Related:
- Captcha not showing up in any browser
- Hamachi captcha not showing - Best answers
- Recaptcha not showing up in any browser - Best answers
- Captcha image not showing ✓ - Forum - Viruses/Security
- Captcha not showing up ✓ - Forum - Internet/Social Networks
- How to reset browser on android - How-To - Android
- Duckduckgo browser download - How-To - Web
- Tor browser dil değiştirme - How-To - Web Browser
9 replies
Ambucias
- Posts
- 48240
- Registration date
- Monday February 1, 2010
- Status
- Moderator
- Last seen
- October 13, 2020
That was fast, like a friend of mine used to say: Let there be no delay between impulse and action!".
Please run another Hyjackthis scan without the log.
Once the scan is finished, check the following items:
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://gamespace.daemon-tools.cc/fra/home
O1 - Hosts: 84.16.244.55 www.google.com
O1 - Hosts: 84.16.244.55 us.search.yahoo.com
O1 - Hosts: 84.16.244.55 uk.search.yahoo.com
O1 - Hosts: 84.16.244.55 search.yahoo.com
O1 - Hosts: 84.16.244.55 www.google.com.br
O1 - Hosts: 84.16.244.55 www.google.it
O1 - Hosts: 84.16.244.55 www.google.es
O1 - Hosts: 84.16.244.55 www.google.co.jp
O1 - Hosts: 84.16.244.55 www.google.com.mx
O1 - Hosts: 84.16.244.55 www.google.ca
O1 - Hosts: 84.16.244.55 www.google.com.au
O1 - Hosts: 84.16.244.55 www.google.nl
O1 - Hosts: 84.16.244.55 www.google.co.za
O1 - Hosts: 84.16.244.55 www.google.be
O1 - Hosts: 84.16.244.55 www.google.gr
O1 - Hosts: 84.16.244.55 www.google.at
O1 - Hosts: 84.16.244.55 www.google.se
O1 - Hosts: 84.16.244.55 www.google.ch
O1 - Hosts: 84.16.244.55 www.google.pt
O1 - Hosts: 84.16.244.55 www.google.dk
O1 - Hosts: 84.16.244.55 www.google.fi
O1 - Hosts: 84.16.244.55 www.google.ie
O1 - Hosts: 84.16.244.55 www.google.no
O1 - Hosts: 84.16.244.55 www.google.de
O1 - Hosts: 84.16.244.55 www.google.fr
O1 - Hosts: 84.16.244.55 www.google.co.uk
O1 - Hosts: 84.16.244.55 www.bing.com
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - (no file)
O2 - BHO: MegaIEMn - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - (no file)
O3 - Toolbar: (no name) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - (no file)
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
Now click on fix checked
Re start you computer and tell me if the problem is solved.
I would like to mentioned that you have much to many antivirus applications and they should be removed or they will conflict. Panda is ample sufficient.
Regards
Please run another Hyjackthis scan without the log.
Once the scan is finished, check the following items:
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://gamespace.daemon-tools.cc/fra/home
O1 - Hosts: 84.16.244.55 www.google.com
O1 - Hosts: 84.16.244.55 us.search.yahoo.com
O1 - Hosts: 84.16.244.55 uk.search.yahoo.com
O1 - Hosts: 84.16.244.55 search.yahoo.com
O1 - Hosts: 84.16.244.55 www.google.com.br
O1 - Hosts: 84.16.244.55 www.google.it
O1 - Hosts: 84.16.244.55 www.google.es
O1 - Hosts: 84.16.244.55 www.google.co.jp
O1 - Hosts: 84.16.244.55 www.google.com.mx
O1 - Hosts: 84.16.244.55 www.google.ca
O1 - Hosts: 84.16.244.55 www.google.com.au
O1 - Hosts: 84.16.244.55 www.google.nl
O1 - Hosts: 84.16.244.55 www.google.co.za
O1 - Hosts: 84.16.244.55 www.google.be
O1 - Hosts: 84.16.244.55 www.google.gr
O1 - Hosts: 84.16.244.55 www.google.at
O1 - Hosts: 84.16.244.55 www.google.se
O1 - Hosts: 84.16.244.55 www.google.ch
O1 - Hosts: 84.16.244.55 www.google.pt
O1 - Hosts: 84.16.244.55 www.google.dk
O1 - Hosts: 84.16.244.55 www.google.fi
O1 - Hosts: 84.16.244.55 www.google.ie
O1 - Hosts: 84.16.244.55 www.google.no
O1 - Hosts: 84.16.244.55 www.google.de
O1 - Hosts: 84.16.244.55 www.google.fr
O1 - Hosts: 84.16.244.55 www.google.co.uk
O1 - Hosts: 84.16.244.55 www.bing.com
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - (no file)
O2 - BHO: MegaIEMn - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - (no file)
O3 - Toolbar: (no name) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - (no file)
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
Now click on fix checked
Re start you computer and tell me if the problem is solved.
I would like to mentioned that you have much to many antivirus applications and they should be removed or they will conflict. Panda is ample sufficient.
Regards
Blocked Profile
Hi there,
You internet connection is too slow thus having this issue,try deleting the cookies and clear its cache and try again,
Thanks
You internet connection is too slow thus having this issue,try deleting the cookies and clear its cache and try again,
Thanks
yanu
hi thanks drlootle
but I did it (only one page with no download running) and still nothing
actually even the space dedicated to captcha is not there on the page, it is like the application is not running.
And I keep having google redirect threat even after applying most of the solutions given here.
Will desintall and reisntall web browser change anything??
thanks
but I did it (only one page with no download running) and still nothing
actually even the space dedicated to captcha is not there on the page, it is like the application is not running.
And I keep having google redirect threat even after applying most of the solutions given here.
Will desintall and reisntall web browser change anything??
thanks
Ambucias
- Posts
- 48240
- Registration date
- Monday February 1, 2010
- Status
- Moderator
- Last seen
- October 13, 2020
Dear Yanu,
Download, install and run Malwarebyte which you can find on this site:
https://ccm.net/download/download-105-malwarebytes es-anti-malware
Ensure you make an update.
Please request a FULL system scan, which may take from 20 minutes to hours. Do not interfere no matter how long in takes. The creators of Malwarebyte recommend that while the tool is running that you go do something else, such as watching a rerun of Gone with the Wind or read Tolstoy's War and Peace.
If Malwarebyte restarts your system, launch it again to finish the Full scan.
When the scan is completed, delete all items found.
Once your computer is clean and working normally just to be on the safe side
*Turn off system restore and wait 30 seconds,
*Turn it back on and create a new restore point.
This way it gets rid of anything bad that might have gotten saved in a restore point and you have a clean restore point to use in the near future if needed.
Do not turn it off until your computer is clean and working normally because you might need to use it if something goes wrong during the clean-up process.
It is better to go back to an infected restore point if something goes wrong then to not be able to undo changes that were damaging.
Finally please let me know how your system is performing.
Download, install and run Malwarebyte which you can find on this site:
https://ccm.net/download/download-105-malwarebytes es-anti-malware
Ensure you make an update.
Please request a FULL system scan, which may take from 20 minutes to hours. Do not interfere no matter how long in takes. The creators of Malwarebyte recommend that while the tool is running that you go do something else, such as watching a rerun of Gone with the Wind or read Tolstoy's War and Peace.
If Malwarebyte restarts your system, launch it again to finish the Full scan.
When the scan is completed, delete all items found.
Once your computer is clean and working normally just to be on the safe side
*Turn off system restore and wait 30 seconds,
*Turn it back on and create a new restore point.
This way it gets rid of anything bad that might have gotten saved in a restore point and you have a clean restore point to use in the near future if needed.
Do not turn it off until your computer is clean and working normally because you might need to use it if something goes wrong during the clean-up process.
It is better to go back to an infected restore point if something goes wrong then to not be able to undo changes that were damaging.
Finally please let me know how your system is performing.
yanu
hello
thanks for advice I run malwarebyt anti-malware it found some stuff. After reboot stil the same thing goes on google redirect through this web site
"http://traffic-delivery.com/" I have to use the cached link to to on the right site.
And still no captcha displayed
I also run trojan remover it found some restricting policies:
checkexesignatures= disables digital signature check on dowloaded files
runinvalidsignature= allow files with an invalid digital signatures to run without prompting
I change their values in regedit but still no change
I still do not know what to try next.
Any clues from this community would be nice thanks
thanks for advice I run malwarebyt anti-malware it found some stuff. After reboot stil the same thing goes on google redirect through this web site
"http://traffic-delivery.com/" I have to use the cached link to to on the right site.
And still no captcha displayed
I also run trojan remover it found some restricting policies:
checkexesignatures= disables digital signature check on dowloaded files
runinvalidsignature= allow files with an invalid digital signatures to run without prompting
I change their values in regedit but still no change
I still do not know what to try next.
Any clues from this community would be nice thanks
Ambucias
- Posts
- 48240
- Registration date
- Monday February 1, 2010
- Status
- Moderator
- Last seen
- October 13, 2020
To fix the problem, I must have a Hyjacthis log.
http://free.antivirus.com/hijackthis/
Please download, install and request a scan and save a log. Copy the log and post it here.
Regards
http://free.antivirus.com/hijackthis/
Please download, install and request a scan and save a log. Copy the log and post it here.
Regards
yanu
Hello thanks for your help
here is the report below
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:59:32, on 15/08/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\FolderSize\FolderSizeSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Panda Security\Panda Antivirus Pro 2010\PsCtrls.exe
C:\Program Files\Panda Security\Panda Antivirus Pro 2010\PavFnSvr.exe
C:\Program Files\Fichiers communs\Panda Security\PavShld\pavprsrv.exe
C:\Program Files\Panda Security\Panda Antivirus Pro 2010\PsImSvc.exe
C:\Program Files\Panda Security\Panda Antivirus Pro 2010\PskSvc.exe
C:\Program Files\Panda Security\Panda Antivirus Pro 2010\TPSrv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Panda Security\Panda Antivirus Pro 2010\pavsrv51.exe
C:\Program Files\Panda Security\Panda Antivirus Pro 2010\AVENGINE.EXE
C:\PROGRAM FILES\PANDA SECURITY\PANDA ANTIVIRUS PRO 2010\WebProxy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Panda Security\Panda Antivirus Pro 2010\ApVxdWin.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Opera\opera.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\NetMeeting\Hide Folders XP 2\hfxpcp.exe
C:\Program Files\NetMeeting\Hide Folders XP 2\hfxp.exe
C:\Program Files\Java\jre6\bin\java.exe
C:\WINDOWS\system32\wuauclt.exe
E:\mes documents\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://gamespace.daemon-tools.cc/fra/home
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=53EEB45F21EA47F2B95DF58497B5E6B6
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=53EEB45F21EA47F2B95DF58497B5E6B6
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O1 - Hosts: 84.16.244.55 www.google.com
O1 - Hosts: 84.16.244.55 us.search.yahoo.com
O1 - Hosts: 84.16.244.55 uk.search.yahoo.com
O1 - Hosts: 84.16.244.55 search.yahoo.com
O1 - Hosts: 84.16.244.55 www.google.com.br
O1 - Hosts: 84.16.244.55 www.google.it
O1 - Hosts: 84.16.244.55 www.google.es
O1 - Hosts: 84.16.244.55 www.google.co.jp
O1 - Hosts: 84.16.244.55 www.google.com.mx
O1 - Hosts: 84.16.244.55 www.google.ca
O1 - Hosts: 84.16.244.55 www.google.com.au
O1 - Hosts: 84.16.244.55 www.google.nl
O1 - Hosts: 84.16.244.55 www.google.co.za
O1 - Hosts: 84.16.244.55 www.google.be
O1 - Hosts: 84.16.244.55 www.google.gr
O1 - Hosts: 84.16.244.55 www.google.at
O1 - Hosts: 84.16.244.55 www.google.se
O1 - Hosts: 84.16.244.55 www.google.ch
O1 - Hosts: 84.16.244.55 www.google.pt
O1 - Hosts: 84.16.244.55 www.google.dk
O1 - Hosts: 84.16.244.55 www.google.fi
O1 - Hosts: 84.16.244.55 www.google.ie
O1 - Hosts: 84.16.244.55 www.google.no
O1 - Hosts: 84.16.244.55 www.google.de
O1 - Hosts: 84.16.244.55 www.google.fr
O1 - Hosts: 84.16.244.55 www.google.co.uk
O1 - Hosts: 84.16.244.55 www.bing.com
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Aide à la navigation SFR - {0F6E720A-1A6B-40E1-A294-1D4D19F156C8} - C:\Program Files\SFR\Kit\SFRNavErrorHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll
O2 - BHO: MegaIEMn - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: (no name) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - (no file)
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Security\Panda Antivirus Pro 2010\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [SCANINICIO] "C:\Program Files\Panda Security\Panda Antivirus Pro 2010\Inicio.exe"
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe /boot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Connexion SFR 9props.exe] "C:\Program Files\SFR\Kit\9props.exe" /trayicon
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: ACA Capture: Capture all Flash... - C:\Program Files\ACASystems\ACACapturePro\add-ons\ie-flash-all.htm
O8 - Extra context menu item: ACA Capture: Capture all images... - C:\Program Files\ACASystems\ACACapturePro\add-ons\ie-image-all.htm
O8 - Extra context menu item: ACA Capture: Capture current image... - C:\Program Files\ACASystems\ACACapturePro\add-ons\ie-image.htm
O8 - Extra context menu item: ACA Capture: Capture webpage contents to image... - C:\Program Files\ACASystems\ACACapturePro\add-ons\ie-webpage-to-image.htm
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
O8 - Extra context menu item: Liens de téléchargement avec Mega Manager... - C:\Program Files\Megaupload\Mega Manager\mm_file.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Folder Size (FolderSize) - Brio - C:\Program Files\FolderSize\FolderSizeSvc.exe
O23 - Service: Service Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Panda Software Controller - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Antivirus Pro 2010\PsCtrls.exe
O23 - Service: Panda Function Service (PAVFNSVR) - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Antivirus Pro 2010\PavFnSvr.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Security, S.L. - C:\Program Files\Fichiers communs\Panda Security\PavShld\pavprsrv.exe
O23 - Service: Panda On-Access Anti-Malware Service (PAVSRV) - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Antivirus Pro 2010\pavsrv51.exe
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Security S.L. - C:\Program Files\Panda Security\Panda Antivirus Pro 2010\PsImSvc.exe
O23 - Service: Panda PSK service (PskSvcRetail) - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Antivirus Pro 2010\PskSvc.exe
O23 - Service: Panda TPSrv (TPSrv) - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Antivirus Pro 2010\TPSrv.exe
here is the report below
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:59:32, on 15/08/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\FolderSize\FolderSizeSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Panda Security\Panda Antivirus Pro 2010\PsCtrls.exe
C:\Program Files\Panda Security\Panda Antivirus Pro 2010\PavFnSvr.exe
C:\Program Files\Fichiers communs\Panda Security\PavShld\pavprsrv.exe
C:\Program Files\Panda Security\Panda Antivirus Pro 2010\PsImSvc.exe
C:\Program Files\Panda Security\Panda Antivirus Pro 2010\PskSvc.exe
C:\Program Files\Panda Security\Panda Antivirus Pro 2010\TPSrv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Panda Security\Panda Antivirus Pro 2010\pavsrv51.exe
C:\Program Files\Panda Security\Panda Antivirus Pro 2010\AVENGINE.EXE
C:\PROGRAM FILES\PANDA SECURITY\PANDA ANTIVIRUS PRO 2010\WebProxy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Panda Security\Panda Antivirus Pro 2010\ApVxdWin.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Opera\opera.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\NetMeeting\Hide Folders XP 2\hfxpcp.exe
C:\Program Files\NetMeeting\Hide Folders XP 2\hfxp.exe
C:\Program Files\Java\jre6\bin\java.exe
C:\WINDOWS\system32\wuauclt.exe
E:\mes documents\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://gamespace.daemon-tools.cc/fra/home
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=53EEB45F21EA47F2B95DF58497B5E6B6
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=53EEB45F21EA47F2B95DF58497B5E6B6
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O1 - Hosts: 84.16.244.55 www.google.com
O1 - Hosts: 84.16.244.55 us.search.yahoo.com
O1 - Hosts: 84.16.244.55 uk.search.yahoo.com
O1 - Hosts: 84.16.244.55 search.yahoo.com
O1 - Hosts: 84.16.244.55 www.google.com.br
O1 - Hosts: 84.16.244.55 www.google.it
O1 - Hosts: 84.16.244.55 www.google.es
O1 - Hosts: 84.16.244.55 www.google.co.jp
O1 - Hosts: 84.16.244.55 www.google.com.mx
O1 - Hosts: 84.16.244.55 www.google.ca
O1 - Hosts: 84.16.244.55 www.google.com.au
O1 - Hosts: 84.16.244.55 www.google.nl
O1 - Hosts: 84.16.244.55 www.google.co.za
O1 - Hosts: 84.16.244.55 www.google.be
O1 - Hosts: 84.16.244.55 www.google.gr
O1 - Hosts: 84.16.244.55 www.google.at
O1 - Hosts: 84.16.244.55 www.google.se
O1 - Hosts: 84.16.244.55 www.google.ch
O1 - Hosts: 84.16.244.55 www.google.pt
O1 - Hosts: 84.16.244.55 www.google.dk
O1 - Hosts: 84.16.244.55 www.google.fi
O1 - Hosts: 84.16.244.55 www.google.ie
O1 - Hosts: 84.16.244.55 www.google.no
O1 - Hosts: 84.16.244.55 www.google.de
O1 - Hosts: 84.16.244.55 www.google.fr
O1 - Hosts: 84.16.244.55 www.google.co.uk
O1 - Hosts: 84.16.244.55 www.bing.com
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Aide à la navigation SFR - {0F6E720A-1A6B-40E1-A294-1D4D19F156C8} - C:\Program Files\SFR\Kit\SFRNavErrorHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll
O2 - BHO: MegaIEMn - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: (no name) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - (no file)
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Security\Panda Antivirus Pro 2010\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [SCANINICIO] "C:\Program Files\Panda Security\Panda Antivirus Pro 2010\Inicio.exe"
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe /boot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Connexion SFR 9props.exe] "C:\Program Files\SFR\Kit\9props.exe" /trayicon
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: ACA Capture: Capture all Flash... - C:\Program Files\ACASystems\ACACapturePro\add-ons\ie-flash-all.htm
O8 - Extra context menu item: ACA Capture: Capture all images... - C:\Program Files\ACASystems\ACACapturePro\add-ons\ie-image-all.htm
O8 - Extra context menu item: ACA Capture: Capture current image... - C:\Program Files\ACASystems\ACACapturePro\add-ons\ie-image.htm
O8 - Extra context menu item: ACA Capture: Capture webpage contents to image... - C:\Program Files\ACASystems\ACACapturePro\add-ons\ie-webpage-to-image.htm
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
O8 - Extra context menu item: Liens de téléchargement avec Mega Manager... - C:\Program Files\Megaupload\Mega Manager\mm_file.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Folder Size (FolderSize) - Brio - C:\Program Files\FolderSize\FolderSizeSvc.exe
O23 - Service: Service Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Panda Software Controller - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Antivirus Pro 2010\PsCtrls.exe
O23 - Service: Panda Function Service (PAVFNSVR) - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Antivirus Pro 2010\PavFnSvr.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Security, S.L. - C:\Program Files\Fichiers communs\Panda Security\PavShld\pavprsrv.exe
O23 - Service: Panda On-Access Anti-Malware Service (PAVSRV) - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Antivirus Pro 2010\pavsrv51.exe
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Security S.L. - C:\Program Files\Panda Security\Panda Antivirus Pro 2010\PsImSvc.exe
O23 - Service: Panda PSK service (PskSvcRetail) - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Antivirus Pro 2010\PskSvc.exe
O23 - Service: Panda TPSrv (TPSrv) - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Antivirus Pro 2010\TPSrv.exe
yanu
ok thanks
I did that and everything is back to normal
captcha display ok and google redirect no more
so thank you, I agree for the antivirus usually I just have panda
but with this problem I had to try many thing that why there is many antivirus soft runnning but I will uninstall them now.
Just one thing; how do you know what's need to be deleted ? It seems to be tricky to deleted a file as to know their importance.
Anyway I am gratefull to you
yanu
I did that and everything is back to normal
captcha display ok and google redirect no more
so thank you, I agree for the antivirus usually I just have panda
but with this problem I had to try many thing that why there is many antivirus soft runnning but I will uninstall them now.
Just one thing; how do you know what's need to be deleted ? It seems to be tricky to deleted a file as to know their importance.
Anyway I am gratefull to you
yanu
Ambucias
- Posts
- 48240
- Registration date
- Monday February 1, 2010
- Status
- Moderator
- Last seen
- October 13, 2020
I am glad for you Yanu and you are totally welcome. Now you just need to pay to the next and help two other persons, like helping an old lady across the street, we will make a chain.
There is no short answer to your question as to know what file, value or key to delete.
Be careful out there on the world wide web full of ghosts, spirits, good and nice people but also some evil.
Regards
There is no short answer to your question as to know what file, value or key to delete.
Be careful out there on the world wide web full of ghosts, spirits, good and nice people but also some evil.
Regards
