Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Hijackthis Log


  • Please log in to reply
1 reply to this topic

#1 reld18

reld18

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:02:40 PM

Posted 18 May 2008 - 11:07 AM

i have 2 comp i dunno on wicht i got keylog plz help i will start with my laptop .

Deckard's System Scanner v20071014.68
Run by Reld on 2008-05-18 11:54:21
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
73: 2008-05-18 15:54:29 UTC - RP112 - Deckard's System Scanner Restore Point
72: 2008-05-18 05:57:09 UTC - RP111 - Software Distribution Service 3.0
71: 2008-05-18 05:55:47 UTC - RP110 - Installed Windows Defender
70: 2008-05-18 05:21:13 UTC - RP109 - Remove AnyDVD
69: 2008-05-17 16:22:37 UTC - RP108 - Software Distribution Service 3.0


-- First Restore Point --
1: 2008-02-22 19:26:01 UTC - RP40 - Point de vérification système


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Reld.exe) ------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:55:21, on 2008-05-18
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Microsoft LifeChat\LifeChat.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AVEO\AVEO UVC Filter Driver Kit\AveoSTI.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
C:\Documents and Settings\Reld\Bureau\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Reld.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [AveoKeySti] "C:\Program Files\\AVEO\AVEO_UVC_FILTER_DRIVER_KIT\AveoSTI.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [LifeChat] "C:\Program Files\Microsoft LifeChat\LifeChat.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: aveosti.exe.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/jin...ows-i586-jc.cab
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe

--
End of file - 5873 bytes

-- File Associations -----------------------------------------------------------

.cpl - cplfile - shell\cplopen\command - rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.cpl - cplfile - shell\runas\command - rundll32.exe shell32.dll,Control_RunDLLAsUser "%1",%*


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R2 thdudf (TOSHIBA UDF2.5 Reader File System Driver) - c:\windows\system32\drivers\thdudf.sys <Not Verified; TOSHIBA Corporation; TOSHIBA UDF2.5 Reader File System Driver>

S3 whfltr2k (WheelMouse USB Lower Filter Driver) - c:\windows\system32\drivers\whfltr2k.sys <Not Verified; ; USB Mouse Lower Level Filter Driver>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Apple Mobile Device - "c:\program files\fichiers communs\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>


-- Device Manager: Disabled ----------------------------------------------------

Class GUID:
Description:
Device ID: ACPI\ENE0100\4&3AA5AEAA&0
Manufacturer:
Name:
PNP Device ID: ACPI\ENE0100\4&3AA5AEAA&0
Service:

Class GUID:
Description:
Device ID: ACPI\PNP0C32\5&2BB9F244&0
Manufacturer:
Name:
PNP Device ID: ACPI\PNP0C32\5&2BB9F244&0
Service:


-- Scheduled Tasks -------------------------------------------------------------

2008-05-18 11:08:09 330 --ah----- C:\WINDOWS\Tasks\MP Scheduled Scan.job
2008-05-06 18:37:01 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job


-- Files created between 2008-04-18 and 2008-05-18 -----------------------------

2008-05-18 11:17:04 0 d-------- C:\Program Files\Trend Micro
2008-05-18 01:55:49 0 d-------- C:\Program Files\Windows Defender
2008-05-11 16:59:00 0 d-------- C:\Program Files\DIFX
2008-05-07 09:37:42 0 --a------ C:\WINDOWS\TempFile
2008-05-07 09:37:17 155648 --a------ C:\WINDOWS\system32\OdbcJdbcSetup.dll <Not Verified; IBPhoenix Inc.; OdbcJdbcSetup Dynamic Link Library>
2008-05-07 09:37:17 262144 --a------ C:\WINDOWS\system32\OdbcJdbcMT.dll <Not Verified; IBPhoenix Inc; OdbcJdbc Dynamic Link Library>
2008-05-07 09:37:17 253952 --a------ C:\WINDOWS\system32\OdbcJdbc.dll <Not Verified; IBPhoenix Inc; OdbcJdbc Dynamic Link Library>
2008-05-07 09:37:17 274432 --a------ C:\WINDOWS\system32\IscDbc.dll <Not Verified; IBPhoenix Inc.; IscDbc Dynamic Link Library>
2008-05-07 09:34:34 24861 --a------ C:\WINDOWS\system32\drivers\i1.sys <Not Verified; GretagMacbeth; Minilino Driver>
2008-05-07 09:33:36 19968 --a------ C:\WINDOWS\system32\drivers\aksusb.sys <Not Verified; Aladdin Knowledge Systems; Hardlock WDM Device Driver for USB Protection Devices>
2008-05-07 09:33:34 82432 --a------ C:\WINDOWS\system32\msxml4r.dll <Not Verified; Microsoft Corporation; Microsoft® MSXML 4.0 SP1>
2008-05-07 09:33:34 44544 --a------ C:\WINDOWS\system32\msxml4a.dll <Not Verified; Microsoft Corporation; Microsoft® MSXML 4.0 SP1>
2008-05-07 09:33:33 1233920 --a------ C:\WINDOWS\system32\msxml4.dll <Not Verified; Microsoft Corporation; Microsoft® MSXML 4.0 SP 2>
2008-05-07 09:33:33 0 d-------- C:\Program Files\Fiery
2008-05-07 09:33:02 0 d-------- C:\Program Files\Fichiers communs\EFI
2008-05-06 22:28:15 0 d-------- C:\Documents and Settings\NetworkService\Application Data\DivX
2008-05-06 20:06:16 0 d-------- C:\WINDOWS\Prefetch
2008-05-06 20:01:26 0 d-------- C:\WINDOWS\l2schemas
2008-05-06 20:01:25 0 d-------- C:\WINDOWS\system32\fr
2008-05-06 20:01:25 0 d-------- C:\WINDOWS\system32\bits
2008-05-06 19:59:03 0 d-------- C:\WINDOWS\ServicePackFiles
2008-05-06 19:52:07 0 d-------- C:\WINDOWS\EHome
2008-04-24 17:29:11 0 d-------- C:\Program Files\GameSpy
2008-04-22 22:50:31 0 d-------- C:\Program Files\iPod
2008-04-22 22:50:27 0 d-------- C:\Program Files\iTunes
2008-04-22 22:49:07 0 d-------- C:\Program Files\QuickTime
2008-04-22 22:45:18 0 d-------- C:\Program Files\Apple Software Update
2008-04-22 21:04:25 0 d-------- C:\Program Files\X-Projects
2008-04-22 21:03:19 0 d-------- C:\Documents and Settings\Reld\Application Data\X-Projects
2008-04-19 18:18:20 0 d-ah----- C:\Documents and Settings\All Users\Application Data\GTek


-- Find3M Report ---------------------------------------------------------------

2008-05-18 01:19:11 0 d-------- C:\Program Files\Microsoft Silverlight
2008-05-18 00:47:41 208542 --a------ C:\WINDOWS\system32\nvModes.dat
2008-05-17 19:00:49 511304 --a------ C:\WINDOWS\system32\perfh00C.dat
2008-05-17 19:00:49 85220 --a------ C:\WINDOWS\system32\perfc00C.dat
2008-05-13 13:38:13 0 d-------- C:\Program Files\World of Warcraft
2008-05-11 17:01:33 0 d-------- C:\Program Files\Intel
2008-05-07 09:37:17 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-05-07 09:33:02 0 d-------- C:\Program Files\Fichiers communs
2008-05-06 20:01:45 0 d-------- C:\Program Files\Messenger
2008-05-06 20:01:25 0 d-------- C:\Program Files\Movie Maker
2008-05-06 19:58:44 0 d-------- C:\Program Files\Windows NT
2008-04-11 19:33:55 0 d-------- C:\Program Files\Steam
2008-02-20 22:05:44 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2008-02-20 22:04:16 196608 --a------ C:\WINDOWS\system32\dtu100.dll <Not Verified; DivX, Inc.; DivX, Inc. dtu100>
2008-02-20 22:04:16 81920 --a------ C:\WINDOWS\system32\dpl100.dll <Not Verified; DivX, Inc.; DivX, Inc. dpl100>
2008-02-20 22:04:04 802816 --a------ C:\WINDOWS\system32\divx_xx11.dll <Not Verified; DivX, Inc.; DivX?>
2008-02-20 22:04:04 823296 --a------ C:\WINDOWS\system32\divx_xx0c.dll <Not Verified; DivX, Inc.; DivX®>
2008-02-20 22:04:04 823296 --a------ C:\WINDOWS\system32\divx_xx07.dll <Not Verified; DivX, Inc.; DivX®>
2008-02-20 22:04:04 682496 --a------ C:\WINDOWS\system32\DivX.dll <Not Verified; DivX, Inc.; DivX®>
2008-02-20 22:03:24 12288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-06-20 13:21]
"AGRSMMSG"="AGRSMMSG.exe" [2006-06-29 14:32 C:\WINDOWS\AGRSMMSG.exe]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-13 22:34 C:\WINDOWS\system32\bthprops.cpl]
"AveoKeySti"="C:\Program Files\\AVEO\AVEO_UVC_FILTER_DRIVER_KIT\AveoSTI.exe" []
"nwiz"="nwiz.exe" [2007-06-20 13:21 C:\WINDOWS\system32\nwiz.exe]
"RTHDCPL"="RTHDCPL.EXE" [2008-02-03 14:32 C:\WINDOWS\RTHDCPL.exe]
"Alcmtr"="ALCMTR.EXE" [2008-02-03 14:32 C:\WINDOWS\Alcmtr.exe]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16]
"egui"="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-02-20 12:06]
"LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" []
"LifeChat"="C:\Program Files\Microsoft LifeChat\LifeChat.exe" [2007-01-26 14:31]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-03-28 23:37]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 19:20]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 22:33]

C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
aveosti.exe.lnk - C:\Program Files\AVEO\AVEO UVC Filter Driver Kit\AveoSTI.exe [16/01/2008 17:06:42]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy]
C:\WINDOWS\System32\dimsntfy.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /install

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\QTTask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs BthServ
eapsvcs eaphost
dot3svc dot3svc

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
napagent
hkmsvc




-- End of Deckard's System Scanner: finished at 2008-05-18 11:57:02 ------------

Edited by reld18, 19 May 2008 - 12:19 AM.


BC AdBot (Login to Remove)

 


m

#2 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:02:40 PM

Posted 13 June 2008 - 07:49 PM

Hello reld18

Welcome to BleepingComputer :thumbsup:
========================
If you are still in need of assistance please post a new Hijackthis log.
Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users