Member Panel

Remember me ?

Forgot password?   

Sponsors and Ads

Live Tag Cloud
PC Forum PC Help Forum » Security & Safety » [Fixed] Hijackthis! Logs » [Fixed] PC not working fine - HJT log

[Fixed] Hijackthis! Logs - [Fixed] PC not working fine - HJT log posted in the Security & Safety forums; Hello. Today I visited a site and since then I feel my computer is no working normally. I have AVG installed in my computer, and it said it found new ...

JOIN US NOW to remove these Ads

Post New Thread  Reply
Page 1 of 2 1 2 >
  #1  
Old 03-22-2008
Tracy7's Avatar
Bronze Member
  
Join Date: Mar 2008
Posts: 9
PC Experience: PC Illiterate
Tracy7 - See this Members User comments on their Profile page
Default [Fixed] PC not working fine - HJT log
Hello.

Today I visited a site and since then I feel my computer is no working normally.
I have AVG installed in my computer, and it said it found new threats. I did heal them, and the pop-ups keep coming.
I ran a scan with AdAware, but it didn't found anything.

Here's a HijackThis log. I hope someone can help me.
Thanks in advance.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:16:13, on 21-03-2008
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programas\Sygate\SPF\smc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\VTTimer.exe
C:\WINDOWS\System32\VTtrayp.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Programas\iTunes\iTunesHelper.exe
C:\Programas\QuickTime\qttask.exe
C:\WINDOWS\System32\RunDll32.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\Programas\Java\jre1.6.0_05\bin\jusched.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Programas\Ficheiros comuns\Real\Update_OB\realsched.exe
C:\WINDOWS\mrofinu572.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Programas\MSN Messenger\msnmsgr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Programas\VIA\RAID\raid_tool.exe
C:\Programas\Ficheiros comuns\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programas\WinZip\WZQKPICK.EXE
C:\Programas\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
C:\Programas\iPod\bin\iPodService.exe
C:\Programas\MSN Messenger\usnsvc.exe
C:\Programas\Internet Explorer\IEXPLORE.EXE
C:\Programas\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hiperligações
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {233A8B5E-E30B-4782-AEEC-2249F5AD0BC6} - C:\Programas\WindowsUpdate\mepyv89104.dll
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\Programas\MegauploadToolbar\megauploadtoolbar.d ll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programas\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: del.icio.us Toolbar Helper - {7AA07AE6-01EF-44EC-93CA-9D7CD41CCDB6} - C:\Programas\del.icio.us\Internet Explorer Buttons\dlcsIE.dll
O2 - BHO: SBBho Class - {c9803b12-f0a0-11dc-95ff-0800200c9a66} - C:\WINDOWS\TinyBHO.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\Programas\MegauploadToolbar\megauploadtoolbar.d ll
O3 - Toolbar: del.icio.us - {981FE6A8-260C-4930-960F-C3BC82746CB0} - C:\Programas\del.icio.us\Internet Explorer Buttons\dlcsIE.dll
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programas\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programas\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programas\Java\jre1.6.0_05\bin\jusched.exe "
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [TkBellExe] "C:\Programas\Ficheiros comuns\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [runner1] C:\WINDOWS\mrofinu572.exe 61A847B5BBF728173599284503996897C881250221C8670836 AC4FA7C8833201749139
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Programas\MSN Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIÇO LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SERVIÇO LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Serviço de rede')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Ferramenta de Verificação de Mídia do Cyber-shot Viewer.lnk = C:\Programas\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: VIA RAID TOOL.lnk = C:\Programas\VIA\RAID\raid_tool.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Programas\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programas\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programas\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Web Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Programas\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll
O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/wind...?1198687186843
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.macromedia.com/pub/...sh/swflash.cab
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Kaspersky Lab - C:\Programas\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programas\Ficheiros comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Programas\iPod\bin\iPodService.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Programas\Sygate\SPF\smc.exe
--
End of file - 6435 bytes
  #2  
Old 03-22-2008
ih8bills's Avatar
Tech Team Leader
My PC
 
Join Date: Feb 2006
Location: coastal Rhode Island
Posts: 4,100
PC Experience: More Stubborn than any PC
ih8bills - See this Members User comments on their Profile page ih8bills - See this Members User comments on their Profile page ih8bills - See this Members User comments on their Profile page ih8bills - See this Members User comments on their Profile page ih8bills - See this Members User comments on their Profile page ih8bills - See this Members User comments on their Profile page ih8bills - See this Members User comments on their Profile page ih8bills - See this Members User comments on their Profile page ih8bills - See this Members User comments on their Profile page ih8bills - See this Members User comments on their Profile page ih8bills - See this Members User comments on their Profile page
Default Re: PC not working fine - HJT log
Hi Welcome to PCHF...
Please be patient as security is always busy.


__________________


Without music, life would be a mistake
Friedrich Nietzsche
  #3  
Old 03-25-2008
Tracy7's Avatar
Bronze Member
  
Join Date: Mar 2008
Posts: 9
PC Experience: PC Illiterate
Tracy7 - See this Members User comments on their Profile page
Default Re: PC not working fine - HJT log
Bump


  #4  
Old 03-26-2008
chiaz's Avatar
Senior Security Analyst
  
Join Date: Jun 2006
Location: Singapore
Posts: 2,510
PC Experience: PC Guru
chiaz - See this Members User comments on their Profile page chiaz - See this Members User comments on their Profile page chiaz - See this Members User comments on their Profile page chiaz - See this Members User comments on their Profile page chiaz - See this Members User comments on their Profile page chiaz - See this Members User comments on their Profile page chiaz - See this Members User comments on their Profile page chiaz - See this Members User comments on their Profile page chiaz - See this Members User comments on their Profile page
Default Re: PC not working fine - HJT log
Hello.

Download Combofix.exe to your desktop. Double click combofix.exe & follow the prompts. A window will open with a warning. Type "1" (and Enter) to start the fix. When the scan completes it will open a text window.

Please attach that log back here together with a new HijackThis log.

Caution - do not touch your mouse/keyboard until the scan has completed. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop.
  #5  
Old 03-26-2008
Tracy7's Avatar
Bronze Member
  
Join Date: Mar 2008
Posts: 9
PC Experience: PC Illiterate
Tracy7 - See this Members User comments on their Profile page
Default Re: PC not working fine - HJT log
Thank you for answering.
Here are the logs.

ComboFix log:

ComboFix 08-03-25.4 - Teresa Calado 2008-03-26 13:51:55.11 - NTFSx86
Executando de: C:\Documents and Settings\Teresa Calado\Ambiente de trabalho\ComboFix.exe
* Criado um novo ponto de restauro
.
-- Script messages for sUBs --
MTEE /+ d-delA.dat
Findstr -MIF:/ "\\TTC\.pdb InsertAdvertisement"
GREP -Eisf temp00
VFind -tf -s282624 "C:\Programas\????????*[0-9].dll"
((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))) )
.
C:\kmd.exe
C:\Programas\WindowsUpdate\mepyv89104.dll
C:\Temp\1cb
C:\Temp\1cb\syscheck.log
C:\Temp\gbRve12
C:\Temp\gbRve12\csLioes.log
C:\WINDOWS\system32\pac.txt
.
((((((((((((((((((((((( Ficheiros criados de 2008-02-26 to 2008-03-26 ))))))))))))))))))))))))))))))))
.
2008-03-21 20:22 . 2008-03-21 20:22 <DIR> d-------- C:\WINDOWS\system32\xir
2008-03-21 20:22 . 2008-03-21 20:22 <DIR> d-------- C:\WINDOWS\system32\pex3
2008-03-21 20:22 . 2008-03-21 20:22 <DIR> d-------- C:\WINDOWS\system32\imd4
2008-03-21 20:21 . 2008-03-24 16:27 <DIR> d-------- C:\WINDOWS\system32\aqVreo01
.
((((((((((((((((((((((((((((((((((((( Relatório Find3M )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2008-03-26 13:50 --------- d-----w C:\Documents and Settings\Teresa Calado\Application Data\MegauploadToolbar
2008-03-26 13:34 --------- d-----w C:\Documents and Settings\Teresa Calado\Application Data\AVG7
2008-03-25 19:05 --------- d-----w C:\Programas\Ficheiros comuns\Adobe
2008-03-25 18:58 --------- d-----w C:\Documents and Settings\Teresa Calado\Application Data\AdobeUM
2008-03-19 17:06 --------- d-----w C:\Programas\eMule
2008-03-06 12:26 --------- d-----w C:\Programas\Java
2008-02-25 23:05 --------- d-----w C:\Programas\Real
2008-02-25 23:05 --------- d-----w C:\Programas\Ficheiros comuns\xing shared
2008-02-25 23:04 --------- d-----w C:\Programas\Ficheiros comuns\Real
2008-02-16 21:38 --------- d-----w C:\Documents and Settings\Teresa Calado\Application Data\uTorrent
2005-08-10 13:21 30,926 ----a-w C:\WINDOWS\Fonts\aajaxsurrealfreak.zip
2001-11-23 04:08 712,704 ----a-r C:\WINDOWS\inf\OTHER\AUDIO3D.DLL
2007-02-10 16:02 848 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.
(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* entradas vazias & legítimas por defeito não são mostradas.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c9803b12-f0a0-11dc-95ff-0800200c9a66}]
C:\WINDOWS\TinyBHO.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\ctfmon.exe" [2001-11-20 12:00 13312]
"msnmsgr"="C:\Programas\MSN Messenger\msnmsgr.exe" [2007-01-19 12:54 5674352]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"VTTimer"="VTTimer.exe" [2004-10-22 03:53 53248 C:\WINDOWS\system32\VTTimer.exe]
"VTTrayp"="VTtrayp.exe" [2005-01-10 23:33 143360 C:\WINDOWS\system32\VTTrayp.exe]
"SoundMan"="SOUNDMAN.EXE" [2004-11-15 10:20 77824 C:\WINDOWS\SOUNDMAN.EXE]
"SmcService"="C:\PROGRA~1\Sygate\SPF\smc.exe" [2004-10-15 18:40 2577632]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.e xe" [2001-07-09 10:50 155648]
"iTunesHelper"="C:\Programas\iTunes\iTunesHelper.e xe" [2006-02-23 15:45 278528]
"QuickTime Task"="C:\Programas\QuickTime\qttask.exe" [2006-06-02 11:20 282624]
"Cmaudio"="cmicnfg.cpl" []
"SunJavaUpdateSched"="C:\Programas\Java\jre1.6.0_0 5\bin\jusched.exe" [2008-02-22 04:25 144784]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-12-27 13:28 579072]
"TkBellExe"="C:\Programas\Ficheiros comuns\Real\Update_OB\realsched.exe" [2008-02-25 23:03 185896]
"Adobe Reader Speed Launcher"="C:\Programas\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2001-11-20 12:00 13312]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-12-26 17:57 219136]
C:\Documents and Settings\Teresa Calado\Menu Iniciar\Programas\Arranque\
Ferramenta de Verifica‡Æo de M¡dia do Cyber-shot Viewer.lnk - C:\Programas\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe [2006-07-28 21:21:00 155648]
C:\Documents and Settings\All Users\Menu Iniciar\Programas\Arranque\
VIA RAID TOOL.lnk - C:\Programas\VIA\RAID\raid_tool.exe [2005-08-04 21:45:17 565248]
WinZip Quick Pick.lnk - C:\Programas\WinZip\WZQKPICK.EXE [2005-08-05 22:31:10 118784]
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
R2 SVKP;SVKP;C:\WINDOWS\System32\SVKP.sys [2006-10-27 12:17]
R2 UxTuneUp;TuneUp Theme Extension;C:\WINDOWS\System32\svchost.exe [2001-11-20 12:00]
S2 DP1112P1112;C:\WINDOWS\System32\Drivers\DP.sys []
S3 PavSRK.sys;PavSRK.sys;C:\WINDOWS\System32\PavSRK.s ys []
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Conteúdo da pasta 'Tarefas Agendadas'
"2008-03-21 17:17:07 C:\WINDOWS\Tasks\1-Click Maintenance.job"
- C:\Programas\TuneUp Utilities 2007\SystemOptimizer.exe
"2008-02-21 01:00:00 C:\WINDOWS\Tasks\At26.job"
- C:\WINDOWS\System32\o83Gmp01.exe
"2008-02-10 00:39:36 C:\WINDOWS\Tasks\At27.job"
- C:\WINDOWS\System32\o83Gmp01.exe
"2008-02-10 00:39:36 C:\WINDOWS\Tasks\At28.job"
- C:\WINDOWS\System32\o83Gmp01.exe
"2008-02-10 00:39:36 C:\WINDOWS\Tasks\At29.job"
- C:\WINDOWS\System32\o83Gmp01.exe
"2008-02-10 00:39:36 C:\WINDOWS\Tasks\At30.job"
- C:\WINDOWS\System32\o83Gmp01.exe
"2008-02-10 00:39:36 C:\WINDOWS\Tasks\At31.job"
- C:\WINDOWS\System32\o83Gmp01.exe
"2008-02-10 00:39:36 C:\WINDOWS\Tasks\At32.job"
- C:\WINDOWS\System32\o83Gmp01.exe
"2008-02-10 00:39:36 C:\WINDOWS\Tasks\At33.job"
- C:\WINDOWS\System32\o83Gmp01.exe
"2008-02-10 00:39:36 C:\WINDOWS\Tasks\At34.job"
- C:\WINDOWS\System32\o83Gmp01.exe
"2008-03-19 10:00:00 C:\WINDOWS\Tasks\At35.job"
- C:\WINDOWS\System32\o83Gmp01.exe
"2008-03-19 11:00:00 C:\WINDOWS\Tasks\At36.job"
- C:\WINDOWS\System32\o83Gmp01.exe
"2008-03-25 12:00:02 C:\WINDOWS\Tasks\At37.job"
- C:\WINDOWS\System32\o83Gmp01.exe
"2008-03-25 13:00:03 C:\WINDOWS\Tasks\At38.job"
- C:\WINDOWS\System32\o83Gmp01.exe
"2008-03-26 14:00:01 C:\WINDOWS\Tasks\At39.job"
- C:\WINDOWS\System32\o83Gmp01.exe
"2008-03-25 15:00:01 C:\WINDOWS\Tasks\At40.job"
- C:\WINDOWS\System32\o83Gmp01.exe
"2008-03-25 16:00:00 C:\WINDOWS\Tasks\At41.job"
- C:\WINDOWS\System32\o83Gmp01.exe
"2008-03-25 17:00:01 C:\WINDOWS\Tasks\At42.job"
- C:\WINDOWS\System32\o83Gmp01.exe
"2008-03-25 18:00:00 C:\WINDOWS\Tasks\At43.job"
- C:\WINDOWS\System32\o83Gmp01.exe
"2008-03-25 19:00:03 C:\WINDOWS\Tasks\At44.job"
- C:\WINDOWS\System32\o83Gmp01.exe
"2008-03-25 20:00:01 C:\WINDOWS\Tasks\At45.job"
- C:\WINDOWS\System32\o83Gmp01.exe
"2008-03-25 21:00:01 C:\WINDOWS\Tasks\At46.job"
- C:\WINDOWS\System32\o83Gmp01.exe
"2008-03-25 22:00:00 C:\WINDOWS\Tasks\At47.job"
- C:\WINDOWS\System32\o83Gmp01.exe
"2008-03-25 23:00:01 C:\WINDOWS\Tasks\At48.job"
- C:\WINDOWS\System32\o83Gmp01.exe
.
************************************************** ************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-26 13:57:23
Windows 5.1.2600 NTFS
Procurando processos ocultos ...
Procurando entradas auto inicializáveis ocultas ...
Procurando ficheiros ocultos ...
Varredura completada com sucesso
Ficheiros ocultos: 0
************************************************** ************************
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\v sdatant]
"ImagePath"=""
.
Tempo para conclusão: 2008-03-26 14:01:36
ComboFix-quarantined-files.txt 2008-03-26 14:01:29
ComboFix2.txt 2008-02-20 01:05:58




