Author Topic: Topantispyware thingy (Read 794 times)

Shabazza · « **on:** February 23, 2005, 06:00:42 AM »

Hi, I already found my problem with the "topantispyware" thing in here, but it didnt helped me much, cause there arent the same things running like in wisdom_of_trees log.

If anyone doesnt know what topantispyware does : It opens sometimes IE, forcefully changes the desktop and (the most annoying thing) minimizes every 5-10 minutes my dear World of Warcraft 8[

Logfile of HijackThis v1.98.2
Scan saved at 12:11:44 PM, on 2/23/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\Winamp3\winampa.exe
C:\Programme\ScanSoft\OmniPageSE\opware32.exe
C:\PROGRA~1\Java\J2RE14~1.2\bin\jusched.exe
C:\WINDOWS\system32\waahazl.exe
C:\Programme\D-Tools\daemon.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programme\NavExcel\NavHelper\v2.0.4d\navapp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\l?gonui.exe
C:\Dokumente und Einstellungen\andre\Anwendungsdaten\ucwe.exe
C:\Programme\WebSecureAlert\WebSecureAlert.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programme\Network Associates\VirusScan\Avsynmgr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Programme\Network Associates\VirusScan\VsStat.exe
C:\WINDOWS\System32\svchost.exe
D:\Programme\VMware\VMware Workstation\vmware-authd.exe
C:\WINDOWS\System32\vmnat.exe
C:\WINDOWS\System32\vmnetdhcp.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Programme\Network Associates\VirusScan\Avconsol.exe
C:\Programme\Symantec AntiVirus\DefWatch.exe
C:\Programme\Symantec AntiVirus\Rtvscan.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe
C:\Programme\Symantec AntiVirus\VPTray.exe
C:\Programme\Symantec AntiVirus\VPC32.exe
C:\Programme\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Programme\Hijack\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchAssistant = http://ie.search.msn.com
R1 - HKCU\Software\Microsoft\Internet Explorer,CustomizeSearch = http://ie.search.msn.com
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://ie.search.msn.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://best-search.cc/index.php?v=6&aff=2360045
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R3 - URLSearchHook: (no name) - _{20EC3D2D-33C1-4C9D-BC37-C2D500688DA2} - (no file)
O2 - BHO: BTGrabObj Class - {00000000-F09C-02B4-6EC2-AD0300000000} - C:\WINDOWS\BTGrab.dll
O2 - BHO: (no name) - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - (no file)
O2 - BHO: FBarStart Class - {044D9F9F-0EE0-4E9B-B89B-5EBCA0F852CC} - C:\WINDOWS\system32\fsearchbar.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1FF5304B-FFF4-8123-D2E6-F20A7000A6EA} - C:\WINDOWS\system32\dyktt.dll
O2 - BHO: WHttpHelper Class - {9896231A-C487-43A5-8369-6EC9B0A96CC0} - C:\WINDOWS\system32\WStart.dll
O2 - BHO: CHungryBHO Object - {BCF96FB4-5F1B-497B-AECC-910304A55011} - C:\WINDOWS\neti.dll (file missing)
O2 - BHO: (no name) - {FFFFDA2C-A0D5-4D60-8EE1-1B7F8929E24D} - C:\Programme\Lycos\sst.dll
O4 - HKLM\..\Run: [Mirabilis ICQ] C:\PROGRA~1\ICQ\ICQNet.exe
O4 - HKLM\..\Run: [ccApp] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [kxwjusjbniy] C:\WINDOWS\system32\waahazl.exe
O4 - HKLM\..\RunOnce: [Srv32 spool service] C:\WINDOWS\System32\spoolsrv32.exe
O4 - HKLM\..\RunOnce: [delus] C:\DOKUME~1\andre\LOKALE~1\Temp\delus.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [seticlient] C:\Programme\SETI@home\[email protected] -min
O4 - HKCU\..\Run: [WebSpecials] rundll32 "C:\Program Files\WebSpecials\webspec.dll",run
O4 - HKCU\..\Run: [Crar] C:\Dokumente und Einstellungen\andre\Anwendungsdaten\ucwe.exe
O4 - HKCU\..\RunOnce: [Srv32 spool service] C:\WINDOWS\System32\spoolsrv32.exe
O4 - Global Startup: GetRight - Tray Icon.lnk = C:\Programme\GetRight\getright.exe
O8 - Extra context menu item: Download with GetRight - C:\Programme\GetRight\GRdownload.htm
O8 - Extra context menu item: Open with GetRight Browser - C:\Programme\GetRight\GRbrowse.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_44.cab
O16 - DPF: {68BCE50A-DC9B-4519-A118-6FDA19DB450D} (Info Class) - http://www.wow-europe.com/signup/de/wowbeta/Si.cab
O16 - DPF: {8FA9D107-547B-4DBC-9D88-FABD891EDB0A} (shizmoo Class) - http://playroom.icq.com/odyssey_web11.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{1E35C36B-E37A-498E-8D55-73489A1C6B4F}: NameServer = 192.168.201.44,194.253.2.11
O17 - HKLM\System\CCS\Services\Tcpip\..\{986DDEAB-E68F-43DD-82DC-06B8A64B4568}: NameServer = 195.50.140.252 145.253.2.75
O17 - HKLM\System\CCS\Services\Tcpip\..\{DC2B7B53-8FCD-4C5B-B051-1DE123808DC7}: NameServer = 209.47.15.118,64.157.143.38,
O17 - HKLM\System\CS1\Services\Tcpip\..\{1E35C36B-E37A-498E-8D55-73489A1C6B4F}: NameServer = 192.168.201.44,194.253.2.11

TheTechGuide Forum

News:

Author Topic: Topantispyware thingy (Read 794 times)

Shabazza

Topantispyware thingy