Need Major Help with Trojan viruses and Aurora

here is my startuplist i will post a hijack list later....

StartupList report, 6/18/2005, 9:55:04 PM
StartupList version: 1.52
Started from : D:\startuplist1521\StartupList.EXE
Detected: Windows XP SP2 (WinNT 5.01.2600)
Detected: Internet Explorer v6.00 SP2 (6.00.2900.2180)
* Using default options
==================================================

Running processes:

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\system32\cba\pds.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\cba\xfr.exe
C:\WINDOWS\system32\MsgSys.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\nsvsvc\nsvsvc.exe
C:\WINDOWS\system32\vnakla.exe
C:\WINDOWS\system32\exp.exe
C:\WINDOWS\system32\wintask.exe
C:\Program Files\AIM\aim.exe
C:\WINDOWS\system32\wmieftp.exe
C:\Program Files\Messenger\msmsgs.exe
c:\windows\system32\jcvjybi.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32Info.exe
D:\startuplist1521\StartupList.exe

--------------------------------------------------

Checking Windows NT UserInit:

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

TkBellExe = "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
QuickTime Task = "C:\Program Files\QuickTime\qttask.exe" -atboottime
PSof1 = C:\WINDOWS\system32\PSof1.exe
regsync = C:\WINDOWS\system32\regsync.exe
Nsv = C:\WINDOWS\system32\nsvsvc\nsvsvc.exe
KavSvc = C:\WINDOWS\system32\vnakla.exe reg_run
exp.exe = C:\WINDOWS\system32\exp.exe
WinTask driver = C:\WINDOWS\system32\wintask.exe
checkrun = C:\windows\system32\elitegvj32.exe
fdwofyj = c:\windows\system32\jcvjybi.exe r
Win Server Updt = C:\WINDOWS\wupdt.exe

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce

AOLDeskbarDirRemoval = cmd.exe /C rd "C:\Program Files\AOL Deskbar"

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run

AIM = C:\Program Files\AIM\aim.exe -cnetwait.odl
do06RPdnP = wmieftp.exe
MSMSGS = "C:\Program Files\Messenger\msmsgs.exe" /background

--------------------------------------------------

Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:

Shell=*INI section not found*
SCRNSAVE.EXE=*INI section not found*
drivers=*INI section not found*

Shell & screensaver key from Registry:

Shell=Explorer.exe C:\WINDOWS\Nail.exe
SCRNSAVE.EXE=C:\WINDOWS\System32\logon.scr
drivers=*Registry value not found*

Policies Shell key:

HKCU\..\Policies: Shell=*Registry key not found*
HKLM\..\Policies: Shell=*Registry value not found*

--------------------------------------------------

Enumerating Browser Helper Objects:

(no name) - C:\WINDOWS\systb.dll - {01F44A8A-8C97-4325-A378-76E68DC4AB2E}
(no name) - C:\WINDOWS\system32\vbrundll.dll - {197B8CA4-E215-46DD-8F33-E0544A80E5C4}

--------------------------------------------------

Enumerating Task Scheduler jobs:

AF7815459187875D.job
Symantec NetDetect.job

--------------------------------------------------

Enumerating Download Program Files:

[Shockwave ActiveX Control]
InProcServer32 = C:\WINDOWS\system32\macromed\Shockwave 10\Download.dll
CODEBASE = http://download.macr...director/sw.cab

[Office Update Installation Engine]
InProcServer32 = C:\WINDOWS\opuc.dll
CODEBASE = http://office.micros...ontent/opuc.cab

[{426F81A5-0B8C-4948-8115-11606FD3F389}]
CODEBASE = http://www.serialspo...als/serials.cab

[RdxIE Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\RdxIE.dll
CODEBASE = http://software-dl.r...ip/RdxIE601.cab

[Update Class]
InProcServer32 = C:\WINDOWS\system32\iuctl.dll
CODEBASE = http://v4.windowsupd...8515.7873263889

[download_35mb_com.applet]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\applet.ocx
CODEBASE = http://www.35mb.com/downloadapplet.cab

[ASquaredScanForm Element]
InProcServer32 = C:\WINDOWS\DOWNLO~1\axscan.ocx
CODEBASE = http://www.windowsec...scan/axscan.cab

[Shockwave Flash Object]
InProcServer32 = C:\WINDOWS\system32\macromed\flash\Flash.ocx
CODEBASE = http://fpdownload.ma...ash/swflash.cab

--------------------------------------------------

Enumerating ShellServiceObjectDelayLoad items:

PostBootReminder: C:\WINDOWS\system32\SHELL32.dll
CDBurn: C:\WINDOWS\system32\SHELL32.dll
WebCheck: C:\WINDOWS\System32\webcheck.dll
SysTray: C:\WINDOWS\System32\stobject.dll

--------------------------------------------------
End of report, 6,111 bytes
Report generated in 0.090 seconds

Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only

#1
bonecollector

Posted 18 June 2005 - 05:19 PM

Advertisements

#2
bonecollector

Posted 18 June 2005 - 07:51 PM

#3
bonecollector

Posted 18 June 2005 - 07:57 PM

Similar Topics

0 user(s) are reading this topic

As Featured On:

Forums

Downloads

Members

Connect With Us