Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Pc Always Rebboting


  • This topic is locked This topic is locked
2 replies to this topic

#1 tulipa81

tulipa81

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:12:49 PM

Posted 13 June 2008 - 07:01 AM

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:56:34, on 13-06-2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\savedump.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programas\CA\SharedComponents\iTechnology\igateway.exe
C:\Programas\CA\eTrustITM\InoRpc.exe
C:\Programas\CA\eTrustITM\InoRT.exe
C:\Programas\CA\eTrustITM\InoTask.exe
C:\Programas\CA\SharedComponents\PPRealtime\bin\ITMRTSVC.exe
C:\Programas\Ficheiros comuns\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\Programas\CA\eTrustITM\ppcl.exe
C:\Programas\CA\eTrustITM\ppcl.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\dumprep.exe
C:\Programas\Java\jre1.5.0_06\bin\jusched.exe
C:\Programas\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\dwwin.exe
C:\Programas\CA\eTrustITM\realmon.exe
C:\WINDOWS\system32\dumprep.exe
C:\WINDOWS\system32\eclientn.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Programas\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\FinePixViewer\QuickDCF.exe
C:\WINDOWS\system32\dwwin.exe
C:\Programas\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://oca.microsoft.com/resredir.aspx?sid....2.00010100.2.0
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hiperligações
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programas\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programas\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programas\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programas\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programas\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Programas\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Programas\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [Realtime Monitor] "C:\Programas\CA\eTrustITM\realmon.exe" -s
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [ETapiSt] "C:\Programas\ESTOS\ProCall\etapist.exe" -autostart
O4 - HKLM\..\Run: [ETapiNotify] eclientn.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIÇO LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Serviço de rede')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Assistente do Acrobat.lnk = C:\Programas\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Exif Launcher.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programas\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programas\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe
O15 - Trusted Zone: http://www.isabel.eu (HKLM)
O15 - Trusted Zone: http://*.isabel.eu (HKLM)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1145354161493
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = cofanor.pt
O17 - HKLM\Software\..\Telephony: DomainName = cofanor.pt
O17 - HKLM\System\CCS\Services\Tcpip\..\{E4C48F74-1CA0-47DC-9C1E-CC7124862577}: NameServer = 192.168.0.161,192.168.0.162
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = cofanor.pt
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = cofanor.pt
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = cofanor.pt
O23 - Service: iTechnology iGateway 4.2 (iGateway) - CA, Inc. - C:\Programas\CA\SharedComponents\iTechnology\igateway.exe
O23 - Service: eTrust ITM RPC Service (InoRPC) - CA - C:\Programas\CA\eTrustITM\InoRpc.exe
O23 - Service: eTrust Antivirus Realtime Service (InoRT) - CA - C:\Programas\CA\eTrustITM\InoRT.exe
O23 - Service: eTrust ITM Job Service (InoTask) - CA - C:\Programas\CA\eTrustITM\InoTask.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Programas\CA\SharedComponents\PPRealtime\bin\ITMRTSVC.exe

--
End of file - 6268 bytes

BC AdBot (Login to Remove)

 


#2 pskelley

pskelley

  • Members
  • 1,487 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:49 PM

Posted 05 July 2008 - 07:21 PM

Welcome to Bleeping Computer, please be sure you have read and followed the
Preparation Guide For Use Before Posting A Hijackthis Log, Instructions for receiving help in cleaning your computer http://www.bleepingcomputer.com/forums/t/34773/preparation-guide-for-use-before-using-malware-removal-tools-and-requesting-help/
All advice given is taken at your own risk.

I apologize for the wait, if your issues are not resolved, read the instructions posted above and then follow the directions below. If you no longer need help, I would appreciate a quick post letting me know so I can close your topic.

Are you still having problems with reboots? I am not sure this is malware related, but I will take a look if you will provide a HijackThis log with System Configuration Utility (MSConfig) running in Normal Mode instead of Selective Startup, I will take another look.

Please tell me about any error messages, post those word for word.

Thanks
MS-MVP Windows Security 2007-08
Proud Member ASAP
UNITE Member 2006

#3 pskelley

pskelley

  • Members
  • 1,487 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:49 PM

Posted 15 July 2008 - 05:24 PM

There has been no response to this topic in a week
This topic is closed
Thanks...pskelley
BleepingComputer
MS-MVP Windows Security 2007-08
Proud Member ASAP
UNITE Member 2006




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users