Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Spyware/ malware found


  • Please log in to reply

#1
awk1203

awk1203

    Member

  • Member
  • PipPip
  • 62 posts
Here is the log for AVG and Panda:

Windows XP Pro 2002 SP2

AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 오후 4:27:28 2006-11-07

+ Scan result:



C:\WINDOWS\VXLL0.EXE -> Downloader.Small.ciq : Cleaned with backup (quarantined).
C:\WINDOWS\system32\__delete_on_reboot__d_m_d_s_m_p_4_s_._d_l_l_ -> Worm.Warezov.at : Cleaned with backup (quarantined).
C:\WINDOWS\system32\__delete_on_reboot__c_i_o_3_2_._d_l_l_ -> Worm.Warezov.aw : Cleaned with backup (quarantined).
C:\WINDOWS\system32\__delete_on_reboot__c_i_o_s_t_a_t_._d_l_l_ -> Worm.Warezov.aw : Cleaned with backup (quarantined).
C:\WINDOWS\system32\__delete_on_reboot__c_o_n_f_c_i_o_._d_l_l_ -> Worm.Warezov.aw : Cleaned with backup (quarantined).
C:\WINDOWS\system32\__delete_on_reboot__q_e_d_i_w_d_i_g_._d_l_l_ -> Worm.Warezov.ay : Cleaned with backup (quarantined).
C:\WINDOWS\system32\mqpentsd.exe -> Worm.Warezov.ay : Cleaned with backup (quarantined).
C:\WINDOWS\system32\msutcomd.dll -> Worm.Warezov.ay : Cleaned with backup (quarantined).
C:\WINDOWS\system32\hticwmis.dll -> Worm.Warezov.be : Cleaned with backup (quarantined).


::Report end


Incident Status Location

Virus:W32/Spamta.CY.worm Disinfected Operating system
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\필 어빠~~\Cookies\필 어빠[email protected][1].txt
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\필 어빠~~\Cookies\필 어빠[email protected][1].txt
Virus:Bck/Freeze.C Disinfected C:\Documents and Settings\필 어빠~~\Local Settings\Temp\GLF8.EXE
Possible Virus. Not disinfected C:\Program Files\EasyWinCleaner2002\DiskCleaner.exe
Virus:W32/Spamta.ED.worm Disinfected C:\WINDOWS\system32\cioavi.exe
Virus:W32/Spamta.CY.worm Disinfected C:\WINDOWS\system32\e1.dll


HJTL Log:

Logfile of HijackThis v1.99.1
Scan saved at 오후 5:37:00, on 2006-11-07
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Promise Technology, Inc\Promise Array Management\MsgAgt.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\EasyWinCleaner2002\easyoffice.exe
C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\HP\HP Software Update\HPWuSchd.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\SPACE INTERNATIONAL\CDSpace 5\LCDPlyer.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\필 어빠~~\바탕 화면\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [EasyOffice] C:\Program Files\EasyWinCleaner2002\easyoffice.exe /auto
O4 - HKLM\..\Run: [PopUpKiller] del
O4 - HKLM\..\Run: [DownAcc] del
O4 - HKLM\..\Run: [EasyChk] C:\Program Files\EasyWinCleaner2002\easywincleaner.exe /start
O4 - HKLM\..\Run: [imekrmig7.0] "C:\Program Files\Common Files\Microsoft Shared\IME\IMKR7\IMEKRMIG.EXE"
O4 - HKLM\..\Run: [HncUpdate] C:\WINDOWS\system32\HncUpdate.exe /A
O4 - HKLM\..\Run: [ftutil2] rundll32.exe ftutil2.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PRONoMgr.exe] c:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [DXDllRegExe] dxdllreg.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\RunServices: [OAKB0] C:\WINDOWS\OAKB0.EXE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [EasyChk] C:\Program Files\EasyWinCleaner2002\easywincleaner.exe /start
O8 - Extra context menu item: Microsoft Excel로 내보내기(&X) - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: 리서치 - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00001024-B831-448B-9ABD-3D3DF187F359} (DaumGameStarter24 Class) - http://download.netm...meStarter24.cab
O16 - DPF: {0CD2EC08-3CF6-4BC4-BF48-824F4C1994F1} (SecureSession Class) - http://www.samsungfn...oolkitForIE.cab
O16 - DPF: {2931566C-B8A6-46C5-BF4D-E6AB9251E953} (Nexon Package Manager Control) - http://file.nx.com/a...ic_new/nxpm.cab
O16 - DPF: {5E582BD1-6FAA-40F2-87A8-130AD325DABB} (Kdfense7 Control) - http://www.samsungfn...19/kdfense7.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {A00B2A53-60D9-4477-ADA3-60490770C5E0} (Hanmail Upload Control) - http://mail.daum.net...-ax/hanmail.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1....loadManager.ocx
O16 - DPF: {B9B38E70-EEF6-4E3A-AE84-DDE59A053B7C} (Daum ActiveX manager Class) - http://cafeimg.hanma...cab?ver=1,2,2,0
O16 - DPF: {C044CD87-DFB0-4130-A5E4-49361106FBC8} (HanSetupCtrl1008 Class) - http://id.hangame.co...anSetup1008.cab
O16 - DPF: {EC5D5118-9FDE-4A3E-84F3-C2B711740E70} (SKCommAX Control) - http://www.samsungfn...ab/SKCommAX.cab
O20 - AppInit_DLLs: e1.dll qediwdig.dll dmdsmp4s.dll confcio.dll ciostat.dll
O20 - Winlogon Notify: cio - cio32.dll (file missing)
O20 - Winlogon Notify: hticwmis - C:\WINDOWS\system32\hticwmis.dll (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - c:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Promise Array Message Agent (RAIDmAgt) - Promise Technology, Inc. - C:\Program Files\Promise Technology, Inc.\Promise Array Management\MsgAgt.exe



Thank you in advance.
  • 0

Advertisements







Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP