|
Donation/Premium |
|
 |
|
|
|
|
|
|
|
|
|
| View previous topic :: View next topic |
| Author |
Message |
Eze
Guest
IP: 24.232.*.*
|
 Posted: Mon Nov 17, 2003 8:22 pm Post subject: Please i need your help!! |
|
|
Hi, here i send you the log of HijackThis, because i have the problem
with the Downloader.Trojan.
Thanks a lot!
Logfile of HijackThis v1.97.6
Scan saved at 05:27:51 p.m., on 17/11/03
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\ARCHIVOS DE PROGRAMA\NORTON ANTIVIRUS\RTVSCN95.EXE
C:\ARCHIVOS DE PROGRAMA\NORTON ANTIVIRUS\DEFWATCH.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\HKCMD.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\ARCHIVOS DE PROGRAMA\NORTON ANTIVIRUS\VPTRAY.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\WINDOWS\EXPLORER.EXE
C:\INST\HIJACKTHIS\HIJACKTHIS.EXE
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http://libertador:80
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\ARCHIVOS DE PROGRAMA\ADOBE\ACROBAT 5.0\ACROBAT\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: (no name) - {2BC43670-C0BD-4794-BB11-F60F3E001DC5} - C:\PROGRA~1\DDM\0\DDMP.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\SYSTEM\hkcmd.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [vptray] C:\ARCHIV~1\NORTON~1\VPTRAY.EXE
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [rtvscn95] C:\ARCHIV~1\NORTON~1\RTVSCN95.EXE
O4 - HKLM\..\RunServices: [defwatch] C:\ARCHIV~1\NORTON~1\DEFWATCH.EXE
O12 - Plugin for .spop: C:\ARCHIV~1\INTERN~1\Plugins\NPDocBox.dll
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?37908.5653472222
|
|
| Back to top |
|
 |
TonyKlein
Site Moderator
Microsoft MVP
Joined: Oct 15, 2002
Posts: 13120
Location: Netherlands
|
| Posted: Mon Nov 17, 2003 8:38 pm Post subject: |
|
|
With all browser windows closed, check the following items, and press "Fix Checked":
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: (no name) - {2BC43670-C0BD-4794-BB11-F60F3E001DC5} - C:\PROGRA~1\DDM\0\DDMP.DLL
Except for that Ddmp.dll browser plugin, that's a pretty clean log though.
What makes you think you have a trojan?
_________________
Tony  CLSID List
|
|
| Back to top |
|
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum
|
Powered by phpBB © 2001 phpBB Group
|
Forum FAQ
Search
Usergroups
Profile
Login to check your private messages
Login
