Newbie dot Org HomePage
Visit one of our web buddies
super spider /solongas hell
aline
aline@printed.net
08/01/04 		hi there - got infected with super spider / solongas .... and the infection is getting worse. me and verybody else, it seems ! hotmail got to be a problem first and now my IP which is wanadoo. it's becoming impossible to surf.

here'e the log and thanx in advance for your help.

Logfile of HijackThis v1.97.7
Scan saved at 13:24:47, on 01/08/04
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\WANADOO\TASKBARICON.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\PROGRAM FILES\HEWLETT-PACKARD\PHOTOSMART\PHOTO IMAGING\HPI_MONITOR.EXE
C:\PROGRAM FILES\HEWLETT-PACKARD\PHOTOSMART\HP SHARE-TO-WEB\HPGS2WND.EXE
C:\PROGRAM FILES\LAROUSSE\PETIT LAROUSSE 2003\BIN\HIPL2002POPUP.EXE
C:\WINDOWS\SYSTEM\DSLAGENT.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\PROGRAM FILES\WINZIP\WZQKPICK.EXE
C:\PROGRAM FILES\NIKON\NKVIEW6\NKVMON.EXE
C:\PROGRAM FILES\HEWLETT-PACKARD\PHOTOSMART\HP SHARE-TO-WEB\HPGS2WNF.EXE
C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\FINDFAST.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\HijackTHIS\HijackTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = www.wanadoo.fr
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.wanadoo.fr
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = www.wanadoo.fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.wanadoo.fr
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.wanadoo.fr
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.wanadoo.fr
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.wanadoo.fr
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.wanadoo.fr
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wanadoo.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.wanadoo.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.wanadoo.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.wanadoo.fr
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.wanadoo.fr
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.wanadoo.fr
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R1 - HKCU\Software\Microsoft\Internet Explorer,Search = http://acc.count-all.com/--/?cxlow (obfuscated)
R1 - HKLM\Software\Microsoft\Internet Explorer,Search = http://acc.count-all.com/--/?cxlow (obfuscated)
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\WANADOO\SEARCH~1.DLL
F1 - win.ini: run=fntldr.exe info32.exe hpfsched
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: (no name) - {467FAEB2-5F5B-4c81-BAE0-2A4752CA7F4E} - C:\WINDOWS\SYSTEM\48XYVB~1.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: Alexa - {3CEFF6CD-6F08-4E4D-BCCD-FF7415288C3B} - C:\WINDOWS\SYSTEM\SHDOCVW.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [EnsoniqMixer] starter.exe
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\WANADOO\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\WANADOO\TaskbarIcon.exe
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\Run: [CXMon] "C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe"
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\PhotoSmart\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [HyperappelPL2003] C:\Program Files\Larousse\Petit Larousse 2003\bin\HiPL2002popup.exe
O4 - HKLM\..\Run: [Tapicfg.exe] \tapicfg.exe
O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [romahere] C:\WINDOWS\SYSTEM\MATRIXHERE.EXE
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKCU\..\Run: [uninstal] regsvr32 /u /s image.dll
O4 - HKCU\..\Run: [romahere] C:\WINDOWS\SYSTEM\MATRIXHERE.EXE
O4 - HKCU\..\Run: [Spyware Begone] C:\FREESCAN\FREESCAN.EXE -FastScan
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O4 - Startup: NkvMon.exe.lnk = C:\Program Files\Nikon\NkView6\NkvMon.exe
O4 - Startup: Reminder-hpc40415.lnk = C:\Program Files\HP PhotoSmart\Appareil photo C200\Registration\Remind32.exe
O8 - Extra context menu item: Get Alexa Data - http://client.alexa.com/holiday/script/actions/sitedata.htm
O8 - Extra context menu item: See Related Links - http://client.alexa.com/holiday/script/actions/related.htm
O8 - Extra context menu item: Write a Review... - http://client.alexa.com/holiday/script/actions/review.htm
O8 - Extra context menu item: Mail to a Friend... - http://client.alexa.com/holiday/script/actions/mailto.htm
O8 - Extra context menu item: Alexa Web Search - http://client.alexa.com/holiday/script/actions/search.htm
O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmsearch.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmcache.html
O8 - Extra context menu item: Si&milar Pages - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmsimilar.html
O8 - Extra context menu item: Backward &Links - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmbacklinks.html
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O9 - Extra button: Alexa (HKLM)
O9 - Extra 'Tools' menuitem: Alexa Toolbar (HKLM)
O9 - Extra button: Wanadoo (HKCU)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {001EE746-A1F9-460E-80AD-269E088D6A01} (Infotl Control) - http://site.ebrary.com/support/plugins/ebraryRdr.cab
O16 - DPF: {69A72A8A-84ED-4A75-8CE7-263DBEF3E5D3} (BrowserProxy4 Class) - http://download.alexa.com/clients/Alexa7.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?38183.3790625
O19 - User stylesheet: C:\WINDOWS\Web\win.def
O19 - User stylesheet: C:\WINDOWS\default.css (HKLM)

Anti-Virus: spyware blaster
Browser: explorer 6
OS: 98 se

© Copyright 1998-2004 Newbie dot Org -- All rights reserved --
This site maintained by Galaxy Website Design


--|--