Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:09:00 PM, on 3/13/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
D:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\system32\Tablet.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ATK0100\Hcontrol.exe
C:\WINDOWS\system32\ICO.EXE
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Program Files\Sony\ISB Utility\ISBMgr.exe
C:\Program Files\Sony\HotKey Utility\HKserv.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\ATK0100\ATKOSD.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
D:\Program Files\Rainlendar2\Rainlendar2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Sony\HotKey Utility\HKWnd.exe
d:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
d:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\system32\Notepad.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Documents and Settings\An@\Desktop\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [Hcontrol] C:\WINDOWS\ATK0100\Hcontrol.exe
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
O4 - HKLM\..\Run: [SonyPowerCfg] C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
O4 - HKLM\..\Run: [ISBMgr.exe] C:\Program Files\Sony\ISB Utility\ISBMgr.exe
O4 - HKLM\..\Run: [HKSERV.EXE] C:\Program Files\Sony\HotKey Utility\HKserv.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "d:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [Rainlendar2] D:\Program Files\Rainlendar2\Rainlendar2.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - .DEFAULT User Startup: E-Flyer.lnk = C:\Program Files\Sony\E-Flyer\E-Flyer.exe (User 'Default user')
O8 - Extra context menu item: Append to existing PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O14 - IERESET.INF: START_PAGE_URL=http://vaio-online.sony.com/
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) -
http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cabO16 - DPF: {1EF9F042-C2EB-4293-8213-474CAEEF531D} (TmHcmsX Control) -
http://www.trendsecure.com/framework/contr...vex/TmHcmsX.CABO16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) -
http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cabO16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) -
http://gfx1.mail.live.com/mail/w1/resources/MSNPUpld.cabO16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) -
http://www.eset.eu/buxus/docs/OnlineScanner.cabO16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
http://update.microsoft.com/windowsupdate/...b?1178672847203O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
http://update.microsoft.com/microsoftupdat...b?1178673702639O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) -
http://www.photoservice.com/aurigma/ImageUploader4.cabO16 - DPF: {A8080502-0C9E-44BD-AE83-D44698E43992} (DvssViewer Control) -
http://201.230.15.16:3500/dvssviewer.cabO16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) -
http://cdn2.zone.msn.com/binFramework/v10/...ro.cab56649.cabO16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) -
http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cabO16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cabO16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) -
http://messenger.zone.msn.com/binary/MineS...er.cab56986.cabO16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) -
http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cabO17 - HKLM\System\CCS\Services\Tcpip\..\{314CC471-080C-4B5B-A24E-9EF37CC4C72B}: NameServer = 200.48.0.38,200.48.0.50
O17 - HKLM\System\CCS\Services\Tcpip\..\{A960E644-4000-4106-B71C-F7250A7E701A}: NameServer = 200.48.225.130,200.48.225.146
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - d:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: NMSAccessU - Unknown owner - D:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\Pacsptisvr.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Routing and Remote Access RemoteAccess Service (RemoteAccess Service) - Unknown owner - C:\WINDOWS\system32\adsnwb.exe (file missing)
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\Sptisrv.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe
--
End of file - 11626 bytes
---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------
+ Created at: 9:33:36 PM 3/12/2008
+ Scan result:
HKLM\SOFTWARE\Classes\WR -> Adware.Generic : Cleaned.
C:\Documents and Settings\An@\Application Data\Τаsks\explorer.exe -> Downloader.PurityScan.ez : Cleaned.
C:\Documents and Settings\Valerie\Cookies\valerie[arroba]2o7[2].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Valerie\Cookies\valerie[arroba]adtech[1].txt -> TrackingCookie.Adtech : Cleaned.
C:\Documents and Settings\Valerie\Cookies\valerie[arroba]advertising[1].txt -> TrackingCookie.Advertising : Cleaned.
C:\Documents and Settings\Valerie\Cookies\valerie[arroba]atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned.
C:\Documents and Settings\Valerie\Cookies\valerie[arroba]www.burstbeacon[1].txt -> TrackingCookie.Burstbeacon : Cleaned.
C:\Documents and Settings\Valerie\Cookies\valerie[arroba]burstnet[2].txt -> TrackingCookie.Burstnet : Cleaned.
C:\Documents and Settings\Valerie\Cookies\valerie[arroba]www.burstnet[1].txt -> TrackingCookie.Burstnet : Cleaned.
C:\Documents and Settings\Valerie\Cookies\valerie[arroba]doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned.
C:\Documents and Settings\Valerie\Cookies\valerie[arroba]stat.onestat[2].txt -> TrackingCookie.Onestat : Cleaned.
C:\Documents and Settings\Valerie\Cookies\valerie[arroba]revsci[2].txt -> TrackingCookie.Revsci : Cleaned.
C:\Documents and Settings\An@\Cookies\an@@smartadserver[2].txt -> TrackingCookie.Smartadserver : Cleaned.
