο Microsoft Excel - res://D:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program

Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra button: Web Filter - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - blank (file missing)
O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - blank (file missing)
O9 - Extra 'Tools' menuitem: Web Filter - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - blank (file missing)
O9 - Extra button: Έρευνα - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Taxheaven - {C4F54343-9494-4754-8D35-440B49325FD5} - D:\Program Files\Taxheaven\taxheaven6.dll
O9 - Extra 'Tools' menuitem: Taxheaven - {C4F54343-9494-4754-8D35-440B49325FD5} - D:\Program Files\Taxheaven\taxheaven6.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O10 - Broken Internet access because of LSP provider 'winsflt.dll' missing
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -

http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1151004650182
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -

http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1129565879385
O16 - DPF: {CAFEEFAC-0014-0001-0001-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1_01) -
O16 - DPF: {FFCEABDA-C04E-7F4A-E9B6-DFA72B2F49FB} - http://213.200.210.10/dl/101/GR175_117.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{381A4E72-F009-4DE6-816A-61F61D99EC48}: NameServer = 85.255.113.133,85.255.112.143
O17 - HKLM\System\CCS\Services\Tcpip\..\{89D4878B-B2A4-4511-9054-809D2E0A36D5}: NameServer = 85.255.113.133,85.255.112.143
O17 - HKLM\System\CCS\Services\Tcpip\..\{8E0E06D9-1748-45D4-B840-9E33ECEB374A}: NameServer = 85.255.113.133 85.255.112.143
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.113.133 85.255.112.143
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.113.133 85.255.112.143
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.113.133 85.255.112.143
O20 - Winlogon Notify: WgaLogon - D:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - D:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - D:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - D:\Program Files\AVPersonal\AVWUPSRV.EXE
O23 - Service: F-Secure HTTP Server (fshttps) - Unknown owner - D:\Program Files\OTEnet Security Kit\FSPC\fshttps\fshttps.exe (file

missing)
O23 - Service: FSMA - F-Secure Corporation - D:\Program Files\OTEnet Security Kit\Common\FSMA32.EXE
O23 - Service: HP Configuration Service (HPConfig) - Hewlett-Packard - D:\WINDOWS\system32\HPConfig.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - D:\Program Files\Common Files\Symantec

Shared\SNDSrvc.exe
O23 - Service: ZipToA - Iomega Corporation - D:\WINDOWS\System32\ZipToA.exe
 
This topic is closed.

If you need it re-opened please send me a pm and provide a link to the thread.
Applies only to the original topic starter.
 
You must log in or register to reply here.
Back
Top