Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

hijack this log and start up


  • Please log in to reply

#1
Lauda

Lauda

    New Member

  • Member
  • Pip
  • 1 posts
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:55:57, on 03-12-2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
e:\Programas\Alwil Software\Avast4\aswUpdSv.exe
e:\Programas\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\devldr32.exe
E:\Programas\Belkin\Bluetooth Software\bin\btwdins.exe
C:\Programas\Ficheiros comuns\LightScribe\LSSrvc.exe
E:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\svehost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programas\Windows Live\Messenger\MsnMsgr.Exe
C:\Programas\Uniblue\SpyEraser\SpyEraser.exe
C:\WINDOWS\system32\nvsvc32.exe
E:\Programas\Photodex\ProShowProducer\ScsiAccess.exe
C:\WINDOWS\system32\svchost.exe
C:\RECYCLER\SVCHOST.EXE
C:\WINDOWS\system32\MsPMSPSv.exe
e:\Programas\Alwil Software\Avast4\ashMaiSv.exe
e:\Programas\Alwil Software\Avast4\ashWebSv.exe
C:\Programas\iPod\bin\iPodService.exe
E:\Programas\BT Next Evolution\btnext.exe
C:\Programas\Mozilla Firefox\firefox.exe
E:\Programas\Babylon\Babylon-Pro\Babylon.exe
E:\Programas\BitComet\BitComet.exe
C:\Programas\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hiperligações
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programas\Ficheiros comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - E:\Programas\BitComet\tools\BitCometBHO_1.1.7.4.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - E:\PROGRA~1\MICROS~1\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Programas\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programa Auxiliar de Início de Sessão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programas\Ficheiros comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [AHQInit] C:\Programas\Creative\SBLive\Program\AHQInit.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [avast!] e:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Microsoft Updates] svehost.exe
O4 - HKLM\..\RunServices: [Microsoft Updates] svehost.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programas\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Uniblue SpyEraser] "C:\Programas\Uniblue\SpyEraser\SpyEraser.exe" -m
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIÇO LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Serviço de rede')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &D&ownload &with BitComet - res://E:\Programas\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://E:\Programas\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://E:\Programas\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Download Video on This Page - e:\Programas\TubeDownload\TDIEPage.html
O8 - Extra context menu item: Download Video This Links To - e:\Programas\TubeDownload\TDIELink.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://E:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://E:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Enviar para Dispositivo &Bluetooth... - E:\Programas\Belkin\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Programas\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Programas\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - E:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - E:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - E:\Programas\BitComet\tools\BitCometBHO_1.1.7.4.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: Download Video - {A103A693-F92C-4A81-8F7F-6C80799EFF3D} - e:\Programas\TubeDownload\TDIEPage.html
O9 - Extra 'Tools' menuitem: Download Video on This Page - {A103A693-F92C-4A81-8F7F-6C80799EFF3D} - e:\Programas\TubeDownload\TDIEPage.html
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - E:\Programas\Belkin\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - E:\Programas\Belkin\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - http://messenger.zon...kr.cab56986.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} - http://messenger.zon...er.cab31267.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1164566617703
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory....ap/PhtPkMSN.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zon...ro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - http://messenger.zon...nt.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O16 - DPF: {E85362EF-40D4-4E5D-BE07-D6B036CCA277} (GoPets Control) - https://secure.gopet.../dev/gopets.cab
O16 - DPF: {EA6246B4-F380-443F-8727-9AEA3371146C} (CPlayFirstWeddingDashControl Object) - http://games.bigfish...sh.1.0.0.47.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} - http://messenger.zon...er.cab56986.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative....15030/CTPID.cab
O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - https://secure.gopet...v/GoPetsWeb.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - E:\PROGRA~1\MICROS~1\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHEI~1\Skype\SKYPE4~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - e:\Programas\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - e:\Programas\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - e:\Programas\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - e:\Programas\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - E:\Programas\Belkin\Bluetooth Software\bin\btwdins.exe
O23 - Service: Serviço iPod (iPod Service) - Apple Inc. - C:\Programas\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programas\Ficheiros comuns\LightScribe\LSSrvc.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Unknown owner - c:\programas\ficheiros comuns\logitech\lvmvfm\LVPrcSrv.exe (file missing)
O23 - Service: NMIndexingService - Unknown owner - C:\Programas\Ficheiros comuns\Ahead\Lib\NMIndexingService.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ScsiAccess - Unknown owner - E:\Programas\Photodex\ProShowProducer\ScsiAccess.exe
O23 - Service: Windowhelp - Unknown owner - C:\RECYCLER\SVCHOST.EXE

--
End of file - 9831 bytes


StartupList report, 03-12-2007, 22:56:12
StartupList version: 1.52.2
Started from : C:\Programas\Trend Micro\HijackThis\HijackThis.EXE
Detected: Windows XP SP2 (WinNT 5.01.2600)
Detected: Internet Explorer v7.00 (7.00.6000.16544)
* Using default options
==================================================

Running processes:

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
e:\Programas\Alwil Software\Avast4\aswUpdSv.exe
e:\Programas\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\devldr32.exe
E:\Programas\Belkin\Bluetooth Software\bin\btwdins.exe
C:\Programas\Ficheiros comuns\LightScribe\LSSrvc.exe
E:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\svehost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programas\Windows Live\Messenger\MsnMsgr.Exe
C:\Programas\Uniblue\SpyEraser\SpyEraser.exe
C:\WINDOWS\system32\nvsvc32.exe
E:\Programas\Photodex\ProShowProducer\ScsiAccess.exe
C:\WINDOWS\system32\svchost.exe
C:\RECYCLER\SVCHOST.EXE
C:\WINDOWS\system32\MsPMSPSv.exe
e:\Programas\Alwil Software\Avast4\ashMaiSv.exe
e:\Programas\Alwil Software\Avast4\ashWebSv.exe
C:\Programas\iPod\bin\iPodService.exe
E:\Programas\BT Next Evolution\btnext.exe
C:\Programas\Mozilla Firefox\firefox.exe
E:\Programas\Babylon\Babylon-Pro\Babylon.exe
E:\Programas\BitComet\BitComet.exe
C:\Programas\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE

--------------------------------------------------

Checking Windows NT UserInit:

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

AHQInit = C:\Programas\Creative\SBLive\Program\AHQInit.exe
NvCplDaemon = RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
avast! = e:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
Microsoft Updates = svehost.exe

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices

Microsoft Updates = svehost.exe

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run

ctfmon.exe = C:\WINDOWS\system32\ctfmon.exe
MsnMsgr = "C:\Programas\Windows Live\Messenger\MsnMsgr.Exe" /background
Uniblue SpyEraser = "C:\Programas\Uniblue\SpyEraser\SpyEraser.exe" -m

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

[OptionalComponents]
=

--------------------------------------------------

Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:

Shell=*INI section not found*
SCRNSAVE.EXE=*INI section not found*
drivers=*INI section not found*

Shell & screensaver key from Registry:

Shell=Explorer.exe
SCRNSAVE.EXE=C:\WINDOWS\system32\EARTH3~1.SCR
drivers=*Registry value not found*

Policies Shell key:

HKCU\..\Policies: Shell=*Registry value not found*
HKLM\..\Policies: Shell=*Registry value not found*

--------------------------------------------------


Enumerating Browser Helper Objects:

(no name) - C:\Programas\Ficheiros comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
BitComet ClickCapture - E:\Programas\BitComet\tools\BitCometBHO_1.1.7.4.dll - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60}
(no name) - E:\PROGRA~1\MICROS~1\Office12\GRA8E1~1.DLL - {72853161-30C5-4D22-B7F9-0BBC1D38A37E}
(no name) - E:\Programas\Java\jre1.5.0_09\bin\ssv.dll - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
(no name) - (no file) - {7E853D72-626A-48EC-A868-BA8D5E23E045}
(no name) - C:\Programas\Ficheiros comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll - {9030D464-4C02-4ABF-8ECC-5164760863C6}

--------------------------------------------------

Enumerating Task Scheduler jobs:

1-Click Maintenance.job
AppleSoftwareUpdate.job
SDMsgUpdate (TE).job
Uniblue SpeedUpMyPC Nag.job
Uniblue SpeedUpMyPC.job
Uniblue SpyEraser.job
XoftSpySE 2.job
XoftSpySE.job

--------------------------------------------------

Enumerating Download Program Files:

[CKAVWebScan Object]
InProcServer32 = C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavwebscan.dll
CODEBASE = http://www.kaspersky...can_unicode.cab

[{20A60F0D-9AFA-4515-A0FD-83BD84642501}]
CODEBASE = http://messenger.zon...kr.cab56986.cab

[{2917297F-F02B-4B9D-81DF-494B6333150B}]
CODEBASE = http://messenger.zon...er.cab31267.cab

[WUWebControl Class]
InProcServer32 = C:\WINDOWS\system32\wuweb.dll
CODEBASE = http://update.micros...b?1164566617703

[{8E0D4DE5-3180-4024-A327-4DFAD1796A8D}]
CODEBASE = http://messenger.zon...nt.cab31267.cab

[PhotoPickConvert Class]
CODEBASE = http://appdirectory....ap/PhtPkMSN.cab

[MSN Games - Installer]
CODEBASE = http://messenger.zon...ro.cab56649.cab

[{C3F79A2B-B9B4-4A66-B012-3EE46475B072}]
CODEBASE = http://messenger.zon...nt.cab56907.cab

[Shockwave Flash Object]
InProcServer32 = C:\WINDOWS\system32\Macromed\Flash\Flash9d.ocx
CODEBASE = http://fpdownload2.m...ash/swflash.cab

[GoPets Control]
CODEBASE = https://secure.gopet.../dev/gopets.cab

[CPlayFirstWeddingDashControl Object]
CODEBASE = http://games.bigfish...sh.1.0.0.47.cab

[{F5A7706B-B9C0-4C89-A715-7A0C6B05DD48}]
CODEBASE = http://messenger.zon...er.cab56986.cab

[Creative Software AutoUpdate Support Package]
InProcServer32 = C:\PROGRA~1\Creative\SHARED~1\SOFTWA~1\CTPID.ocx
CODEBASE = http://www.creative....15030/CTPID.cab

[GoPetsWeb Control]
CODEBASE = https://secure.gopet...v/GoPetsWeb.cab

--------------------------------------------------

Enumerating Windows NT logon/logoff scripts:
*No scripts set to run*

Windows NT checkdisk command:
BootExecute = autocheck autochk *

Windows NT 'Wininit.ini':
PendingFileRenameOperations: C:\DOCUME~1\CLAUDI~1\DEFINI~1\Temp\~nsu.tmp\Au_.exe||C:\DOCUME~1\CLAUDI~1\DEFINI~1\Temp\~nsu.tmp||C:\DOCUME~1\CLAUDI~1\DEFINI~1\Temp\_iu14D2N.tmp|||1

--------------------------------------------------

Enumerating ShellServiceObjectDelayLoad items:

PostBootReminder: C:\WINDOWS\system32\SHELL32.dll
CDBurn: C:\WINDOWS\system32\SHELL32.dll
WebCheck: C:\WINDOWS\system32\webcheck.dll
SysTray: C:\WINDOWS\system32\stobject.dll
WPDShServiceObj: C:\WINDOWS\system32\WPDShServiceObj.dll

--------------------------------------------------
End of report, 7.796 bytes
Report generated in 0,078 seconds

Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only
  • 0

Advertisements







Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP