• Announcements

    • Andrew Browne

      Support for other products than adaware, ad block and Web Companion

      Support for the following products is handled by the Lavasoft support team: Lavasoft Tuneup Kit Lavasoft PC Optimizer Lavasoft Driver Updater Lavasoft Registry Tuner Lavasoft Privacy Toolbox Lavasoft File Shredder Lavasoft Digital Lock


      For help with these products, contact the support team here: http://www.lavasoft.com/support/supportcenter/

Sign in to follow this  
Followers 0
MKS

BACKDOOR.HACKDOOR

3 posts in this topic

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 9:32:49 PM, on 8/5/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

C:\Program Files\Spyware Doctor\pctsAuxs.exe

C:\Program Files\Spyware Doctor\pctsSvc.exe

C:\Program Files\Spyware Doctor\pctsTray.exe

C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe

C:\Program Files\Philips Photo Manager\FunCam\Philips FunCam Monitor.exe

C:\Program Files\Common Files\supportsoft\bin\sprtlisten.exe

C:\Program Files\Spyware Terminator\sp_rsser.exe

C:\WINDOWS\system32\svchost.exe

C:\PROGRA~1\AVG\AVG8\avgrsx.exe

C:\PROGRA~1\AVG\AVG8\avgemc.exe

C:\WINDOWS\System32\alg.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/

R3 - Default URLSearchHook is missing

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll

O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL

O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL

O3 - Toolbar: &Crawler Toolbar - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll

O4 - HKLM\..\Run: [iSTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"

O4 - HKLM\..\Run: [spywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"

O4 - Global Startup: Philips FunCam Monitor.lnk = C:\Program Files\Philips Photo Manager\FunCam\Philips FunCam Monitor.exe

O8 - Extra context menu item: Crawler Search - tbr:iemenu

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

 

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll

O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll

O20 - AppInit_DLLs: avgrsstx.dll

O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe

O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe

O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

O23 - Service: iPod Service - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe

O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe

O23 - Service: SupportSoft Listener Service (sprtlisten) - SupportSoft, Inc. - C:\Program Files\Common Files\supportsoft\bin\sprtlisten.exe

O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe

O23 - Service: SupportSoft RemoteAssist - SupportSoft, Inc. - C:\Program Files\Common Files\SupportSoft\bin\ssrc.exe

 

--

End of file - 4549 bytes

 

------------------------

21.07.2008 21:57:19: Initialized

21.07.2008 21:57:19: Server type: Free

21.07.2008 21:57:19: Fetching update xml from server

(compressed) https://free.2008.download.lavasoft.com/pub...-aware01.datlzm : Compressed file not found, retrying with uncompressed version

(compressed) https://free.2008.download.lavasoft.com/public/news08.datlzm : Compressed file not found, retrying with uncompressed version

21.07.2008 21:57:23: Updated news file

21.07.2008 21:57:23: Server type: Free

(compressed) https://lavasoft.hs.llnwd.net/public/closedlzm : Compressed file not found, retrying with uncompressed version

* 21.07.2008 21:57:24: Process is running as administrator

21.07.2008 21:57:24: Updating component(s) selected by GUI

21.07.2008 21:57:24: Downloading https://lavasoft.hs.llnwd.net/public/aaw2008/aawserviceexe : (compressed) * (compressed) verification successful, 611664 bytes received

21.07.2008 21:57:27: Downloading https://lavasoft.hs.llnwd.net/public/aaw2008/ceapidll : (compressed) * (compressed) verification successful, 804200 bytes received

21.07.2008 21:57:30: Downloading https://lavasoft.hs.llnwd.net/public/aaw2008/ad-awareexe : (compressed) * (compressed) verification successful, 3158344 bytes received

21.07.2008 21:57:43: Successfully updated dependency 1

21.07.2008 21:57:43: Downloading https://lavasoft.hs.llnwd.net/public/aaw200...aremanual-enchm : (compressed) * (compressed) verification successful, 2146934 bytes received

21.07.2008 21:58:00: Successfully updated dependency 33

21.07.2008 21:58:00: Downloading https://lavasoft.hs.llnwd.net/public/aaw2008/enlslang : (compressed) * (compressed) verification successful, 76887 bytes received

21.07.2008 21:58:00: Successfully updated dependency 35

21.07.2008 21:58:01: Sending terminate event to service aawservice.exe ( aawservice )

21.07.2008 21:58:01: Sending terminate event to Ad-Aware.exe

21.07.2008 21:58:01: Sending terminate event to Ad-Watch.exe

21.07.2008 21:58:01: Successfully installed dependency 1

21.07.2008 21:58:01: Successfully installed dependency 33

21.07.2008 21:58:01: Successfully installed dependency 35

21.07.2008 21:58:03: Restarting service aawservice

 

------------------------

03.08.2008 22:52:05: Initialized

03.08.2008 22:52:05: Server type: Free

03.08.2008 22:52:05: Fetching update xml from server

03.08.2008 22:52:26: Failed connecting to server free.2008.download.lavasoft.com:443

 

------------------------

03.08.2008 22:52:47: Initialized

03.08.2008 22:52:47: Server type: Free

03.08.2008 22:52:47: Fetching update xml from server

03.08.2008 22:53:08: Failed connecting to server free.2008.download.lavasoft.com:443

 

------------------------

03.08.2008 22:53:29: Initialized

03.08.2008 22:53:29: Server type: Free

03.08.2008 22:53:29: Fetching update xml from server

03.08.2008 22:53:50: Failed connecting to server free.2008.download.lavasoft.com:443

 

------------------------

05.08.2008 14:36:37: Initialized

05.08.2008 14:36:37: Server type: Free

05.08.2008 14:36:37: Fetching update xml from server

(compressed) https://free.2008.download.lavasoft.com/pub...-aware01.datlzm : Compressed file not found, retrying with uncompressed version

05.08.2008 14:36:42: Server type: Free

 

------------------------

05.08.2008 14:36:49: Initialized

05.08.2008 14:36:49: Server type: Free

 

------------------------

05.08.2008 14:38:24: Initialized

05.08.2008 14:38:24: Server type: Free

05.08.2008 14:38:25: Server type: Free

 

------------------------

05.08.2008 14:38:35: Initialized

05.08.2008 14:38:35: Server type: Free

Edited by MKS

Share this post


Link to post
Share on other sites

Hi

 

What program alerts about backdoor? Please post a fresh hjt log if you still need help with this.

Share this post


Link to post
Share on other sites

Due to lack of feedback, this topic has been closed.

 

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter.

 

Everyone else please begin a New Topic.

 

Thank You !

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this  
Followers 0