|
|
|
re: Intenet Explorer Hack
Monday, May 2, 2005 at 7:12 am
Windows 2000 Annoyances Discussion Forum
Posted by DEX
(11739 messages posted)
running process. (Athan.exe)
Athan - an application that calculates and reminds the five daily Islamic prayer
times for anywhere in the world. This is a unknown process
running process. (SystemTray.exe)
Added as a result of the BIGFOOT VIRUS! Note - this is not the valid SystemTray (SysTray.exe)
This is a nasty process! You should fix it and try to delete it manually
Entries found in this registry zone are potentially nasty. This application ([0000CC75-ACF3-4cac-A0A9-DD3868E06852]
- Result: 0000CC75-ACF3-4cac-A0A9-DD3868E06852) has been checked. Hit rate: 99 %
Must be fixed!
O16 - DPF: {1D0D9077-3798-49BB-9058-393499174D5D} - file://c:\counter.cab
This entry is possibly nasty. Should be fixed.
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IMDownloader Class) - http://www2.incredimail.com/contents/setup/downloader/imloader.cab
This entry is possibly nasty. Should be fixed.
On Monday, May 2, 2005 at 5:55 am, Abu Bakar wrote:
>The log is as under:
>Logfile of HijackThis v1.99.1
>Scan saved at 10:52:53 PM, on 02/05/2005
>Platform: Windows 2000 SP4 (WinNT 5.00.2195)
>MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
>
>Running processes:
>C:\WINNT\System32\smss.exe
>C:\WINNT\system32\winlogon.exe
>C:\WINNT\system32\services.exe
>C:\WINNT\system32\lsass.exe
>C:\Program Files\Sygate\SPF\smc.exe
>C:\WINNT\system32\svchost.exe
>C:\WINNT\system32\spoolsv.exe
>C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
>C:\Program Files\Alwil Software\Avast4\ashServ.exe
>C:\WINNT\System32\cisvc.exe
>C:\WINNT\system32\crypserv.exe
>C:\WINNT\System32\svchost.exe
>C:\WINNT\system32\regsvc.exe
>C:\WINNT\system32\MSTask.exe
>C:\WINNT\system32\stisvc.exe
>C:\WINNT\System32\WBEM\WinMgmt.exe
>C:\WINNT\system32\svchost.exe
>C:\WINNT\System32\svchost.exe
>C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
>C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
>C:\WINNT\Explorer.EXE
>C:\WINNT\SOUNDMAN.EXE
>C:\WINNT\System32\spool\drivers\w32x86\3\hpztsb07.exe
>C:\Program Files\Ahead\InCD\InCD.exe
>C:\Program Files\Common Files\Real\Update_OB\realsched.exe
>C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
>C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
>C:\Program Files\Athan\Athan.exe
>C:\Program Files\ICQLite\ICQLite.exe
>C:\Program Files\KnowledgeNet Offline\win32\SystemTray.exe
>C:\WINNT\system32\wuauclt.exe
>c:\progra~1\intern~1\iexplore.exe
>C:\Program Files\Internet Explorer\iexplore.exe
>C:\WINNT\System32\cidaemon.exe
>C:\Program Files\Internet Explorer\IEXPLORE.EXE
>C:\Program Files\Internet Explorer\IEXPLORE.EXE
>C:\PROGRA~1\DAP\DAP.EXE
>C:\Documents and Settings\Administrator\My Documents\My Downloads\HijackThis.exe
>C:\Program Files\Microsoft Office\Office\EXCEL.EXE
>
>R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.dfsnpksrvbpocsnwotdi.com/_Dnsn7B06fTpOcrVunPsp4iQo96361rESB9DlaitUStPBWYhtuXm9hLulf9rlMRF.html
>O2 - BHO: DAPHelper Class - {0000CC75-ACF3-4cac-A0A9-DD3868E06852} - C:\PROGRA~1\DAP\dapbho.dll
>O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program
>Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
>O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program
>Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
>O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467}
>- C:\WINNT\System32\msdxm.ocx
>O3 - Toolbar: DAP Bar - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - C:\PROGRA~1\DAP\dapiebar.dll
>O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program
>Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
>O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
>O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
>O4 - HKLM\..\Run: [HTpatch] C:\WINNT\htpatch.exe
>O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINNT\System32\spool\drivers\w32x86\3\hpztsb07.exe
>O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\system32\\NeroCheck.exe
>O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
>O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
>O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"
> -osboot
>O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
>O4 - HKLM\..\Run: [CorelDRAW Graphics Suite 11b] C:\Program Files\Corel\Corel Graphics
>12\Languages\EN\Programs\Registration.exe /title="CorelDRAW Graphics Suite 12" /date=110804
>serial=DR12WTX-9999998-YSP lang=EN
>O4 - HKLM\..\Run: [SiS KHooker] C:\WINNT\System32\khooker.exe
>O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
>O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
>O4 - HKLM\..\Run: [Athan] C:\Program Files\Athan\Athan.exe
>O4 - HKLM\..\Run: [ICQ Lite] C:\Program Files\ICQLite\ICQLite.exe -minimize
>O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
>O4 - HKCU\..\Run: [KNOfflineSystray] "C:\Program Files\KnowledgeNet Offline\win32\SystemTray.exe"
>O4 - HKCU\..\Run: [FUIClearHis] C:\Program Files\FreshDevices\FreshUI\freshui.exe
> 15 16 17
>O4 - HKCU\..\Run: [Showknob] C:\DOCUME~1\ADMINI~1\APPLIC~1\ENCLIV~1\gram blah.exe
>O4 - HKCU\..\Run: [Windows Registry Repair Pro] C:\Program Files\3B Software\Windows
>Registry Repair Pro\RegistryRepairPro.exe 4
>O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Program Files\ICQLite\ICQLite.exe -trayboot
>O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat
>7.0\Reader\reader_sl.exe
>O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
>O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
>O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
>O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htm
>O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\System32\msjava.dll
>O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501}
>- C:\WINNT\System32\msjava.dll
>O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program
>Files\Yahoo!\Companion\Modules\messmod2\v4\yhexbmes.dll
>O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD}
>- C:\Program Files\Yahoo!\Companion\Modules\messmod2\v4\yhexbmes.dll
>O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
>O9 - Extra button: ICQ 4 - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
>O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} -
>C:\Program Files\ICQLite\ICQLite.exe
>O16 - DPF: {01FE8D0A-51AD-459B-B62B-85E135128B32} (DD_v4.DDv4) - http://www.drivershq.com/DD_v4.CAB
>O16 - DPF: {1D0D9077-3798-49BB-9058-393499174D5D} - file://c:\counter.cab
>O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/yinst/yinst_current.cab
>O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/292e63ea6075c3671d05/netzip/RdxIE601.cab
>O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class)
>- http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
>O16 - DPF: {9D614E8E-03AA-11D3-90FC-0040C7157029} (PDMSInstallerCtl Class) - http://cityislam.com/download/PDMSInstaller.cab
>O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/autocomplete.cab
>O16 - DPF: {CAFEEFAC-0014-0001-0001-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1_01)
>-
>O16 - DPF: {DC187740-46A9-11D5-A815-00B0D0428C0C} - http://ds1.downloadtech.net/cn1060/pcpowerscan.cab
>O16 - DPF: {EA1B8527-E422-4909-825A-70BE0694F18E} (PortfolioManagerWT Profile Manager
>Class) - https://online.westpac.com.au/wtpbs/wtBalanceSheet/portfoliomanagerwt.cab
>O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/vso/en-us/tools/mcfscan/2,0,0,4399/mcfscan.cab
>O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IMDownloader Class) - http://www2.incredimail.com/contents/setup/downloader/imloader.cab
>O17 - HKLM\System\CCS\Services\Tcpip\..\{8DC9F286-50EE-46B2-A84F-122A725757BD}:
NameServer
>= 203.2.75.132 198.142.0.51
>O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program
>Files\Alwil Software\Avast4\aswUpdSv.exe
>O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
>O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe"
>/service (file missing)
>O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe"
>/service (file missing)
>O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINNT\SYSTEM32\crypserv.exe
>O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software
>Corp. - C:\WINNT\System32\dmadmin.exe
>O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc.
>- C:\Program Files\Sygate\SPF\smc.exe
>
>
>
>
>
- Written in response to:
- re: Intenet Explorer Hack (Abu Bakar: Monday, May 2, 2005 at 5:55 am)
There are presently no replies to this message.
|
|
All messages in this thread [show all]
 |  | |  | re: Intenet Explorer Hack (DEX: Mon, May 2, 2005, 7:12 am) |
| |
| |
Return to the Windows 2000 Discussion Forum
|
|
|
|