And the HJT log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:44:51, on 26-03-2008
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programas\Sygate\SPF\smc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\VTTimer.exe
C:\WINDOWS\System32\VTtrayp.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Programas\iTunes\iTunesHelper.exe
C:\Programas\QuickTime\qttask.exe
C:\WINDOWS\System32\RunDll32.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\Programas\Java\jre1.6.0_05\bin\jusched.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Programas\Ficheiros comuns\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Programas\MSN Messenger\msnmsgr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Programas\VIA\RAID\raid_tool.exe
C:\Programas\WinZip\WZQKPICK.EXE
C:\Programas\Ficheiros comuns\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programas\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
C:\Programas\iPod\bin\iPodService.exe
C:\Programas\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hiperligações
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programas\Ficheiros comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\Programas\MegauploadToolbar\megauploadtoolbar.d ll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programas\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: del.icio.us Toolbar Helper - {7AA07AE6-01EF-44EC-93CA-9D7CD41CCDB6} - C:\Programas\del.icio.us\Internet Explorer Buttons\dlcsIE.dll
O2 - BHO: SBBho Class - {c9803b12-f0a0-11dc-95ff-0800200c9a66} - C:\WINDOWS\TinyBHO.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\Programas\MegauploadToolbar\megauploadtoolbar.d ll
O3 - Toolbar: del.icio.us - {981FE6A8-260C-4930-960F-C3BC82746CB0} - C:\Programas\del.icio.us\Internet Explorer Buttons\dlcsIE.dll
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programas\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programas\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programas\Java\jre1.6.0_05\bin\jusched.exe "
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [TkBellExe] "C:\Programas\Ficheiros comuns\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programas\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Programas\MSN Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIÇO LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SERVIÇO LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Serviço de rede')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Ferramenta de Verificação de Mídia do Cyber-shot Viewer.lnk = C:\Programas\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
O4 - Global Startup: VIA RAID TOOL.lnk = C:\Programas\VIA\RAID\raid_tool.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Programas\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programas\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programas\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Web Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Programas\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll
O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/wind...?1198687186843
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.macromedia.com/pub/...sh/swflash.cab
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Kaspersky Lab - C:\Programas\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programas\Ficheiros comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Programas\iPod\bin\iPodService.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Programas\Sygate\SPF\smc.exe
--
End of file - 6594 bytes
  #6  
Old 03-27-2008
chiaz's Avatar
Senior Security Analyst
  
Join Date: Jun 2006
Location: Singapore
Posts: 2,510
PC Experience: PC Guru
chiaz - See this Members User comments on their Profile page chiaz - See this Members User comments on their Profile page chiaz - See this Members User comments on their Profile page chiaz - See this Members User comments on their Profile page chiaz - See this Members User comments on their Profile page chiaz - See this Members User comments on their Profile page chiaz - See this Members User comments on their Profile page chiaz - See this Members User comments on their Profile page chiaz - See this Members User comments on their Profile page
Default Re: PC not working fine - HJT log
Hello, please run HijackThis and place a checkmark by the following entry:
O2 - BHO: SBBho Class - {c9803b12-f0a0-11dc-95ff-0800200c9a66} - C:\WINDOWS\TinyBHO.dll (file missing)

Close all other windows except HijackThis and press "Fix Checked". Then close HijackThis and restart the computer.


Looks like ComboFix has already removed most of the "nasties". How's your computer running now?

Reply
New! Norton Internet Security 2008 – Download Now Click Here
Page 1 of 2 1 2 >

Bookmarks

« HJT Log - Prework Done! | Blue Desktop Detirmined to Not Go Away »
Thread Tools
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are On

Similar Threads
Thread Thread Starter Forum Replies Last Post
PLEASE HELP, i have my HJT log already amazing_race Spyware / AdWare 2 10-29-2007 10:26 AM
[Pending] Slow PC - HJT log attached Jim0203 [Fixed] Hijackthis! Logs 3 08-22-2007 01:45 PM
[Fixed] hjt log brte [Fixed] Hijackthis! Logs 7 07-24-2007 09:49 PM
[Fixed] My HJT Log. Vamp [Fixed] Hijackthis! Logs 2 06-27-2007 05:26 PM
[Fixed] My HJT log Buehler91 [Fixed] Hijackthis! Logs 1 07-11-2005 06:55 PM

Contact Us - PC Help Forum - Site Map - Privacy Statement - Top

All times are GMT +1. The time now is 11:28 PM.
Powered by vBulletin
Copyright ©2000 - 2008, Jelsoft Enterprises Ltd.
SEO by vBSEO 3.2.0 RC7
All Graphics & Content Copyright © 2004-2008 - PC Help Forum.com


Back to Top