Logfile of HijackThis v1.99.1
Scan saved at 11:29:33 PM, on 10/20/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\Program Files\Grisoft\AVG Free\avgcc.exe
C:\Program Files\TrojanHunter 4.2\TrojanHunter.exe
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\DESKTOP\HijackThis-1.exe
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.ampmsearch.com/sp2.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.ampmsearch.com/sp2.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.ampmsearch.com/sp2.php
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Internet Explorer Web Content Catcher - {FFF4E223-7019-4ce7-BE03-D7D3C8CCE884} - C:\Program Files\DNS\Catcher.dll
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [stratas] lockx.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [System service76] C:\WINDOWS\etb\pokapoka76.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.2\THGuard.exe"
O4 - HKLM\..\RunServices: [stratas] lockx.exe
O4 - HKCU\..\Run: [stratas] lockx.exe
O4 - HKCU\..\Run: [services32] C:\Program Files\Common Files\Windows\mc-67-525-0000166.exe
O4 - HKCU\..\Run: [DNS] C:\Program Files\Common Files\mc-67-525-0000166.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: Freeprod Toolbar - {77FBF9B8-1D37-4FF2-9CED-192D8E3ABA6F} - C:\Program Files\Freeprod Toolbar\freeprod.dll
O9 - Extra 'Tools' menuitem: Freeprod Toolbar - {77FBF9B8-1D37-4FF2-9CED-192D8E3ABA6F} - C:\Program Files\Freeprod Toolbar\freeprod.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akama...meInstaller.exe
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = Africashope.local
O17 - HKLM\Software\..\Telephony: DomainName = Africashope.local
O17 - HKLM\System\CCS\Services\Tcpip\..\{47F75388-D6C0-4B1A-8606-7269F6E072F0}: NameServer = 192.168.1.11,166.102.165.11
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = Africashope.local
O17 - HKLM\System\CS1\Services\Tcpip\..\{47F75388-D6C0-4B1A-8606-7269F6E072F0}: NameServer = 192.168.1.11,166.102.165.11
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = Africashope.local
O17 - HKLM\System\CS2\Services\Tcpip\..\{47F75388-D6C0-4B1A-8606-7269F6E072F0}: NameServer = 192.168.1.11,166.102.165.11
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe
---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------
+ Created on: 11:25:18 PM, 10/19/2005
+ Report-Checksum: 266AD532
+ Scan result:
HKU\S-1-5-21-1754988009-2803443687-2431388787-500\Software\DNS -> Adware.Shorty : Cleaned with backup
[672] C:\WINDOWS\etb\nt_hide76.dll -> Trojan.EliteBar.a : Cleaned with backup
[2116] C:\WINDOWS\etb\pokapoka76.exe -> Trojan.EliteBar.a : Cleaned with backup
[3844] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\1507650_3844_2116_3936_76.41.tmp -> Trojan.EliteBar.a : Cleaned with backup
C:\Documents and Settings\Administrator\Local Settings\Temp\1049246_2868_2116_3404_76.41.tmp -> Trojan.EliteBar.a : Cleaned with backup
C:\Documents and Settings\Administrator\Local Settings\Temp\131456_3172_1096_3220_75.41.tmp -> TrojanDownloader.Agent.tv : Cleaned with backup
C:\Documents and Settings\Administrator\Local Settings\Temp\131456_3172_1096_3220_75.41.tmp1 -> Trojan.EliteBar.d : Cleaned with backup
C:\Documents and Settings\Administrator\Local Settings\Temp\131922_2868_2116_292_76.41.tmp -> Trojan.EliteBar.a : Cleaned with backup
C:\Documents and Settings\Administrator\Local Settings\Temp\132074_2868_2116_3340_76.41.tmp -> Trojan.EliteBar.a : Cleaned with backup
C:\Documents and Settings\Administrator\Local Settings\Temp\1507650_3844_2116_3936_76.41.tmp -> Trojan.EliteBar.a : Cleaned with backup
C:\Documents and Settings\Administrator\Local Settings\Temp\1704636_2868_2116_404_76.41.tmp -> Trojan.EliteBar.a : Cleaned with backup
C:\Documents and Settings\Administrator\Local Settings\Temp\197506_2868_2116_3116_76.41.tmp -> Trojan.EliteBar.a : Cleaned with backup
C:\Documents and Settings\Administrator\Local Settings\Temp\262344_532_1540_1964_75.41.tmp -> TrojanDownloader.Agent.tv : Cleaned with backup
C:\Documents and Settings\Administrator\Local Settings\Temp\262344_532_1540_1964_75.41.tmp1 -> Trojan.EliteBar.d : Cleaned with backup
C:\Documents and Settings\Administrator\Local Settings\Temp\328216_3732_1112_3784_75.41.tmp -> TrojanDownloader.Agent.tv : Cleaned with backup
C:\Documents and Settings\Administrator\Local Settings\Temp\328216_3732_1112_3784_75.41.tmp1 -> Trojan.EliteBar.d : Cleaned with backup
C:\Documents and Settings\Administrator\Local Settings\Temp\328310_2056_1316_1912_75.41.tmp -> TrojanDownloader.Agent.tv : Cleaned with backup
C:\Documents and Settings\Administrator\Local Settings\Temp\328310_2056_1316_1912_75.41.tmp1 -> Trojan.EliteBar.d : Cleaned with backup
C:\Documents and Settings\Administrator\Local Settings\Temp\458954_2868_2116_4024_76.41.tmp -> Trojan.EliteBar.a : Cleaned with backup
C:\Documents and Settings\Administrator\Local Settings\Temp\459646_2868_2116_2412_76.41.tmp -> Trojan.EliteBar.a : Cleaned with backup
C:\Documents and Settings\Administrator\Local Settings\Temp\524810_3844_2116_1696_76.41.tmp -> Trojan.EliteBar.a : Cleaned with backup
C:\Documents and Settings\Administrator\Local Settings\Temp\524912_2488_588_2556_75.41.tmp -> TrojanDownloader.Agent.tv : Cleaned with backup
C:\Documents and Settings\Administrator\Local Settings\Temp\524912_2488_588_2556_75.41.tmp1 -> Trojan.EliteBar.d : Cleaned with backup
C:\Documents and Settings\Administrator\Local Settings\Temp\525106_2868_2116_3376_76.41.tmp -> Trojan.EliteBar.a : Cleaned with backup
C:\Documents and Settings\Administrator\Local Settings\Temp\655562_2868_2116_2456_76.41.tmp -> Trojan.EliteBar.a : Cleaned with backup
C:\Documents and Settings\Administrator\Local Settings\Temp\656016_2868_2116_2148_76.41.tmp -> Trojan.EliteBar.a : Cleaned with backup
C:\Documents and Settings\Administrator\Local Settings\Temp\66112_532_1540_2104_75.41.tmp -> TrojanDownloader.Agent.tv : Cleaned with backup
C:\Documents and Settings\Administrator\Local Settings\Temp\66112_532_1540_2104_75.41.tmp1 -> Trojan.EliteBar.d : Cleaned with backup
C:\Documents and Settings\Administrator\Local Settings\Temp\66602_2868_2116_3408_76.41.tmp -> Trojan.EliteBar.a : Cleaned with backup
C:\Documents and Settings\Administrator\Local Settings\Temp\721452_3844_2116_596_76.41.tmp -> Trojan.EliteBar.a : Cleaned with backup
C:\Documents and Settings\Administrator\Local Settings\Temp\787262_2868_2116_3988_76.41.tmp -> Trojan.EliteBar.a : Cleaned with backup
C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\administrator@adtech[2].txt -> Spyware.Cookie.Adtech : Cleaned with backup
C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\administrator@com[2].txt -> Spyware.Cookie.Com : Cleaned with backup
C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\administrator@ivwbox[1].txt -> Spyware.Cookie.Ivwbox : Cleaned with backup
C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\administrator@revenue[2].txt -> Spyware.Cookie.Revenue : Cleaned with backup
C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\[email protected][1].txt -> Spyware.Cookie.Adserver : Cleaned with backup
C:\Documents and Settings\Administrator\Local Settings\Temp\Temporary Internet Files\Content.IE5\D0CW3QPN\silent_jocker[1].exe -> Spyware.EliteBar : Cleaned with backup
C:\Documents and Settings\Administrator\msdirectx.sys -> Trojan.Rootkit.h : Cleaned with backup
C:\Documents and Settings\Administrator\My Documents\filelib\msdirectx.sys -> Trojan.Rootkit.h : Cleaned with backup
C:\Program Files\Common Files\Network Associates\VirusScan Engine\4.0.xx\msdirectx.sys -> Trojan.Rootkit.h : Cleaned with backup
C:\Program Files\Common Files\system32.dll/gui.exe -> TrojanDownloader.Agent.rv : Cleaned with backup
C:\Program Files\Common Files\__delete_on_reboot__services.exe -> Spyware.Maxifiles : Cleaned with backup
C:\Program Files\DNS\gui.exe -> TrojanDownloader.Agent.rv : Cleaned with backup
C:\RECYCLER\S-1-5-21-1754988009-2803443687-2431388787-500\Dc2.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\WINDOWS\etb\nt_hide76.dll -> Trojan.EliteBar.a : Cleaned with backup
C:\WINDOWS\etb\pokapoka76.exe -> Trojan.EliteBar.a : Cleaned with backup
C:\xz.bat -> Trojan.KillProc.a : Cleaned with backup
::Report End
thank you