Mivercon Security Forum
›
HijackThis Forum
›
Submit your HijackThislog here 
Can't run HiJackThis as administrator!
Can't run HiJackThis as administrator!
|
Can't run HiJackThis as administrator!
|
|
19-08-2010, 23:39
Bericht: #1
|
|||
|
|||
|
Can't run HiJackThis as administrator!
Hi,
My computer was acting strange, and my hotmail account started sending out emails to my contactlist. So I ran MBAM and SAS and found a trojan and a bunch of other stuff. I tried running HiJackThis, so I could place a log, but it doesn't give me the option to run it as administrator! So here's the log I was able to run, any help would be greatly appreciated! Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 7:04:49 PM, on 8/18/2010 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v8.00 (8.00.6001.18943) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\system32\taskeng.exe C:\Windows\Explorer.EXE C:\Windows\sttray.exe C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\Windows\System32\igfxpers.exe C:\Program Files\ScanSoft\OmniPageSE4.0\OpWareSE4.exe C:\Program Files\McAfee.com\Agent\mcagent.exe C:\Windows\System32\igfxtray.exe C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe C:\Windows\System32\hkcmd.exe C:\Program Files\CyberLink\PCM4Everio\EverioService.exe C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Windows\ehome\ehtray.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE C:\Windows\ehome\ehmsas.exe C:\Program Files\Intel\IntelDH\CCU\CCU_Engine.exe C:\Windows\System32\mobsync.exe C:\Windows\system32\wbem\unsecapp.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\plugin-container.exe C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://login.live.com/login.srf?id=2&svc...3&_lang=EN R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gateway.com/g/startpage.html?...P&M=GT5428 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/g/startpage.html?...P&M=GT5428 R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O1 - Hosts: ::1 localhost O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\google\BAE.dll O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe O4 - HKLM\..\Run: [CCUTRAYICON] C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe O4 - HKLM\..\Run: [NMSSupport] "C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe" /startup O4 - HKLM\..\Run: [McAfeeUpdate] "C:\Program Files\McAfee\MSC\McUpdUtl.exe" /RunKey O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [UpdatePPShortCut] "C:\Program Files\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\PowerProducer" update "Software\CyberLink\PowerProducer\4.0" O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe O4 - HKLM\..\Run: [EverioService] "C:\Program Files\CyberLink\PCM4Everio\EverioService.exe" O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020 O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe (file missing) O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe (file missing) O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe (file missing) O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll O15 - Trusted Zone: http://mvooren.hyves.net O15 - Trusted Zone: *.hyves.nl O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe O23 - Service: Intel® Alert Service (AlertService) - Intel® Corporation - C:\Program Files\Intel\IntelDH\CCU\AlertService.exe O23 - Service: DQLWinService - Unknown owner - C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe O23 - Service: Intel® Software Services Manager (ISSM) - Intel® Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe O23 - Service: Intel® Viiv™ Media Server (M1 Server) - Unknown owner - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe O23 - Service: Intel® Application Tracker (MCLServiceATL) - Intel® Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe O23 - Service: Intel® Remoting Service (Remote UI Service) - Intel® Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- End of file - 11142 bytes |
|||
|
|
20-08-2010, 00:10
Bericht: #2
|
|||
|
|||
|
RE: Can't run HiJackThis as administrator!
Hi,
You are probably trying to rightclick the shortcut on your desktop to run it as administrator. That option is indeed not present there as this is only a shortcut. To run the main HIjackThis as administrator, rightclick the shortcut on your desktop, select to open the file location. This will bring you to the following folder: C:\Program Files\Trend Micro\HiJackThis . In there, you will find the main executable HijackThis.exe. There, you can select to run as administrator when you rightclick it. I can't see anything malicious in above log though - are you still having malware related issues? Microsoft MVP - Consumer Security ![[Afbeelding: mvp.gif]](http://users.telenet.be/bluepatchy/miekiemoes/linksimages/mvp.gif) Director of Research @ Malwarebytes ![[Afbeelding: mbammini.png]](http://users.telenet.be/bluepatchy/miekiemoes/linksimages/mbammini.png) AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Preventie---Help! Mijn computer is traag!---Mijn Blog---Volg me op Twitter. ![[Afbeelding: MiekiemoesBlog.2.gif]](http://feeds.feedburner.com/MiekiemoesBlog.2.gif)
|
|||
|
|
20-08-2010, 03:41
(Dit bericht is het laatst bewerkt op 20-08-2010 om 03:44 door Bluewaters.)
Bericht: #3
|
|||
|
|||
RE: Can't run HiJackThis as administrator!
(20-08-2010 00:10)miekiemoes schreef: Hi, OK that worked, normally I can run it from the Startmenu though, now I had to go into C:\ProgramFiles\etc etc etc to be able to run it! Here's the new log, just in case. Yes I'm still having some issues like popups. Also, my hotmail account is sending emails to my contacts, is that a problem with my computer, or is it an internet-based issue? What can I do to fix it? Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 6:39:02 PM, on 8/19/2010 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v8.00 (8.00.6001.18943) Boot mode: Normal Running processes: c:\PROGRA~1\mcafee.com\agent\mcagent.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\sttray.exe C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\Windows\System32\igfxpers.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\ScanSoft\OmniPageSE4.0\OpWareSE4.exe C:\Windows\System32\igfxtray.exe C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe C:\Windows\System32\hkcmd.exe C:\Program Files\CyberLink\PCM4Everio\EverioService.exe C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Windows\system32\wbem\unsecapp.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Windows\ehome\ehtray.exe C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE C:\Windows\ehome\ehmsas.exe C:\Program Files\Intel\IntelDH\CCU\CCU_Engine.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\plugin-container.exe C:\Program Files\Ipswitch\WS_FTP 12\WsftpCOMHelper.exe C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://login.live.com/login.srf?id=2&svc...3&_lang=EN R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gateway.com/g/startpage.html?...P&M=GT5428 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/g/startpage.html?...P&M=GT5428 R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O1 - Hosts: ::1 localhost O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\google\BAE.dll O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe O4 - HKLM\..\Run: [CCUTRAYICON] C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe O4 - HKLM\..\Run: [NMSSupport] "C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe" /startup O4 - HKLM\..\Run: [McAfeeUpdate] "C:\Program Files\McAfee\MSC\McUpdUtl.exe" /RunKey O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [UpdatePPShortCut] "C:\Program Files\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\PowerProducer" update "Software\CyberLink\PowerProducer\4.0" O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe O4 - HKLM\..\Run: [EverioService] "C:\Program Files\CyberLink\PCM4Everio\EverioService.exe" O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020 O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-21-2649331228-3696308728-864307741-1007\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'IUSR_NMPR') O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe (file missing) O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe (file missing) O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe (file missing) O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll O15 - Trusted Zone: http://mvooren.hyves.net O15 - Trusted Zone: *.hyves.nl O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe O23 - Service: Intel® Alert Service (AlertService) - Intel® Corporation - C:\Program Files\Intel\IntelDH\CCU\AlertService.exe O23 - Service: DQLWinService - Unknown owner - C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe O23 - Service: Intel® Software Services Manager (ISSM) - Intel® Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe O23 - Service: Intel® Viiv™ Media Server (M1 Server) - Unknown owner - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe O23 - Service: Intel® Application Tracker (MCLServiceATL) - Intel® Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe O23 - Service: Intel® Remoting Service (Remote UI Service) - Intel® Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- End of file - 11658 bytes |
|||
|
|
|
20-08-2010, 07:56
Bericht: #4
|
|||
|
|||
|
RE: Can't run HiJackThis as administrator!
Hi,
Please do the following.. * Please visit this webpage for instructions for downloading and running ComboFix: http://www.bleepingcomputer.com/combofix...e-combofix Post the log from ComboFix in your next reply. Please make sure you disable ALL of your Antivirus/Antispyware/Firewall before running ComboFix..This because Security Software may see some components ComboFix uses (prep.com for example) as suspicious and blocks the tool, or even deletes it. Please visit HERE if you don't know how. As for your hotmail, this doesn't always mean your computer is infected though. Please change your hotmail password. Microsoft MVP - Consumer Security Director of Research @ Malwarebytes AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Preventie---Help! Mijn computer is traag!---Mijn Blog---Volg me op Twitter.
|
|||
|
|
|
20-08-2010, 18:40
Bericht: #5
|
|||
|
|||
RE: Can't run HiJackThis as administrator!
(20-08-2010 07:56)miekiemoes schreef: Hi, Hope I did it right! ComboFix 10-08-18.06 - Sanna 08/20/2010 8:53.2.2 - x86 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2037.1248 [GMT -7:00] Running from: c:\users\Sanna\Downloads\ComboFix.exe SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7} SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46} * Resident AV is active . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\programdata\Windows c:\windows\Downloaded Program Files\f3initialsetup1.0.1.0.inf . ((((((((((((((((((((((((( Files Created from 2010-07-20 to 2010-08-20 ))))))))))))))))))))))))))))))) . 2010-08-20 16:03 . 2010-08-20 16:03 -------- d-----w- c:\users\Sanna\AppData\Local\temp 2010-08-19 01:59 . 2010-08-19 01:59 388096 ----a-r- c:\users\Sanna\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2010-08-18 06:31 . 2010-08-18 06:31 -------- d-----w- c:\program files\Trend Micro 2010-08-18 06:25 . 2010-07-17 12:00 423656 ----a-w- c:\windows\system32\deployJava1.dll 2010-08-18 01:34 . 2010-08-18 01:34 63488 ----a-w- c:\users\Sanna\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll 2010-08-18 01:34 . 2010-08-18 01:34 52224 ----a-w- c:\users\Sanna\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll 2010-08-18 01:34 . 2010-08-18 01:34 117760 ----a-w- c:\users\Sanna\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL 2010-08-18 01:34 . 2010-08-18 01:34 -------- d-----w- c:\users\Sanna\AppData\Roaming\SUPERAntiSpyware.com 2010-08-18 01:34 . 2010-08-18 01:34 -------- d-----w- c:\programdata\SUPERAntiSpyware.com 2010-08-18 01:34 . 2010-08-18 01:34 -------- d-----w- c:\program files\SUPERAntiSpyware 2010-08-18 01:25 . 2010-08-18 01:25 -------- d-----w- c:\programdata\Yahoo! Companion 2010-08-18 01:25 . 2010-08-18 01:25 -------- d-----w- c:\program files\CCleaner 2010-08-12 23:54 . 2010-06-08 17:35 3600768 ----a-w- c:\windows\system32\ntkrnlpa.exe 2010-08-12 23:54 . 2010-06-08 17:35 3548040 ----a-w- c:\windows\system32\ntoskrnl.exe 2010-08-12 23:54 . 2010-06-11 16:15 1248768 ----a-w- c:\windows\system32\msxml3.dll 2010-08-12 23:54 . 2010-06-18 15:04 302080 ----a-w- c:\windows\system32\drivers\srv.sys 2010-08-12 23:54 . 2010-06-18 15:04 144896 ----a-w- c:\windows\system32\drivers\srv2.sys 2010-08-12 23:54 . 2010-06-16 16:04 905088 ----a-w- c:\windows\system32\drivers\tcpip.sys 2010-08-09 00:18 . 2010-08-09 00:19 -------- d-----w- c:\users\Sanna\AppData\Roaming\Ipswitch 2010-08-09 00:17 . 2010-08-09 00:17 -------- d-----w- c:\programdata\Ipswitch 2010-08-09 00:17 . 2010-08-09 00:17 -------- d-----w- c:\program files\Ipswitch 2010-08-09 00:16 . 2010-08-09 00:16 -------- d-----w- c:\users\Sanna\AppData\Roaming\InstallShield . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-08-18 06:25 . 2007-02-26 16:40 -------- d-----w- c:\program files\Common Files\Java 2010-08-18 06:25 . 2007-02-26 16:40 -------- d-----w- c:\program files\Java 2010-08-18 01:25 . 2007-06-20 05:11 -------- d-----w- c:\program files\Yahoo! 2010-08-17 00:33 . 2007-06-14 06:08 -------- d-----w- c:\program files\Common Files\Symantec Shared 2010-08-13 10:02 . 2007-02-26 16:37 -------- d-----w- c:\programdata\Microsoft Help 2010-08-13 10:01 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail 2010-08-09 00:17 . 2007-02-26 16:28 -------- d--h--w- c:\program files\InstallShield Installation Information 2010-07-20 02:30 . 2007-07-02 22:01 2314 ----a-w- c:\users\Sanna\AppData\Roaming\wklnhst.dat 2010-06-28 04:22 . 2010-06-28 04:22 501936 ----a-w- c:\programdata\Google\Google Toolbar\Update\gtbDBA2.tmp.exe 2010-06-27 22:19 . 2010-06-27 22:19 -------- d--h--r- c:\users\Sanna\AppData\Roaming\SecuROM 2010-06-27 22:11 . 2010-06-27 22:11 -------- d-----w- c:\program files\Microids 2010-06-27 22:08 . 2010-06-27 22:08 -------- d-----w- c:\program files\Atlantis 2 2010-06-26 10:02 . 2007-02-26 16:38 -------- d-----w- c:\program files\Microsoft.NET 2010-06-26 06:05 . 2010-08-12 23:55 916480 ----a-w- c:\windows\system32\wininet.dll 2010-06-26 06:02 . 2010-08-12 23:55 71680 ----a-w- c:\windows\system32\iesetup.dll 2010-06-26 06:02 . 2010-08-12 23:55 109056 ----a-w- c:\windows\system32\iesysprep.dll 2010-06-26 04:25 . 2010-08-12 23:55 133632 ----a-w- c:\windows\system32\ieUnatt.exe 2010-06-25 21:34 . 2010-06-25 21:34 690952 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll 2010-06-21 13:37 . 2010-08-12 23:55 2037760 ----a-w- c:\windows\system32\win32k.sys 2010-06-18 17:31 . 2010-08-12 23:55 36864 ----a-w- c:\windows\system32\rtutils.dll 2010-06-11 16:16 . 2010-08-12 23:55 274944 ----a-w- c:\windows\system32\schannel.dll 2010-05-27 20:08 . 2010-08-12 23:55 81920 ----a-w- c:\windows\system32\iccvid.dll 2010-05-26 17:06 . 2010-06-10 23:24 34304 ----a-w- c:\windows\system32\atmlib.dll 2010-05-26 14:47 . 2010-06-10 23:24 289792 ----a-w- c:\windows\system32\atmfd.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-03-16 39408] "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SigmatelSysTrayApp"="sttray.exe" [2006-11-02 303104] "CCUTRAYICON"="c:\program files\Intel\IntelDH\CCU\CCU_TrayIcon.exe" [2006-11-18 182744] "NMSSupport"="c:\program files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe" [2006-09-26 423424] "McAfeeUpdate"="c:\program files\McAfee\MSC\McUpdUtl.exe" [2010-02-11 300352] "Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184] "UpdatePPShortCut"="c:\program files\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe" [2008-02-22 222504] "RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2008-01-22 81920] "Persistence"="c:\windows\system32\igfxpers.exe" [2006-12-12 81920] "OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-10-11 75304] "mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-10-29 1218008] "LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2007-10-11 62760] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2006-12-12 98304] "IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2006-11-16 151552] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2006-12-12 106496] "EverioService"="c:\program files\CyberLink\PCM4Everio\EverioService.exe" [2008-05-22 151552] "CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2006-10-17 1197648] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-28 35696] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-11 417792] c:\users\Sanna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "mixer"=wdmaud.drv [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc] @="" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] @="Service" [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc] "VistaSp2"=hex(b):27,02,49,61,61,48,ca,01 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2649331228-3696308728-864307741-1001] "EnableNotificationsRef"=dword:00000002 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2649331228-3696308728-864307741-500] "EnableNotificationsRef"=dword:00000002 R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-18 135664] R3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys [2007-11-02 18176] R3 motccgpfl;MotCcgpFlService;c:\windows\system32\DRIVERS\motccgpfl.sys [2007-01-23 7680] R3 motport;Motorola USB Diagnostic Port;c:\windows\system32\DRIVERS\motport.sys [2007-06-18 23680] R3 NETw2v32;Intel® PRO/Wireless 2200BG Network Connection Driver for Windows Vista;c:\windows\system32\DRIVERS\NETw2v32.sys [2006-11-02 2589184] R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504] R4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys [2008-08-20 716272] S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872] S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2010-05-10 67656] S2 DQLWinService;DQLWinService;c:\program files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe [2006-10-29 208896] S2 nmsgopro;GoProto Protocol Driver for NMS;c:\windows\system32\DRIVERS\nmsgopro.sys [2006-09-28 28672] S2 nmsunidr;UniDriver for NMS;c:\windows\system32\DRIVERS\nmsunidr.sys [2006-10-19 7424] S3 IntelDH;IntelDH Driver;c:\windows\system32\Drivers\IntelDH.sys [2007-02-26 5504] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache getPlusHelper REG_MULTI_SZ getPlusHelper . Contents of the 'Scheduled Tasks' folder 2010-08-20 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job - c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 19:20] 2010-08-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-18 16:54] 2010-08-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-18 16:54] 2010-08-15 c:\windows\Tasks\McDefragTask.job - c:\progra~1\mcafee\mqc\QcConsol.exe [2009-11-10 20:22] 2010-07-01 c:\windows\Tasks\McQcTask.job - c:\progra~1\mcafee\mqc\QcConsol.exe [2009-11-10 20:22] 2010-08-19 c:\windows\Tasks\Norton Security Scan for Sanna.job - c:\program files\Norton Security Scan\Engine\2.7.0.52\Nss.exe [2010-02-18 14:31] 2010-08-11 c:\windows\Tasks\TASK20100810204837.job - c:\program files\Ipswitch\WS_FTP 12\wsftppro.exe [2010-08-09 16:49] 2010-08-11 c:\windows\Tasks\TASK20100810204956.job - c:\program files\Ipswitch\WS_FTP 12\wsftppro.exe [2010-08-09 16:49] 2010-08-11 c:\windows\Tasks\TASK20100810205032.job - c:\program files\Ipswitch\WS_FTP 12\wsftppro.exe [2010-08-09 16:49] 2010-08-11 c:\windows\Tasks\TASK20100810212436.job - c:\program files\Ipswitch\WS_FTP 12\wsftppro.exe [2010-08-09 16:49] 2010-08-11 c:\windows\Tasks\TASK20100810212448.job - c:\program files\Ipswitch\WS_FTP 12\wsftppro.exe [2010-08-09 16:49] 2010-08-11 c:\windows\Tasks\TASK20100810212457.job - c:\program files\Ipswitch\WS_FTP 12\wsftppro.exe [2010-08-09 16:49] 2010-08-11 c:\windows\Tasks\TASK20100810212507.job - c:\program files\Ipswitch\WS_FTP 12\wsftppro.exe [2010-08-09 16:49] 2010-08-11 c:\windows\Tasks\TASK20100810212514.job - c:\program files\Ipswitch\WS_FTP 12\wsftppro.exe [2010-08-09 16:49] 2010-08-11 c:\windows\Tasks\TASK20100810213336.job - c:\program files\Ipswitch\WS_FTP 12\wsftppro.exe [2010-08-09 16:49] 2010-08-11 c:\windows\Tasks\TASK20100810214229.job - c:\program files\Ipswitch\WS_FTP 12\wsftppro.exe [2010-08-09 16:49] 2010-08-11 c:\windows\Tasks\TASK20100810214240.job - c:\program files\Ipswitch\WS_FTP 12\wsftppro.exe [2010-08-09 16:49] 2010-08-11 c:\windows\Tasks\TASK20100810214247.job - c:\program files\Ipswitch\WS_FTP 12\wsftppro.exe [2010-08-09 16:49] 2010-08-11 c:\windows\Tasks\TASK20100810214301.job - c:\program files\Ipswitch\WS_FTP 12\wsftppro.exe [2010-08-09 16:49] 2010-08-11 c:\windows\Tasks\TASK20100810214351.job - c:\program files\Ipswitch\WS_FTP 12\wsftppro.exe [2010-08-09 16:49] 2010-08-11 c:\windows\Tasks\TASK20100810214359.job - c:\program files\Ipswitch\WS_FTP 12\wsftppro.exe [2010-08-09 16:49] 2010-08-11 c:\windows\Tasks\TASK20100810214424.job - c:\program files\Ipswitch\WS_FTP 12\wsftppro.exe [2010-08-09 16:49] 2010-08-11 c:\windows\Tasks\TASK20100810214433.job - c:\program files\Ipswitch\WS_FTP 12\wsftppro.exe [2010-08-09 16:49] 2010-08-11 c:\windows\Tasks\TASK20100810214802.job - c:\program files\Ipswitch\WS_FTP 12\wsftppro.exe [2010-08-09 16:49] 2010-08-11 c:\windows\Tasks\TASK20100810214815.job - c:\program files\Ipswitch\WS_FTP 12\wsftppro.exe [2010-08-09 16:49] 2010-08-11 c:\windows\Tasks\TASK20100810214824.job - c:\program files\Ipswitch\WS_FTP 12\wsftppro.exe [2010-08-09 16:49] 2010-08-11 c:\windows\Tasks\TASK20100810214832.job - c:\program files\Ipswitch\WS_FTP 12\wsftppro.exe [2010-08-09 16:49] 2010-08-11 c:\windows\Tasks\TASK20100810214841.job - c:\program files\Ipswitch\WS_FTP 12\wsftppro.exe [2010-08-09 16:49] 2010-08-13 c:\windows\Tasks\TASK20100811154011.job - c:\program files\Ipswitch\WS_FTP 12\wsftppro.exe [2010-08-09 16:49] 2010-08-13 c:\windows\Tasks\TASK20100811154254.job - c:\program files\Ipswitch\WS_FTP 12\wsftppro.exe [2010-08-09 16:49] 2010-08-13 c:\windows\Tasks\TASK20100811155208.job - c:\program files\Ipswitch\WS_FTP 12\wsftppro.exe [2010-08-09 16:49] 2010-08-11 c:\windows\Tasks\TASK20100811155426.job - c:\program files\Ipswitch\WS_FTP 12\wsftppro.exe [2010-08-09 16:49] 2010-08-13 c:\windows\Tasks\TASK20100811155619.job - c:\program files\Ipswitch\WS_FTP 12\wsftppro.exe [2010-08-09 16:49] 2010-08-13 c:\windows\Tasks\TASK20100811161118.job - c:\program files\Ipswitch\WS_FTP 12\wsftppro.exe [2010-08-09 16:49] 2010-08-13 c:\windows\Tasks\TASK20100811161456.job - c:\program files\Ipswitch\WS_FTP 12\wsftppro.exe [2010-08-09 16:49] 2010-08-13 c:\windows\Tasks\TASK20100811194013.job - c:\program files\Ipswitch\WS_FTP 12\wsftppro.exe [2010-08-09 16:49] 2010-08-12 c:\windows\Tasks\TASK20100811194152.job - c:\program files\Ipswitch\WS_FTP 12\wsftppro.exe [2010-08-09 16:49] . . ------- Supplementary Scan ------- . uStart Page = hxxp://login.live.com/login.srf?id=2&svc=mail&cbid=24325&msppjph=1&tw=900&fs=1&lc=1033&_lang=EN mStart Page = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&Br=GTW&Loc=ENG_US&Sys=DTP&M=GT5428 uInternet Settings,ProxyOverride = <local> IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html LSP: c:\windows\system32\wpclsp.dll Trusted Zone: hyves.net\mvooren Trusted Zone: hyves.nl FF - ProfilePath - c:\users\Sanna\AppData\Roaming\Mozilla\Firefox\Profiles\vs32t4xs.default\ FF - prefs.js: browser.startup.homepage - hxxp://login.live.com/login.srf?id=2&svc=mail&cbid=24325&msppjph=1&tw=900&fs=1&lc=1033&_lang=EN FF - component: c:\users\Sanna\AppData\Roaming\Mozilla\Firefox\Profiles\vs32t4xs.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\FFExternalAlert.dll FF - component: c:\users\Sanna\AppData\Roaming\Mozilla\Firefox\Profiles\vs32t4xs.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\RadioWMPCore.dll FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\users\Sanna\AppData\Roaming\Mozilla\Firefox\Profiles\vs32t4xs.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\plugins\np_gp.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ ---- FIREFOX POLICIES ---- c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096); c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45); c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", ""); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false); . - - - - ORPHANS REMOVED - - - - WebBrowser-{ECDEE021-0D17-467F-A1FF-C7A115230949} - (no file) HKCU-Run-msnmsgr - c:\program files\MSN Messenger\msnmsgr.exe HKCU-Run-IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe AddRemove-Agere Systems Soft Modem - c:\windows\agrsmdel ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-08-20 09:03 Windows 6.0.6002 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\{95808DC4-FA4A-4C74-92FE-5B863F82066B}] "ImagePath"="\??\c:\program files\CyberLink\PowerDVD\000.fcl" . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_USERS\S-1-5-21-2649331228-3696308728-864307741-1002\Software\SecuROM\License information*] "datasecu"=hex:0c,4a,79,53,57,5b,17,b2,93,c1,9b,d3,d2,ba,37,ca,1e,1a,ed,5a,80, 5d,03,0f,2c,62,a9,34,5a,90,d1,1d,8e,18,1a,24,58,85,c5,ea,4a,66,05,ff,d4,03,\ "rkeysecu"=hex:c6,84,0b,26,f1,a9,ea,d9,28,51,48,fe,38,e9,69,1d [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 "MSCurrentCountry"=dword:000000b5 [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . Completion time: 2010-08-20 09:06:50 ComboFix-quarantined-files.txt 2010-08-20 16:06 Pre-Run: 82,506,977,280 bytes free Post-Run: 82,457,235,456 bytes free - - End Of File - - CEBBEF0CDBC7C29817E3D6BB3F74465B |
|||
|
|
|
20-08-2010, 18:45
Bericht: #6
|
|||
|
|||
|
RE: Can't run HiJackThis as administrator!
Hi,
I actually can't see anything strange here though. Can you tell me what popups you are getting? Do you get them in Firefox or in Internet Explorer, or in both? Can you give an example of a popup? What it says? Also, do you get these popups all the time at random sites? Or only when you visit a certain site? Microsoft MVP - Consumer Security Director of Research @ Malwarebytes AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Preventie---Help! Mijn computer is traag!---Mijn Blog---Volg me op Twitter.
|
|||
|
|
|
20-08-2010, 19:06
Bericht: #7
|
|||
|
|||
|
RE: Can't run HiJackThis as administrator!
They were ads for electronics and stuff. But nothing pops up right now after I rebooted... Hope it is fixed then!
|
|||
|
|
|
21-08-2010, 01:01
Bericht: #8
|
|||
|
|||
|
RE: Can't run HiJackThis as administrator!
Nothing was fixed though, so that's why I am puzzled here. Maybe it was just something still present in your cache previously that was deleted by now..
Microsoft MVP - Consumer Security Director of Research @ Malwarebytes AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Preventie---Help! Mijn computer is traag!---Mijn Blog---Volg me op Twitter.
|
|||
|
|
|
21-08-2010, 20:26
Bericht: #9
|
|||
|
|||
|
RE: Can't run HiJackThis as administrator!
I have no idea.... I'm not very technical I'm afraid! But I haven't seen any pop-ups since yesterday. Thank you so much for the help!!
|
|||
|
|
|
21-08-2010, 20:56
Bericht: #10
|
|||
|
|||
|
RE: Can't run HiJackThis as administrator!
Glad I could help.
 Please read my Prevention page with lots of info and tips how to prevent this in the future. And if you want to improve speed/system performance after malware removal, take a look here. Extra note: Make sure your programs are up to date - because older versions may contain Security Leaks. To find out what programs need to be updated, please run the Secunia Software Inspector Scan. Happy Surfing again! Microsoft MVP - Consumer Security Director of Research @ Malwarebytes AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Preventie---Help! Mijn computer is traag!---Mijn Blog---Volg me op Twitter.
|
|||
|
|
|
|
Gebruikers die deze discussie lezen: 3 gast(en)