Thread: HijackThis log (Please check ASAP)
View Single Post
Old 05-15-2007, 12:55 PM   #12 (permalink)
ChemicalRomance
Registered User
 
Join Date: May 2007
Posts: 33
OS: XP


Re: HijackThis log (Please check ASAP)
Disinfected C:\WINDOWS\system32\oobe\setup\migpage.htm
Virus:HTML/Instancob.A Disinfected C:\WINDOWS\system32\oobe\setup\neweula.htm
Virus:HTML/Instancob.A Disinfected C:\WINDOWS\system32\oobe\setup\neweula2.htm
Virus:W32/Rahack.gen Disinfected C:\WINDOWS\system32\oobe\setup\nkhlvlzt.exe
Virus:W32/Rahack.gen Disinfected C:\WINDOWS\system32\oobe\setup\nleevxqj.exe
Virus:W32/Rahack.gen Disinfected C:\WINDOWS\system32\oobe\setup\nstnnnkk.exe
Virus:W32/Rahack.gen Disinfected C:\WINDOWS\system32\oobe\setup\ntwbjnxv.exe
Virus:W32/Rahack.gen Disinfected C:\WINDOWS\system32\oobe\setup\nvbbshss.exe
Virus:W32/Rahack.gen Disinfected C:\WINDOWS\system32\oobe\setup\nwqjkkhn.exe
Virus:HTML/Instancob.A Disinfected C:\WINDOWS\system32\oobe\setup\oempriv.htm
Virus:HTML/Instancob.A Disinfected C:\WINDOWS\system32\oobe\setup\prodkey.htm
Virus:HTML/Instancob.A Disinfected C:\WINDOWS\system32\oobe\setup\prvcyms.htm
Virus:HTML/Instancob.A Disinfected C:\WINDOWS\system32\oobe\setup\refdial.htm
Virus:HTML/Instancob.A Disinfected C:\WINDOWS\system32\oobe\setup\reg1.htm
Virus:HTML/Instancob.A Disinfected C:\WINDOWS\system32\oobe\setup\reg3.htm
Virus:HTML/Instancob.A Disinfected C:\WINDOWS\system32\oobe\setup\regdial.htm
Virus:W32/Rahack.gen Disinfected C:\WINDOWS\system32\oobe\setup\rresnsct.exe
Virus:W32/Rahack.gen Disinfected C:\WINDOWS\system32\oobe\setup\rserkten.exe
Virus:HTML/Instancob.A Disinfected C:\WINDOWS\system32\oobe\setup\security.htm
Virus:W32/Rahack.gen Disinfected C:\WINDOWS\system32\oobe\setup\sejkhevn.exe
Virus:W32/Rahack.gen Disinfected C:\WINDOWS\system32\oobe\setup\seqtjbee.exe
Virus:W32/Rahack.gen Disinfected C:\WINDOWS\system32\oobe\setup\shbqjhcl.exe
Virus:HTML/Instancob.A Disinfected C:\WINDOWS\system32\oobe\setup\timezone.htm
Virus:W32/Rahack.gen Disinfected C:\WINDOWS\system32\oobe\setup\tnqsbljb.exe
Virus:W32/Rahack.gen Disinfected C:\WINDOWS\system32\oobe\setup\tqkbrhnx.exe
Virus:W32/Rahack.gen Disinfected C:\WINDOWS\system32\oobe\setup\tthzxntk.exe
Virus:HTML/Instancob.A Disinfected C:\WINDOWS\system32\oobe\setup\username.htm
Virus:W32/Rahack.gen Disinfected C:\WINDOWS\system32\oobe\setup\vjbssbhj.exe
Virus:W32/Rahack.gen Disinfected C:\WINDOWS\system32\oobe\setup\vkckxhbn.exe
Virus:HTML/Instancob.A Disinfected C:\WINDOWS\system32\oobe\setup\welcome.htm
Virus:W32/Rahack.gen Disinfected C:\WINDOWS\system32\oobe\setup\wnklretl.exe
Virus:W32/Rahack.gen Disinfected C:\WINDOWS\system32\oobe\setup\wrbbnjss.exe
Virus:W32/Rahack.gen Disinfected C:\WINDOWS\system32\oobe\setup\wtenslnj.exe
Virus:W32/Rahack.gen Disinfected C:\WINDOWS\system32\oobe\setup\zeblsxxw.exe
Virus:W32/Rahack.gen Disinfected C:\WINDOWS\system32\oobe\setup\zhhrrltb.exe
Virus:W32/Rahack.gen Disinfected C:\WINDOWS\system32\oobe\setup\zhzsnhje.exe
Virus:W32/Rahack.gen Disinfected C:\WINDOWS\system32\oobe\tttnwshl.exe
Virus:W32/Rahack.gen Disinfected C:\WINDOWS\system32\urdvxc.exe
Virus:HTML/Instancob.A Disinfected C:\WINDOWS\Web\tip.htm
Virus:W32/Rahack.gen Disinfected C:\WINDOWS\Web\wcxnjhhj.exe
Adware:Adware/Borlander Not disinfected D:\Lock_Folder_XP_3.6.zip.exe[crack.exe]




Logfile of HijackThis v1.99.1
Scan saved at 4:09:20 AM, on 5/16/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
C:\WINDOWS\System32\urdvxc.exe
C:\Program Files\Windows NT\Accessories\WORDPAD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: Helper Class - {D80C4E21-C346-4E21-8E64-20746AA20AEB} - C:\Program Files\NavExcel Search Toolbar\NavExcelBar.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: NavExcel Toolbar - {5AA06644-BC46-4220-A460-47A6EB47C96D} - C:\Program Files\NavExcel Search Toolbar\NavExcelBar.dll (file missing)
O4 - HKLM\..\Run: [Anti Trojan Elite] C:\Program Files\Anti Trojan Elite\TJEnder.exe :NO
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SoundFusion] RunDll32 hercplgs.cpl,BootEntryPoint
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1174468873093
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{1AEB9E14-2AE8-4374-B48E-4BD936FAAFFE}: NameServer = 203.194.27.57 203.194.56.150
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies - C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
O23 - Service: Network Windows Service (MSWindows) - Unknown owner - C:\WINDOWS\System32\urdvxc.exe" /service (file missing)
ChemicalRomance is offline