 Windows 2003 Server problem |
Welcome Guest ( Log In | Click here to Register a free account now! )
Register a free account to unlock additional features at BleepingComputer.com
Welcome to Bleeping Computer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.
BleepingComputer.com > Security > HijackThis Logs and Virus/Trojan/Spyware/Malware Removal > Misplaced HJT Logs  |
 Nov 2 2009, 04:57 PM
Post
#1
|
|
|
New Member  Group: Members Posts: 1 Joined: 2-November 09 Member No.: 397,762  |
Here's HijackThis log...if it's of any use... Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 11:04:01, on 2009-10-29 Platform: Windows 2003 Dodatek SP1 (WinNT 5.02.3790) MSIE: Internet Explorer v6.00 SP1 (6.00.3790.1830) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Servers\avp.exe C:\WINDOWS\system32\Dfssvc.exe C:\WINDOWS\System32\dns.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Kaspersky Lab\Kaspersky Administration Kit\Nagent\klnagent.exe C:\Program Files\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe C:\Program Files\Microsoft SQL Server\MSSQL$MSFW\Binn\sqlservr.exe C:\Program Files\Microsoft SQL Server\MSSQL$SBSMONITORING\Binn\sqlservr.exe C:\Program Files\Microsoft SQL Server\MSSQL$SHAREPOINT\Binn\sqlservr.exe C:\WINDOWS\system32\ntfrs.exe C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\wins.exe C:\WINDOWS\system32\tcpsvcs.exe C:\Program Files\Exchsrvr\bin\exmgmt.exe C:\Program Files\Exchsrvr\bin\mad.exe C:\Program Files\Common Files\System\MSSearch\Bin\mssearch.exe C:\Program Files\Exchsrvr\bin\store.exe C:\Program Files\Microsoft ISA Server\mspadmin.exe C:\Program Files\Microsoft ISA Server\W3Prefch.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Kaspersky Lab\Kaspersky Administration Kit\Nagent\klnagent.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Servers\avp.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://shdoclc.dll/hardAdmin.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.pl/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Program Microsoft Internet Explorer dostarczony przez SP Krasew R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = SBS2003:8080 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O4 - HKLM\..\Run: [DWPersistentQueuedReporting] C:\PROGRA~1\COMMON~1\MICROS~1\DW\DWTRIG20.EXE -a O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Servers\avp.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Skrót do strony właściwości High Definition Audio] HDAShCut.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA') O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'USŁUGA LOKALNA') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA') O4 - HKUS\S-1-5-20\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'USŁUGA SIECIOWA') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user') O4 - Startup: Zarządzanie serwerem.lnk = ? O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll O14 - IERESET.INF: START_PAGE_URL=http://www.google.pl/ O15 - ESC Trusted Zone: http://ardownload.adobe.com O15 - ESC Trusted Zone: http://get.adobe.com O15 - ESC Trusted Zone: http://tw.msi.com.tw O15 - ESC Trusted Zone: http://sbs.oeiizk.edu.pl O15 - ESC Trusted Zone: http://downloads.kaspersky-labs.com O15 - ESC Trusted Zone: http://www.mada.lua.pl O15 - ESC Trusted Zone: http://mozilla.mirror.ac.za O15 - ESC Trusted Zone: http://download.mozilla.org O15 - ESC Trusted Zone: http://www.szalapska.republika.pl O15 - ESC Trusted Zone: http://www.spzg.pl O15 - ESC Trusted Zone: http://ftp.sunet.se O15 - ESC Trusted Zone: http://ftp.twaren.net O15 - ESC Trusted Zone: http://mozilla2.snt.utwente.nl O15 - ESC Trusted Zone: http://*.windowsupdate.com O15 - ESC Trusted Zone: http://*.wydawnictwowam.pl O15 - ESC Trusted Zone: http://*.windowsupdate.com (HKLM) O16 - DPF: {7584C670-2274-4EFB-B00B-D6AABA6D3850} (Microsoft RDP Client Control (redist)) - http://192.168.28.1/tsweb/msrdp.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = spkrasew.local O17 - HKLM\Software\..\Telephony: DomainName = spkrasew.local O17 - HKLM\System\CCS\Services\Tcpip\..\{7F060C9B-BB85-437E-8982-6D7FF4C04644}: NameServer = 192.168.28.1 O17 - HKLM\System\CCS\Services\Tcpip\..\{8A466923-D3B6-4E72-A718-11F6A55243E4}: NameServer = 192.168.28.1 O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = spkrasew.local O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = spkrasew.local O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Servers\avp.exe O23 - Service: Kaspersky Administration Server (CSAdminServer) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Administration Kit\klserver.exe O23 - Service: Kaspersky Network Agent (KLNagent) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Administration Kit\Nagent\klnagent.exe -- End of file - 6184 bytes P.S. Sorry for scarce info, that's what I've been provided with and I couldn't gather much by myself... |
 |
 
|
|
Nov 2 2009, 05:21 PM
Post
#2
|
|
 Bleepin' Perennially Clueless!!! Group: Members Posts: 5,205 Joined: 1-December 07 From: England Member No.: 173,832 |
Hello Salt_The_Fries,
I have moved your Topic that included a HijackThis log here to the Misplaced HJT Logs forum. You posted your log in a forum not intended for HijackThis logs analysis. We can only allow topics with such logs in the HijackThis Logs and Malware Removal forum. This restriction is to ensure you get the best help available, from those who specialize in malware anlaysis and removal. It also should prevent you from receiving ineffective or even potentially dangerous advice, whether well meaning or not. We understand that dealing with malware issues and getting help can be frustrating but improperly posting a log usually happens if you missed the directions we provide to those who require malware removal assistance. Prior to posting a log, we ask that you please read and follow all instructions in the pinned topic titled Preparation Guide For Use Before Posting A Hijackthis Log. Following the steps in this Guide will allow the HJT Team to quickly help you with specific fixes for what may remain on your system. Please complete all the steps in the Guide. If you can't perform a step, then skip it and continue with the next. In Step 6 there are instructions for downloading and running DDS which will create a Pseudo HJT Report as part of its log. When you have completed those steps, start a new topic in the HijackThis Logs and Malware Removal forum as directed in the Prep Guide to post a new log. Please DO NOT post any more logs to this topic, or post a log again in the wrong forum. The Misplaced HJT Logs forum is strictly a holding area where the BC Staff can assist you with preparations for and to properly post your log. If you have a question or encounter a problem in the Prep Guide, please do post back to this topic; that is what it is here for. When your new DDS/HJT log is posted in the proper forum, please reply to this topic with a link to your new topic. Once that is done, a Member of the HJT Team will analyze your log and assist you with step by step instructions to clean your computer or otherwise advise what needs to be done. Thanks for your cooperation and good luck. The BC Staff -------------------- My Father had a profound influence on me, he was a lunatic. X
|
|
|
|
|
1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)
0 Members:
| Lo-Fi Version | Time is now: 21st November 2009 - 03:44 PM |
© 2003-2009 All Rights Reserved Bleeping Computer LLC.