Is my system infected? Help please.
- Thread starter Alex.A
- Start date
chrisalviola
New Member
what are those files?
Crimsonite
New Member
If you want help, you copy paste the log in your post, not attach them. Nobody is interested in getting their systems infected too.
Alex.A
New Member
OK, this is the Hijackthis log. Please take a look and see what's going on. Thanks
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:49:24 AM, on 7/14/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\hijackthis\analyze.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.windowsxlive.net
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
--
End of file - 4047 bytes
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:49:24 AM, on 7/14/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\hijackthis\analyze.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.windowsxlive.net
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
--
End of file - 4047 bytes
Buzz1927
Digaredd
Download, istall, update and run a full scan with AVG Antispyware.
http://downloads.grisoft.cz/softw/70/filedir/inst/avgas-setup-7.5.1.43.exe
When the scan has finished, quarantine all it finds and save the report. Post the report in your reply.
http://downloads.grisoft.cz/softw/70/filedir/inst/avgas-setup-7.5.1.43.exe
When the scan has finished, quarantine all it finds and save the report. Post the report in your reply.
Alex.A
New Member
OK, I did a system complete scan and I quarantined all the threats.
Here's my report:
---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------
+ Created at: 11:51:10 PM 7/14/2007
+ Scan result:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\AVP -> Adware.Generic : Ignored.
D:\Dadu\kituri\PDF converter 4.0 - Convert PDF to Excel, Word & More\InstallAble2Extract.exe -> Not-A-Virus.Monitor.Win32.Ardamax.k : Ignored.
C:\System Volume Information\_restore{D0838D28-0182-4379-AF24-5E4712D6E0AA}\RP30\A0014700.sys -> Rootkit.Agent.go : Ignored.
:mozilla.110:C:\Documents and Settings\Alexandru\Application Data\Mozilla\Firefox\Profiles\bag2nwo5.default\cookies.txt -> TrackingCookie.Atdmt : Ignored.
:mozilla.196:C:\Documents and Settings\Alexandru\Application Data\Mozilla\Firefox\Profiles\bag2nwo5.default\cookies.txt -> TrackingCookie.Burstnet : Ignored.
:mozilla.192:C:\Documents and Settings\Alexandru\Application Data\Mozilla\Firefox\Profiles\bag2nwo5.default\cookies.txt -> TrackingCookie.Tacoda : Ignored.
:mozilla.193:C:\Documents and Settings\Alexandru\Application Data\Mozilla\Firefox\Profiles\bag2nwo5.default\cookies.txt -> TrackingCookie.Tacoda : Ignored.
:mozilla.194:C:\Documents and Settings\Alexandru\Application Data\Mozilla\Firefox\Profiles\bag2nwo5.default\cookies.txt -> TrackingCookie.Tacoda : Ignored.
:mozilla.195:C:\Documents and Settings\Alexandru\Application Data\Mozilla\Firefox\Profiles\bag2nwo5.default\cookies.txt -> TrackingCookie.Tacoda : Ignored.
:mozilla.108:C:\Documents and Settings\Alexandru\Application Data\Mozilla\Firefox\Profiles\bag2nwo5.default\cookies.txt -> TrackingCookie.Webtrends : Ignored.
D:\Dadu\kituri\daemon.exe -> Trojan.Small : Ignored.
D:\System Volume Information\_restore{0283EA62-0800-4AD4-9AFE-340AA8570B1F}\RP51\A0018922.exe -> Trojan.Small : Ignored.
::Report end
Here's my report:
---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------
+ Created at: 11:51:10 PM 7/14/2007
+ Scan result:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\AVP -> Adware.Generic : Ignored.
D:\Dadu\kituri\PDF converter 4.0 - Convert PDF to Excel, Word & More\InstallAble2Extract.exe -> Not-A-Virus.Monitor.Win32.Ardamax.k : Ignored.
C:\System Volume Information\_restore{D0838D28-0182-4379-AF24-5E4712D6E0AA}\RP30\A0014700.sys -> Rootkit.Agent.go : Ignored.
:mozilla.110:C:\Documents and Settings\Alexandru\Application Data\Mozilla\Firefox\Profiles\bag2nwo5.default\cookies.txt -> TrackingCookie.Atdmt : Ignored.
:mozilla.196:C:\Documents and Settings\Alexandru\Application Data\Mozilla\Firefox\Profiles\bag2nwo5.default\cookies.txt -> TrackingCookie.Burstnet : Ignored.
:mozilla.192:C:\Documents and Settings\Alexandru\Application Data\Mozilla\Firefox\Profiles\bag2nwo5.default\cookies.txt -> TrackingCookie.Tacoda : Ignored.
:mozilla.193:C:\Documents and Settings\Alexandru\Application Data\Mozilla\Firefox\Profiles\bag2nwo5.default\cookies.txt -> TrackingCookie.Tacoda : Ignored.
:mozilla.194:C:\Documents and Settings\Alexandru\Application Data\Mozilla\Firefox\Profiles\bag2nwo5.default\cookies.txt -> TrackingCookie.Tacoda : Ignored.
:mozilla.195:C:\Documents and Settings\Alexandru\Application Data\Mozilla\Firefox\Profiles\bag2nwo5.default\cookies.txt -> TrackingCookie.Tacoda : Ignored.
:mozilla.108:C:\Documents and Settings\Alexandru\Application Data\Mozilla\Firefox\Profiles\bag2nwo5.default\cookies.txt -> TrackingCookie.Webtrends : Ignored.
D:\Dadu\kituri\daemon.exe -> Trojan.Small : Ignored.
D:\System Volume Information\_restore{0283EA62-0800-4AD4-9AFE-340AA8570B1F}\RP51\A0018922.exe -> Trojan.Small : Ignored.
::Report end
Last edited: