Jump to content


Photo

Java.Loader.HLL


  • This topic is locked This topic is locked
5 replies to this topic

#1 sebamobile

sebamobile

    Member

  • Full Member
  • Pip
  • 2 posts

Posted 01 November 2010 - 08:35 AM

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:35:34 p.m., on 31/10/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Archivos de programa\cvsnt\cvsservice.exe
C:\Archivos de programa\cvsnt\cvslock.exe
C:\Archivos de programa\Java\jre6\bin\jqs.exe
C:\Archivos de programa\Trend Micro\OfficeScan Client\ntrtscan.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Archivos de programa\Trend Micro\OfficeScan Client\tmlisten.exe
C:\Archivos de programa\WireLessDeployer\WireLessDeployerAgent.exe
C:\WINDOWS\Explorer.EXE
C:\Archivos de programa\WireLessTelNet\WireLessTelNetProxyServer\WireLessTelNetProxyServer.exe
C:\Archivos de programa\WireLessDesigner\WS_Bin\WSServerSvc.exe
C:\Archivos de programa\WireLessStudio\WS_BinV4\WSServerSvcV4.exe
C:\Archivos de programa\WireLessDesigner\WS_Bin\WSStarterSvc.exe
C:\Archivos de programa\WireLessDesigner\WS_Bin_V4\WSStarterSvcV4.exe
C:\Archivos de programa\Xobni\XobniService.exe
C:\Archivos de programa\Trend Micro\OfficeScan Client\pccntmon.exe
C:\Archivos de programa\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Archivos de programa\Windows Live\Messenger\MsnMsgr.Exe
C:\Archivos de programa\Skype\Phone\Skype.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Sebastian\Configuración local\Datos de programa\Google\Update\GoogleUpdate.exe
C:\Archivos de programa\Microsoft ActiveSync\wcescomm.exe
C:\ARCHIV~1\MICROS~4\rapimgr.exe
C:\Archivos de programa\Trend Micro\OfficeScan Client\Pop3Trap.exe
C:\Archivos de programa\Skype\Plugin Manager\skypePM.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Archivos de programa\Windows Live\Contacts\wlcomm.exe
C:\WINDOWS\System32\svchost.exe
C:\Archivos de programa\Trend Micro\OfficeScan Client\pccntupd.exe
C:\Archivos de programa\Microsoft Office\Office12\OUTLOOK.EXE
C:\Archivos de programa\Mozilla Firefox\firefox.exe
C:\Archivos de programa\Microsoft ActiveSync\WCESMgr.exe
C:\WINDOWS\system32\svchost.exe
C:\Documents and Settings\Sebastian\Escritorio\sebamobile.exe
C:\Archivos de programa\FileZilla\FileZilla.exe

O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Archivos de programa\Trend Micro\OfficeScan Client\pccntmon.exe" -HideWindow
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Archivos de programa\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\RunOnce: [B Register C:\Archivos de programa\DivX\DivX Plus DirectShow Filters\DivXDecH264.ax] "C:\WINDOWS\system32\rundll32.exe" "C:\Archivos de programa\DivX\DivX Plus DirectShow Filters\DivXDecH264.ax",DllRegisterServer
O4 - HKCU\..\Run: [MsnMsgr] "C:\Archivos de programa\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Archivos de programa\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Sebastian\Configuración local\Datos de programa\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Archivos de programa\Microsoft ActiveSync\wcescomm.exe"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\ARCHIV~1\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARCHIV~1\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Start WebEx MeetMeNow - {F5AD6CC5-776C-4DBB-B38F-F5404A3582F3} - C:\ARCHIV~1\MOZILL~1\plugins\MyWebEx\419\mwmie.dll
O9 - Extra 'Tools' menuitem: Start WebEx MeetMeNow - {F5AD6CC5-776C-4DBB-B38F-F5404A3582F3} - C:\ARCHIV~1\MOZILL~1\plugins\MyWebEx\419\mwmie.dll
O10 - Unknown file in Winsock LSP: c:\archivos de programa\vmware\vmware workstation\vsocklib.dll
O10 - Unknown file in Winsock LSP: c:\archivos de programa\vmware\vmware workstation\vsocklib.dll
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logme...trl.cab?lmi=100
O17 - HKLM\System\CCS\Services\Tcpip\..\{4ADF1C85-3D4D-4CB4-862E-800F856C7F5C}: NameServer = 93.188.162.131,93.188.160.11
O17 - HKLM\System\CCS\Services\Tcpip\..\{7454CCFD-8477-405E-8848-1BDDB695302E}: NameServer = 93.188.162.131,93.188.160.11
O17 - HKLM\System\CCS\Services\Tcpip\..\{C950D6AA-912B-431A-AF4D-4B9EF89193EC}: NameServer = 93.188.162.131,93.188.160.11
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 93.188.162.131,93.188.160.11
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 93.188.162.131,93.188.160.11
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 93.188.162.131,93.188.160.11
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARCHIV~1\ARCHIV~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\ARCHIV~1\GOOGLE\GOOGLE~1\GOEC62~1.DLL
O23 - Service: Adobe LM Service - Unknown owner - C:\Archivos de programa\Archivos comunes\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: CVSNT (CVS) - GNU - C:\Archivos de programa\cvsnt\cvsservice.exe
O23 - Service: CVSNT Locking Service (CVSLock) - Unknown owner - C:\Archivos de programa\cvsnt\cvslock.exe
O23 - Service: Servicio del administrador de discos lógicos (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: Registro de sucesos (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Administrador de Google Desktop 5.9.1005.12335 (GoogleDesktopManager-051210-111108) - Google - C:\Archivos de programa\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Archivos de programa\Archivos comunes\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Archivos de programa\Java\jre6\bin\jqs.exe
O23 - Service: KpyM Telnet SSH Server v1.18b - Kroum Grigorov - C:\Archivos de programa\KTS\daemon.exe
O23 - Service: Escritorio remoto compartido de NetMeeting (mnmsrvc) - Unknown owner - C:\WINDOWS\system32\mnmsrvc.exe
O23 - Service: OfficeScanNT RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\Archivos de programa\Trend Micro\OfficeScan Client\ntrtscan.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: OfficeScanNT Personal Firewall (OfcPfwSvc) - Trend Micro Inc. - C:\Archivos de programa\Trend Micro\OfficeScan Client\OfcPfwSvc.exe
O23 - Service: Plug and Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - C:\Archivos de programa\Archivos comunes\Protexis\License Service\PsiService_2.exe
O23 - Service: Administrador de sesión de Ayuda de escritorio remoto (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: Tarjeta inteligente (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: Stay-Linked Server - Unknown owner - C:\Archivos de programa\Stay-Linked\StayLinkedService.exe (file missing)
O23 - Service: Registros y alertas de rendimiento (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: OfficeScanNT Listener (tmlisten) - Trend Micro Inc. - C:\Archivos de programa\Trend Micro\OfficeScan Client\tmlisten.exe
O23 - Service: VMware Agent Service (ufad-ws60) - VMware, Inc. - C:\Archivos de programa\VMware\VMware Workstation\vmware-ufad.exe
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Archivos de programa\VMware\VMware Workstation\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS\system32\vmnetdhcp.exe
O23 - Service: VMware USB Arbitration Service (VMUSBArbService) - VMware, Inc. - C:\Archivos de programa\Common Files\VMware\USB\vmware-usbarbitrator.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\system32\vmnat.exe
O23 - Service: Instantáneas de volumen (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe
O23 - Service: wampapache - Apache Software Foundation - c:\wamp\bin\apache\apache2.2.8\bin\httpd.exe
O23 - Service: wampmysqld - Unknown owner - c:\wamp\bin\mysql\mysql5.0.51b\bin\mysqld-nt.exe
O23 - Service: WireLess Deployer Agent (WireLessDeployerAgent) - SofToGo S.A. - C:\Archivos de programa\WireLessDeployer\WireLessDeployerAgent.exe
O23 - Service: WireLessTelNetProxyServer - Unknown owner - C:\Archivos de programa\WireLessTelNet\WireLessTelNetProxyServer\WireLessTelNetProxyServer.exe
O23 - Service: Adaptador de rendimiento de WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe
O23 - Service: Servicio de uso compartido de red del Reproductor de Windows Media (WMPNetworkSvc) - Unknown owner - C:\Archivos de programa\Windows Media Player\WMPNetwk.exe
O23 - Service: WireLess Studio Server Service NT (WSServerSvc) - SofToGo S.A. www.softogo.com - C:\Archivos de programa\WireLessDesigner\WS_Bin\WSServerSvc.exe
O23 - Service: WireLess Studio Server Service V4 (WSServerSvcV4) - SofToGo S.A. www.softogo.com - C:\Archivos de programa\WireLessStudio\WS_BinV4\WSServerSvcV4.exe
O23 - Service: WireLess Studio Starter Server Service NT (WSStarterSvc) - SofToGo / Raisonnance S.A. Lyon, France (33) 4 78 66 86 46 / www.raisonnance.fr www.softogo.com - C:\Archivos de programa\WireLessDesigner\WS_Bin\WSStarterSvc.exe
O23 - Service: WireLess Studio Starter Server Service V4 (WSStarterSvcV4) - SofToGo S.A. www.softogo.com - C:\Archivos de programa\WireLessDesigner\WS_Bin_V4\WSStarterSvcV4.exe
O23 - Service: XobniService - Xobni Corporation - C:\Archivos de programa\Xobni\XobniService.exe
O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/SEBAST~1/CONFIG~1/Temp/msohtmlclip1/01/clip_image002.jpg

--
End of file - 10967 bytes

#2 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 48,350 posts

Posted 03 November 2010 - 09:00 AM

Hi,
I'm nasdaq and will be helping you.

Print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.

I'm unable to find anything on this file in bold.
C:\Documents and Settings\Sebastian\Escritorio\sebamobile.exe

Did your installed it and know what it is?

If not please submit the file in bold to the following link for a scan, then post the results in your next message for me to see.
http://www.kaspersky.com/scanforvirus
===

Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2
  • Make sure you are connected to the Internet.
  • Double-click on Download_mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
  • On the Scanner tab:
    • Make sure the "Perform Quick Scan" option is selected.
    • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
  • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

For complete or visual instructions on installing and running Malwarebytes Anti-Malware please read this link

Post back with the Malwarebytes Anti-Malware log once it's complete.
===

Please run this security check for my review.

Download Security Check by screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
===

Let me know what problem remains.
nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760

#3 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 48,350 posts

Posted 16 November 2010 - 08:59 AM

Due to the lack of feedback this Topic is closed.


[REOPENED]

Everyone else please begin a New Topic.
nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760

#4 cnm

cnm

    Mother Lion of SWI

  • Administrators
  • PipPipPipPipPip
  • 25,268 posts

Posted 23 November 2010 - 03:23 PM

Reopened at request of topic owner.

Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE


#5 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 48,350 posts

Posted 24 November 2010 - 09:58 AM

sebamobile

I'm listening.
nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760

#6 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 48,350 posts

Posted 09 December 2010 - 09:25 AM

Due to the lack of feedback this Topic is closed.

If you need this topic reopened, please tell the moderating team by replying here with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button