#1
|
|||
|
|||
![]()
20 viruses that cannot be removed or moved to the virus vault. I'll let the AVG and Hijack This logs tell the story.
![]() AVG Results of Complete Test, date and time 6/28/2004 11:28:23 : Testing C:\ serial 115D-18E1 C:\GOBACKIO.BIN Cannot open; not checked! C:\_RESTORE\TEMP\A0160155.CPY Trojan horse Downloader.Wintrim.P C:\_RESTORE\TEMP\A0160158.CPY Virus identified Worm/Sddrop C:\_RESTORE\TEMP\A0160159.CPY Trojan horse Dialer C:\_RESTORE\TEMP\A0160160.CPY Trojan horse BackDoor.Magicon.J C:\_RESTORE\TEMP\A0160162.CPY Trojan horse Downloader.Wintrim.2.K C:\_RESTORE\TEMP\A0160163.CPY Trojan horse Downloader.Wintrim.2.E C:\_RESTORE\TEMP\A0160164.CPY Trojan horse Downloader.Wintrim.AX C:\_RESTORE\TEMP\A0160165.CPY Trojan horse Downloader.Wintrim.AC C:\_RESTORE\TEMP\A0160166.CPY Trojan horse Downloader.Wintrim.AN C:\_RESTORE\TEMP\A0160167.CPY Trojan horse Downloader.Wintrim.2.K C:\_RESTORE\TEMP\A0160169.CPY Trojan horse Downloader.Wintrim.AC C:\_RESTORE\TEMP\A0160170.CPY Trojan horse Downloader.Wintrim.AC C:\_RESTORE\TEMP\A0160171.CPY Trojan horse Downloader.Wintrim.AC C:\_RESTORE\TEMP\A0160172.CPY Trojan horse Downloader.Agent.AP C:\_RESTORE\TEMP\A0160173.CPY Trojan horse Downloader.Agent.AQ C:\_RESTORE\TEMP\A0160174.CPY Trojan horse Downloader.Wintrim.2.D C:\_RESTORE\TEMP\A0160175.CPY Trojan horse Downloader.Realtens.C C:\_RESTORE\TEMP\A0160176.CPY Trojan horse Downloader.Realtens.D C:\_RESTORE\TEMP\A0160177.CPY Virus identified Win32/Hantaner.A C:\_RESTORE\TEMP\A0160178.CPY Virus identified Win32/Hantaner.A Test finished, duration 00:09:48.8 s 19248 objects tested, 20 found infected Hijack This Logfile of HijackThis v1.97.7 Scan saved at 1:24:31 PM, on 6/28/2004 Platform: Windows ME (Win9x 4.90.3000) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Running processes: C:\WINDOWS\SYSTEM\KERNEL32.DLL C:\WINDOWS\SYSTEM\MSGSRV32.EXE C:\WINDOWS\SYSTEM\mmtask.tsk C:\WINDOWS\SYSTEM\MPREXE.EXE C:\WINDOWS\SYSTEM\MSTASK.EXE C:\PROGRAM FILES\ADAPTEC\GOBACK\GBPOLL.EXE C:\WINDOWS\SYSTEM\STIMON.EXE C:\PROGRAM FILES\GRISOFT\AVG6\AVGSERV9.EXE C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE C:\WINDOWS\EXPLORER.EXE C:\WINDOWS\TASKMON.EXE C:\WINDOWS\SYSTEM\SYSTRAY.EXE C:\WINDOWS\STARTER.EXE C:\WINDOWS\SYSTEM\WMIEXE.EXE C:\PROGRAM FILES\ADAPTEC\DIRECTCD\DIRECTCD.EXE C:\WINDOWS\LOADQM.EXE C:\WINDOWS\BCMDMMSG.EXE C:\PROGRAM FILES\GRISOFT\AVG6\AVGCC32.EXE C:\PROGRAM FILES\YAHOO!\MESSENGER\YPAGER.EXE C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE C:\PROGRAM FILES\NETWORD\NWAGNT33.EXE C:\WINDOWS\DESKTOP\HIJACKTHIS.EXE R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.usefulware.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.caribsurf.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://gateway.yahoo.com R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.usefulware.com O2 - BHO: Yahoo! Companion BHO - {13F537F0-AF09-11d6-9029-0002B31F9E59} - C:\PROGRAM FILES\YAHOO!\COMPANION\YCOMP5_0_2_4.DLL O2 - BHO: (no name) - {0000CC75-ACF3-4cac-A0A9-DD3868E06852} - C:\PROGRAM FILES\DAP\DAPBHO.DLL O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL O2 - BHO: (no name) - {021BB032-80A8-4FB6-B3D5-CF27B1553B95} - C:\WINDOWS\MSLAGENT\4B_1,0,1,0_MSLAGENT.DLL (file missing) O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\YCOMP5_0_2_4.DLL O3 - Toolbar: DAP Bar - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - C:\PROGRAM FILES\DAP\DAPIEBAR.DLL O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s O4 - HKLM\..\Run: [SystemTray] SysTray.Exe O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme O4 - HKLM\..\Run: [OEMRUNONCE] c:\windows\options\cabs\oemrun.exe O4 - HKLM\..\Run: [EnsoniqMixer] starter.exe O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe O4 - HKLM\..\Run: [Adaptec DirectCD] C:\PROGRA~1\ADAPTEC\DIRECTCD\DIRECTCD.EXE O4 - HKLM\..\Run: [InkWatch] C:\PROGRA~1\GATEWAY\GATEWA~2\INKWATCH.EXE O4 - HKLM\..\Run: [LoadQM] loadqm.exe O4 - HKLM\..\Run: [BCMDMMSG] BCMDMMSG.exe O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\GRISOFT\AVG6\avgcc32.exe /STARTUP O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe O4 - HKLM\..\RunServices: [GoBack Polling Service] C:\Program Files\Adaptec\GoBack\GBPoll.exe O4 - HKLM\..\RunServices: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE O4 - HKLM\..\RunServices: [Avgserv9.exe] C:\PROGRA~1\GRISOFT\AVG6\Avgserv9.exe O4 - HKCU\..\Run: [Yahoo! Pager] C:\PROGRAM FILES\YAHOO!\MESSENGER\ypager.exe -quiet O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe" O4 - HKCU\..\Run: [dlmMgr] "C:\Program Files\Common Files\Adobe\ESD\AdobeDownloadManager.exe" O4 - HKCU\..\Run: [Instant Access] rundll32.exe EGDHTML_1027.dll,InstantAccess O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [mslagent] C:\WINDOWS\mslagent\MSLAGENT_.EXE O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O4 - Startup: Netword Agent.lnk = C:\Program Files\Netword\nwagnt33.exe O4 - Startup: Gateway.net 5.0 Tray Icon.lnk = C:\Gateway.net 5.0\gwtray.exe O8 - Extra context menu item: &Define - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM O8 - Extra context menu item: Look Up in &Encyclopedia - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htm O9 - Extra button: Encarta Encyclopedia (HKLM) O9 - Extra 'Tools' menuitem: Encarta Encyclopedia (HKLM) O9 - Extra button: Define (HKLM) O9 - Extra 'Tools' menuitem: Define (HKLM) O9 - Extra button: Real.com (HKLM) O9 - Extra button: Messenger (HKLM) O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM) O9 - Extra button: ICQ (HKLM) O9 - Extra 'Tools' menuitem: ICQ (HKLM) O9 - Extra button: Net2Phone (HKLM) O9 - Extra 'Tools' menuitem: Net2Phone (HKLM) O9 - Extra button: Run DAP (HKLM) O14 - IERESET.INF: START_PAGE_URL=http://gateway.yahoo.com O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/s...sh/swflash.cab O16 - DPF: {5E943D9C-F8DC-4258-8E3F-A61BB3405A33} (ZingBatchAXDwnl Class) - http://www.zing.com/common/classes/b...on=1,0,2,12011 O16 - DPF: {B5AC24C2-1B3B-11D4-80FD-005004993CCA} - http://toolbar.excite.com/download/exbar.cab O16 - DPF: {928626A3-6B98-11CF-90B4-00AA00A4011F} (SurroundVideoCtrl Object) - http://carpoint.msn.com/Components/O...d/MSSurVid.cab O16 - DPF: {BB47CA33-8B4D-11D0-9511-00C04FD9152D} (ExteriorSurround Object) - http://carpoint.msn.com/Components/O...or/Outside.cab O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://download.yahoo.com/dl/mail/ymmapi.cab O16 - DPF: {0DD4833D-DFFA-11D3-94D7-0050DAC353B6} (DndCtrl Class) - http://www.ofoto.com/OfotoDND.cab O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (sys Class) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB O16 - DPF: {2ABE804B-4D3A-41BF-A172-304627874B45} - http://akamai.downloadv3.com/binarie...ML/EGDHTML.cab Last edited by raggafran; June 29th, 2004 at 03:06 AM. Reason: change of title |
![]() |
Bookmarks |
«
Previous Topic
|
Next Topic
»
Topic Tools | |
|
|
All times are GMT +1. The time now is 09:28 AM.