Jump to content

panda scan log & hijack this scan log


chenery

Recommended Posts

Here is the first log.

Malwarebytes' Anti-Malware 1.30

Database version: 1417

Windows 5.1.2600 Service Pack 3

11/23/2008 12:37:30 AM

mbam-log-2008-11-23 (00-37-30).txt

Scan type: Quick Scan

Objects scanned: 58124

Time elapsed: 4 minute(s), 7 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 1

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

C:\disk (Trojan.Agent) -> Delete on reboot.

Thanks for the help :D

Link to post
Share on other sites

;Hello, I see where this says i have defender pro internet security but i have removed that a while back. I can't find it any where on my programs, registry . I don't know where it is hiding??

********************************************************************************

********************************************************************************

*

******************

ANALYSIS: 2008-11-23 02:53:11

PROTECTIONS: 2

MALWARE: 6

SUSPECTS: 0

;*******************************************************************************

********************************************************************************

*

*******************

PROTECTIONS

Description Version Active Updated

;===============================================================================

================================================================================

=

===================

avast! antivirus 4.8.1229 [VPS 081122-0] 4.8.1229 No Yes

Defender Pro Internet Security 6.0.2.621 Yes Yes

;===============================================================================

================================================================================

=

===================

MALWARE

Id Description Type Active Severity Disinfectable Disinfected Location

;===============================================================================

================================================================================

=

===================

00122168 Application/Restart HackTools No 0 Yes No C:\DISK\Install\Tools\Restart.exe

00122168 Application/Restart HackTools No 0 Yes No C:\WINDOWS\SYSTEM32\Tools\Restart.exe

00122738 HackTool/ExitWin.A HackTools No 0 Yes No C:\DISK\Install\Reboot.exe

00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\Documents and Settings\Deborah\Cookies\deborah@com[1].txt

00207338 Cookie/Target TrackingCookie No 0 Yes No C:\Documents and Settings\Deborah\Cookies\deborah@target[1].txt

00278769 Application/PRScheduler HackTools No 0 Yes No C:\System Volume Information\_restore{96BFCA8D-B632-4A14-AF4F-2F583832A045}\RP82\A0076006.EXE

03738686 Generic Malware Virus/Trojan No 0 No No C:\Documents and Settings\Deborah\Desktop\SDFix.exe[C:\Documents and Settings\Deborah\Desktop\SDFix.exe][sDFix\apps\Cghtme.exe]

03738686 Generic Malware Virus/Trojan No 0 No No C:\Documents and Settings\Deborah\Desktop\SDFix.exe[C:\Documents and Settings\Deborah\Desktop\SDFix.exe][sDFix\catchme.exe]

;===============================================================================

================================================================================

=

===================

SUSPECTS

Sent Location

;===============================================================================

================================================================================

=

===================

;===============================================================================

================================================================================

=

===================

VULNERABILITIES

Id Severity Description

;===============================================================================

================================================================================

=

===================

;===============================================================================

================================================================================

=

===================

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 2:57:41 AM, on 11/23/2008

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16735)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\LEXBCES.EXE

C:\WINDOWS\system32\LEXPPS.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\WINDOWS\System32\keyhook.exe

C:\Program Files\QuickTime\QTTask.exe

C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe

C:\Program Files\Lexmark X6100 Series\lxbfbmgr.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\Lexmark X6100 Series\lxbfbmon.exe

C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe

C:\Program Files\FastAccessDSL\HelpCenter43\bin\sprtcmd.exe

C:\PROGRA~1\COMMON~1\AOL\ACS\AOLACSD.EXE

C:\Program Files\BellSouth Accelerator Technology\propelac.exe

C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2D1.EXE

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

C:\WINDOWS\System32\cisvc.exe

C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\en-us\bin\WindowsSearch.exe

C:\WINDOWS\system32\sistray.exe

C:\WINDOWS\system32\crypserv.exe

C:\Program Files\Common Files\Motive\McciCMService.exe

C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe

C:\WINDOWS\system32\slserv.exe

C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\en-us\bin\WindowsSearchIndexer.exe

C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\fxssvc.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\WINDOWS\system32\cidaemon.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = my.att.net/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

N3 - Netscape 7: user_pref("browser.startup.homepage", "http://www.v2premier.com"); (C:\Documents and Settings\DEBORAH\Application Data\Mozilla\Profiles\default\szbd82yu.slt\prefs.js)

O1 - Hosts:

Link to post
Share on other sites

Welcome to MB :D

Please click Here to download HijackThis to your desktop.

Click the Download button. When the Trend Micro HJT install box appears, double click on the HJTInstall.exe. Click on Install.

It will be installed by default here: C:\Program Files\Trend Micro\HijackThis

A shortcut to the application will also be placed on your Desktop.

The program will open automatically after installation.

You can double-click the icon that was placed on the Desktop to run subsequent HijackThis scans or you can use the icon inside the folder. The folder HijackThis is where you will find the HJT logs that you save. When you use the application to remove anything, you will also find the backup copies made by HJT inside this folder.

Close all other windows except HijackThis.

Click on "Do a system scan and save logfile" When the log pops up in Notepad, copy and paste that file back here.

Do NOT have HijackThis fix anything yet. Most of what it finds will be harmless or even required.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.