C:\Documents and Settings\Valerie\Cookies\valerie[arroba]smartadserver[2].txt -> TrackingCookie.Smartadserver : Cleaned.
C:\Documents and Settings\Valerie\Cookies\valerie[arroba]anad.tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\Valerie\Cookies\valerie[arroba]tacoda[2].txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\Valerie\Cookies\valerie[arroba]tradedoubler[1].txt -> TrackingCookie.Tradedoubler : Cleaned.
C:\Documents and Settings\Valerie\Cookies\valerie[arroba]tribalfusion[2].txt -> TrackingCookie.Tribalfusion : Cleaned.
C:\Documents and Settings\An@\Cookies\an@@weborama[2].txt -> TrackingCookie.Weborama : Cleaned.
C:\Documents and Settings\Valerie\Cookies\valerie[arroba]ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\Documents and Settings\Valerie\Cookies\valerie[arroba]zedo[1].txt -> TrackingCookie.Zedo : Cleaned.
::Report end
Thu Mar 13 01:00:25 2008
EliStartPage v15.85 ©2008 S.G.H. / Satinfo S.L.
--------------------------------------------------
Lista de Acciones (por Acción Directa):
Key Eliminada [WinLogon\Notify\MLJKIIG] -> C:\WINDOWS\SYSTEM32\mljkiig.dll
Key Eliminada [WinLogon\Notify\SSQPONL] -> C:\WINDOWS\SYSTEM32\ssqponl.dll
C:\WINDOWS\SYSTEM32\GTDOWNLR_134.OCX --> Eliminado GTDown
Eliminada Class, "{25365FF3-2746-4230-9DA7-163CCA318309}" -> C:\WINDOWS\system32\gtdownlr_134.ocx
Restaurado fichero de Configuración del IE, (IERESET.INF)
Eliminadas las Paginas de Inicio y de Busqueda del IE
Eliminados Ficheros Temporales del IE
Thu Mar 13 01:00:55 2008
EliStartPage v15.85 ©2008 S.G.H. / Satinfo S.L.
--------------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad C:\
C:\WINDOWS\NIRCMD.EXE --> Infectado, Tool-NirCmd
Nº Total de Directorios: 6792
Nº Total de Ficheros: 96811
Nº de Ficheros Analizados: 37656
Nº de Ficheros Infectados: 1
Nº de Ficheros Limpiados: 0
Thu Mar 13 01:55:45 2008
EliStartPage v15.85 ©2008 S.G.H. / Satinfo S.L.
--------------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad D:\
D:\Program Files\Adobe\Adobe Photoshop CS3\MATLAB\PSTOOLBOX.HTML --> Infectado, MalWare.Celular
Nº Total de Directorios: 3869
Nº Total de Ficheros: 23414
Nº de Ficheros Analizados: 7009
Nº de Ficheros Infectados: 1
Nº de Ficheros Limpiados: 0
Thu Mar 13 13:35:20 2008
EliStartPage v15.85 ©2008 S.G.H. / Satinfo S.L.
--------------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad E:\
Nº Total de Directorios: 0
Nº Total de Ficheros: 0
Nº de Ficheros Analizados: 0
Nº de Ficheros Infectados: 0
Nº de Ficheros Limpiados: 0
Thu Mar 13 13:35:24 2008
EliStartPage v15.85 ©2008 S.G.H. / Satinfo S.L.
--------------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad F:\
Nº Total de Directorios: 0
Nº Total de Ficheros: 0
Nº de Ficheros Analizados: 0
Nº de Ficheros Infectados: 0
Nº de Ficheros Limpiados: 0
Thu Mar 13 13:35:28 2008
EliStartPage v15.85 ©2008 S.G.H. / Satinfo S.L.
--------------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad G:\
Nº Total de Directorios: 0
Nº Total de Ficheros: 0
Nº de Ficheros Analizados: 0
Nº de Ficheros Infectados: 0
Nº de Ficheros Limpiados: 0
Thu Mar 13 13:35:32 2008
EliStartPage v15.85 ©2008 S.G.H. / Satinfo S.L.
--------------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad H:\
Nº Total de Directorios: 0
Nº Total de Ficheros: 0
Nº de Ficheros Analizados: 0
Nº de Ficheros Infectados: 0
Nº de Ficheros Limpiados: 0
Thu Mar 13 13:35:35 2008
EliStartPage v15.85 ©2008 S.G.H. / Satinfo S.L.
--------------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad C:\
C:\WINDOWS\NIRCMD.EXE --> Infectado, Tool-NirCmd
Nº Total de Directorios: 6795
Nº Total de Ficheros: 97600
Nº de Ficheros Analizados: 37702
Nº de Ficheros Infectados: 1
Nº de Ficheros Limpiados: 0
Muchas gracias por su ayuda.
Iexplorer se cierra, Laptop reinicia cuando chequeo virus
Mar 12 2008, 12:51 PM
