Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

my hijiack this log! [CLOSED]


  • This topic is locked This topic is locked

#1
chinajj

chinajj

    New Member

  • Member
  • Pip
  • 1 posts
Logfile of HijackThis v1.97.7
Scan saved at 9:43:02, on 2004-6-17
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
E:\WINNT\System32\smss.exe
E:\WINNT\system32\winlogon.exe
E:\WINNT\system32\services.exe
E:\WINNT\system32\lsass.exe
E:\WINNT\System32\SCardSvr.exe
E:\WINNT\system32\Ati2evxx.exe
E:\WINNT\system32\svchost.exe
E:\WINNT\system32\spoolsv.exe
E:\WINNT\System32\svchost.exe
D:\KAV2003\KAVSvc.EXE
E:\WINNT\system32\regsvc.exe
E:\WINNT\system32\MSTask.exe
E:\WINNT\System32\WBEM\WinMgmt.exe
E:\WINNT\system32\svchost.exe
E:\WINNT\system32\inetsrv\inetinfo.exe
E:\WINNT\Explorer.EXE
E:\WINNT\system32\internat.exe
D:\KAV2003\KAVSvcUI.EXE
E:\Program Files\MSN Messenger\msnmsgr.exe
D:\KAV2003\MailMon.exe
E:\Program Files\Outlook Express\msimn.exe
E:\WINNT\System32\svchost.exe
E:\WINNT\explorer.exe
E:\WINNT\system32\mdm.exe
C:\Downloads\HijackThis.exe

R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {A5366673-E8CA-11D3-9CD9-0090271D075B} - D:\PROGRA~1\FLASHGET\jccatch.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - e:\program files\google\googletoolbar2.dll
O2 - BHO: IE - {D157330A-9EF3-49F8-9A67-4141AC41ADD4} - E:\WINNT\DOWNLO~1\CONFLICT.6\CnsHook.dll
O3 - Toolbar: ????? - {8E718888-423F-11D2-876E-00A0C9082467} - E:\WINNT\System32\msdxm.ocx
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - D:\PROGRA~1\FLASHGET\fgiebar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - e:\program files\google\googletoolbar2.dll
O3 - Toolbar: ????? - {A9BE2902-C447-420A-BB7F-A5DE921E6138} - D:\KAV2003\KAIEPlus.DLL
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [iDuba Personal FireWall] D:\KAV2003\KAVPFW.EXE
O4 - HKLM\..\Run: [KAVRUN] D:\KAV2003\KAVRun.EXE
O4 - HKLM\..\Run: [msstart] E:\WINNT\system32\msstart.exe
O4 - HKLM\..\Run: [CnsMin] Rundll32.exe E:\WINNT\DOWNLO~1\CONFLICT.6\CnsMin.dll,Rundll32
O4 - HKCU\..\Run: [Internat.exe] internat.exe
O4 - HKCU\..\Run: [msnmsgr] "E:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Startup: NTUSER.DAT
O4 - Startup: ntuser.dat.LOG
O4 - Startup: ntuser.ini
O4 - Startup: AdobeWeb.log
O4 - Startup: .plugin140_01.trace
O4 - Global Startup: ntuser.pol
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Toolbars\Restrictions present
O8 - Extra context menu item: &Google Search - res://e:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://e:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://e:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Si&milar Pages - res://e:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: 使用网际快车下载 - D:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: 使用网际快车下载全部链接 - D:\Program Files\FlashGet\jc_all.htm
O9 - Extra button: Real.com (HKLM)
O9 - Extra 'Tools' menuitem: Real.com (HKLM)
O9 - Extra button: FlashGet (HKLM)
O9 - Extra 'Tools' menuitem: FlashGet (HKLM)
O10 - Unknown file in Winsock LSP: e:\winnt\system32\ws2_64.dll
O10 - Unknown file in Winsock LSP: e:\winnt\system32\ws2_64.dll
O10 - Unknown file in Winsock LSP: e:\winnt\system32\ws2_64.dll
O10 - Unknown file in Winsock LSP: e:\winnt\system32\ws2_64.dll
O10 - Unknown file in Winsock LSP: e:\winnt\system32\ws2_64.dll
O11 - Options group: [!CNS]
O11 - Options group: [!IESearch] !IESearch
O16 - DPF: {0EB487C8-E9AC-43A6-8C4C-083999B0622F} (InfosecCertInstall Class) - https://mybank.icbc....certInStall.dll
O16 - DPF: {15DDE989-CD45-4561-BF99-D22C0D5C2B74} - http://image2.sina.c...rce/sinaddt.cab
O16 - DPF: {2A32B14F-4D29-4EA3-AC54-E9B19F436CE7} (Scanner Class) - http://www.trojansca...an/TDECntrl.CAB
O16 - DPF: {5FDE5079-BB94-4B8C-9ACE-239EE4FBF1F2} (InstallCert Class) - http://www.ca365.com/RootCertCA365.cab
O16 - DPF: {73E4740C-08EB-4133-896B-8D0A7C9EE3CD} (AxInputControl Class) - https://mybank.icbc....afeControls.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (
O16 - DPF: {BC207F7D-3E63-4ACA-99B5-FB5F8428200C} - http://bar.baidu.com...te/IESearch.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macr...ash/swflash.cab
O16 - DPF: {EDB827C2-C076-4480-8A5C-8FB6C7A41604} (clsInsCert Class) - https://ca1.cnca.net...ert/RegCert.cab
  • 0

Advertisements


#2
ditto

ditto

    - i pwn n00bs -

  • Member
  • PipPipPipPip
  • 1,260 posts
Please Download LSPFix from http://www.cexx.org/lspfix.htm and Run the Program. Disconnect from the Internet and close all Internet Explorer Windows. Check the "I know what I'm doing" Button and remove all traces of [ws2_64.dll]. Reboot and reply back with a new log.

ditto
  • 0

#3
Kat

Kat

    Retired

  • Retired Staff
  • 19,711 posts
  • MVP
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP