Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

hacktool and malwares


  • Please log in to reply

#1
avim

avim

    Member

  • Member
  • PipPip
  • 41 posts
I don't know what hed beed done on the computer' but all my antiviruses had been shut down.

i got a massage from someone i didnt know and i closed the massenger imidiatly.

and there is one fike that is mark as an hacktool-

Hacktool:rootkit/mhook - hkey_local_machine\system\currentcontrolset\services\m_hook

should i remove him? it is nessery?

here is the hijacklog:

Logfile of HijackThis v1.99.1
Scan saved at 21:12:53, on 14/02/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Trend Micro\PC-cillin 2002\PCCClient.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
J:\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
J:\--קבצי התקנה--\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.co...earch_frame.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [ASUS Probe] C:\Program Files\ASUS\Probe\AsusProb.exe
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\PC-cillin 2002\pccguide.exe"
O4 - HKLM\..\Run: [PCCClient.exe] "C:\Program Files\Trend Micro\PC-cillin 2002\PCCClient.exe"
O4 - HKLM\..\Run: [Pop3trap.exe] "C:\Program Files\Trend Micro\PC-cillin 2002\Pop3trap.exe"
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [iTunesHelper] "J:\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Win32] C:\Win32\dll\Win32k.exe -starthide C:\Win32\dll\Win32.exe -local
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &יצא ל- Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: מחקר - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - J:\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - J:\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?LinkID=39204
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1161541674718
O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} (AcDcToday Control) - file://C:\Program Files\AutoCAD 2002\AcDcToday.ocx
O16 - DPF: {AE563720-B4F5-11D4-A415-00108302FDFD} (NOXLATE-BANR) - file://C:\Program Files\AutoCAD 2002\InstBanr.ocx
O16 - DPF: {C6637286-300D-11D4-AE0A-0010830243BD} (InstaFred) - file://C:\Program Files\AutoCAD 2002\InstFred.ocx
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload....GPlugin9USA.cab
O16 - DPF: {D79B6F43-F214-4E7A-9ECB-CCC8771F2416} (LauncherV1 Class) - http://www.tapuz.co....in/launcher.cab
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (AcPreview Control) - file://C:\Program Files\AutoCAD 2002\AcPreview.ocx
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - Unknown owner - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe (file missing)
O23 - Service: ewido anti-spyware 4.0 guard - Unknown owner - J:\ewido anti-spyware 4.0\guard.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

Edited by avim, 15 February 2007 - 02:48 PM.

  • 0

Advertisements


#2
avim

avim

    Member

  • Topic Starter
  • Member
  • PipPip
  • 41 posts
I started a scan in panda online scan.

this is what have been found until now, i don't think that something going to change there.

i hope it will ve helped for you.

Posted Image

and by the way- i cant open with safe mode.


edit:

there is the result of the scan:


Incident Status Location

Hacktool:Hacktool/HideItX Not disinfected c:\win32\dll\win32k.exe
Virus:w32/bagle.hx.worm Disinfected Operating system
Hacktool:rootkit/mhook Not disinfected hkey_local_machine\system\currentcontrolset\services\m_hook
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\כולם\Cookies\כולם@atwola[1].txt
Spyware:Cookie/Toplist Not disinfected C:\Documents and Settings\כולם\Cookies\כולם@toplist[2].txt
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\כולם\Local Settings\Temp\Cookies\כולם@atwola[2].txt
Virus:Trj/Mitglieder.MU Disinfected C:\WINDOWS\system32\hldrrr.exe



edit num.2:


i did an other scan, here is the result:



Incident Status Location

Hacktool:Hacktool/HideItX Not disinfected c:\win32\dll\win32k.exe
Virus:w32/bagle.hx.worm Disinfected Operating system
Hacktool:rootkit/mhook Not disinfected hkey_local_machine\system\currentcontrolset\services\m_hook
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\כולם\Cookies\כולם@ad.yieldmanager[2].txt
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\כולם\Cookies\כולם@atwola[1].txt
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\כולם\Cookies\כולם@fastclick[2].txt
Spyware:Cookie/Toplist Not disinfected C:\Documents and Settings\כולם\Cookies\כולם@toplist[2].txt
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\כולם\Local Settings\Temp\Cookies\כולם@atwola[2].txt
Virus:Trj/Mitglieder.MU Disinfected C:\WINDOWS\system32\hldrrr.exe
Spyware:Cookie/RealMedia Not disinfected D:\Documents and Settings\Menachem Miller\Application Data\Mozilla\Firefox\Profiles\evkjhjrs.default\cookies.txt[.realmedia.com/]
Spyware:Cookie/Atwola Not disinfected D:\Documents and Settings\Menachem Miller\Local Settings\Temp\Cookies\menachem [email protected][1].txt
Hacktool:Hacktool/HideItX Not disinfected J:\eMule\Incoming2\Adobe Premiere Pro 1.5 crack.zip[Adobe Premiere Pro 1.5 crack.msi][unk_0018][Win32k.exe]
Hacktool:Hacktool/HideItX Not disinfected J:\eMule\Incoming2\Adobe Premiere Pro 1.5 Crack2.zip[Adobe Premiere Pro 1.5 crack.msi][unk_0018][Win32k.exe]
Virus:Trj/Mitglieder.MU Disinfected J:\eMule\Incoming2\Avast.Antivirus.+.crack.MICIDIALE.ELIMINA.TUTTI.I.VIRUS.MEGLIO.DI.NORTON.PROVATELO.zip[Avast.Antivirus.+.crack.MICIDIALE.ELIMINA.TUTTI.I.VIRUS.MEGLIO.DI.NORTON.PROVATELO.exe]
Virus:Trj/Mitglieder.MU Disinfected J:\eMule\Incoming2\Norton.Antivirus.2005.(Fr).Crack.Abonnement.Aux.Virus.(Jusqu'en.2115).Ok.zip[Norton.Antivirus.2005.(Fr).Crack.Abonnement.Aux.Virus.(Jusqu'en.2115).Ok.exe]
Virus:Trj/Mitglieder.MU Disinfected J:\eMule\Incoming2\VIRUS!!.Norton.Antivirus.2007.Activation.Crack.(Realy.Works).Keygen.Serial.zip[VIRUS!!.Norton.Antivirus.2007.Activation.Crack.(Realy.Works).Keygen.Serial.exe]
Spyware:Cookie/adultfriendfinder Not disinfected O:\גיבוי מחשב נתנאל\Documents and Settings\Guest\Cookies\[email protected][1].txt
Spyware:Cookie/OfferOptimizer Not disinfected O:\גיבוי מחשב נתנאל\Documents and Settings\Guest\Cookies\[email protected][1].txt
Spyware:Cookie/OfferOptimizer Not disinfected O:\גיבוי מחשב נתנאל\Documents and Settings\Guest\Cookies\[email protected][2].txt
Adware:Adware/Transponder Not disinfected O:\גיבוי מחשב נתנאל\Documents and Settings\Guest\Local Settings\Temp\THI24C6.tmp\polall1r.inf
Adware:Adware/Transponder Not disinfected O:\גיבוי מחשב נתנאל\Documents and Settings\Guest\Local Settings\Temp\THI2585.tmp\polall1r.inf
Adware:Adware/Transponder Not disinfected O:\גיבוי מחשב נתנאל\Documents and Settings\Guest\Local Settings\Temp\THI2EB1.tmp\polall1r.inf
Adware:Adware/IPInsight Not disinfected O:\גיבוי מחשב נתנאל\Documents and Settings\Guest\Local Settings\Temp\THI395F.tmp\farmmext.inf
Adware:Adware/IPInsight Not disinfected O:\גיבוי מחשב נתנאל\Documents and Settings\Guest\Local Settings\Temp\THI395F.tmp\farmmext.ini
Adware:Adware/IPInsight Not disinfected O:\גיבוי מחשב נתנאל\Documents and Settings\Guest\Local Settings\Temp\THI3D37.tmp\farmmext.inf
Adware:Adware/IPInsight Not disinfected O:\גיבוי מחשב נתנאל\Documents and Settings\Guest\Local Settings\Temp\THI3D37.tmp\farmmext.ini
Adware:Adware/MultiMPP Not disinfected O:\גיבוי מחשב נתנאל\Documents and Settings\Guest\Local Settings\Temp\THI4401.tmp\multimpp.inf
Adware:Adware/Transponder Not disinfected O:\גיבוי מחשב נתנאל\Documents and Settings\Guest\Local Settings\Temp\THI461B.tmp\polall1r.inf
Adware:Adware/TopRebates Not disinfected O:\גיבוי מחשב נתנאל\Documents and Settings\Guest\Local Settings\Temp\THI470E.tmp\MMaker4b.exe[EbatesMoeMoneyMaker1.exe]
Adware:Adware/TopRebates Not disinfected O:\גיבוי מחשב נתנאל\Documents and Settings\Guest\Local Settings\Temp\THI470E.tmp\MMaker4b.exe[EbatesMoeMoneyMaker0.exe]
Adware:Adware/TopRebates Not disinfected O:\גיבוי מחשב נתנאל\Documents and Settings\Guest\Local Settings\Temp\THI470E.tmp\MMaker4b.exe[disp350.exe]
Adware:Adware/Transponder Not disinfected O:\גיבוי מחשב נתנאל\Documents and Settings\Guest\Local Settings\Temp\THI5E12.tmp\polall1r.inf
Adware:Adware/Transponder Not disinfected O:\גיבוי מחשב נתנאל\Documents and Settings\Guest\Local Settings\Temp\THI6812.tmp\polall1r.inf
Adware:Adware/Transponder Not disinfected O:\גיבוי מחשב נתנאל\Documents and Settings\Guest\Local Settings\Temp\THI6B4C.tmp\polall1r.inf
Adware:Adware/Transponder Not disinfected O:\גיבוי מחשב נתנאל\Documents and Settings\Guest\Local Settings\Temp\THI6B9E.tmp\polall1r.inf
Spyware:Spyware/BetterInet Not disinfected O:\גיבוי מחשב נתנאל\Documents and Settings\Guest\Local Settings\Temp\THIBA1.tmp\zserv.inf
Spyware:Spyware/BetterInet Not disinfected O:\גיבוי מחשב נתנאל\Documents and Settings\Guest\Local Settings\Temp\zserv.inf
Spyware:Cookie/GoStats Not disinfected O:\גיבוי מחשב נתנאל\Documents and Settings\MILLER\Application Data\Mozilla\Profiles\default\d3p06v26.slt\cookies.txt[.c3.gostats.com/]
Spyware:Cookie/MediaTickets Not disinfected O:\גיבוי מחשב נתנאל\Documents and Settings\MILLER\Application Data\Mozilla\Profiles\Default Us\yy4onsry.slt\cookies.txt[.kinghost.com/]
Spyware:Cookie/Barelylegal Not disinfected O:\גיבוי מחשב נתנאל\Documents and Settings\MILLER\Application Data\Mozilla\Profiles\Default Us\yy4onsry.slt\cookies.txt[c.fsx.com/]
Spyware:Cookie/OfferOptimizer Not disinfected O:\גיבוי מחשב נתנאל\Documents and Settings\סרטים\Cookies\סרטים@offeroptimizer[2].txt
Adware:Adware/IST.ISTBar Not disinfected O:\גיבוי מחשב נתנאל\Program Files\ISTbar\xml_istbar.xml
Hacktool:HackTool/EvID4226 Not disinfected O:\גיבוי מחשב נתנאל\תוכנות שיתוף קבצים\Emule\WinXP.SP2.eMule.Patch.exe
Hacktool:HackTool/EvID4226 Not disinfected P:\System Volume Information\_restore{C4886269-BFFD-4E6A-975D-37949D057F13}\RP201\A0054889.exe[sp2nolimit.exe]









tnx very much!!!

Edited by avim, 14 February 2007 - 03:45 PM.

  • 0

#3
avim

avim

    Member

  • Topic Starter
  • Member
  • PipPip
  • 41 posts
The computer cannot open now.
after a while in the start it restart.

You think that C:\ format wil be help in here?
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP