Jump to content


Photo

Hi there, Does anybody could check my log file?


  • Please log in to reply
1 reply to this topic

#1 *DEL*

*DEL*

    Member

  • Full Member
  • Pip
  • 2 posts

Posted 20 May 2004 - 09:21 AM

Hi folks,

I don't know how to check what is good and what is not in here. Can you help me with?

Are "C:\WINDOWS\System32\sistray.EXE" and "C:\WINDOWS\System32\khooker.exe" trojans? What else should I fix?

Thanks a lot for helping!



Logfile of HijackThis v1.97.7
Scan saved at 10:54:26, on 20/5/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccEvtMgr.exe
C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7Debug\mdm.exe
C:\Arquivos de programas\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\sistray.EXE
C:\WINDOWS\System32\RunDll32.exe
C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccApp.exe
C:\Arquivos de programas\SecuDesktop2000_WinNT\bin\SecuMngr.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe
C:\Arquivos de programas\Babylon\Babylon.exe
C:\Arquivos de programas\Webroot\Spy Sweeper\SpySweeper.exe
C:\Arquivos de programas\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\ARQUIV~1\MACROE~1\macexp.exe
C:\Arquivos de programas\Leucotron Telecom\Digitalle Tools\WinMvc5R\WinMvc5r.exe
C:\Arquivos de programas\StickyNote\StickyNote.exe
C:\Arquivos de programas\Leucotron Telecom\VKS Windows\KS_WIN.exe
C:\Arquivos de programas\Messenger\msmsgs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\utilman.exe
C:\Arquivos de programas\Microsoft Office\Office10\WINWORD.EXE
C:\Arquivos de programas\Microsoft Office\Office10\OUTLOOK.EXE
C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE
C:\Download Programas\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.terra.com.br
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {516E2306-7ADF-47EC-AEA8-ACB6B51899F1} - C:\ARQUIV~1\MACROE~1\iCapture.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Arquivos de programas\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Arquivos de programas\Norton AntiVirus\NavShExt.dll
O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\WINDOWS\Downloaded Program Files\gbieh.dll
O3 - Toolbar: &Rádio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Arquivos de programas\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Arquivos de programas\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [SiS Tray] C:\WINDOWS\System32\sistray.EXE
O4 - HKLM\..\Run: [SiS KHooker] C:\WINDOWS\System32\khooker.exe
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\sisUSBrg.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [ccApp] "C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [SecuManager] C:\Arquivos de programas\SecuDesktop2000_WinNT\bin\SecuMngr.exe
O4 - HKCU\..\Run: [Inter-Chat] C:\Arquivos de programas\ConWare\InterChat3\IC3
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Babylon Translator] C:\Arquivos de programas\Babylon\Babylon.exe
O4 - HKCU\..\Run: [SpySweeper] C:\Arquivos de programas\Webroot\Spy Sweeper\SpySweeper.exe /0
O4 - Startup: Módulo Cliente de Rede Digitalle.lnk = C:\Arquivos de programas\Leucotron Telecom\Digitalle Tools\WinMvc5R\WinMvc5r.exe
O4 - Startup: StickyNote.lnk = C:\Arquivos de programas\StickyNote\StickyNote.exe
O4 - Startup: Virtual KS For Windows.lnk = C:\Arquivos de programas\Leucotron Telecom\VKS Windows\KS_WIN.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Arquivos de programas\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Macro Express 3.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Arquivos de programas\Microsoft Office\Office10\OSA.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: + Offline &Explorer: Download the link - file://C:\Documents and Settings\TL.COMP3\Configurações locais\Temp\Diretório temporário 1 para oep1529a[1].zip\Add_UrlO.htm
O8 - Extra context menu item: + Offline E&xplorer: Download the current page - file://C:\Documents and Settings\TL.COMP3\Configurações locais\Temp\Diretório temporário 1 para oep1529a[1].zip\Add_AllO.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsof...ss/allinone.asp
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - http://www.apple.com...ex/qtplugin.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macr...director/sw.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.co...etup1.0.0.6.cab
O16 - DPF: {5F426A93-0821-47D2-A126-5A48A874B289} (DialerWeb Class) - http://212.145.159.1...Recomendada.cab
O16 - DPF: {66E79B75-F711-4A88-9C6D-10BCA64F3306} (DriveCamPlayer Class) - http://www.drivecam....iveCamEvent.dll
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...StatsClient.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macr...ash/swflash.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zon...ireShowdown.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{01A6DD93-1939-4A13-B0F7-77BDBF3F3CC8}: NameServer = 200.213.50.146,200.213.50.154
O17 - HKLM\System\CS1\Services\Tcpip\..\{01A6DD93-1939-4A13-B0F7-77BDBF3F3CC8}: NameServer = 200.213.50.146,200.213.50.154
O17 - HKLM\System\CS2\Services\Tcpip\..\{01A6DD93-1939-4A13-B0F7-77BDBF3F3CC8}: NameServer = 200.213.50.146,200.213.50.154

#2 cnm

cnm

    Mother Lion of SWI

  • Administrators
  • PipPipPipPipPip
  • 25,317 posts

Posted 24 May 2004 - 09:49 AM

Please don't keep opening new threads. Hit ADD REPLY, not NEW TOPIC, to bump this one to the top of the list. Sorry no one has answered you yet.

Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button