Jump to content


Photo

Hijackthis log file, please help!


  • Please log in to reply
1 reply to this topic

#1 clamasl

clamasl

    Member

  • Full Member
  • Pip
  • 6 posts

Posted 17 July 2004 - 08:52 AM

Logfile of HijackThis v1.98.0
Scan saved at 9:42:15 AM, on 7/17/2004
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\Ati2evxx.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Intel\Intel® Active Monitor\imonnt.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Intel\Intel® Active Monitor\imontray.exe
C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
C:\Program Files\Eset\nod32kui.exe
C:\WINNT\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINNT\SYSTEM32\feqwfs.exe
C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
C:\WINNT\SYSTEM32\hrtv.exe
C:\WINNT\system32\spool\DRIVERS\W32X86\3\E_S4I2H1.EXE
C:\Program Files\QuickTime\qttask.exe
C:\WINNT\system32\winntsecure.exe
C:\WINNT\SYSTEM32\feqfks.exe
C:\Program Files\USBToolbox\ResModify.EXE
C:\WINNT\SYSTEM32\cbfks.exe
C:\WINNT\system32\bvvswq.exe
C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
C:\WINNT\system32\winntsecure.exe
C:\Program Files\AWS\WeatherBug\Weather.EXE
C:\WINNT\system32\bvvswq.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Real\RealOne Player\realplay.exe
C:\Documents and Settings\Norman1\Desktop\HijackThis.exe
C:\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.24horaslibre.com/
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINNT\system32\dla\tfswshx.dll
O2 - BHO: jimmyhelp.CBrowserHelper - {D0D28736-D6E6-4363-BFE8-3A05D74A8754} - C:\WINNT\dhje.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [IMONTRAY] C:\Program Files\Intel\Intel® Active Monitor\imontray.exe
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [dla] C:\WINNT\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [TV Media] C:\Program Files\TV Media\Tvm.exe
O4 - HKLM\..\Run: [AVP32 uploaderplus] AVP132.exe
O4 - HKLM\..\Run: [Application] C:\winnt\system32\dhcp\files\hiddenrun.exe mdll.exe
O4 - HKLM\..\Run: [msmgsgms] C:\WINNT\SYSTEM32\feqwfs.exe
O4 - HKLM\..\Run: [SPOOL Configuration] SPOOLSVC.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
O4 - HKLM\..\Run: [msmsgss] C:\WINNT\SYSTEM32\hrtv.exe
O4 - HKLM\..\Run: [EPSON Stylus Photo R200 Series] C:\WINNT\system32\spool\DRIVERS\W32X86\3\E_S4I2H1.EXE /P30 "EPSON Stylus Photo R200 Series" /O6 "USB002" /M "Stylus Photo R200"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Configuration Loader] winntsecure.exe
O4 - HKLM\..\Run: [RealVNC Setup] C:\WINNT\SYSTEM32\feqfks.exe
O4 - HKLM\..\Run: [ResModify] C:\Program Files\USBToolbox\ResModify.EXE
O4 - HKLM\..\Run: [ICQMsn] C:\WINNT\SYSTEM32\cbfks.exe
O4 - HKLM\..\Run: [AightGood] bvvswq.exe
O4 - HKLM\..\RunServices: [AVP32 uploaderplus] AVP132.exe
O4 - HKLM\..\RunServices: [SPOOL Configuration] SPOOLSVC.exe
O4 - HKLM\..\RunServices: [Configuration Loader] winntsecure.exe
O4 - HKLM\..\RunServices: [AightGood] bvvswq.exe
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"
O4 - HKCU\..\Run: [PJFTBOX] C:\WINNT\VAOEQK.exe
O4 - HKCU\..\Run: [SPOOL Configuration] SPOOLSVC.exe
O4 - HKCU\..\Run: [Configuration Loader] winntsecure.exe
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.EXE 1
O4 - HKCU\..\Run: [AightGood] bvvswq.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\system32\msjava.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (HKCU)
O12 - Plugin for .mpg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/p...t/msnchat45.cab

#2 clamasl

clamasl

    Member

  • Full Member
  • Pip
  • 6 posts

Posted 17 July 2004 - 07:27 PM

I read all the rules from the moderators to answer to members Hijack logs, however I noticed that another member who posted his log after me, got a response from a moderator before me. why is that?. can somebody explain me that?. Thanks.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button