Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

trojan_spy.html.smitfraud.c


  • Please log in to reply

#1
juan joe

juan joe

    New Member

  • Member
  • Pip
  • 4 posts
Logfile of HijackThis v1.99.1
Scan saved at 10:23:14 AM, on 5/21/2005
Platform: Windows 2000 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\SYSTEM32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\ibmpmsvc.exe
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\NetScreen\NetScreen-Remote\IreIKE.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\NetScreen\NetScreen-Remote\IPSecMon.exe
C:\Program Files\LogMeIn\RaMaint.exe
C:\Program Files\LogMeIn\LogMeIn.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\SYSTEM32\Ati2evxx.exe
C:\WINNT\Explorer.exe
C:\WINNT\popuper.exe
C:\WINNT\System32\intmonp.exe
C:\PROGRA~1\PESTPA~1\PPControl.exe
C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\LogMeIn\ragui.exe
C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-us\msnappau.exe
C:\WINNT\System32\spool\drivers\w32x86\3\hpztsb07.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINNT\AGRSMMSG.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINNT\System32\internat.exe
C:\Program Files\BullGuard Software\BullGuard 5.0\bullguard.exe
C:\Program Files\NetScreen\NetScreen-Remote\SafeCfg.exe
C:\DOCUME~1\Bogota1\LOCALS~1\Temp\40000010f000e0c0d20027\hs.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Bogota1\Desktop\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://qfind.net/bar/index.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.qfind.net/search.php?qq=%s
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.qfind.net/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.quicknavi...earch.php?qq=%1
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.qfind.net/search.php?qq=%s
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.qfind.net/search.php?qq=%s
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.quicknavi...earch.php?qq=%1
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://www.quicknavigate.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = http://www.qfind.net/
F2 - REG:system.ini: Shell=Explorer.exe, msmsgs.exe
F2 - REG:system.ini: UserInit=C:\WINNT\system32\Userinit.exe
O2 - BHO: VMHomepage Class - {FFFFFFFF-FFFF-FFFF-FFFF-FFFFFFFFFFFF} - C:\WINNT\System32\hpF68E.tmp (file missing)
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll (file missing)
O3 - Toolbar: Virtual Maid - {77B2F8DE-CB3F-4b6b-839B-807DD1ADBA1C} - C:\PROGRA~1\VIRTUA~1\VIRTUA~1.DLL (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [PestPatrol Control Center] C:\PROGRA~1\PESTPA~1\PPControl.exe
O4 - HKLM\..\Run: [PPMemCheck] C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
O4 - HKLM\..\Run: [HistorySweep] "C:\PROGRA~1\HISTOR~1\HistorySweep.exe" /autostart
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\ragui.exe"
O4 - HKLM\..\Run: [Security iGuard] C:\Program Files\Security iGuard\Security iGuard.exe
O4 - HKLM\..\Run: [CookiePatrol] C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
O4 - HKLM\..\Run: [avnort] C:\WINNT\msmbw.exe
O4 - HKLM\..\Run: [serpe] C:\WINNT\System32\serbw.exe
O4 - HKLM\..\Run: [Promon.exe] Promon.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-us\msnappau.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINNT\System32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [lwsujyaxzww] C:\WINNT\system32\winnsif.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKLM\..\RunServices: [avnort] C:\WINNT\msmbw.exe
O4 - HKLM\..\RunServices: [serpe] C:\WINNT\System32\serbw.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [BullGuard 5.0] "C:\Program Files\BullGuard Software\BullGuard 5.0\bullguard.exe"
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: NetScreen-Remote.lnk = C:\Program Files\NetScreen\NetScreen-Remote\SafeCfg.exe
O8 - Extra context menu item: &Search - http://bar.mywebsear...?p=ZHxdm039YYCO
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\System32\msjava.dll
O9 - Extra button: Antivirus - {4358161B-A4B8-498E-8019-3DAB50DFD578} - http://www.accesoplu...ras&ver=1&t=new (file missing)
O9 - Extra button: Horoscopo y Tarot - {C8950078-94A4-4C32-BB9C-4666357965AF} - C:\Horoscopo24horas\index.htm
O9 - Extra button: Microsoft AntiSpyware helper - {6E0957E2-8A7C-4BAE-B74D-A7E0D17B402B} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {6E0957E2-8A7C-4BAE-B74D-A7E0D17B402B} - (no file) (HKCU)
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.co...up1.0.0.8-2.cab
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540006} (CInstall Class) - http://www.errorguar...ion/Install.cab
O16 - DPF: {78A730D4-0DF3-4B65-8DD2-BFCD433CEE30} - http://www.surfsecre...PPInstaller.exe
O16 - DPF: {7DD62E58-5FA8-11D2-AFB7-00104B64F126} - http://www.swiftview...a_stat_libs.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O18 - Filter: text/html - {2004836E-C00D-476F-BAAF-5C8162A445DA} - C:\WINNT\System32\hajo.dll
O18 - Filter: text/plain - {2004836E-C00D-476F-BAAF-5C8162A445DA} - C:\WINNT\System32\hajo.dll
O20 - Winlogon Notify: PCANotify - C:\WINNT\SYSTEM32\PCANotify.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINNT\system32\Ati2evxx.exe
O23 - Service: pcAnywhere Host Service (awhost32) - Symantec Corporation - C:\Program Files\Symantec\pcAnywhere\awhost32.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: HistorySweepService - Unknown owner - C:\Program Files\HistorySweep\HSSvc.exe
O23 - Service: IBM PM Service (IBMPMSVC) - Unknown owner - C:\WINNT\system32\ibmpmsvc.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: SafeNet Monitor Service (IPSECMON) - SafeNet - C:\Program Files\NetScreen\NetScreen-Remote\IPSecMon.exe
O23 - Service: SafeNet IKE Service (IREIKE) - SafeNet - C:\Program Files\NetScreen\NetScreen-Remote\IreIKE.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - 3am Labs Ltd. - C:\Program Files\LogMeIn\RaMaint.exe
O23 - Service: LogMeIn - 3am Labs Ltd. - C:\Program Files\LogMeIn\LogMeIn.exe
O23 - Service: Intel® NMS (NMSSvc) - Intel Corporation - C:\WINNT\system32\NMSSvc.exe


Incident Status Location

Adware:Adware/Popuper No disinfected C:\WINNT\popuper.exe
Adware:Adware/Popuper No disinfected C:\WINNT\System32\intmonp.exe
Adware:Adware/FunWeb No disinfected C:\Program Files\MSN Messenger\RICHED20.dll
Adware:Adware/MyWay No disinfected Windows Registry
Adware:Adware/FunWeb No disinfected C:\Program Files\FunWebProducts
Adware:Adware/QuickSearch No disinfected C:\WINNT\downloaded Program Files\Install.inf
Adware:Adware/BlazeFind No disinfected Windows Registry
Adware:Adware/Twain-Tech No disinfected C:\WINNT\satmat.ini
Spyware:Spyware/EasySearchBar No disinfected Windows Registry
Adware:Adware/WUpd No disinfected C:\WINNT\Downloaded Program Files\ActiveX.inf
Spyware:Spyware/Altnet No disinfected Windows Registry
Adware:Adware/SuperSpider No disinfected C:\Documents and Settings\Bogota1\Favorites\online dating.url
Adware:Adware/CWS.Aboutblank No disinfected Windows Registry
Adware:Adware/Transponder No disinfected C:\WINNT\inf\Pynix.inf
Adware:Adware/CWS.HomeSearchAsisstantNo disinfected Windows Registry
Adware:Adware/Popuper No disinfected C:\WINNT\System32\intmonp.exe
Adware:Adware/Virmaid No disinfected Windows Registry
Adware:Adware/Popuper No disinfected C:\Documents and Settings\Bogota1\Favorites\Anti Spam.url
Adware:Adware/Popuper No disinfected C:\Documents and Settings\Bogota1\Favorites\Black Jack Online.url
Adware:Adware/Popuper No disinfected C:\Documents and Settings\Bogota1\Favorites\Home Loan.url
Adware:Adware/Popuper No disinfected C:\Documents and Settings\Bogota1\Favorites\Network Security.url
Adware:Adware/SuperSpider No disinfected C:\Documents and Settings\Bogota1\Favorites\Online Dating.url
Adware:Adware/Popuper No disinfected C:\Documents and Settings\Bogota1\Favorites\Online Gambling.url
Adware:Adware/Popuper No disinfected C:\Documents and Settings\Bogota1\Favorites\Online Pharmacy.url
Adware:Adware/Popuper No disinfected C:\Documents and Settings\Bogota1\Favorites\Spyware Removal.url
Adware:Adware/FunWeb No disinfected C:\Documents and Settings\Bogota1\Local Settings\Temporary Internet Files\Content.IE5\X8299QQO\HistorySwatterFWBInitialSetup1.0.0.8-2[1].cab
Adware:Adware/FunWeb No disinfected C:\Documents and Settings\Bogota1\Local Settings\Temporary Internet Files\Content.IE5\X8299QQO\HistorySwatterFWBInitialSetup1.0.0.8-2[1].cab[f3initialsetup1.0.0.8-2.inf]
Adware:Adware/FunWeb No disinfected C:\Documents and Settings\Bogota1\Local Settings\Temporary Internet Files\Content.IE5\X8299QQO\HistorySwatterFWBInitialSetup1.0.0.8-2[1].cab[f3Setup1.exe]
Adware:Adware/Popuper No disinfected C:\Online Pharmacy.url
Adware:Adware/FunWeb No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\D38D01D3-61AC-41D1-A9BE-3E8C6A\0E127077-D19A-4F1A-802C-ACEAD9
Adware:Adware/MyWebSearch No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\D38D01D3-61AC-41D1-A9BE-3E8C6A\2937E548-C0B8-44A2-BF62-AE1FC6
Adware:Adware/MyWebSearch No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\D38D01D3-61AC-41D1-A9BE-3E8C6A\9CB1EDAB-A3CD-4AFA-9E06-40D042
Adware:Adware/MyWebSearch No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\D38D01D3-61AC-41D1-A9BE-3E8C6A\9E6C3606-F226-4300-8B48-3E5834
Adware:Adware/FunWeb No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\D38D01D3-61AC-41D1-A9BE-3E8C6A\B26BF74D-54AA-4D7C-8923-272525
Adware:Adware/FunWeb No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\D38D01D3-61AC-41D1-A9BE-3E8C6A\CE97C088-FEB8-4DED-8BAD-116B4A
Adware:Adware/FunWeb No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\D38D01D3-61AC-41D1-A9BE-3E8C6A\D1E920AB-0103-444C-835C-4A37FE
Adware:Adware/MyWebSearch No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\D38D01D3-61AC-41D1-A9BE-3E8C6A\E844216C-961E-4EF8-A041-A08949
Adware:Adware/FunWeb No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\D38D01D3-61AC-41D1-A9BE-3E8C6A\E8F2A352-0242-4CF4-B0BD-37265B
Adware:Adware/MyWebSearch No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\D38D01D3-61AC-41D1-A9BE-3E8C6A\EE11B2C1-EE8E-4315-AE0D-9FA765
Adware:Adware/FunWeb No disinfected C:\Program Files\MSN Messenger\riched20.dll
Virus:Eicar.Mod No disinfected C:\Program Files\PestPatrol\Help.chm[HowCanITestDetection.html]
Adware:Adware/WUpd No disinfected C:\WINNT\Downloaded Program Files\ActiveX.inf
Adware:Adware/FunWeb No disinfected C:\WINNT\Downloaded Program Files\f3initialsetup1.0.0.8-2.inf
Adware:Adware/QuickSearch No disinfected C:\WINNT\Downloaded Program Files\Install.inf
Adware:Adware/Transponder No disinfected C:\WINNT\inf\Pynix.inf
Adware:Adware/WinTools No disinfected C:\WINNT\Key2.txt
Adware:Adware/Popuper No disinfected C:\WINNT\popuper.exe
Adware:Adware/IPInsight No disinfected C:\WINNT\satmat.ini
Adware:Adware/Puper No disinfected C:\WINNT\system32\hhk.dll
Adware:Adware/Puper No disinfected C:\WINNT\system32\intmon.exe
Adware:Adware/Popuper No disinfected C:\WINNT\system32\intmonp.exe
Virus:Trj/Downloader.COB Disinfected C:\WINNT\system32\ole32vbs.exe
Adware:Adware/Virmaid No disinfected C:\WINNT\system32\perfcii.ini
  • 0

Advertisements







Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP