Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Hjt Log Grinler


  • Please log in to reply
1 reply to this topic

#1 dreamscape

dreamscape

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:08:14 AM

Posted 11 October 2005 - 07:50 AM

I have some trouble with a trojan stwoyle virus and I used hijackthis, here I send the log, I will thank you already for your help so far.


Logfile of HijackThis v1.99.1
Scan saved at 14:43:41, on 11-10-2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
E:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
E:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
E:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
E:\WINDOWS\Explorer.EXE
E:\WINDOWS\system32\spoolsv.exe
E:\WINDOWS\SOUNDMAN.EXE
E:\Program Files\WinFast\WFTVFM\WFWIZ.exe
E:\Program Files\CloneCD\CloneCDTray.exe
E:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
E:\Program Files\Archive\archive.exe
E:\PROGRA~1\Softwin\BITDEF~1\bdmcon.exe
E:\WINDOWS\system32\RUNDLL32.EXE
E:\WINDOWS\system32\rundll32.exe
E:\Program Files\AnyDVD\AnyDVD.exe
E:\WINDOWS\system32\CmWatch.exe
E:\Program Files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe
E:\games\Darkman\Darkman.exe
E:\Program Files\Media Gateway\MediaGateway.exe
E:\Program Files\Common Files\Symantec Shared\ccApp.exe
E:\WINDOWS\system32\6hoq4arc.exe
E:\Program Files\QuickTime\qttask.exe
E:\WINDOWS\system32\ctfmon.exe
E:\PROGRA~1\PANICW~1\POP-UP~1\PSFREE.EXE
E:\Program Files\Perfect Lite\bpk.exe
E:\windows\alexa.exe
E:\Program Files\Logitech\SetPoint\KEM.exe
E:\Program Files\Logitech\SetPoint\KHALMNPR.EXE
E:\PROGRA~1\INCRED~1\bin\IMApp.exe
E:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
E:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
E:\WINDOWS\system32\nvsvc32.exe
E:\WINDOWS\system32\slserv.exe
E:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
E:\WINDOWS\system32\svchost.exe
E:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
E:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
E:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
E:\Program Files\Azureus\Azureus.exe
E:\Program Files\Java\jre1.5.0_04\bin\javaw.exe
E:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
E:\Program Files\wintcm\TOTALCMD.EXE
E:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
E:\Program Files\Internet Explorer\IEXPLORE.EXE
E:\Program Files\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.spele.nl/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.home.nl
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.home.nl/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: (no name) - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - (no file)
O2 - BHO: PK IE Plugin - {1E1B2879-88FF-11D3-8D96-D7ACAC95951A} - E:\games\Darkman\DARKMA~2.DLL
O2 - BHO: E:\WINDOWS\adsldpbc.dll - {405132A4-5DD1-4BA8-A181-95C8D435093A} - E:\WINDOWS\adsldpbc.dll
O2 - BHO: (no name) - {8D82BB89-B58C-4F21-9C5D-377F65947806} - E:\WINDOWS\slassac.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - E:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: E:\WINDOWS\q15907109_disk.dll - {B212D577-05B7-4963-911E-4A8588160DFA} - E:\WINDOWS\q15907109_disk.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - E:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\nl\msntb.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - E:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O2 - BHO: E:\WINDOWS\system32\clbcatix.dll - {D4DFC1D8-2D2E-4962-B0D0-389FBA0F76B5} - E:\WINDOWS\system32\clbcatix.dll
O2 - BHO: (no name) - {FCADDC14-BD46-408A-9842-CDBE1C6D37EB} - E:\WINDOWS\system32\prflbmsgp32.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - E:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\nl\msntb.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - E:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [PtiuPbmd] Rundll32.exe ptipbm.dll,SetWriteBack
O4 - HKLM\..\Run: [Ptipbmf] rundll32.exe ptipbmf.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [WinFast Schedule] E:\Program Files\WinFast\WFTVFM\WFWIZ.exe
O4 - HKLM\..\Run: [CloneCDElbyCDFL] "E:\Program Files\CloneCD\ElbyCheck.exe" /L ElbyCDFL
O4 - HKLM\..\Run: [CloneCDTray] "E:\Program Files\CloneCD\CloneCDTray.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] E:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [Archive] E:\Program Files\Archive\archive.exe
O4 - HKLM\..\Run: [BDMCon] E:\PROGRA~1\Softwin\BITDEF~1\bdmcon.exe
O4 - HKLM\..\Run: [BDNewsAgent] E:\Program Files\Softwin\BitDefender Free Edition\bdnagent.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE E:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE E:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck] E:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [CloneDVDElbyDelay] "E:\Program Files\CloneDVD1\ElbyCheck.exe" /L ElbyDelay
O4 - HKLM\..\Run: [AnyDVD] E:\Program Files\AnyDVD\AnyDVD.exe
O4 - HKLM\..\Run: [CmCardRun] E:\WINDOWS\system32\CmWatch.exe
O4 - HKLM\..\Run: [Ulead AutoDetector] E:\Program Files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe
O4 - HKLM\..\Run: [darkman] E:\games\Darkman\Darkman.exe
O4 - HKLM\..\Run: [Media Gateway] E:\Program Files\Media Gateway\MediaGateway.exe
O4 - HKLM\..\Run: [ccApp] "E:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] E:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [6hoq4arc] E:\WINDOWS\system32\6hoq4arc.exe
O4 - HKLM\..\Run: [QuickTime Task] "E:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [IncrediMail] E:\Program Files\IncrediMail\bin\IncMail.exe /c
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "E:\PROGRA~1\PANICW~1\POP-UP~1\PSFREE.EXE"
O4 - HKCU\..\Run: [BPK] E:\Program Files\Perfect Lite\bpk.exe
O4 - HKCU\..\Run: [alexa] e:\windows\alexa.exe
O4 - HKCU\..\Run: [Norton SystemWorks] "E:\Program Files\Norton SystemWorks\cfgwiz.exe" /GUID {05858CFD-5CC4-4ceb-AAAF-CF00BF39736A} /MODE CfgWiz
O4 - HKCU\..\Run: [Spyware Cleaner] "E:\Program Files\Spyware Cleaner\SpywareCleaner.Exe" /boot
O4 - Global Startup: Logitech SetPoint.lnk = E:\Program Files\Logitech\SetPoint\KEM.exe
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - E:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://E:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\WINDOWS\system32\clbcatix.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\WINDOWS\system32\clbcatix.dll
O9 - Extra button: SideFind - {10E42047-DEB9-4535-A118-B3F6EC39B807} - E:\WINDOWS\system32\clbcatix.dll
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.coolwebsearch.com
O15 - Trusted Zone: *.searchmeup.com
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O20 - Winlogon Notify: clbcatex - E:\WINDOWS\system32\clbcatix.dll
O20 - Winlogon Notify: style2 - E:\WINDOWS\q33854828_disk.dll
O20 - Winlogon Notify: style32 - E:\WINDOWS\q15907109_disk.dll
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - E:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - E:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - E:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - E:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Norton AntiVirus Auto-Protect-service (navapsvc) - Symantec Corporation - E:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - E:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - E:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - E:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - E:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: SAVScan - Symantec Corporation - E:\Program Files\Norton SystemWorks\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - E:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: SmartLinkService (SLService) - - E:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - E:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - E:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - E:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
O23 - Service: SpywareCleanerService - Secure Computer, LLC - E:\Program Files\Spyware Cleaner\SCService.exe
O23 - Service: Symantec Core LC - Symantec Corporation - E:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - E:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)

Edited by dreamscape, 11 October 2005 - 07:53 AM.


BC AdBot (Login to Remove)

 


#2 Guest_Cretemonster_*

Guest_Cretemonster_*

  • Guests
  • OFFLINE
  •  

Posted 16 October 2005 - 02:54 PM

Hi dreamscape,

If you still need help,please post a fresh HijackThis log!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users