1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Pretty sure I'm infected

Discussion in 'Virus & Other Malware Removal' started by giovannicosta, Nov 10, 2007.

Thread Status:
Not open for further replies.
  1. giovannicosta

    giovannicosta Thread Starter

    Joined:
    Aug 24, 2006
    Messages:
    1,264
    I had Search and destroy and an annoying winsock32.exe thing came up, I blocked and it kept on trying to add itself, so heres my log, thanks:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 12:52:51, on 10/11/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Programas\Avira\AntiVir PersonalEdition Classic\avguard.exe
    C:\WINDOWS\explorers\1\explorer.exe
    C:\Programas\IObit\IObit SmartDefrag\IObit SmartDefrag.exe
    C:\Programas\Comodo\Firewall\CPF.exe
    C:\WINDOWS\system32\LVCOMSX.EXE
    C:\Programas\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    C:\Programas\iTunes\iTunesHelper.exe
    C:\Programas\SlySoft\Game Jackal\GameJackal.exe
    C:\WINDOWS\system32\winsock32.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Programas\Copernic Desktop Search 2\DesktopSearchService.exe
    C:\Programas\BitTorrent_DNA\dna.exe
    C:\Programas\PhanTim3\PhanTim3.exe
    C:\Programas\Kontiki\KHost.exe
    C:\Programas\Idle Monitor\IdleMon.exe
    C:\Programas\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\Programas\Ficheiros comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Programas\Comodo\Firewall\cmdagent.exe
    C:\Programas\Kontiki\KService.exe
    C:\WINDOWS\system32\lxctcoms.exe
    C:\Programas\ConsumerChoices.co.uk\Broadband Download Monitor\bdm.exe
    C:\Programas\Mozilla Firefox\firefox.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Programas\TimeLeft3\TimeLeft.exe
    C:\Programas\iPod\bin\iPodService.exe
    C:\Programas\Avira\AntiVir PersonalEdition Classic\avscan.exe
    C:\WINDOWS\system32\msiexec.exe
    C:\WINDOWS\system32\msiexec.exe
    C:\WINDOWS\system32\MsiExec.exe
    C:\WINDOWS\system32\MsiExec.exe
    C:\Documents and Settings\Gio\Ambiente de trabalho\HiJackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tempscript.com/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hiperligações
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programas\Yahoo!\Companion\Installs\cpn\yt.dll
    F2 - REG:system.ini: Shell=C:\WINDOWS\explorers\1\explorer.exe
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programas\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programas\Java\jre1.6.0_02\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programas\Ficheiros comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programas\Yahoo!\Companion\Installs\cpn\yt.dll
    O3 - Toolbar: Copernic Desktop Search 2 - {968631B6-4729-440D-9BF4-251F5593EC9A} - C:\Programas\Copernic Desktop Search 2\DesktopSearchBand201013011.dll
    O4 - HKLM\..\Run: [LXCTCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCTtime.dll,[email protected]
    O4 - HKLM\..\Run: [SmartDefrag] "C:\Programas\IObit\IObit SmartDefrag\IObit SmartDefrag.exe" /startup
    O4 - HKLM\..\Run: [Shutter] C:\Programas\Shutter\Shutter.exe
    O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Programas\Comodo\Firewall\CPF.exe" /background
    O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
    O4 - HKLM\..\Run: [avgnt] "C:\Programas\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Programas\K-Lite Codec Pack\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Programas\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [Maplom] C:\Programas\SlySoft\Game Jackal\GameJackal.exe /silent
    O4 - HKLM\..\Run: [] winsock32.exe
    O4 - HKLM\..\RunServices: [] winsock32.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programas\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKCU\..\Run: [Copernic Desktop Search 2] "C:\Programas\Copernic Desktop Search 2\DesktopSearchService.exe" /tray
    O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Programas\BitTorrent_DNA\dna.exe"
    O4 - HKCU\..\Run: [PhanTim32] "C:\Programas\PhanTim3\PhanTim3.exe" 2
    O4 - HKCU\..\Run: [kdx] C:\Programas\Kontiki\KHost.exe -all
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIÇO LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Serviço de rede')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Startup: Atalho para Break Reminder.lnk = C:\Programas\Break Reminder 3\Break Reminder.exe
    O4 - Startup: Desktop Download Monitor.lnk = ?
    O4 - Startup: Internet.lnk = ?
    O4 - Startup: TimeLeft.lnk = C:\Programas\TimeLeft3\TimeLeft.exe
    O4 - Global Startup: Idle Monitor.lnk = C:\Programas\Idle Monitor\IdleMon.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programas\Java\jre1.6.0_02\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programas\Java\jre1.6.0_02\bin\ssv.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe
    O14 - IERESET.INF: START_PAGE_URL=http://www.google.com
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Programas\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1187953453390
    O23 - Service: Adobe LM Service - Unknown owner - C:\Programas\Ficheiros comuns\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programas\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Programas\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programas\Ficheiros comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Programas\Comodo\Firewall\cmdagent.exe
    O23 - Service: Elbyermraafs - Elaborate Bytes AG - (no file)
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programas\Ficheiros comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Imapi Helper - Alex Feinman - C:\Programas\Alex Feinman\ISO Recorder\ImapiHelper.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Programas\iPod\bin\iPodService.exe
    O23 - Service: KService - Kontiki Inc. - C:\Programas\Kontiki\KService.exe
    O23 - Service: lxct_device - - C:\WINDOWS\system32\lxctcoms.exe
    O24 - Desktop Component 1: (no name) - http://countdown.onlineclock.net/

    --
    End of file - 8232 bytes
     
  2. giovannicosta

    giovannicosta Thread Starter

    Joined:
    Aug 24, 2006
    Messages:
    1,264
    I just deleted the:

    O4 - HKLM\..\Run: [] winsock32.exe
    O4 - HKLM\..\RunServices: [] winsock32.exe

    Anything else I should do?
     
  3. giovannicosta

    giovannicosta Thread Starter

    Joined:
    Aug 24, 2006
    Messages:
    1,264
    no answer yet?
     
As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Similar Threads - Pretty sure infected
  1. Oxobius
    Replies:
    0
    Views:
    321
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/650107

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice