trojan
- Thread starter jrdwstfll
- Start date
- Status
<history>
<rec time="2005/11/03 22:09:44" user="SYSTEM" source="Update">
<value>@HL_UpdateOK</value>
<attr name="version">avi:655-652;iavi:167-153;</attr>
</rec>
<rec time="2005/11/04 08:00:04" user="SYSTEM" source="General">
<value>@HL_TestStarted</value>
<attr name="testname">@TestName_02</attr>
</rec>
<rec time="2005/11/04 08:20:44" user="SYSTEM" source="General">
<value>@HL_TestEnded</value>
<attr name="testname">@TestName_02</attr>
<attr name="infectedfiles">0</attr>
</rec>
<rec time="2005/11/05 08:00:04" user="SYSTEM" source="General">
<value>@HL_TestStarted</value>
<attr name="testname">@TestName_02</attr>
</rec>
<rec time="2005/11/05 08:19:02" user="SYSTEM" source="General">
<value>@HL_TestEnded</value>
<attr name="testname">@TestName_02</attr>
<attr name="infectedfiles">0</attr>
</rec>
<rec time="2005/11/06 08:00:07" user="SYSTEM" source="General">
<value>@HL_TestStarted</value>
<attr name="testname">@TestName_02</attr>
</rec>
<rec time="2005/11/06 08:05:16" user="SYSTEM" source="Update">
<value>@HL_UpdateOK</value>
<attr name="version">iavi:168-167;</attr>
</rec>
<rec time="2005/11/06 08:20:27" user="SYSTEM" source="General">
<value>@HL_TestEnded</value>
<attr name="testname">@TestName_02</attr>
<attr name="infectedfiles">0</attr>
</rec>
<rec time="2005/11/08 08:00:01" user="SYSTEM" source="General">
<value>@HL_TestStarted</value>
<attr name="testname">@TestName_02</attr>
</rec>
<rec time="2005/11/08 08:20:20" user="SYSTEM" source="General">
<value>@HL_TestEnded</value>
<attr name="testname">@TestName_02</attr>
<attr name="infectedfiles">0</attr>
</rec>
<rec time="2005/11/09 15:42:26" user="SYSTEM" source="Update">
<value>@HL_UpdateOK</value>
<attr name="version">iavi:170-168;</attr>
</rec>
<rec time="2005/11/09 15:54:24" user="Jared" source="Virus">
<value>@HL_ReportFindRS</value>
<attr name="filename">C:\Program Files\Valve\Steam\uninstall_hl2.exe</attr>
<attr name="finding">@EID_Id_trj</attr>
<attr name="virusname">Downloader.Agent.AQN</attr>
</rec>
<rec time="2005/11/09 15:54:25" user="Jared" source="Virus">
<value>@HL_ReportFindRS</value>
<attr name="filename">C:\Program Files\AIM\uninstll.EXE</attr>
<attr name="finding">@EID_Id_trj</attr>
<attr name="virusname">Downloader.Agent.AQN</attr>
</rec>
<rec time="2005/11/09 15:56:07" user="Jared" source="General">
<value>@HL_TestStarted</value>
<attr name="testname">@TestName_13</attr>
</rec>
<rec time="2005/11/09 15:56:11" user="Jared" source="Virus">
<value>@HL_ReportFind</value>
<attr name="where">C:\Program Files\AIM\uninstll.EXE</attr>
<attr name="type">@EID_Id_trj</attr>
<attr name="what">Downloader.Agent.AQN</attr>
</rec>
<rec time="2005/11/09 15:56:13" user="Jared" source="General">
<value>@HL_TestEnded</value>
<attr name="testname">@TestName_13</attr>
<attr name="infectedfiles">1</attr>
</rec>
<rec time="2005/11/09 15:56:13" user="Jared" source="Virus">
<value>@HL_ActionTaken</value>
<attr name="filename">C:\Program Files\AIM\uninstll.EXE</attr>
<attr name="action">@HL_ActCleaned</attr>
</rec>
<rec time="2005/11/09 15:59:05" user="Jared" source="General">
<value>@HL_TestStarted</value>
<attr name="testname">@TestName_13</attr>
</rec>
<rec time="2005/11/09 15:59:07" user="Jared" source="Virus">
<value>@HL_ReportFind</value>
<attr name="where">C:\Program Files\Valve\Steam\uninstall_hl2.exe</attr>
<attr name="type">@EID_Id_trj</attr>
<attr name="what">Downloader.Agent.AQN</attr>
</rec>
<rec time="2005/11/09 15:59:32" user="Jared" source="General">
<value>@HL_TestEnded</value>
<attr name="testname">@TestName_13</attr>
<attr name="infectedfiles">1</attr>
</rec>
<rec time="2005/11/09 15:59:32" user="Jared" source="Virus">
<value>@HL_ActionTaken</value>
<attr name="filename">C:\Program Files\Valve\Steam\uninstall_hl2.exe</attr>
<attr name="action">@HL_ActCleaned</attr>
</rec>
</history>
<rec time="2005/11/03 22:09:44" user="SYSTEM" source="Update">
<value>@HL_UpdateOK</value>
<attr name="version">avi:655-652;iavi:167-153;</attr>
</rec>
<rec time="2005/11/04 08:00:04" user="SYSTEM" source="General">
<value>@HL_TestStarted</value>
<attr name="testname">@TestName_02</attr>
</rec>
<rec time="2005/11/04 08:20:44" user="SYSTEM" source="General">
<value>@HL_TestEnded</value>
<attr name="testname">@TestName_02</attr>
<attr name="infectedfiles">0</attr>
</rec>
<rec time="2005/11/05 08:00:04" user="SYSTEM" source="General">
<value>@HL_TestStarted</value>
<attr name="testname">@TestName_02</attr>
</rec>
<rec time="2005/11/05 08:19:02" user="SYSTEM" source="General">
<value>@HL_TestEnded</value>
<attr name="testname">@TestName_02</attr>
<attr name="infectedfiles">0</attr>
</rec>
<rec time="2005/11/06 08:00:07" user="SYSTEM" source="General">
<value>@HL_TestStarted</value>
<attr name="testname">@TestName_02</attr>
</rec>
<rec time="2005/11/06 08:05:16" user="SYSTEM" source="Update">
<value>@HL_UpdateOK</value>
<attr name="version">iavi:168-167;</attr>
</rec>
<rec time="2005/11/06 08:20:27" user="SYSTEM" source="General">
<value>@HL_TestEnded</value>
<attr name="testname">@TestName_02</attr>
<attr name="infectedfiles">0</attr>
</rec>
<rec time="2005/11/08 08:00:01" user="SYSTEM" source="General">
<value>@HL_TestStarted</value>
<attr name="testname">@TestName_02</attr>
</rec>
<rec time="2005/11/08 08:20:20" user="SYSTEM" source="General">
<value>@HL_TestEnded</value>
<attr name="testname">@TestName_02</attr>
<attr name="infectedfiles">0</attr>
</rec>
<rec time="2005/11/09 15:42:26" user="SYSTEM" source="Update">
<value>@HL_UpdateOK</value>
<attr name="version">iavi:170-168;</attr>
</rec>
<rec time="2005/11/09 15:54:24" user="Jared" source="Virus">
<value>@HL_ReportFindRS</value>
<attr name="filename">C:\Program Files\Valve\Steam\uninstall_hl2.exe</attr>
<attr name="finding">@EID_Id_trj</attr>
<attr name="virusname">Downloader.Agent.AQN</attr>
</rec>
<rec time="2005/11/09 15:54:25" user="Jared" source="Virus">
<value>@HL_ReportFindRS</value>
<attr name="filename">C:\Program Files\AIM\uninstll.EXE</attr>
<attr name="finding">@EID_Id_trj</attr>
<attr name="virusname">Downloader.Agent.AQN</attr>
</rec>
<rec time="2005/11/09 15:56:07" user="Jared" source="General">
<value>@HL_TestStarted</value>
<attr name="testname">@TestName_13</attr>
</rec>
<rec time="2005/11/09 15:56:11" user="Jared" source="Virus">
<value>@HL_ReportFind</value>
<attr name="where">C:\Program Files\AIM\uninstll.EXE</attr>
<attr name="type">@EID_Id_trj</attr>
<attr name="what">Downloader.Agent.AQN</attr>
</rec>
<rec time="2005/11/09 15:56:13" user="Jared" source="General">
<value>@HL_TestEnded</value>
<attr name="testname">@TestName_13</attr>
<attr name="infectedfiles">1</attr>
</rec>
<rec time="2005/11/09 15:56:13" user="Jared" source="Virus">
<value>@HL_ActionTaken</value>
<attr name="filename">C:\Program Files\AIM\uninstll.EXE</attr>
<attr name="action">@HL_ActCleaned</attr>
</rec>
<rec time="2005/11/09 15:59:05" user="Jared" source="General">
<value>@HL_TestStarted</value>
<attr name="testname">@TestName_13</attr>
</rec>
<rec time="2005/11/09 15:59:07" user="Jared" source="Virus">
<value>@HL_ReportFind</value>
<attr name="where">C:\Program Files\Valve\Steam\uninstall_hl2.exe</attr>
<attr name="type">@EID_Id_trj</attr>
<attr name="what">Downloader.Agent.AQN</attr>
</rec>
<rec time="2005/11/09 15:59:32" user="Jared" source="General">
<value>@HL_TestEnded</value>
<attr name="testname">@TestName_13</attr>
<attr name="infectedfiles">1</attr>
</rec>
<rec time="2005/11/09 15:59:32" user="Jared" source="Virus">
<value>@HL_ActionTaken</value>
<attr name="filename">C:\Program Files\Valve\Steam\uninstall_hl2.exe</attr>
<attr name="action">@HL_ActCleaned</attr>
</rec>
</history>
Logfile of HijackThis v1.99.1
Scan saved at 4:38:44 PM, on 11/9/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\hijackthis\HijackThis.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\Ahead\NEROPH~1\data\Xtras\mssysmgr.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O16 - DPF: {156BF4B7-AE3A-4365-BD88-95A75AF8F09D} (HPSDDX Class) - http://www.hp.com/cpso-support-new/SDD/hpsddObjSigned.cab
O16 - DPF: {27527D31-447B-11D5-A46E-0001023B4289} (CoGSManager Class) - http://gamingzone.ubisoft.com/dev/packages/GSManager.cab
O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} (EARTPatchX Class) - http://files.ea.com/downloads/rtpatch/v2/EARTPX.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} (Measurement Services Client v.3.7) - http://dcon.futuremark.com/global/msc37.cab
O16 - DPF: {E36C5562-C4E0-4220-BCB2-1C671E3A5916} (Seagate SeaTools English Online) - http://www.seagate.com/support/disc/asp/tools/en/bin/npseatools.cab
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
Scan saved at 4:38:44 PM, on 11/9/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\hijackthis\HijackThis.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\Ahead\NEROPH~1\data\Xtras\mssysmgr.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O16 - DPF: {156BF4B7-AE3A-4365-BD88-95A75AF8F09D} (HPSDDX Class) - http://www.hp.com/cpso-support-new/SDD/hpsddObjSigned.cab
O16 - DPF: {27527D31-447B-11D5-A46E-0001023B4289} (CoGSManager Class) - http://gamingzone.ubisoft.com/dev/packages/GSManager.cab
O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} (EARTPatchX Class) - http://files.ea.com/downloads/rtpatch/v2/EARTPX.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} (Measurement Services Client v.3.7) - http://dcon.futuremark.com/global/msc37.cab
O16 - DPF: {E36C5562-C4E0-4220-BCB2-1C671E3A5916} (Seagate SeaTools English Online) - http://www.seagate.com/support/disc/asp/tools/en/bin/npseatools.cab
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
Ste
Do not Stare at my Avatar
- Messages
- 9,578
- Location
- Upon Gleaning Infinity
- Status
