ntyl32.e3e ( with hijackthis log )

Apocalisp · June 16, 2005

I have a trojan horse named ntyl32[Caution: ExecutableFile]

my anti-virus ( norton ) detect it, but says he cannot repair nor erase it.

what do it do ? :?

On other forums they told me to run hijackthis and show the logfile, so here it is

Logfile of HijackThis v1.99.1

Scan saved at 22:22:42, on 2005-06-15

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

C:\WINDOWS\System32\smss[Caution: ExecutableFile]

C:\WINDOWS\system32\winlogon[Caution: ExecutableFile]

C:\WINDOWS\system32\services[Caution: ExecutableFile]

C:\WINDOWS\system32\lsass[Caution: ExecutableFile]

C:\WINDOWS\system32\svchost[Caution: ExecutableFile]

C:\WINDOWS\System32\svchost[Caution: ExecutableFile]

C:\WINDOWS\system32\LEXBCES[Caution: ExecutableFile]

C:\WINDOWS\system32\spoolsv[Caution: ExecutableFile]

C:\WINDOWS\system32\LEXPPS[Caution: ExecutableFile]

C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr[Caution: ExecutableFile]

C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService[Caution: ExecutableFile]

C:\Program Files\Norton SystemWorks\Norton Antivirus\navapsvc[Caution: ExecutableFile]

C:\Program Files\Norton SystemWorks\Norton Antivirus\SAVScan[Caution: ExecutableFile]

C:\WINDOWS\system32\spupdsvc[Caution: ExecutableFile]

C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr[Caution: ExecutableFile]

C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC[Caution: ExecutableFile]

C:\WINDOWS\system32\spnpinst[Caution: ExecutableFile]

C:\WINDOWS\system32\Sysocmgr[Caution: ExecutableFile]

C:\Program Files\Fichiers communs\Symantec Shared\ccApp[Caution: ExecutableFile]

C:\WINDOWS\iplw[Caution: ExecutableFile]

C:\WINDOWS\ntyl32[Caution: ExecutableFile]

C:\WINDOWS\System32\svchost[Caution: ExecutableFile]

C:\WINDOWS\system32\devldr32[Caution: ExecutableFile]

C:\WINDOWS\System32\svchost[Caution: ExecutableFile]

C:\Program Files\Zone Labs\ZoneAlarm\zlclient[Caution: ExecutableFile]

C:\WINDOWS\system32\ZONELABS\vsmon[Caution: ExecutableFile]

C:\Program Files\Mozilla Firefox\firefox[Caution: ExecutableFile]

C:\Program Files\MSN Messenger\msnmsgr[Caution: ExecutableFile]

C:\WINDOWS\explorer[Caution: ExecutableFile]

C:\Documents and Settings\*\Bureau\*\HijackThis[Caution: ExecutableFile]

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\ovfso.dll/sp.html#44768

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\ovfso.dll/sp.html#44768

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\ovfso.dll/sp.html#44768

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\ovfso.dll/sp.html#44768

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\ovfso.dll/sp.html#44768

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\ovfso.dll/sp.html#44768

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

R3 - Default URLSearchHook is missing

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton Antivirus\NavShExt.dll

O2 - BHO: Class - {C3C3A211-92CE-7D05-4A6A-E146C7063B81} - C:\WINDOWS\iegu32.dll

O2 - BHO: Class - {EFCA30F1-4CC5-0280-8C70-0601199DABBF} - C:\WINDOWS\system32\d3oj32.dll

O2 - BHO: Class - {FEC3013D-7A0B-B9E6-A740-E5BB02853BA3} - C:\WINDOWS\system32\cruo.dll

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton Antivirus\NavShExt.dll

O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp[Caution: ExecutableFile]"

O4 - HKLM\..\Run: [symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon[Caution: ExecutableFile] /Consumer

O4 - HKLM\..\Run: [iexplore[Caution: ExecutableFile]] C:\Program Files\Internet Explorer\iexplore[Caution: ExecutableFile]

O4 - HKLM\..\Run: [iplw[Caution: ExecutableFile]] C:\WINDOWS\iplw[Caution: ExecutableFile]

O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient[Caution: ExecutableFile]

O4 - HKLM\..\RunOnce: [mssf32[Caution: ExecutableFile]] C:\WINDOWS\system32\mssf32[Caution: ExecutableFile]

O4 - HKLM\..\RunOnce: [ntyl32[Caution: ExecutableFile]] C:\WINDOWS\ntyl32[Caution: ExecutableFile]

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr[Caution: ExecutableFile]" /background

O4 - HKCU\..\Run: [steam] C:\Program Files\Steam\Steam[Caution: ExecutableFile] -silent

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl[Caution: ExecutableFile]

O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office10\OSA[Caution: ExecutableFile]

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs[Caution: ExecutableFile]

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs[Caution: ExecutableFile]

O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/ms ... b31267.cab

O16 - DPF: {22A88341-AFCB-45F0-A856-C2BAE74F878E} (InstallX Class) - http://www.20x2p.com/3f0c1640/enter.cab

O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F99} (CR64Loader Object) - http://www.miniclip.com/platypus/miniclipGameLoader.dll

O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/Mi ... b31267.cab

O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games.com.my/com/EGamesPlugin.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v ... 4733303122

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b31267.cab

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZI ... b34246.cab

O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} - http://fdl.msn.com/zone/datafiles/heartbeat.cab

O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/So ... b31267.cab

O23 - Service: Workstation NetLogon Service ( 11FÃÆÃâÃâ¦ÃÂ¸ÃÆÃâÃâÃÂ¤#ÃÆÃ¢â¬Å¡ÃâÃÂ·ÃÆÃ¢â¬Å¡ÃâÃÂºÃÆÃâÃÂ¢Ã¢âÂ¬ÃÂ¾ÃÆÃâÃÂ¢Ã¢âÂ¬Ã¢â¬Å`I) - Unknown owner - C:\WINDOWS\system32\appaz[Caution: ExecutableFile] (file missing)

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr[Caution: ExecutableFile]

O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc[Caution: ExecutableFile]

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr[Caution: ExecutableFile]

O23 - Service: GhostStartService - Symantec Corporation - C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService[Caution: ExecutableFile]

O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES[Caution: ExecutableFile]

O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Antivirus\navapsvc[Caution: ExecutableFile]

O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Antivirus\SAVScan[Caution: ExecutableFile]

O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ[Caution: ExecutableFile]

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc[Caution: ExecutableFile]

O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC[Caution: ExecutableFile]

O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZONELABS\vsmon[Caution: ExecutableFile]

Mercifull · June 16, 2005

Ohhh nasty icky log. How do people let their pc's get this bad? :-/

Please close all instances of Runescape, Firefox, Intenet Explorer and My computer/My Documents etc. I then need you to press control+alt+delete and end the following processes...

C:\WINDOWS\system32\spnpinst[Caution: ExecutableFile]

C:\WINDOWS\iplw[Caution: ExecutableFile]

C:\WINDOWS\ntyl32[Caution: ExecutableFile]

The "fix" the following...

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\ovfso.dll/sp.html#44768

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\ovfso.dll/sp.html#44768

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\ovfso.dll/sp.html#44768

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\ovfso.dll/sp.html#44768

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\ovfso.dll/sp.html#44768

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\ovfso.dll/sp.html#44768

R3 - Default URLSearchHook is missing

O2 - BHO: Class - {C3C3A211-92CE-7D05-4A6A-E146C7063B81} - C:\WINDOWS\iegu32.dll

O2 - BHO: Class - {EFCA30F1-4CC5-0280-8C70-0601199DABBF} - C:\WINDOWS\system32\d3oj32.dll

O2 - BHO: Class - {FEC3013D-7A0B-B9E6-A740-E5BB02853BA3} - C:\WINDOWS\system32\cruo.dll

O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)

O4 - HKLM\..\Run: [iexplore[Caution: ExecutableFile]] C:\Program Files\Internet Explorer\iexplore[Caution: ExecutableFile]

O4 - HKLM\..\Run: [iplw[Caution: ExecutableFile]] C:\WINDOWS\iplw[Caution: ExecutableFile]

O4 - HKLM\..\RunOnce: [mssf32[Caution: ExecutableFile]] C:\WINDOWS\system32\mssf32[Caution: ExecutableFile]

O4 - HKLM\..\RunOnce: [ntyl32[Caution: ExecutableFile]] C:\WINDOWS\ntyl32[Caution: ExecutableFile]

O16 - DPF: {22A88341-AFCB-45F0-A856-C2BAE74F878E} (InstallX Class) - http://www.20x2p.com/3f0c1640/enter.cab

O23 - Service: Workstation NetLogon Service ( 11FÃÆÃâÃâ¦ÃÂ¸ÃÆÃâÃâÃÂ¤#ÃÆÃ¢â¬Å¡ÃâÃÂ·ÃÆÃ¢â¬Å¡ÃâÃÂºÃÆÃâÃÂ¢Ã¢âÂ¬ÃÂ¾ÃÆÃâÃÂ¢Ã¢âÂ¬Ã¢â¬Å`I) - Unknown owner - C:\WINDOWS\system32\appaz[Caution: ExecutableFile] (file missing)

Restart and post a fresh log.

Apocalisp · June 16, 2005

I'm not the only one using this computer, and my brother thinks firewalls are bad because he can't play games while they're activated.

So he just close em while he plays.

I ran :

Norton antivirus

Ad aware

SpyBot S&D

Defrag

And i got some updates for windows

So i had to restart my PC.

I ran HijackThis again but not everything on the last list was there. So I "fixed" those who were.

And only one of the running processes was there :

C:\WINDOWS\system32\spnpinst.e3e (CAUTION - executable file)

Last Hijackthis Log

Logfile of HijackThis v1.99.1

Scan saved at 11:28:54, on 2005-06-16

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

C:\WINDOWS\System32\smss[Caution: ExecutableFile]

C:\WINDOWS\system32\winlogon[Caution: ExecutableFile]

C:\WINDOWS\system32\services[Caution: ExecutableFile]

C:\WINDOWS\system32\lsass[Caution: ExecutableFile]

C:\WINDOWS\system32\svchost[Caution: ExecutableFile]

C:\WINDOWS\System32\svchost[Caution: ExecutableFile]

C:\WINDOWS\Explorer[Caution: ExecutableFile]

C:\WINDOWS\system32\LEXBCES[Caution: ExecutableFile]

C:\WINDOWS\system32\LEXPPS[Caution: ExecutableFile]

C:\WINDOWS\system32\spoolsv[Caution: ExecutableFile]

C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr[Caution: ExecutableFile]

C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService[Caution: ExecutableFile]

C:\Program Files\Norton SystemWorks\Norton Antivirus\navapsvc[Caution: ExecutableFile]

C:\Program Files\Norton SystemWorks\Norton Antivirus\SAVScan[Caution: ExecutableFile]

C:\WINDOWS\system32\spupdsvc[Caution: ExecutableFile]

C:\WINDOWS\system32\ZONELABS\vsmon[Caution: ExecutableFile]

C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr[Caution: ExecutableFile]

C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC[Caution: ExecutableFile]

C:\WINDOWS\system32\spnpinst[Caution: ExecutableFile]

C:\WINDOWS\system32\Sysocmgr[Caution: ExecutableFile]

C:\WINDOWS\system32\devldr32[Caution: ExecutableFile]

C:\Program Files\Fichiers communs\Symantec Shared\ccApp[Caution: ExecutableFile]

C:\Program Files\Zone Labs\ZoneAlarm\zlclient[Caution: ExecutableFile]

C:\WINDOWS\system32\notepad[Caution: ExecutableFile]

C:\WINDOWS\iplw[Caution: ExecutableFile]

C:\Documents and Settings\Nathalie Paquet\Bureau\Bruno\HijackThis[Caution: ExecutableFile]

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\ikyyt.dll/sp.html#44768

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\ikyyt.dll/sp.html#44768

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\ikyyt.dll/sp.html#44768

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\ikyyt.dll/sp.html#44768

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\ikyyt.dll/sp.html#44768

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\ikyyt.dll/sp.html#44768

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

R3 - Default URLSearchHook is missing

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton Antivirus\NavShExt.dll

O2 - BHO: Class - {CC8F74E3-0DBD-24B1-6B11-D31433F82FBF} - C:\WINDOWS\system32\mfcsl.dll

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton Antivirus\NavShExt.dll

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp[Caution: ExecutableFile]"

O4 - HKLM\..\Run: [symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon[Caution: ExecutableFile] /Consumer

O4 - HKLM\..\Run: [iplw[Caution: ExecutableFile]] C:\WINDOWS\iplw[Caution: ExecutableFile]

O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient[Caution: ExecutableFile]

O4 - HKLM\..\RunOnce: [mssf32[Caution: ExecutableFile]] C:\WINDOWS\system32\mssf32[Caution: ExecutableFile]

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr[Caution: ExecutableFile]" /background

O4 - HKCU\..\Run: [steam] C:\Program Files\Steam\Steam[Caution: ExecutableFile] -silent

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl[Caution: ExecutableFile]

O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office10\OSA[Caution: ExecutableFile]

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs[Caution: ExecutableFile]

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs[Caution: ExecutableFile]

O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/ms ... b31267.cab

O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F99} (CR64Loader Object) - http://www.miniclip.com/platypus/miniclipGameLoader.dll

O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/Mi ... b31267.cab

O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games.com.my/com/EGamesPlugin.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v ... 4733303122

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b31267.cab

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZI ... b34246.cab

O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} - http://fdl.msn.com/zone/datafiles/heartbeat.cab

O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/So ... b31267.cab

O23 - Service: Workstation NetLogon Service ( 11FÃÆÃâÃâ¦ÃÂ¸ÃÆÃâÃâÃÂ¤#ÃÆÃ¢â¬Å¡ÃâÃÂ·ÃÆÃ¢â¬Å¡ÃâÃÂºÃÆÃâÃÂ¢Ã¢âÂ¬ÃÂ¾ÃÆÃâÃÂ¢Ã¢âÂ¬Ã¢â¬Å`I) - Unknown owner - C:\WINDOWS\system32\appaz[Caution: ExecutableFile] (file missing)

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr[Caution: ExecutableFile]

O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc[Caution: ExecutableFile]

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr[Caution: ExecutableFile]

O23 - Service: GhostStartService - Symantec Corporation - C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService[Caution: ExecutableFile]

O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES[Caution: ExecutableFile]

O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Antivirus\navapsvc[Caution: ExecutableFile]

O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Antivirus\SAVScan[Caution: ExecutableFile]

O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ[Caution: ExecutableFile]

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc[Caution: ExecutableFile]

O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC[Caution: ExecutableFile]

O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZONELABS\vsmon[Caution: ExecutableFile]

I see there are a few that I fixed and still there... wierd :?

Thanks alot for your time Mercifull :)

Mercifull · June 16, 2005

Mmm possibly a CWS infection.

Ctr+alt+delete and end...

C:\WINDOWS\system32\spnpinst[Caution: ExecutableFile]

and

C:\WINDOWS\iplw[Caution: ExecutableFile]

Run CWShredder and see if this removes any of the bad stuff and post a new log.

Sign In

ntyl32.e3e ( with hijackthis log )

Recommended Posts

Apocalisp

Link to comment

Share on other sites

Mercifull

Link to comment

Share on other sites

Apocalisp

Link to comment

Share on other sites

Mercifull

Link to comment

Share on other sites

Create an account or sign in to comment

Create an account

Sign in

Browse

Activity

Important Information