Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Richie Uk! My Scan Reports!


  • This topic is locked This topic is locked
2 replies to this topic

#1 Daniela Morato

Daniela Morato

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:04:05 AM

Posted 06 February 2007 - 05:43 PM

Hi Richie UK!! my computer seems to be ok,its working well, i don´t really know but i´m sendig you the scans reports from avg, fsecure and HijackThis...thank u!! i hope my reports are ok!
thanks a lot!

Logfile of HijackThis v1.99.1
Scan saved at 03:33:56 p.m., on 06/02/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\carpserv.exe
C:\Archivos de programa\QuickTime\qttask.exe
C:\Archivos de programa\Winamp\winampa.exe
C:\Archivos de programa\Hewlett-Packard\Toolbox\StatusClient\StatusClient.exe
C:\Archivos de programa\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Archivos de programa\Webroot\Spy Sweeper\SpySweeper.exe
C:\Archivos de programa\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Archivos de programa\Messenger\msmsgs.exe
C:\Archivos de programa\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Archivos de programa\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\Archivos de programa\Hewlett-Packard\Toolbox\jre\bin\javaw.exe
C:\WINDOWS\system32\svchost.exe
C:\Archivos de programa\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\system32\UStorSrv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Archivos de programa\Internet Explorer\IEXPLORE.EXE
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Archivos de programa\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [CorelDRAW Graphics Suite 11b] C:\Archivos de programa\Corel\Corel Graphics 12\Languages\ES\Programs\Registration.exe /title="CorelDRAW Graphics Suite 12" /date=021207 serial=DR12WRX-0044492-HZB lang=ES
O4 - HKLM\..\Run: [QuickTime Task] "C:\Archivos de programa\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WinampAgent] C:\Archivos de programa\Winamp\winampa.exe
O4 - HKLM\..\Run: [StatusClient 2.6] C:\Archivos de programa\Hewlett-Packard\Toolbox\StatusClient\StatusClient.exe /auto
O4 - HKLM\..\Run: [TomcatStartup 2.5] C:\Archivos de programa\Hewlett-Packard\Toolbox\hpbpsttp.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Archivos de programa\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [SpySweeper] "C:\Archivos de programa\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Archivos de programa\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Archivos de programa\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MsnMsgr] "C:\Archivos de programa\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Archivos de programa\Archivos comunes\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Archivos de programa\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\ARCHIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Referencia - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARCHIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://eu-housecall.trendmicro-europe.com/...ivex/hcImpl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by123fd.bay123.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - http://support.f-secure.com/ols/fscax.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Archivos de programa\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Archivos de programa\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Archivos de programa\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: UStorage Server Service - OTi - C:\WINDOWS\system32\UStorSrv.exe

Scanning Report
Saturday, February 03, 2007 17:27:17 - 20:54:38
Computer name: DAN
Scanning type: Scan system for viruses, rootkits, spyware
Target: C:\


--------------------------------------------------------------------------------

Result: 4 malware found
Tracking Cookie (spyware)
System (Disinfected)
Trojan-Clicker.Win32.VB.qc (virus)
C:\WINDOWS\apvxdwin.exe (Renamed & Submitted)
C:\Documents and Settings\usu\.housecall6.6\Quarantine\SysArc.exe.bac_a07244 (Renamed & Submitted)
C:\Documents and Settings\usu\.housecall6.6\Quarantine\uj[2].txt.bac_a07244 (Renamed & Submitted)

--------------------------------------------------------------------------------

Statistics
Scanned:
Files: 146800
System: 4039
Not scanned: 63
Actions:
Disinfected: 1
Renamed: 3
Deleted: 0
None: 0
Submitted: 3
Files not scanned:
€Ť›x›ER\NPROTECT\00003180.PPS\00003180
C:\RECYCLER\NPROTECT\00003354.PPS\00003354
C:\RECYCLER\NPROTECT\00003378.MPG\00003378
C:\RECYCLER\NPROTECT\00003494.MPG\00003494
C:\RECYCLER\NPROTECT\00003538.ZIP\00003538
C:\RECYCLER\NPROTECT\00003576.MPG\00003576
C:\RECYCLER\NPROTECT\00003611.PPS\00003611
C:\RECYCLER\NPROTECT\00003666.WMV\00003666
C:\RECYCLER\NPROTECT\00003779.WMV\00003779
C:\RECYCLER\NPROTECT\00003819.JPG\00003819
C:\RECYCLER\NPROTECT\00003835.WMV\00003835
C:\RECYCLER\NPROTECT\00003901.WMA\00003901
C:\DOCUMENTS AND SETTINGS\USU\NTUSER.DAT
C:\DOCUMENTS AND SETTINGS\USU\CONFIGURACIóN LOCAL\TEMP\JAR_CACHE6034.TMP
C:\DOCUMENTS AND SETTINGS\USU\CONFIGURACIóN LOCAL\TEMP\~DF4585.TMP
C:\DOCUMENTS AND SETTINGS\USU\CONFIGURACIóN LOCAL\TEMP\~DF57E0.TMP
C:\DOCUMENTS AND SETTINGS\USU\CONFIGURACIóN LOCAL\TEMP\~DF7822.TMP
C:\DOCUMENTS AND SETTINGS\USU\CONFIGURACIóN LOCAL\TEMP\~DFA00A.TMP
C:\DOCUMENTS AND SETTINGS\USU\CONFIGURACIóN LOCAL\TEMP\~DFB2C2.TMP
C:\DOCUMENTS AND SETTINGS\USU\CONFIGURACIóN LOCAL\TEMP\~DFBA6.TMP
C:\DOCUMENTS AND SETTINGS\USU\CONFIGURACIóN LOCAL\TEMP\~PST1794.TMP
C:\DOCUMENTS AND SETTINGS\USU\CONFIGURACIóN LOCAL\TEMP\~PST5337.TMP
C:\DOCUMENTS AND SETTINGS\USU\CONFIGURACIóN LOCAL\DATOS DE PROGRAMA\MICROSOFT\WINDOWS\USRCLASS.DAT
C:\Documents and Settings\usu\Configuración local\Archivos temporales de Internet\Content.IE5\KLMNKDQJ\topic34773[1].html\topic34773[1]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\NTUSER.DAT
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\CONFIGURACIóN LOCAL\DATOS DE PROGRAMA\MICROSOFT\WINDOWS\USRCLASS.DAT
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\NTUSER.DAT
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\DATOS DE PROGRAMA\WEBROOT\SPY SWEEPER\TEMP\SSCS08EB7185-72C7-4CAE-B3D1-F43D35A756AF.TMP
C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\CONFIGURACIóN LOCAL\DATOS DE PROGRAMA\MICROSOFT\WINDOWS\USRCLASS.DAT
C:\Documents and Settings\All Users\Datos de programa\Spybot - Search & Destroy\Recovery\FunWeb.zip\sbRecovery.reg
C:\Documents and Settings\All Users\Datos de programa\Spybot - Search & Destroy\Recovery\FunWeb1.zip\sbRecovery.reg
C:\Documents and Settings\All Users\Datos de programa\Spybot - Search & Destroy\Recovery\FunWebProducts.zip\sbRecovery.reg
C:\Documents and Settings\All Users\Datos de programa\Spybot - Search & Destroy\Recovery\FunWebProducts1.zip\sbRecovery.reg
C:\Documents and Settings\All Users\Datos de programa\Spybot - Search & Destroy\Recovery\FunWebProducts2.zip\sbRecovery.reg
C:\Documents and Settings\All Users\Datos de programa\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSecurityCenterAntiVirusOverride.zip\sbRecovery.reg
C:\Documents and Settings\All Users\Datos de programa\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSecurityCenterFirewallOverride.zip\sbRecovery.reg
C:\Documents and Settings\All Users\Datos de programa\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch.zip\bar/History/search2
C:\Documents and Settings\All Users\Datos de programa\Spybot - Search & Destroy\Recovery\MyWayM

--------------------------------------------------------------------------------

Options
Scanning engines:
F-Secure Libra: 2.4.2, 2007-02-01
F-Secure AVP: 7.0.171, 2007-02-03
F-Secure Orion: 1.2.37, 2007-02-02
F-Secure Blacklight: 1.0.53, 0000-00-00
F-Secure Draco: 1.0.35, 2007-01-29
F-Secure Pegasus: 1.19.0, 2007-00-31
Scanning options:
Scan all files
Scan inside archives
Use Advanced heuristics

i couldn´t send the avg report because of the characters lenght, is these 2 ok?? enough?? or send me an email acount....thank u!
daniela

BC AdBot (Login to Remove)

 


m

#2 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:12:05 PM

Posted 06 February 2007 - 06:12 PM

Welcome Daniela :thumbsup:

i didn´t put te avg scan because of the characters lenght, what can i do??


Ok,i received your PM,not sure i understand by the above,if you're refering to the AVG Anti Spyware reports length, post it anyway please when you've finished below.

You've got no antivirus protection installed,not a good idea.

Download\install AVG Free Edition Antivirus from the link below:
http://free.grisoft.com/softw/70free/setup...ree_432a904.exe
Once installed update its virus definitions and run a full system virus scan.

Post the AVG Anti Spyware report and a new Hijack This log into your next reply.
Also let me know how your pc is running now.

Edited by RichieUK, 06 February 2007 - 06:21 PM.

Posted Image
Posted Image

#3 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:12:05 PM

Posted 08 February 2007 - 06:26 PM

Due to inactivity this topic will be closed.

If you need this topic reopened, please email the moderating team - be sure to include the address of the thread and the name you posted under.
Posted Image
Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users