Welcome to What the Tech! ( 
 [Closed] Hijack this log file i think theres more than one malwar |
 Feb 3 2008, 06:17 PM
Post
#1
|
|
|
New Member  Group: New Member Posts: 2 Joined: 3-February 08 Member No.: 76,580 Operating System: Windows XP  |
StartupList version: 1.52.2 Started from : C:\Documents and Settings\Ebox NE1201\My Documents\Programme Downloads\HijackThis.EXE Detected: Windows XP SP2 (WinNT 5.01.2600) Detected: Internet Explorer v7.00 (7.00.6000.16574) * Using default options ================================================== Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe C:\WINDOWS\system32\sesinetd.exe C:\WINDOWS\system32\hserver.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe C:\WINDOWS\system32\MsPMSPSv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\EzButton System V1.0\EzButton.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\Common Files\Ulead Systems\DVD\USISrv.exe C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe C:\Program Files\Messenger\msmsgs.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\SpyRemover\TeaTimer.exe C:\Program Files\Stardock\ObjectDock\ObjectDock.exe C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\AntiVir PersonalEdition Classic\avcenter.exe C:\Program Files\AntiVir PersonalEdition Classic\avscan.exe C:\WINDOWS\system32\wuauclt.exe C:\Documents and Settings\Ebox NE1201\My Documents\UNSORTED\Apoint.exe C:\Program Files\Apoint2K\Apntex.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Documents and Settings\Ebox NE1201\My Documents\Programme Downloads\HijackThis.exe C:\Program Files\ZTEiT\ZTEConnector\ZTEConnector.exe C:\PROGRA~1\MOZILL~1\FIREFOX.EXE C:\WINDOWS\system32\wuauclt.exe -------------------------------------------------- Listing of startup folders: Shell folders Startup: [C:\Documents and Settings\Ebox NE1201\Start Menu\Programs\Startup] Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe -------------------------------------------------- Checking Windows NT UserInit: [HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] UserInit = userinit.exe,bar311.exe -------------------------------------------------- Autorun entries from Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\Run EzButton System = C:\Program Files\EzButton System V1.0\EzButton.exe WindowNT = c:\WINDOWS\system32\exiplorer.exe QuickTime Task = "C:\Program Files\QuickTime\QTTask.exe" -atboottime iTunesHelper = "C:\Program Files\iTunes\iTunesHelper.exe" avgnt = "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min Disk Knight = C:\WINDOWS\Knight.exe PinnacleDriverCheck = C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg USIUDF_Eject_Monitor = C:\Program Files\Common Files\Ulead Systems\DVD\USISrv.exe Ulead AutoDetector v2 = C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe -------------------------------------------------- Autorun entries from Registry: HKCU\Software\Microsoft\Windows\CurrentVersion\Run MSMSGS = "C:\Program Files\Messenger\msmsgs.exe" /background WebCamRT.exe = Yahoo! Pager = "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet ctfmon.exe = C:\WINDOWS\system32\ctfmon.exe (Default) = SpyRemover TeaTimer = C:\Program Files\SpyRemover\TeaTimer.exe -------------------------------------------------- Shell & screensaver key from C:\WINDOWS\SYSTEM.INI: Shell=*INI section not found* SCRNSAVE.EXE=*INI section not found* drivers=*INI section not found* Shell & screensaver key from Registry: Shell=Explorer.exe,C:\WINDOWS\system32\NETSVCS.EXE SCRNSAVE.EXE=*Registry value not found* drivers=*Registry value not found* Policies Shell key: HKCU\..\Policies: Shell=*Registry key not found* HKLM\..\Policies: Shell=*Registry value not found* -------------------------------------------------- Enumerating Browser Helper Objects: (no name) - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll - {02478D38-C3F9-4EFB-9B51-7695ECA05670} (no name) - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (no name) - C:\Program Files\Yahoo!\Common\yiesrvc.dll - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} (no name) - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -------------------------------------------------- Enumerating Task Scheduler jobs: AppleSoftwareUpdate.job -------------------------------------------------- Enumerating Download Program Files: [Shockwave Flash Object] InProcServer32 = C:\WINDOWS\system32\Macromed\Flash\Flash9.ocx CODEBASE = http://fpdownload.macromedia.com/get/flash...ent/swflash.cab -------------------------------------------------- Enumerating ShellServiceObjectDelayLoad items: PostBootReminder: C:\WINDOWS\system32\SHELL32.dll CDBurn: C:\WINDOWS\system32\SHELL32.dll WebCheck: C:\WINDOWS\system32\webcheck.dll SysTray: C:\WINDOWS\system32\stobject.dll WPDShServiceObj: C:\WINDOWS\system32\WPDShServiceObj.dll -------------------------------------------------- End of report, 6,273 bytes Report generated in 2.514 seconds Command line options: /verbose - to add additional info on each section /complete - to include empty sections and unsuspicious data /full - to include several rarely-important sections /force9x - to include Win9x-only startups even if running on WinNT /forcent - to include WinNT-only startups even if running on Win9x /forceall - to include all Win9x and WinNT startups, regardless of platform /history - to list version history only
Attached File(s)
|
 |
 
|
|
Feb 4 2008, 01:08 PM
Post
#2
|
|
 Forum God  Group: Root Admin Posts: 44,142 Joined: 23-September 04 From: Missouri, USA Member No.: 15,276  |
Your post has been Moved, Closed or Edited for one of the following reasons:
1.) You posted multiple topics and only one is required 2.) You are spamming links to other places without approval 3.) You have posted your hijackthis log to the wrong forum: ( http://forums.whatthetech.com/HijackThis_L...emoval_f27.html ) <--- correct forum for HijackThis Logs 4.) Abusive language or other problems in your text 5.) Your log is too old (20 days or more) and no replies from you after a volunteer tried to help you If you came here for help, and you have not posted a Hijackthis log to the proper forum, then you may do so now, if you came here to spam or abuse, you will be dealt with harsher on your next offense This is a family oriented forum to help those that need help. ============================== |
|
|
|
|
Feb 15 2008, 03:57 PM
Post
#3
|
|
|
Forum God Group: Root Admin Posts: 44,142 Joined: 23-September 04 From: Missouri, USA Member No.: 15,276 |
Due to inactivity this topic will be closed.
If you need help please start a new thread and post a new HJT log |
|
|
|
  |
1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)
0 Members:
Similar Topics
| Topic Title | Replies | Topic Starter | Views | Last Action | |||
|---|---|---|---|---|---|---|---|
 |
19 | beroo | 221 | Today, 05:04 PM Last post by: SpySentinel |
|||
|
23 | rpachon | 363 | Today, 05:03 PM Last post by: SpySentinel |
|||
|
15 | Warnite | 201 | Today, 05:03 PM Last post by: SpySentinel |
|||
 |
4 | frankstenosis | 72 | Today, 03:32 PM Last post by: Tomk |
|||
|
Time is now: 3rd July 2009 - 08:56 PM |
Member site: Alliance of Security Analysis Professionals | UNITE Against Malware
© Geeks to Go, Inc. | All Rights Reserved | Privacy Policy
