PDA

View Full Version : Help-me please...



deltaphillip
2007-08-18, 07:54
not sure of what is but when i click on my mp3player on My Computer, it opens that window that says: choose a program to be used to open G:\" (wth?). Well here is a highjack this log, with some entries that i could not remove, it keeps apearing again:

Logfile of HijackThis v1.99.1
Scan saved at 01:41:06, on 18/8/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\system32\ctfmon.exe
C:\FirefoxPortable\App\firefox\firefox.exe
D:\Documents and Settings\Felipe Villar\Minhas barras de ferramentas\quick\[segurança]\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - (no file)
O2 - BHO: (no name) - {784D8FBC-4165-4D88-90FB-62907ACDD045} - (no file)
O2 - BHO: (no name) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - (no file)
O4 - HKLM\..\Run: [Agent] "D:\Arquivos de programas\CyberLink\PowerVCRII\Agent.exe"
O4 - HKLM\..\Run: [Remote_Agent] "D:\Arquivos de programas\CyberLink\PowerVCRII\RemoteAgent.exe"
O4 - HKLM\..\Run: [SoundVolumeHotkeys.{9547D1C7-4F18-4104-8674-046DCD12BDF9}] C:\Arquivos de programas\Sound Volume Hotkeys\SoundVolumeHotkeys.exe -a
O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [UpdateBiblia] D:\Arquivos de programas\BibliaTools\UpdateBiblia.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://D:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} -
O20 - Winlogon Notify: igfxcui - D:\WINDOWS\
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Avast4\ashServ.exe
O23 - Service: avast! Web Scanner - Unknown owner - C:\Arquivos de programas\Avast4\ashWebSv.exe" /service (file missing)

i ask for help and i dont know what else to do. thanks, God bless ya back.

ken545
2007-08-26, 13:29
Hello deltaphillip

Welcome to Safer Networking.

Please read Before You Post (http://forums.spybot.info/showthread.php?t=288)

We need it to have HJT in its own folder for backup purposes. I would prefer that you delete HJT from where you have it installed and re install it like this

Download and install Trendmicros Hijackthis (http://www.trendsecure.com/portal/en-US/threat_analytics/hijackthis.php?page=download)

Download the Trendmicro Hijackthis Installer, follow defauts and it will install in C:\Program Files\Trendmicro\Hijackthis and this is exactly where we want it to be.


Open HJT Scan and Save a Log File, it will open in Notepad
Go to Format and make sure Wordwrap is Unchecked
Go to Edit> Select All.....Edit > Copy and Paste the new log into this thread by using the Post Reply and not start a New Thread.

DO NOT have HijackThis fix anything yet. Most of what it finds will be harmless or even required.

If your log looks ok then I can direct you to some windows support sites as this forum is for malware removal only

tashi
2007-09-03, 21:42
This topic has been moved to archives.

If you need the thread re-opened, please send me a private message (pm) and provide a link.

Applies only to the original poster, anyone else with similar problems please start your own topic.