« previous next »
Pages: [1]   Go Down

Author Topic: HiJackThis Virus: Win32:Trojano-869[Trj]  (Read 3253 times)

0 Members and 1 Guest are viewing this topic.

sunflower2005

  • Guest
HiJackThis Virus: Win32:Trojano-869[Trj]
« on: February 19, 2005, 05:16:38 PM »
2-viruses: see my other post w/ Win32:Ruledor [trj].
1. tried cleaner/repair  (didn't work)
2. Have Spybot, AdawareSE, Avast4.5  nothing worked
"The System can't find file C:documents & settings\CarolynM\local settings\temporaryinternet Files\Content.IE5\WHMZ4DIZ\43[1].binfile"

Logfile of HijackThis v1.99.1
Windows XP SP1 (WinNT 5.01.2600)
Internet Explor v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\WINDOWS\System32\winupdt.exe
C:\WINDOWS\System32\Zymjjq.exe
C:\WINDOWS\System32\vmss\vmss.exe
C:\windows\system32\msnavc32.exe
C:\WINDOWS\SysCheckBop32.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\PROGRA~1\COMMON~1\WinTools\WToolsA.exe
C:\Program Files\AutoUpdate\AutoUpdate.exe
C:\WINDOWS\System32\i81aut32.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\System32\sysmonnt.exe
C:\WINDOWS\System32\hpov2clt.exe
C:\WINDOWS\System32\prutqct.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\System32\prutqct.exe
C:\WINDOWS\System32\winbfgk32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\CxtPls\CxtPls.exe
C:\Program Files\Common Files\WinTools\WSup.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\DllHost.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Carolyn McKeown\Local Settings\Temporary Internet

Files\Content.IE5\QTWB2TIP\aswclnr[1].exe
C:\Documents and Settings\Carolyn McKeown\Local Settings\Temporary Internet

Files\Content.IE5\QTWB2TIP\aswclnr[1].tmp
C:\Documents and Settings\Carolyn McKeown\Local Settings\Temp\Temporary Directory 2 for

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = www.msn.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

http://education.dellnet.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =

http://searchmiracle.com/sp.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sju.edu/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

http://searchmiracle.com/sp.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet

Files\CxtPls\cxtpls.dll
O2 - BHO: (no name) - {017C20C1-F86F-11D8-9B25-000ACD002AE3} - C:\WINDOWS\Helper101.dll
O2 - BHO: RsyncHlpr Class - {16B238D5-80DE-47CE-8F17-B3ECE2C2248D} -

C:\WINDOWS\System32\rsyncmon.dll
O2 - BHO: CControl Object - {3643ABC2-21BF-46B9-B230-F247DB0C6FD6} - C:\Program

Files\E2G\IeBHOs.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} -

C:\WINDOWS\System32\xljjn.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} -

C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} -

C:\PROGRA~1\COMMON~1\WinTools\WToolsB.dll
O2 - BHO: SDWin32 Class - {8B9DC994-0789-409E-92EE-4F27F230D33E} -

C:\WINDOWS\System32\rxcny.dll
O2 - BHO: ohb - {988CAFC4-DC0D-4D8C-A35E-5028ABE9E641} - C:\WINDOWS\System32\ic2_win.dll

(file missing)
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} -

C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O2 - BHO: LinkBHO.cIExplorer - {CC924BD1-7382-4619-A706-070CB00F2325} - C:\Documents and

Settings\All Users\Application Data\linkbho\LinkBHO.dll
O3 - Toolbar: Begin2Search.com Bar - {207AEF46-0596-4966-A7BF-098F247E85BB} -

C:\WINDOWS\System32\ic2_win.dll (file missing)
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"

-osboot
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [winupdtl] C:\WINDOWS\System32\winupdt.exe
O4 - HKLM\..\Run: [version] C:\WINDOWS\System32\Oagnyi.exe
O4 - HKLM\..\Run: [secure] C:\WINDOWS\System32\Zymjjq.exe
O4 - HKLM\..\Run: [vmss] C:\WINDOWS\System32\vmss\vmss.exe
O4 - HKLM\..\Run: [App32dll] C:\windows\system32\msnavc32.exe lee0105
O4 - HKLM\..\Run: [xljjnc] C:\WINDOWS\System32\xljjnc.exe
O4 - HKLM\..\Run: [rxcnyc] C:\WINDOWS\System32\rxcnyc.exe
O4 - HKLM\..\Run: [RSync] C:\WINDOWS\System32\netsync.exe
O4 - HKLM\..\Run: [farmmext] C:\WINDOWS\farmmext.exe
O4 - HKLM\..\Run: [C:\WINDOWS\bobnqyhxp.exe] C:\WINDOWS\bobnqyhxp.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [WinTools] C:\PROGRA~1\COMMON~1\WinTools\WToolsA.exe
O4 - HKLM\..\Run: [AutoUpdater] "C:\Program Files\AutoUpdate\AutoUpdate.exe"
O4 - HKLM\..\Run: [2s2X37T] i81aut32.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [sysmonnt] C:\WINDOWS\System32\sysmonnt
O4 - HKCU\..\Run: [JBt7RXf6P] hpov2clt.exe
O4 - HKCU\..\Run: [prutqct] C:\WINDOWS\System32\prutqct.exe

C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -

C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: ComcastHSI - {669B269B-0D4E-41FB-A3D8-FD67CA94F646} -

C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} -

Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

Files\Messenger\MSMSGS.EXE
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) -

http://www.errorguard.com/installation/Install.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) -

http://download.spyspotter.com/spyspotter/SpSp29952.22opt/SpySpotterInstall.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program

Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil

Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil

Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Networks Associates

Logged

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 89690
  • No support PMs thanks
Re: HiJackThis Virus: Win32:Trojano-869[Trj]
« Reply #1 on: February 19, 2005, 06:18:35 PM »
Please continue the thread that you started, don't duplicate threads, it just causes confusion.
Logged
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD - 27" external monitor 1440p 2560x1440 resolution - avast! free  24.9.6130 (build 24.9.9452.762) UI 1.0.818/ Firefox, uBlock Origin Lite, uMatrix/ MailWasher Pro/ Avast! Mobile Security
Pages: [1]   Go Up
« previous next »