Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

my hijiack this log! [CLOSED]


  • This topic is locked This topic is locked

#1
chinajj

chinajj

    New Member

  • Member
  • Pip
  • 1 posts
Logfile of HijackThis v1.97.7
Scan saved at 9:43:02, on 2004-6-17
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
E:\WINNT\System32\smss.exe
E:\WINNT\system32\winlogon.exe
E:\WINNT\system32\services.exe
E:\WINNT\system32\lsass.exe
E:\WINNT\System32\SCardSvr.exe
E:\WINNT\system32\Ati2evxx.exe
E:\WINNT\system32\svchost.exe
E:\WINNT\system32\spoolsv.exe
E:\WINNT\System32\svchost.exe
D:\KAV2003\KAVSvc.EXE
E:\WINNT\system32\regsvc.exe
E:\WINNT\system32\MSTask.exe
E:\WINNT\System32\WBEM\WinMgmt.exe
E:\WINNT\system32\svchost.exe
E:\WINNT\system32\inetsrv\inetinfo.exe
E:\WINNT\Explorer.EXE
E:\WINNT\system32\internat.exe
D:\KAV2003\KAVSvcUI.EXE
E:\Program Files\MSN Messenger\msnmsgr.exe
D:\KAV2003\MailMon.exe
E:\Program Files\Outlook Express\msimn.exe
E:\WINNT\System32\svchost.exe
E:\WINNT\explorer.exe
E:\WINNT\system32\mdm.exe
C:\Downloads\HijackThis.exe

R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {A5366673-E8CA-11D3-9CD9-0090271D075B} - D:\PROGRA~1\FLASHGET\jccatch.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - e:\program files\google\googletoolbar2.dll
O2 - BHO: IE - {D157330A-9EF3-49F8-9A67-4141AC41ADD4} - E:\WINNT\DOWNLO~1\CONFLICT.6\CnsHook.dll
O3 - Toolbar: ????? - {8E718888-423F-11D2-876E-00A0C9082467} - E:\WINNT\System32\msdxm.ocx
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - D:\PROGRA~1\FLASHGET\fgiebar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - e:\program files\google\googletoolbar2.dll
O3 - Toolbar: ????? - {A9BE2902-C447-420A-BB7F-A5DE921E6138} - D:\KAV2003\KAIEPlus.DLL
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [iDuba Personal FireWall] D:\KAV2003\KAVPFW.EXE
O4 - HKLM\..\Run: [KAVRUN] D:\KAV2003\KAVRun.EXE
O4 - HKLM\..\Run: [msstart] E:\WINNT\system32\msstart.exe
O4 - HKLM\..\Run: [CnsMin] Rundll32.exe E:\WINNT\DOWNLO~1\CONFLICT.6\CnsMin.dll,Rundll32
O4 - HKCU\..\Run: [Internat.exe] internat.exe
O4 - HKCU\..\Run: [msnmsgr] "E:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Startup: NTUSER.DAT
O4 - Startup: ntuser.dat.LOG
O4 - Startup: ntuser.ini
O4 - Startup: AdobeWeb.log
O4 - Startup: .plugin140_01.trace
O4 - Global Startup: ntuser.pol
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Toolbars\Restrictions present
O8 - Extra context menu item: &Google Search - res://e:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://e:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://e:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Si&milar Pages - res://e:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: 使用网际快车下载 - D:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: 使用网际快车下载全部链接 - D:\Program Files\FlashGet\jc_all.htm
O9 - Extra button: Real.com (HKLM)
O9 - Extra 'Tools' menuitem: Real.com (HKLM)
O9 - Extra button: FlashGet (HKLM)
O9 - Extra 'Tools' menuitem: FlashGet (HKLM)
O10 - Unknown file in Winsock LSP: e:\winnt\system32\ws2_64.dll
O10 - Unknown file in Winsock LSP: e:\winnt\system32\ws2_64.dll
O10 - Unknown file in Winsock LSP: e:\winnt\system32\ws2_64.dll
O10 - Unknown file in Winsock LSP: e:\winnt\system32\ws2_64.dll
O10 - Unknown file in Winsock LSP: e:\winnt\system32\ws2_64.dll
O11 - Options group: [!CNS]
O11 - Options group: [!IESearch] !IESearch
O16 - DPF: {0EB487C8-E9AC-43A6-8C4C-083999B0622F} (InfosecCertInstall Class) - https://mybank.icbc....certInStall.dll
O16 - DPF: {15DDE989-CD45-4561-BF99-D22C0D5C2B74} - http://image2.sina.c...rce/sinaddt.cab
O16 - DPF: {2A32B14F-4D29-4EA3-AC54-E9B19F436CE7} (Scanner Class) - http://www.trojansca...an/TDECntrl.CAB
O16 - DPF: {5FDE5079-BB94-4B8C-9ACE-239EE4FBF1F2} (InstallCert Class) - http://www.ca365.com/RootCertCA365.cab
O16 - DPF: {73E4740C-08EB-4133-896B-8D0A7C9EE3CD} (AxInputControl Class) - https://mybank.icbc....afeControls.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (
O16 - DPF: {BC207F7D-3E63-4ACA-99B5-FB5F8428200C} - http://bar.baidu.com...te/IESearch.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macr...ash/swflash.cab
O16 - DPF: {EDB827C2-C076-4480-8A5C-8FB6C7A41604} (clsInsCert Class) - https://ca1.cnca.net...ert/RegCert.cab
  • 0

Advertisements


#2
ditto

ditto

    - i pwn n00bs -

  • Member
  • PipPipPipPip
  • 1,260 posts
Please Download LSPFix from http://www.cexx.org/lspfix.htm and Run the Program. Disconnect from the Internet and close all Internet Explorer Windows. Check the "I know what I'm doing" Button and remove all traces of [ws2_64.dll]. Reboot and reply back with a new log.

ditto
  • 0

#3
Kat

Kat

    Retired

  • Retired Staff
  • 19,711 posts
  • MVP
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP