Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

applehebis trojan downloading WINRAR

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

applehebis trojan downloading WINRAR

Unread postby Mario » November 20th, 2008, 2:12 pm

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:56:38 PM, on 11/20/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\HOLT\VS7\ASA\dbsrv9.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\All Users\Application Data\Bomgar-SCC-4909B4C0\bomgar-scc.exe
C:\Program Files\HOLT\VS7\ASA\UpdateService.exe
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\WINDOWS\system32\PDesk\PDesk.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files\Numerator\Numerator_Taskbar\Systray.Monitor.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\mgabg.exe
C:\WINDOWS\System32\svchost.exe
C:\TIBCO\TIBRV\Bin\rvntsctl.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\TIBCO\TIBRV\Bin\rvd.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Liquid Machines\Client\lmguardsvc32.exe
C:\Program Files\Liquid Machines\Client\lmddo.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Citrix\ICA Client\wfica32.exe
C:\Documents and Settings\gandalf\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://remote.rfa.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.compaq.com/1Q00CDT/0409/bl8.asp
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.compaq.com/1Q00CDT/0409/bl7.asp
O1 - Hosts: 204.16.197.121 www.google.com
O1 - Hosts: 204.16.197.121 www.google.co.uk
O1 - Hosts: 204.16.197.121 www.myspace.com
O1 - Hosts: 204.16.197.121 www.youtube.com
O1 - Hosts: 204.16.197.121 www.facebook.com
O1 - Hosts: 204.16.197.121 www.live.com
O1 - Hosts: 204.16.197.121 www.yahoo.com
O1 - Hosts: 204.16.197.121 www.yahoo.co.uk
O1 - Hosts: 204.16.197.121 www.antispyware.com
O1 - Hosts: 204.16.197.121 antispyware.com
O1 - Hosts: 204.16.197.121 antispy.com
O1 - Hosts: 204.16.197.121 www.msn.com
O1 - Hosts: 204.16.197.121 www.asfvb.com
O1 - Hosts: 204.16.197.121 www.xvv.com
O1 - Hosts: 204.16.197.121 www.xvv.com
O1 - Hosts: 204.16.197.121 www.3.com
O1 - Hosts: 204.16.197.121 www.xvv.com
O1 - Hosts: 204.16.197.121 www.657.com
O1 - Hosts: 204.16.197.121 www.xvv.com
O1 - Hosts: 204.16.197.121 www.xvv.com
O1 - Hosts: 204.16.197.121 www.xvv.com
O1 - Hosts: 204.16.197.121 www.xvv.com
O1 - Hosts: 204.16.197.121 www.xvv.com
O1 - Hosts: 204.16.197.121 www.34.com
O1 - Hosts: 204.16.197.121 www.xvv.com
O1 - Hosts: 204.16.197.121 www.xvv.com
O1 - Hosts: 204.16.197.121 www.45.com
O1 - Hosts: 204.16.197.121 www.xvv.com
O1 - Hosts: 204.16.197.121 www.xvv.com
O1 - Hosts: 204.16.197.121 www.asdv.com
O1 - Hosts: 204.16.197.121 www.xvv.com
O1 - Hosts: 204.16.197.121 www.xvv.com
O1 - Hosts: 204.16.197.121 www.xvv.com
O1 - Hosts: 204.16.197.121 www.xvtrv.com
O1 - Hosts: 204.16.197.121 www.xvv.com
O1 - Hosts: 204.16.197.121 www.g.com
O1 - Hosts: 204.16.197.121 www.xvv.com
O1 - Hosts: 204.16.197.121 www.xvv.com
O1 - Hosts: 204.16.197.121 www.bb.com
O1 - Hosts: 204.16.197.121 www.xvv.com
O1 - Hosts: 204.16.197.121 www.xvv.com
O1 - Hosts: 204.16.197.121 www.xvv.com
O1 - Hosts: 204.16.197.121 www.dfyu.com
O1 - Hosts: 204.16.197.121 www.xvv.com
O1 - Hosts: 204.16.197.121 www.xvv.com
O1 - Hosts: 204.16.197.121 www.xvv.com
O1 - Hosts: 204.16.197.121 www.bb.com
O1 - Hosts: 204.16.197.121 www.xvv.com
O1 - Hosts: 204.16.197.121 www.xvv.com
O1 - Hosts: 204.16.197.121 www.xvv.com
O1 - Hosts: 204.16.197.121 www.dfyu.com
O1 - Hosts: 204.16.197.121 www.xvv.com
O1 - Hosts: 204.16.197.121 www.xvv.com
O1 - Hosts: 204.16.197.121 www.xvv.com
O1 - Hosts: 204.16.197.121 www.bb.com
O1 - Hosts: 204.16.197.121 www.xvv.com
O1 - Hosts: 204.16.197.121 www.xvv.com
O1 - Hosts: 204.16.197.121 www.xvv.com
O1 - Hosts: 204.16.197.121 www.dfyu.com
O1 - Hosts: 204.16.197.121 www.xvv.com
O1 - Hosts: 204.16.197.121 www.xvv.com
O1 - Hosts: 204.16.197.121 www.xvv.com
O1 - Hosts: 204.16.197.121 www.bb.com
O1 - Hosts: 204.16.197.121 www.xvv.com
O1 - Hosts: 204.16.197.121 www.xvv.com
O1 - Hosts: 204.16.197.121 www.xvv.com
O1 - Hosts: 204.16.197.121 www.dfyu.com
O1 - Hosts: 204.16.197.121 www.xvv.com
O1 - Hosts: 204.16.197.121 www.xvv.com
O1 - Hosts: 204.16.197.121 www.msasern.com
O1 - Hosts: 204.16.197.121 www.antispy.com
O2 - BHO: Liquid Machines Browser Helper Object - {04DC8126-476E-48b9-8202-59A4E90124CD} - C:\Program Files\Liquid Machines\Client\LmFFBHO.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: IEButtonsPosition - {1CED883B-BFAB-44FE-A1A0-8ECA0FD6062D} - C:\Program Files\Tamale Software\RMS\System\Application\IEPosition.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: AvayaIEHlprObj Class - {E6DF0B46-7D6F-407A-A6A2-62D17A021A9A} - C:\Program Files\Avaya\Avaya IP Softphone\AvayaWebDial.dll (file missing)
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [SetRefresh] C:\Program Files\Compaq\SetRefresh\SetRefresh.exe
O4 - HKLM\..\Run: [Matrox Powerdesk] C:\WINDOWS\system32\PDesk\PDesk.exe /Autolaunch
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [Numerator_Taskbar] C:\Program Files\Numerator\Numerator_Taskbar\Systray.Monitor.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [WD Drive Manager] C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [AsioReg] REGSVR32.EXE /S CTASIO.DLL
O4 - HKLM\..\Run: [DevconDefaultDB] C:\WINDOWS\READREG /PSCONV={NO}
O4 - HKLM\..\Run: [DrvLsnr] C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [SetDefaultMIDI] MIDIDef.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - C:\Program Files\ATI Multimedia\dtv\EXPLBAR.DLL
O9 - Extra button: Clip To Tamale - {47CF4C19-D129-4141-9EA9-ED9C46BA38CA} - C:\Program Files\Tamale Software\RMS\System\Application\IEExtension.dll
O9 - Extra 'Tools' menuitem: Clip To Tamale - {47CF4C19-D129-4141-9EA9-ED9C46BA38CA} - C:\Program Files\Tamale Software\RMS\System\Application\IEExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Express Deposit To Tamale - {AE01EF99-9588-4801-BF88-E6227F791317} - C:\Program Files\Tamale Software\RMS\System\Application\IEExtension.dll
O9 - Extra 'Tools' menuitem: Express Deposit To Tamale - {AE01EF99-9588-4801-BF88-E6227F791317} - C:\Program Files\Tamale Software\RMS\System\Application\IEExtension.dll
O9 - Extra button: (no name) - {C850E7CE-1DC7-4e16-8649-0D728D49B22F} - C:\Program Files\Tamale Software\RMS\System\Application\IEExtension.dll
O9 - Extra 'Tools' menuitem: Advanced Deposit To Tamale - {C850E7CE-1DC7-4e16-8649-0D728D49B22F} - C:\Program Files\Tamale Software\RMS\System\Application\IEExtension.dll
O9 - Extra button: Open From Tamale - {EF6CF1A9-8B05-4ae6-85BC-264C3683B193} - C:\Program Files\Tamale Software\RMS\System\Application\IEExtension.dll
O9 - Extra 'Tools' menuitem: Open From Tamale - {EF6CF1A9-8B05-4ae6-85BC-264C3683B193} - C:\Program Files\Tamale Software\RMS\System\Application\IEExtension.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: iLO 2 Remote Console Applet - https://192.168.182.151/dvc.cab
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows ... 9042288356
O16 - DPF: {82774781-8F4E-11D1-AB1C-0000F8773BF0} (DLC Class) - https://transfers.ds.microsoft.com/FTM/ ... erCtrl.cab
O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} (AxisMediaControlEmb Class) - http://192.168.182.99/activex/AMC.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://reutersus.webex.com/client/T26L ... eatgpc.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = corp.cedarhillcapital.com
O17 - HKLM\Software\..\Telephony: DomainName = corp.cedarhillcapital.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = corp.cedarhillcapital.com
O20 - AppInit_DLLs: C:\PROGRA~1\LIQUID~1\Client\LMBUND~1.DLL
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: ASANYs_VSDBService - iAnywhere Solutions, Inc. - C:\Program Files\HOLT\VS7\ASA\dbsrv9.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Symantec pcAnywhere Host Service (awhost32) - Symantec Corporation - C:\Program Files\Symantec\pcAnywhere\awhost32.exe
O23 - Service: Bomgar Jump Client [1225372866] (bomgar-ps-1225372866) - Bomgar Corporation - C:\Documents and Settings\All Users\Application Data\Bomgar-SCC-4909B4C0\bomgar-scc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Credit Suisse HOLT Update Service VS7 - Unknown owner - C:\Program Files\HOLT\VS7\ASA\UpdateService.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPBPRO.EXE
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPBOID.EXE
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Liquid Machines Client Service (LmGuardSvc) - Liquid Machines, Inc. - C:\Program Files\Liquid Machines\Client\lmguardsvc32.exe
O23 - Service: MGABGEXE - Matrox Graphics Inc. - C:\WINDOWS\system32\mgabg.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: TIB/Rendezvous Communications Daemon (rvd) - Unknown owner - C:\TIBCO\TIBRV\Bin\rvntsctl.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Acronis Try And Decide Service (TryAndDecideService) - Unknown owner - C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: WD Drive Manager Service (WDBtnMgrSvc.exe) - WDC - C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe

--
End of file - 16349 bytes
Mario
Active Member
 
Posts: 2
Joined: November 20th, 2008, 2:05 pm
Advertisement
Register to Remove

Re: applehebis trojan downloading WINRAR

Unread postby Sharagoz » November 20th, 2008, 3:27 pm

Hello
Please take note of the following before we begin the cleaning process:
  • The whole process will often take several days to complete, so please stay patient
  • Hang in there until I give you the 'All clean'. If you leave prematurely because your computer seems to be back to its old self, the risk of re-infection will be very high
  • Perform all actions in the order given
  • The instructions I give expect that you're using an account with administrator privileges and that the language of your operating system is English.
  • Dont be afraid to ask questions if something is unclear or you run into issues during cleaning steps
  • I recommend you read through each set of instructions before you actually perform them

1) Create an uninstall list
  • Launch Hijackthis
  • Click the Open the Misc Tools section button
  • Click the Open Uninstall Manager button.
  • Click the Save list button.
  • Include this log in your next reply

2) Get a new HiJackThis log
  • Launch Hijackthis
  • Click on the Do a system scan and save a logfile button
  • HJT will run a scan and a log will open in Notepad
  • Include this log in your next reply
User avatar
Sharagoz
Retired Graduate
 
Posts: 985
Joined: February 22nd, 2008, 4:31 pm
Location: Norway

Re: applehebis trojan downloading WINRAR

Unread postby Mario » November 20th, 2008, 3:42 pm

2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
ABC Amber BlackBerry Converter
Acrobat.com
Acrobat.com
Acronis True Image Home
Adobe AIR
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Reader 9
Adobe Setup
Adobe Update Manager CS3
Adobe Update Manager CS3
AOL Instant Messenger
ATI - Software Uninstall Utility
ATI Catalyst Control Center
ATI Decoder
ATI Display Driver
ATI HYDRAVISION
ATI Multimedia Center 9.13
AXIS Media Control Embedded
BlackBerry Desktop Software 4.2.1
BlackBerry Desktop Software 4.2.1
BlackBerry Device Software v4.6.0 for the BlackBerry 9000 smartphone
BlackBerry v4.2.2 for the 8320 Series Wireless Handheld
BlackBerry v4.2.2 for the 8320 Series Wireless Handheld
Bloomberg DDE Server
Bloomberg Excel Tools
Bloomberg PFM Upload Tool for Microsoft Excel
Bloomberg Report Viewer (CR)
Bloomberg SFD Data Dictionary
Bloomberg, V.05.08.08
Bomgar Representative Client [websupport.rfa.com]
Broadcom Management Programs
Citrix Presentation Server Client
Citrix Presentation Server Client - Web Only
CodeTwo OutlookExport
Compatibility Pack for the 2007 Office system
Credit Suisse HOLT ValueSearch 7
Credit Suisse HOLT ValueSearch 7 Database
EPSON GT-2500 User's Guide
Google Toolbar for Internet Explorer
Google Toolbar for Internet Explorer
HijackThis 2.0.2
Hotfix for Windows XP (KB915800-v4)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB952287)
Intel(R) Graphics Media Accelerator Driver
InterVideo WinDVD
IntexDesktop
Java 2 Runtime Environment, SE v1.4.2_03
Liquid Machines Document Control Client
LiveReg (Symantec Corporation)
LiveUpdate 3.1 (Symantec Corporation)
Lotus Notes 6.5
Matrox Graphics Software (remove only)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft Office Professional Edition 2003
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Visio 2007 Service Pack 1 (SP1)
Microsoft Office Visio 2007 Service Pack 1 (SP1)
Microsoft Office Visio MUI (English) 2007
Microsoft Office Visio Professional 2007
Microsoft Office Visio Professional 2007
Microsoft Visual J# 2.0 Redistributable Package
Microsoft Visual Studio 2005 Tools for Office Runtime
Microsoft WSE 2.0 SP3 Runtime
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
Nero 7 Essentials
nuFedDataFeed
Numerator_Taskbar
nuSecDataFeed
Ping Plotter Freeware
Security Update for 2007 Microsoft Office System (KB951550)
Security Update for 2007 Microsoft Office System (KB951944)
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft Office system 2007 (KB954326)
Security Update for Microsoft Office Visio 2007 (KB947590)
Security Update for Windows Media Encoder (KB954156)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB936782)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB937143)
Security Update for Windows XP (KB937894)
Security Update for Windows XP (KB938127)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB941693)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944338)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB945553)
Security Update for Windows XP (KB946026)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB947864)
Security Update for Windows XP (KB948590)
Security Update for Windows XP (KB948881)
Security Update for Windows XP (KB950749)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956390)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Shared Add-in Extensibility Update for Microsoft .NET Framework 2.0 (KB908002)
Shared Add-in Support Update for Microsoft .NET Framework 2.0 (KB908002)
SNLxl
SoundMAX
Symantec AntiVirus
Symantec pcAnywhere
SystemTools DumpSec
Tamale RMS Client
Unlocker 1.8.7
Update for Office 2007 (KB946691)
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB933360)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Update for Windows XP (KB951072-v2)
Viewpoint Manager (Remove Only)
Viewpoint Media Player
Visual Studio 2005 Tools for Office Second Edition Runtime
WD Drive Manager (x86)
WebEx
Windows Driver Package - (mr7910) Image 08/08/2006 1.4.0.0
Windows Installer 3.1 (KB893803)
Windows Media Encoder 9 Series
Windows Media Encoder 9 Series
Windows Media Format Runtime
Windows Search 4.0
Windows XP Hotfix - KB834707
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
WinZip



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:40:28 PM, on 11/20/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\HOLT\VS7\ASA\dbsrv9.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\All Users\Application Data\Bomgar-SCC-4909B4C0\bomgar-scc.exe
C:\Program Files\HOLT\VS7\ASA\UpdateService.exe
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\WINDOWS\system32\PDesk\PDesk.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files\Numerator\Numerator_Taskbar\Systray.Monitor.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\mgabg.exe
C:\WINDOWS\System32\svchost.exe
C:\TIBCO\TIBRV\Bin\rvntsctl.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\TIBCO\TIBRV\Bin\rvd.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Liquid Machines\Client\lmguardsvc32.exe
C:\Program Files\Liquid Machines\Client\lmddo.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Citrix\ICA Client\wfica32.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\mstsc.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Documents and Settings\gandalf\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://remote.rfa.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.compaq.com/1Q00CDT/0409/bl8.asp
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.compaq.com/1Q00CDT/0409/bl7.asp
O1 - Hosts: 204.16.197.121 www.google.com
O1 - Hosts: 204.16.197.121 www.google.co.uk
O1 - Hosts: 204.16.197.121 www.myspace.com
O1 - Hosts: 204.16.197.121 www.youtube.com
O1 - Hosts: 204.16.197.121 www.facebook.com
O1 - Hosts: 204.16.197.121 www.live.com
O1 - Hosts: 204.16.197.121 www.yahoo.com
O1 - Hosts: 204.16.197.121 www.yahoo.co.uk
O1 - Hosts: 204.16.197.121 www.antispyware.com
O1 - Hosts: 204.16.197.121 antispyware.com
O1 - Hosts: 204.16.197.121 antispy.com
O1 - Hosts: 204.16.197.121 www.msn.com
O1 - Hosts: 204.16.197.121 www.asfvb.com
O1 - Hosts: 204.16.197.121 www.xvv.com
O1 - Hosts: 204.16.197.121 www.xvv.com
O1 - Hosts: 204.16.197.121 www.3.com
O1 - Hosts: 204.16.197.121 www.xvv.com
O1 - Hosts: 204.16.197.121 www.657.com
O1 - Hosts: 204.16.197.121 www.xvv.com
O1 - Hosts: 204.16.197.121 www.xvv.com
O1 - Hosts: 204.16.197.121 www.xvv.com
O1 - Hosts: 204.16.197.121 www.xvv.com
O1 - Hosts: 204.16.197.121 www.xvv.com
O1 - Hosts: 204.16.197.121 www.34.com
O1 - Hosts: 204.16.197.121 www.xvv.com
O1 - Hosts: 204.16.197.121 www.xvv.com
O1 - Hosts: 204.16.197.121 www.45.com
O1 - Hosts: 204.16.197.121 www.xvv.com
O1 - Hosts: 204.16.197.121 www.xvv.com
O1 - Hosts: 204.16.197.121 www.asdv.com
O1 - Hosts: 204.16.197.121 www.xvv.com
O1 - Hosts: 204.16.197.121 www.xvv.com
O1 - Hosts: 204.16.197.121 www.xvv.com
O1 - Hosts: 204.16.197.121 www.xvtrv.com
O1 - Hosts: 204.16.197.121 www.xvv.com
O1 - Hosts: 204.16.197.121 www.g.com
O1 - Hosts: 204.16.197.121 www.xvv.com
O1 - Hosts: 204.16.197.121 www.xvv.com
O1 - Hosts: 204.16.197.121 www.bb.com
O1 - Hosts: 204.16.197.121 www.xvv.com
O1 - Hosts: 204.16.197.121 www.xvv.com
O1 - Hosts: 204.16.197.121 www.xvv.com
O1 - Hosts: 204.16.197.121 www.dfyu.com
O1 - Hosts: 204.16.197.121 www.xvv.com
O1 - Hosts: 204.16.197.121 www.xvv.com
O1 - Hosts: 204.16.197.121 www.xvv.com
O1 - Hosts: 204.16.197.121 www.bb.com
O1 - Hosts: 204.16.197.121 www.xvv.com
O1 - Hosts: 204.16.197.121 www.xvv.com
O1 - Hosts: 204.16.197.121 www.xvv.com
O1 - Hosts: 204.16.197.121 www.dfyu.com
O1 - Hosts: 204.16.197.121 www.xvv.com
O1 - Hosts: 204.16.197.121 www.xvv.com
O1 - Hosts: 204.16.197.121 www.xvv.com
O1 - Hosts: 204.16.197.121 www.bb.com
O1 - Hosts: 204.16.197.121 www.xvv.com
O1 - Hosts: 204.16.197.121 www.xvv.com
O1 - Hosts: 204.16.197.121 www.xvv.com
O1 - Hosts: 204.16.197.121 www.dfyu.com
O1 - Hosts: 204.16.197.121 www.xvv.com
O1 - Hosts: 204.16.197.121 www.xvv.com
O1 - Hosts: 204.16.197.121 www.xvv.com
O1 - Hosts: 204.16.197.121 www.bb.com
O1 - Hosts: 204.16.197.121 www.xvv.com
O1 - Hosts: 204.16.197.121 www.xvv.com
O1 - Hosts: 204.16.197.121 www.xvv.com
O1 - Hosts: 204.16.197.121 www.dfyu.com
O1 - Hosts: 204.16.197.121 www.xvv.com
O1 - Hosts: 204.16.197.121 www.xvv.com
O1 - Hosts: 204.16.197.121 www.msasern.com
O1 - Hosts: 204.16.197.121 www.antispy.com
O2 - BHO: Liquid Machines Browser Helper Object - {04DC8126-476E-48b9-8202-59A4E90124CD} - C:\Program Files\Liquid Machines\Client\LmFFBHO.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: IEButtonsPosition - {1CED883B-BFAB-44FE-A1A0-8ECA0FD6062D} - C:\Program Files\Tamale Software\RMS\System\Application\IEPosition.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: AvayaIEHlprObj Class - {E6DF0B46-7D6F-407A-A6A2-62D17A021A9A} - C:\Program Files\Avaya\Avaya IP Softphone\AvayaWebDial.dll (file missing)
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [SetRefresh] C:\Program Files\Compaq\SetRefresh\SetRefresh.exe
O4 - HKLM\..\Run: [Matrox Powerdesk] C:\WINDOWS\system32\PDesk\PDesk.exe /Autolaunch
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [Numerator_Taskbar] C:\Program Files\Numerator\Numerator_Taskbar\Systray.Monitor.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [WD Drive Manager] C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [AsioReg] REGSVR32.EXE /S CTASIO.DLL
O4 - HKLM\..\Run: [DevconDefaultDB] C:\WINDOWS\READREG /PSCONV={NO}
O4 - HKLM\..\Run: [DrvLsnr] C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [SetDefaultMIDI] MIDIDef.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - C:\Program Files\ATI Multimedia\dtv\EXPLBAR.DLL
O9 - Extra button: Clip To Tamale - {47CF4C19-D129-4141-9EA9-ED9C46BA38CA} - C:\Program Files\Tamale Software\RMS\System\Application\IEExtension.dll
O9 - Extra 'Tools' menuitem: Clip To Tamale - {47CF4C19-D129-4141-9EA9-ED9C46BA38CA} - C:\Program Files\Tamale Software\RMS\System\Application\IEExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Express Deposit To Tamale - {AE01EF99-9588-4801-BF88-E6227F791317} - C:\Program Files\Tamale Software\RMS\System\Application\IEExtension.dll
O9 - Extra 'Tools' menuitem: Express Deposit To Tamale - {AE01EF99-9588-4801-BF88-E6227F791317} - C:\Program Files\Tamale Software\RMS\System\Application\IEExtension.dll
O9 - Extra button: (no name) - {C850E7CE-1DC7-4e16-8649-0D728D49B22F} - C:\Program Files\Tamale Software\RMS\System\Application\IEExtension.dll
O9 - Extra 'Tools' menuitem: Advanced Deposit To Tamale - {C850E7CE-1DC7-4e16-8649-0D728D49B22F} - C:\Program Files\Tamale Software\RMS\System\Application\IEExtension.dll
O9 - Extra button: Open From Tamale - {EF6CF1A9-8B05-4ae6-85BC-264C3683B193} - C:\Program Files\Tamale Software\RMS\System\Application\IEExtension.dll
O9 - Extra 'Tools' menuitem: Open From Tamale - {EF6CF1A9-8B05-4ae6-85BC-264C3683B193} - C:\Program Files\Tamale Software\RMS\System\Application\IEExtension.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: iLO 2 Remote Console Applet - https://192.168.182.151/dvc.cab
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows ... 9042288356
O16 - DPF: {82774781-8F4E-11D1-AB1C-0000F8773BF0} (DLC Class) - https://transfers.ds.microsoft.com/FTM/ ... erCtrl.cab
O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} (AxisMediaControlEmb Class) - http://192.168.182.99/activex/AMC.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://reutersus.webex.com/client/T26L ... eatgpc.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = corp.cedarhillcapital.com
O17 - HKLM\Software\..\Telephony: DomainName = corp.cedarhillcapital.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = corp.cedarhillcapital.com
O20 - AppInit_DLLs: C:\PROGRA~1\LIQUID~1\Client\LMBUND~1.DLL
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: ASANYs_VSDBService - iAnywhere Solutions, Inc. - C:\Program Files\HOLT\VS7\ASA\dbsrv9.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Symantec pcAnywhere Host Service (awhost32) - Symantec Corporation - C:\Program Files\Symantec\pcAnywhere\awhost32.exe
O23 - Service: Bomgar Jump Client [1225372866] (bomgar-ps-1225372866) - Bomgar Corporation - C:\Documents and Settings\All Users\Application Data\Bomgar-SCC-4909B4C0\bomgar-scc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Credit Suisse HOLT Update Service VS7 - Unknown owner - C:\Program Files\HOLT\VS7\ASA\UpdateService.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPBPRO.EXE
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPBOID.EXE
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Liquid Machines Client Service (LmGuardSvc) - Liquid Machines, Inc. - C:\Program Files\Liquid Machines\Client\lmguardsvc32.exe
O23 - Service: MGABGEXE - Matrox Graphics Inc. - C:\WINDOWS\system32\mgabg.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: TIB/Rendezvous Communications Daemon (rvd) - Unknown owner - C:\TIBCO\TIBRV\Bin\rvntsctl.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Acronis Try And Decide Service (TryAndDecideService) - Unknown owner - C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: WD Drive Manager Service (WDBtnMgrSvc.exe) - WDC - C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe

--
End of file - 16489 bytes
Mario
Active Member
 
Posts: 2
Joined: November 20th, 2008, 2:05 pm

Re: applehebis trojan downloading WINRAR

Unread postby NonSuch » November 22nd, 2008, 1:38 am

This computer is a business computer and part of a domain as well. As such, it may very likely have been connected to the domain's network while infected, therefore, presenting a risk to other computers connected to that same network.

The online anti-malware community primarily serves home users and is therefore not ideally suited to deal with situations that are best handled by a company's own IT department. All companies have their own set of policies and procedures for handling situations like this, all of which are beyond our sphere of knowledge. Therefore, as this computer has been identified as infected, you are strongly advised to immediately seek the assistance of your company's IT department so they may implement their preferred method for handling this situation.

As this issue falls outside the scope of this forum, this topic will now be closed.
User avatar
NonSuch
Administrator
Administrator
 
Posts: 27302
Joined: February 23rd, 2005, 7:08 am
Location: California
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 31 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware