Jump to content

persistent trojan /worm log files


Recommended Posts

I updated and ran the Quick Scan 4 times , and each time, the trojan returned.

Here are the logs:

Malwarebytes' Anti-Malware 1.41

Database version: 2890

Windows 5.1.2600 Service Pack 3

10/1/2009 10:09:27 PM

mbam-log-2009-10-01 (22-09-27).txt

Scan type: Quick Scan

Objects scanned: 91616

Time elapsed: 1 minute(s), 59 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 1

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\taskman (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

---------------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 10:11:17 PM, on 10/1/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\ZoneLabs\vsmon.exe

C:\WINDOWS\Explorer.EXE

C:\Archivos de programa\Lavasoft\Ad-Aware\AAWService.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\system32\igfxpers.exe

C:\WINDOWS\RTHDCPL.EXE

C:\WINDOWS\system32\igfxsrvc.exe

C:\WINDOWS\system32\svchost.exe

C:\Archivos de programa\Zone Labs\ZoneAlarm\zlclient.exe

C:\Archivos de programa\Gigabyte\EasySaver\ESSVR.EXE

C:\Archivos de programa\Lavasoft\Ad-Aware\AAWTray.exe

C:\Archivos de programa\IObit\IObit Security 360\IS360srv.exe

C:\Archivos de programa\Java\jre6\bin\jusched.exe

C:\Archivos de programa\Java\jre6\bin\jqs.exe

C:\Archivos de programa\Archivos comunes\ParetoLogic\PLAS\plasservice.exe

C:\Archivos de programa\IObit\IObit Security 360\IS360tray.exe

C:\Archivos de programa\Enigma Software Group\SpyHunter\SpyHunter3.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Archivos de programa\SUPERAntiSpyware\SUPERAntiSpyware.exe

C:\WINDOWS\system32\wbem\unsecapp.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Archivos de programa\Eraser\Eraser.exe

C:\Archivos de programa\IObit\Advanced SystemCare 3\AWC.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

C:\WINDOWS\System32\alg.exe

C:\Archivos de programa\Skype\Phone\Skype.exe

C:\Archivos de programa\Spybot - Search & Destroy\TeaTimer.exe

C:\Archivos de programa\Messenger\msmsgs.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Archivos de programa\Skype\Plugin Manager\skypePM.exe

C:\WINDOWS\system32\LMabcoms.exe

C:\Archivos de programa\Mozilla Firefox\firefox.exe

C:\Archivos de programa\Malwarebytes' Anti-Malware\mbam.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\Archivos de programa\Trend Micro\HijackThis\HijackThis.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ycomp/def.../search/ie.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ycomp/def...//www.yahoo.com

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com/webhp

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/def...//www.yahoo.com

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = gopher=localhost:1

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = V

Link to post
Share on other sites

Hello and welcome to Malwarebytes.

I Apologize for the late response.

If you still require assistance, we would like to see the latest state of your system. So, please post a New Hijackthis log. In your reply, I would also like to know any symptoms you may still have and how your computer is running at the moment.

Take a read in this thread on instructions on how to post a Hijackthis log and other further instructions:

http://www.malwarebytes.org/forums/index.php?showtopic=9573

Please note that the forum is very busy and if I don

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.