Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Hjt - Log


  • This topic is locked This topic is locked
2 replies to this topic

#1 borsoni

borsoni

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:03:07 AM

Posted 12 October 2005 - 05:46 PM

I cleaned my system with SpyBot and Ad-Aware but it still running slow, burn one full dvd at 8x with 4.7gb is taking 30min. it was 10min, the machine is openning some web pages with hotel rent... the log :

Logfile of HijackThis v1.99.1
Scan saved at 19:39:09, on 12/10/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\Ati2evxx.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\Ati2evxx.exe
E:\WINDOWS\Explorer.EXE
E:\WINDOWS\system32\spoolsv.exe
E:\WINDOWS\system32\inetsrv\inetinfo.exe
E:\Arquivos de programas\LogMeIn\RaMaint.exe
E:\Arquivos de programas\LogMeIn\LogMeIn.exe
E:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7Debug\mdm.exe
E:\Arquivos de programas\UltraVNC\WinVNC.exe
E:\Arquivos de programas\LogMeIn\LogMeInSystray.exe
E:\Arquivos de programas\Arquivos comuns\Softwin\BitDefender Communicator\xcommsvr.exe
E:\Arquivos de programas\Arquivos comuns\Softwin\BitDefender Scan Server\bdss.exe
E:\Arquivos de programas\Autenticador Velox\avelox.exe
E:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis2a.exe
E:\windows\system32\mdms.exe
E:\WINDOWS\system32\ctfmon.exe
E:\Arquivos de programas\eMule\emule.exe
E:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?p...er=6&ar=msnhome
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://home.microsoft.com/search/search.asp
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://oglobo.globo.com/online/default.asp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?p...er=6&ar=msnhome
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://home.microsoft.com/search/search.asp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://home.microsoft.com/search/lobby/search.asp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://oglobo.globo.com/online/default.asp
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://home.microsoft.com/access/autosearch.asp?p=%s
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://home.microsoft.com/access/autosearch.asp?p=%s
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.compartilhando.org/
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Arquivos de programas\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - E:\Arquivos de programas\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: TalMgr Class - {70230839-555C-4862-8D42-BB1E2352502C} - E:\WINDOWS\system32\italvdid.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - e:\arquivos de programas\google\googletoolbar2.dll
O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - E:\WINDOWS\Downloaded Program Files\gbieh.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - e:\arquivos de programas\google\googletoolbar2.dll
O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe
O4 - HKLM\..\Run: [Autenticador Velox] "E:\Arquivos de programas\Autenticador Velox\avelox.exe" -autorun
O4 - HKLM\..\Run: [LogMeIn GUI] "E:\Arquivos de programas\LogMeIn\LogMeInSystray.exe"
O4 - HKLM\..\Run: [pdfFactory Pro Dispatcher v2] E:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis2a.exe
O4 - HKLM\..\Run: [SysMemory manager] e:\windows\system32\mdms.exe
O4 - HKCU\..\Run: [ctfmon.exe] E:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ichckupd] E:\WINDOWS\system32\ichckupd.exe
O4 - HKCU\..\Run: [eMuleAutoStart] E:\Arquivos de programas\eMule\emule.exe -AutoStart
O8 - Extra context menu item: &Google Search - res://e:\arquivos de programas\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://e:\arquivos de programas\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://e:\arquivos de programas\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://e:\arquivos de programas\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://e:\arquivos de programas\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://e:\arquivos de programas\google\GoogleToolbar2.dll/cmtrans.html
O16 - DPF: {556EEC63-31E2-47C3-BF29-DFF799D2FE04} (Remote Access ActiveX Client) - https://secure.logmein.com/activex/RACtrl.cab
O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399F83} (GbPluginObj Class) - https://www14.bancobrasil.com.br/plugin/GbPluginBb.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{ED299074-01EF-4439-A9FD-4AF4F1343F93}: NameServer = 200.149.55.140 200.165.132.148
O20 - Winlogon Notify: LMIinit - E:\WINDOWS\SYSTEM32\LMIinit.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - E:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - E:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Autodesk Licensing Service - Autodesk, Inc. - E:\Arquivos de programas\Arquivos comuns\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - E:\Arquivos de programas\Arquivos comuns\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - 3am Labs, Inc. - E:\Arquivos de programas\LogMeIn\RaMaint.exe
O23 - Service: LogMeIn - 3am Labs, Inc. - E:\Arquivos de programas\LogMeIn\LogMeIn.exe
O23 - Service: VNC Server (winvnc) - Unknown owner - E:\Arquivos de programas\UltraVNC\WinVNC.exe" -service (file missing)
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - E:\Arquivos de programas\Arquivos comuns\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)


Thanks for All !

BC AdBot (Login to Remove)

 


#2 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,676 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:01:07 AM

Posted 18 October 2005 - 11:31 AM

Download this program:

submit files packer

Highlight the files listed below in bold and right-click and selecting copy.


E:\WINDOWS\system32\ichckupd.exe
E:\WINDOWS\SYSTEM32\LMIinit.dll


Then start the file packer program and right click in the white box and select paste to paste the copied file names in the field.

Then press the Continue button.

I will create an archive with these files and a small log on your Desktop that starts with a name like requested-file[date].cab.

Rename this file to yourmembername.cab (for example grinler.cab).

Then go to:
http://www.bleepingcomputer.com/submit-malware.php
and fill in the required fields and browse to this file on your desktop. Finally click on the Send File button.


Print out these instructions and then close all windows including Internet Explorer.

Then I want you to fix some of those entries. Please do the following:

Please make sure that you can view all hidden files. Instructions on how to do this can be found here:

How to see hidden files in Windows

Run Hijackthis again, click scan, and Put a checkmark next to each of these. Then click the Fix button:

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://oglobo.globo.com/online/default.asp
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://oglobo.globo.com/online/default.asp
R3 - Default URLSearchHook is missing
O2 - BHO: TalMgr Class - {70230839-555C-4862-8D42-BB1E2352502C} - E:\WINDOWS\system32\italvdid.dll
O4 - HKLM\..\Run: [SysMemory manager] e:\windows\system32\mdms.exe
O4 - HKCU\..\Run: [eMuleAutoStart] E:\Arquivos de programas\eMule\emule.exe -AutoStart
O20 - Winlogon Notify: LMIinit - E:\WINDOWS\SYSTEM32\LMIinit.dll

Reboot your computer into Safe Mode

Then delete these files or directories (Do not be concerned if they do not exist)

E:\WINDOWS\system32\italvdid.dll
e:\windows\system32\mdms.exe

Reboot your computer to go back to normal mode and post a new log.

#3 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,676 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:01:07 AM

Posted 14 November 2005 - 10:49 AM

Due to inactivity this topic is closed. If you need to reopen this topic, please contact a moderator and they will do so.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users