achovd Posted July 20, 2009 Report Share Posted July 20, 2009 Hijack logLogfile of Trend Micro HijackThis v2.0.2Scan saved at 23:00:48, on 20.7.2009 г.Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Unable to get Internet Explorer version!Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\RTHDCPL.EXEC:\Program Files\ESET\ESET NOD32 Antivirus\egui.exeC:\Program Files\Java\jre6\bin\jusched.exeC:\Program Files\Multimedia Keyboard Driver\M-KbdDrv.exeC:\Program Files\DAEMON Tools Lite\daemon.exeC:\Program Files\Skype\Phone\Skype.exeC:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exeC:\Program Files\Skype\Phone\Skype.exeC:\WINDOWS\system32\taskmgr.exeC:\Documents and Settings\Administrator\Desktop\HiJackThis.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - Default URLSearchHook is missingO2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dllO2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dllO4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXEO4 - HKLM\..\Run: [skyTel] SkyTel.EXEO4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXEO4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitserviceO4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"O4 - HKLM\..\Run: [MutlimediaKbdDriver] C:\Program Files\Multimedia Keyboard Driver\M-KbdDrv.exeO4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorunO4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXEO4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User '?')O4 - HKUS\S-1-5-19\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User '?')O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User '?')O4 - HKUS\S-1-5-21-2000478354-1993962763-725345543-500\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe" (User '?')O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User '?')O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')O4 - Global Startup: SkypeLauncher.exe.lnk = ?O4 - Global Startup: Vidaoptics.lnk = ?O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions presentO6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions presentO6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Toolbars\Restrictions presentO13 - DefaultPrefix: O13 - WWW Prefix: O13 - Home Prefix: O13 - Mosaic Prefix: O13 - FTP Prefix: O13 - Gopher Prefix: O17 - HKLM\System\CCS\Services\Tcpip\..\{4543114F-C2F3-493B-B8AA-AEA303FE8F28}: NameServer = 89.106.106.2 89.106.106.8O17 - HKLM\System\CS1\Services\Tcpip\..\{4543114F-C2F3-493B-B8AA-AEA303FE8F28}: NameServer = 89.106.106.2 89.106.106.8O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exeO23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exeO23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exeO23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exeO23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exeO23 - Service: Eset Nod32 Boot (NOD32FiXTemDono) - Unknown owner - C:\WINDOWS\system32\regedt32.exe (file missing)--End of file - 4034 bytesProcess Exp logProcess PID CPU Description Company NameSystem Idle Process 0 68.18 Interrupts n/a 1.52 Hardware Interrupts DPCs n/a 4.55 Deferred Procedure Calls System 4 3.03 smss.exe 308 Windows NT Session Manager Microsoft Corporation csrss.exe 364 Client Server Runtime Process Microsoft Corporation winlogon.exe 392 Windows NT Logon Application Microsoft Corporation services.exe 436 Services and Controller app Microsoft Corporation ati2evxx.exe 572 ATI External Event Utility EXE Module ATI Technologies Inc. svchost.exe 612 Generic Host Process for Win32 Services Microsoft Corporation svchost.exe 668 Generic Host Process for Win32 Services Microsoft Corporation svchost.exe 708 Generic Host Process for Win32 Services Microsoft Corporation svchost.exe 780 Generic Host Process for Win32 Services Microsoft Corporation svchost.exe 856 Generic Host Process for Win32 Services Microsoft Corporation ekrn.exe 1332 1.52 Eset Service ESET lsass.exe 448 LSA Shell (Export Version) Microsoft Corporation ati2evxx.exe 736 ATI External Event Utility EXE Module ATI Technologies Inc.explorer.exe 972 1.52 Windows Explorer Microsoft Corporation RTHDCPL.exe 1112 Realtek HD Audio Control Panel Realtek Semiconductor Corp. egui.exe 1136 Eset GUI ESET jusched.exe 1144 Java Platform SE binary Sun Microsystems, Inc. M-KbdDrv.exe 1152 KbdDrv MFC Application daemon.exe 1172 DAEMON Tools Lite DT Soft Ltd firefox.exe 1612 3.03 Firefox Mozilla Corporation opera.exe 764 Opera Internet Browser Opera Software procexp.exe 956 6.06 Sysinternals Process Explorer Sysinternals - www.sysinternals.comSkype.exe 1320 10.61 Skype Skype Technologies S.A.Skype.exe 1836 Skype Skype Technologies S.A.uTorrent.exe 940 µTorrent BitTorrent, Inc.Unfortunately,i've done this logs a few time after the crashes.it was reproducible,but now it is not.I don't see any Crashdump.I hope I helped.P.S. Utorrent was not crashing,it just stoped to respond and I had to close it with task manager. Link to comment Share on other sites More sharing options...
GTHK Posted July 20, 2009 Report Share Posted July 20, 2009 Missing the DLL portion of the PE log. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.