Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Hijackthis Log


  • This topic is locked This topic is locked
8 replies to this topic

#1 BoBoJL

BoBoJL

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:08:28 PM

Posted 13 May 2007 - 05:09 AM

Hi
Can somebody check this HijackThis log please?

I clean the system, couple of hours later (when I use net) getting slow and Ad-Aware always find some new critical object.
Avast antivirus, F-secure online, Trend Micro House Call online, Spybot Search doesn't find anything.
So there is the log after I used CleanUp, Ad-Aware and Ewido


Logfile of HijackThis v1.99.1
Scan saved at 10:30:08, on 13/05/2007
Platform: Windows XP Szervizcsomag (Service Pack) 2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AA support\Security\Avast\aswUpdSv.exe
C:\Program Files\AA support\Security\Avast\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AA support\Security\Kerio\Personal Firewall 4\kpf4ss.exe
C:\Program Files\SiteAdvisor\6066\SAService.exe
C:\Program Files\AA support\Security\Kerio\Personal Firewall 4\kpf4gui.exe
C:\Program Files\AA support\Security\Avast\ashMaiSv.exe
C:\Program Files\AA support\Security\Avast\ashWebSv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AA support\Security\Kerio\Personal Firewall 4\kpf4gui.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\Program Files\EzButton\CplBCL50.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\PROGRA~1\AASUPP~1\Security\Avast\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Messenger\msmsgs.exe
D:\Dokumentumok\to System\Egyebb\Daemon\DAEMON Tools\daemon.exe
D:\Dokumentumok\to System\Security\Spybotsd\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Microsoft ActiveSync\Wcescomm.exe
C:\PROGRA~1\MICROS~3\rapimgr.exe
D:\Dokumentumok\to System\Media\JetAudio\JetAudio.exe
C:\Program Files\philips\Philips Wireless Notebook Adapter 11ag Utility\PHCardMonitor.exe
C:\Program Files\SiteAdvisor\6066\SiteAdv.exe
D:\Dokumentumok\to System\Security\HijackThis\HijackThis unziped\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hivatkozások
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Dokumentumok\to System\Media\Codec\AdobeAcrobet\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6066\SiteAdv.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\DOKUME~1\TOSYST~1\Security\Spybotsd\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Dokumentumok\to System\Media\Codec\Jawa\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6066\SiteAdv.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [CplBCL50] C:\Program Files\EzButton\CplBCL50.EXE
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\AASUPP~1\Security\Avast\ashDisp.exe
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6065\SiteAdv.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DAEMON Tools] "D:\Dokumentumok\to System\Egyebb\Daemon\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [SpybotSD TeaTimer] D:\Dokumentumok\to System\Security\Spybotsd\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\Wcescomm.exe"
O4 - Global Startup: Adobe Reader Speed Launch.lnk.disabled
O4 - Global Startup: InterVideo WinCinema Manager.lnk.disabled
O4 - Global Startup: Philips Wireless Notebook Adapter Utility.lnk.disabled
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Dokumentumok\to System\Media\Codec\Jawa\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Dokumentumok\to System\Media\Codec\Jawa\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra 'Tools' menuitem: Mobil kedvenc létrehozása... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Program Files\SiteAdvisor\6066\SiteAdv.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\AA support\Security\Avast\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\AA support\Security\Avast\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\AA support\Security\Avast\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\AA support\Security\Avast\ashWebSv.exe" /service (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies - C:\Program Files\AA support\Security\Kerio\Personal Firewall 4\kpf4ss.exe
O23 - Service: SiteAdvisor Service - McAfee, Inc. - C:\Program Files\SiteAdvisor\6066\SAService.exe


Thanks
BoBo

BC AdBot (Login to Remove)

 


#2 BoBoJL

BoBoJL
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:08:28 PM

Posted 14 May 2007 - 12:55 PM

Soo that means nobody didn't find anything ? :thumbsup:

#3 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:09:28 PM

Posted 18 May 2007 - 06:39 PM

Hello BoBoJL and welcome to the BC HijackThis forum. I don't see any signs of viruses or malware in the log. It is clean.

The HijackThis forum deals exclusively with virus and malware issues. HijackThis cannot analyze performance, hardware or application issues. For non-malware related issues I would suggest posting to the The techs in that forum specialize in matters pertaining to the operating system, performance and applications. When posting to any other forum, do not post a HijackThis log or the post will simply be moved back to this forum for infection analysis. That is what HijackThis is used for and that is what we specialize in here in this forum.

When posting in any other forum for assistance, give as much detail as possible regarding any issues that are occurring. The more information they have, the better the techs can analyze the issue and make any recommendations for resolving it.

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#4 BoBoJL

BoBoJL
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:08:28 PM

Posted 22 May 2007 - 12:27 PM

Hello BoBoJL and welcome to the BC HijackThis forum. I don't see any signs of viruses or malware in the log. It is clean...



Hi Thank you for your answer. I'm not really happy because Ad-Aware still find "New Critical Objects". So something still wrong. I'll try finde other way fix it.
Thank you for your help
BoBo

#5 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:09:28 PM

Posted 22 May 2007 - 01:49 PM

Hi BoBoJL. AdAware will normally always find new critical objects. It seems to think that cookies are critical and you will always have cookies.

Post the log of what AdAware is finding and we'll take a look.

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#6 BoBoJL

BoBoJL
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:08:28 PM

Posted 31 May 2007 - 12:20 PM

Hi BoBoJL. AdAware will normally always find new critical objects. It seems to think that cookies are critical and you will always have cookies.

Post the log of what AdAware is finding and we'll take a look.

Cheers.

OT



Sorry for late I was busy

Yes probably you right but I copy log here just in case


Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


Tracking Cookie Object Recognized!
Type : IECache Entry
Data : tulajdonos@xos.adbureau[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:1
Value : Cookie:tulajdonos@xos.adbureau.net/
Expires : 28-02-2008 01:00:00
LastSync : Hits:1
UseCount : 0
Hits : 1

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : tulajdonos@com[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:1
Value : Cookie:tulajdonos@com.com/
Expires : 30-05-2017 17:20:32
LastSync : Hits:1
UseCount : 0
Hits : 1

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : tulajdonos@indexstats[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:2
Value : Cookie:tulajdonos@indexstats.com/
Expires : 25-05-2007 08:50:28
LastSync : Hits:2
UseCount : 0
Hits : 2

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : tulajdonos@adopt.euroclick[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:445
Value : Cookie:tulajdonos@adopt.euroclick.com/
Expires : 19-05-2017 18:25:24
LastSync : Hits:445
UseCount : 0
Hits : 445

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : tulajdonos@tacoda[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:21
Value : Cookie:tulajdonos@tacoda.net/
Expires : 25-05-2008 19:28:12
LastSync : Hits:21
UseCount : 0
Hits : 21

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : tulajdonos@revsci[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:3
Value : Cookie:tulajdonos@revsci.net/
Expires : 26-05-2027 17:20:32
LastSync : Hits:3
UseCount : 0
Hits : 3

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : tulajdonos@realmedia[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:2
Value : Cookie:tulajdonos@realmedia.com/
Expires : 01-01-2021 01:00:00
LastSync : Hits:2
UseCount : 0
Hits : 2

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : tulajdonos@stat.onestat[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:4
Value : Cookie:tulajdonos@stat.onestat.com/
Expires : 25-05-2017 01:00:00
LastSync : Hits:4
UseCount : 0
Hits : 4

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : tulajdonos@hit.gemius[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:20
Value : Cookie:tulajdonos@hit.gemius.pl/
Expires : 19-11-2012 18:06:32
LastSync : Hits:20
UseCount : 0
Hits : 20

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : tulajdonos@rotator.adjuggler[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:6
Value : Cookie:tulajdonos@rotator.adjuggler.com/
Expires : 23-05-2017 02:36:12
LastSync : Hits:6
UseCount : 0
Hits : 6

Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 10
Objects found so far: 25

#7 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:09:28 PM

Posted 31 May 2007 - 02:49 PM

Hi BoBoJL. Yup, they are all just cookies. If you don't want to see the cookies in the AdAware scan you can delete them prior to running the scan. Otherwise, don't worry about any cookie objects in the AdAware report.

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#8 BoBoJL

BoBoJL
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:08:28 PM

Posted 25 June 2007 - 04:20 PM

Hi BoBoJL. Yup, they are all just cookies. If you don't want to see the cookies in the AdAware scan you can delete them prior to running the scan. Otherwise, don't worry about any cookie objects in the AdAware report.

Cheers.

OT



Thank you for your help
BoBo

#9 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:09:28 PM

Posted 25 June 2007 - 06:40 PM

You are welcome BoBoJL. I'm glad we could answer your questions.

I will now close this topic. If you have any future malware related questions or issues please start a new topic.

Cheers and Happy Computing!

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users