Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

New HijackThis Log


  • This topic is locked This topic is locked
1 reply to this topic

#1 gmachado

gmachado

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:09:11 AM

Posted 14 November 2004 - 06:55 AM

Hello All, Itīs my first time in this Forum...

I have the same problem than another with virus...

I would like to receive some help to diagnose the HijackThis log generated by my box...

Thanks in advance...

_________________
Gustavo Rodrigues
Brasil/RS




Logfile of HijackThis v1.98.2
Scan saved at 09:37:36, on 14/11/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Arquivos de programas\NavNT\defwatch.exe
C:\WINDOWS\System32\inetsrv\inetinfo.exe
C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7Debug\mdm.exe
C:\Arquivos de programas\NavNT\rtvscan.exe
C:\WINDOWS\System32\MsgSys.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\sistray.EXE
C:\WINDOWS\System32\khooker.exe
C:\WINDOWS\System32\pctspk.exe
C:\Arquivos de programas\Winamp\Winampa.exe
C:\Arquivos de programas\NavNT\vptray.exe
C:\WINDOWS\System32\jrpurzu.exe
C:\WINDOWS\System32\systime.exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\System32\systime.exe
C:\Arquivos de programas\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Arquivos de programas\WinZip\WZQKPICK.EXE
C:\WINDOWS\System32\wuauclt.exe
C:\Arquivos de programas\Discador iBest\discador.exe
C:\WINDOWS\System32\dllhost.exe
C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE
C:\ARQUIV~1\MI6841~1\MSSQL\binn\sqlservr.exe
C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_wp.exe
C:\Programas\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://213.159.117.134/index.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://213.159.117.134/index.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://213.159.117.134/index.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/...rch/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://213.159.117.134/index.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://213.159.117.134/index.php
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = http://213.159.117.134/index.php
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Swish Browser Helper - {D44B5436-B3E4-4595-B0E9-106690E70A58} - C:\DOCUME~1\eu\DADOSD~1\voaithczoo.dll (file missing)
O3 - Toolbar: Accessories - {9B35A850-66AB-4c6d-8A66-136ECADCD904} - C:\DOCUME~1\eu\DADOSD~1\voaithczoo.dll (file missing)
O3 - Toolbar: Discador iBest - {4F869C58-D71D-4850-8BDD-7B5CDF8EC911} - C:\Arquivos de programas\Discador iBest\ibestbar.dll
O3 - Toolbar: &Rádio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [SiS Tray] C:\WINDOWS\System32\sistray.EXE
O4 - HKLM\..\Run: [SiS KHooker] C:\WINDOWS\System32\khooker.exe
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Arquivos de programas\Winamp\Winampa.exe"
O4 - HKLM\..\Run: [vptray] C:\Arquivos de programas\NavNT\vptray.exe
O4 - HKLM\..\Run: [Microsoft Update] jrpurzu.exe
O4 - HKLM\..\Run: [nse] nse.exe
O4 - HKLM\..\Run: [SysTime] C:\WINDOWS\System32\systime.exe
O4 - HKLM\..\RunServices: [Microsoft Update] jrpurzu.exe
O4 - HKLM\..\RunServices: [nse] nse.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Reminder] C:\Arquivos de programas\Microsoft Money\System\reminder.exe
O4 - HKCU\..\Run: [Microsoft Update] jrpurzu.exe
O4 - HKCU\..\Run: [SysTime] C:\WINDOWS\System32\systime.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Arquivos de programas\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Service Manager.lnk = C:\Arquivos de programas\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Arquivos de programas\WinZip\WZQKPICK.EXE
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\MSMSGS.EXE
O15 - Trusted Zone: *.blazefind.com
O15 - Trusted Zone: *.clickspring.net
O15 - Trusted Zone: *.flingstone.com
O15 - Trusted Zone: *.mt-download.com
O15 - Trusted Zone: *.my-internet.info
O15 - Trusted Zone: *.searchbarcash.com
O15 - Trusted Zone: *.searchmiracle.com
O15 - Trusted Zone: *.skoobidoo.com
O15 - Trusted Zone: *.slotch.com
O15 - Trusted Zone: *.windupdates.com
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windupdates.com/get_file.php...edceabcca450006
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - http://us.dl1.yimg.com/download.yahoo.com/...ebio5_1_3_0.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = thko.com
O17 - HKLM\Software\..\Telephony: DomainName = thko.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{1F6F328C-77C9-409F-9825-79862C4C5C5F}: NameServer = 201.10.1.2 201.10.120.3
O17 - HKLM\System\CCS\Services\Tcpip\..\{EF47005D-4E30-4E58-B6AF-EFE4527442D2}: Domain = thko.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = thko.com
O17 - HKLM\System\CS1\Services\Tcpip\..\{1F6F328C-77C9-409F-9825-79862C4C5C5F}: NameServer = 201.10.1.2 201.10.120.3
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = thko.com
O18 - Protocol: ayb - {07C0D34D-11D7-43F7-832B-C6BB41726F5F} - C:\DOCUME~1\eu\DADOSD~1\sstuggrzgrdr.dll (file missing)
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Help\hxds.dll

BC AdBot (Login to Remove)

 


#2 Daisuke

Daisuke

    Cleaner on Duty


  • Members
  • 5,575 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Romania
  • Local time:09:11 AM

Posted 14 November 2004 - 07:14 AM

Duplicate

http://www.bleepingcomputer.com/forums/t/4766/new-hijackthis-log/

This topic is closed.
Everyday is virus day. Do you know where your recovery CDs are ?
Did you create them yet ?

Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users