chunkychops
join:2005-12-15
uk
| HJT Log. Think something bad happened
I think a virus in in my computer somewhere. Over the last couple of days it has got really slow. Also on my home banking page i am being asked for additional security information..This is not happening on a PC i use else where. My virus scanner or scanners as they now are pick up Trojans three or four times a day. Whereas ive never been bothered before. I have downloaded every virus scanner spyware and trojan tracker i can find. still not sure any difference has been made. Hope someone can help.
I have run and updated my virus scanners and Trojans have been found
C:\Documents and Settings\LYNNE AND NEIL\Local Settings\Temporary Internet Files\CONTENT.IE5\85MJ8D2J\e2g20[1].exe
C:\Program Files\Common Files\UPDMGR\simgr.exe
Trojan horse PSW.Generic.EJW
Trojan horse Collected.Z
Trojan horse Collected.Z
Trojan horse Startpage.VM
Trojan horse Downloader.Generic.HTH
Trojan horse Dropper.Generic.BZX
Trojan horse Downloader.Generic.GUK
Trojan horse Generic.KYE
Trojan horse Generic.KYE
Trojan horse Downloader.Small.18.AH
Trojan horse Startpage.VM
Trojan horse Dropper.Generic.BZX
Trojan horse Collected.Z
Trojan horse Downloader.Generic.GUK
Trojan horse Downloader.Generic.HTH
Trojan horse Collected.Z
Trojan horse PSW.Generic.NAP
Trojan horse Generic.KYE
Trojan horse Generic.KYE
Virus identified Worm/VB.CC
Virus identified Worm/VB.CC
Trojan horse PSW.Generic.NAU
Virus identified Worm/VB.CC
****************** Sophos Anti-Virus Log - 15/12/2005 21:17:50 **************
20051211 202429 Scan 'New scan (1)' started at 20:24:29 on 11/12/2005.
20051211 202432 Virus Troj/Teleweb-A detected in:
"C:\downloadd\index.htm"
20051211 202455 Scanning "C:\Program Files\Adobe\Acrobat 6.0\Reader\Messages\ENU\RdrMsgENU.pdf" returned SAVI error 0xa0040212: The file is encrypted.
20051211 203357 Virus Troj/Haxdor-Gen detected in:
"C:\System Volume Information\_restore{1B3BD5E1-FD53-4AE5-BE34-B5CD3B722BE0}\RP326\A0028485.exe"
20051211 204102 Virus Troj/Haxdor-Gen detected in:
"C:\WINDOWS\system32\docentd.sys"
20051211 204343 Scan 'New scan (1)' completed at 20:43:43 on 11/12/2005.
20051211 204343 Summary of results for scan 'New scan (1)':
Items processed: 40100
Errors: 1
Viruses quarantined: 3
Viruses dealt with: 0
(14 items)
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O14 - IERESET.INF: START_PAGE_URL=http://dial.blueyonder.co.uk/
O16 - DPF: Yahoo! Towers 2.0 - »download.games.yahoo.com/games/c···t0_x.cab
O16 - DPF: {17D72920-7A15-11D4-921E-0080C8DA7A5E} (AimSp32 Class) - »makeover.ivillage.co.uk/save/makeover.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - »update.microsoft.com/microsoftup···94145062
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - »update.microsoft.com/microsoftup···94115765
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - »www.napster.com/client/isetup.cab
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - »security.symantec.com/sscv6/Shar···absa.cab
O16 - DPF: {C606BA60-AB76-48B6-96A7-2C4D5C386F70} (PreQualifier Class) - »www.telewest.co.uk/motive/files/···Qual.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - »chat.msn.com/bin/msnchat45.cab
O20 - Winlogon Notify: docent0 - docent0.dll (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Sophos Anti-Virus status reporter (SAVAdminService) - Sophos plc - c:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
O23 - Service: Sophos Anti-Virus (SAVService) - Sophos plc - c:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe
O23 - Service: Sophos AutoUpdate Service - Sophos plc - c:\Program Files\Sophos\AutoUpdate\ALsvc.exe
Thanks |
|
fatdcuk
Premium
join:2005-02-20
England
| Ok Chunkychops,you have a very serious problem 
I hate to be the bearer of bad news but your system has serious security issue's.It is no longer safe&secure>>>
»www3.dslreports.com/forum/remark···15030059
Please follow all links posted by CJ for further information and reccomendations on the linked topic. |
|
