Windows XP Pro 2002 SP2
AVG Anti-Spyware - Scan Report
---------------------------------------------------------
+ Created at: 오후 4:27:28 2006-11-07
+ Scan result:
C:\WINDOWS\VXLL0.EXE -> Downloader.Small.ciq : Cleaned with backup (quarantined).
C:\WINDOWS\system32\__delete_on_reboot__d_m_d_s_m_p_4_s_._d_l_l_ -> Worm.Warezov.at : Cleaned with backup (quarantined).
C:\WINDOWS\system32\__delete_on_reboot__c_i_o_3_2_._d_l_l_ -> Worm.Warezov.aw : Cleaned with backup (quarantined).
C:\WINDOWS\system32\__delete_on_reboot__c_i_o_s_t_a_t_._d_l_l_ -> Worm.Warezov.aw : Cleaned with backup (quarantined).
C:\WINDOWS\system32\__delete_on_reboot__c_o_n_f_c_i_o_._d_l_l_ -> Worm.Warezov.aw : Cleaned with backup (quarantined).
C:\WINDOWS\system32\__delete_on_reboot__q_e_d_i_w_d_i_g_._d_l_l_ -> Worm.Warezov.ay : Cleaned with backup (quarantined).
C:\WINDOWS\system32\mqpentsd.exe -> Worm.Warezov.ay : Cleaned with backup (quarantined).
C:\WINDOWS\system32\msutcomd.dll -> Worm.Warezov.ay : Cleaned with backup (quarantined).
C:\WINDOWS\system32\hticwmis.dll -> Worm.Warezov.be : Cleaned with backup (quarantined).
::Report end
Incident Status Location
Virus:W32/Spamta.CY.worm Disinfected Operating system
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\í•„ ì–´ë¹ ~~\Cookies\í•„ ì–´ë¹ ~~@statcounter[1].txt
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\í•„ ì–´ë¹ ~~\Cookies\í•„ ì–´ë¹ ~~@zedo[1].txt
Virus:Bck/Freeze.C Disinfected C:\Documents and Settings\í•„ ì–´ë¹ ~~\Local Settings\Temp\GLF8.EXE
Possible Virus. Not disinfected C:\Program Files\EasyWinCleaner2002\DiskCleaner.exe
Virus:W32/Spamta.ED.worm Disinfected C:\WINDOWS\system32\cioavi.exe
Virus:W32/Spamta.CY.worm Disinfected C:\WINDOWS\system32\e1.dll
HJTL Log:
Logfile of HijackThis v1.99.1
Scan saved at 오후 5:37:00, on 2006-11-07
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Promise Technology, Inc\Promise Array Management\MsgAgt.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\EasyWinCleaner2002\easyoffice.exe
C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\HP\HP Software Update\HPWuSchd.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\SPACE INTERNATIONAL\CDSpace 5\LCDPlyer.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\í•„ ì–´ë¹ ~~\바탕 화면\HijackThis.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [EasyOffice] C:\Program Files\EasyWinCleaner2002\easyoffice.exe /auto
O4 - HKLM\..\Run: [PopUpKiller] del
O4 - HKLM\..\Run: [DownAcc] del
O4 - HKLM\..\Run: [EasyChk] C:\Program Files\EasyWinCleaner2002\easywincleaner.exe /start
O4 - HKLM\..\Run: [imekrmig7.0] "C:\Program Files\Common Files\Microsoft Shared\IME\IMKR7\IMEKRMIG.EXE"
O4 - HKLM\..\Run: [HncUpdate] C:\WINDOWS\system32\HncUpdate.exe /A
O4 - HKLM\..\Run: [ftutil2] rundll32.exe ftutil2.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PRONoMgr.exe] c:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [DXDllRegExe] dxdllreg.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\RunServices: [OAKB0] C:\WINDOWS\OAKB0.EXE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [EasyChk] C:\Program Files\EasyWinCleaner2002\easywincleaner.exe /start
O8 - Extra context menu item: Microsoft Excel로 내보내기(&X) - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: 리서치 - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00001024-B831-448B-9ABD-3D3DF187F359} (DaumGameStarter24 Class) - http://download.netm...meStarter24.cab
O16 - DPF: {0CD2EC08-3CF6-4BC4-BF48-824F4C1994F1} (SecureSession Class) - http://www.samsungfn...oolkitForIE.cab
O16 - DPF: {2931566C-B8A6-46C5-BF4D-E6AB9251E953} (Nexon Package Manager Control) - http://file.nx.com/a...ic_new/nxpm.cab
O16 - DPF: {5E582BD1-6FAA-40F2-87A8-130AD325DABB} (Kdfense7 Control) - http://www.samsungfn...19/kdfense7.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {A00B2A53-60D9-4477-ADA3-60490770C5E0} (Hanmail Upload Control) - http://mail.daum.net...-ax/hanmail.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1....loadManager.ocx
O16 - DPF: {B9B38E70-EEF6-4E3A-AE84-DDE59A053B7C} (Daum ActiveX manager Class) - http://cafeimg.hanma...cab?ver=1,2,2,0
O16 - DPF: {C044CD87-DFB0-4130-A5E4-49361106FBC8} (HanSetupCtrl1008 Class) - http://id.hangame.co...anSetup1008.cab
O16 - DPF: {EC5D5118-9FDE-4A3E-84F3-C2B711740E70} (SKCommAX Control) - http://www.samsungfn...ab/SKCommAX.cab
O20 - AppInit_DLLs: e1.dll qediwdig.dll dmdsmp4s.dll confcio.dll ciostat.dll
O20 - Winlogon Notify: cio - cio32.dll (file missing)
O20 - Winlogon Notify: hticwmis - C:\WINDOWS\system32\hticwmis.dll (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - c:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Promise Array Message Agent (RAIDmAgt) - Promise Technology, Inc. - C:\Program Files\Promise Technology, Inc.\Promise Array Management\MsgAgt.exe
Thank you in advance.