Page 1 of 2 12 LastLast
Results 1 to 10 of 19

Thread: C:\ Opens At Windows Startup.

  1. February 11th, 2005, 03:25 #1
    Jale
    Jale is offline
    Say wha??? Jale's Avatar
    Join Date
    Nov 2004
    Location
    Santiago, Chile
    Age
    34
    Posts
    6,448

    Question C:\ Opens At Windows Startup.

    I checked everything... the startup folder... etc.
    When I googled it, I came with a program called HijackThis to check what's going on. I don't know anything about this tool, so I made a log of the scan and post here:

    Spoiler »

    Logfile of HijackThis v1.99.0
    Scan saved at 10:16:51 p.m., on 10/02/2005
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Archivos de programa\Archivos comunes\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINDOWS\Explorer.EXE
    C:\Archivos de programa\Java\jre1.5.0\bin\jusched.exe
    C:\Archivos de programa\QuickTime\qttask.exe
    C:\Archivos de programa\ICQLite\ICQLite.exe
    C:\WINDOWS\System32\SxgTkBar.exe
    C:\Archivos de programa\Shareaza\Shareaza.exe
    C:\Archivos de programa\MSN Messenger\msnmsgr.exe
    c:\archiv~1\intern~1\iexplore.exe
    C:\Archivos de programa\Corel\Graphics9\Register\Remind32.exe
    C:\Archivos de programa\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe
    C:\Archivos de programa\Internet Explorer\iexplore.exe
    C:\Archivos de programa\Mozilla Firefox\firefox.exe
    C:\Documents and Settings\Javier\Escritorio\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Archivos de programa\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: Shareaza Web Download Hook - {0EEDB912-C5FA-486F-8334-57288578C627} - C:\Archivos de programa\Shareaza\Plugins\RazaWebHook.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARCHIV~1\SPYBOT~1\SDHelper.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O4 - HKLM\..\Run: [VTPreset] VTPreset.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Archivos de programa\Java\jre1.5.0\bin\jusched.exe
    O4 - HKLM\..\Run: [KAVPersonal50] C:\Archivos de programa\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe /minimize
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Archivos de programa\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [ICQ Lite] C:\Archivos de programa\ICQLite\ICQLite.exe -minimize
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [SxgTkBar] SxgTkBar.exe
    O4 - HKLM\..\Run: [start axis type the] C:\Documents and Settings\All Users\Datos de programa\teampilestartaxis\SizeEnc.exe
    O4 - HKCU\..\Run: [Shareaza] "C:\Archivos de programa\Shareaza\Shareaza.exe" -tray
    O4 - HKCU\..\Run: [Pollchic] C:\DOCUME~1\Javier\DATOSD~1\4WINRU~1\amenopen.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\Archivos de programa\MSN Messenger\msnmsgr.exe" /background
    O4 - Startup: Corel Registration.lnk = C:\Archivos de programa\Corel\Graphics9\Register\Remind32.exe
    O8 - Extra context menu item: Download with &Shareaza - res://C:\Archivos de programa\Shareaza\Plugins\RazaWebHook.dll/3000
    O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\ARCHIV~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Archivos de programa\Java\jre1.5.0\bin\npjpi150.dll
    O9 - Extra 'Tools' menuitem: Consola de Sun Java - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Archivos de programa\Java\jre1.5.0\bin\npjpi150.dll
    O9 - Extra button: Referencia - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARCHIV~1\MICROS~3\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Investigador - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Archivos de programa\Archivos comunes\Microsoft Shared\Encarta Researcher\EROPROJ.DLL
    O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Archivos de programa\Archivos comunes\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
    O9 - Extra button: ICQ 4.1 - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Archivos de programa\ICQLite\ICQLite.exe
    O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Archivos de programa\ICQLite\ICQLite.exe
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10...o.cab33902.cab
    O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
    O23 - Service: Servicio del administrador de discos lógicos - Unknown - C:\WINDOWS\System32\dmadmin.exe
    O23 - Service: Registro de sucesos - Unknown - C:\WINDOWS\system32\services.exe
    O23 - Service: Servicio COM de grabación de CD de IMAPI - Unknown - C:\WINDOWS\System32\imapi.exe
    O23 - Service: kavsvc - Kaspersky Lab - C:\Archivos de programa\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe
    O23 - Service: Escritorio remoto compartido de NetMeeting - Unknown - C:\WINDOWS\System32\mnmsrvc.exe
    O23 - Service: DDE de red - Unknown - C:\WINDOWS\system32\netdde.exe
    O23 - Service: DSDM de DDE de red - Unknown - C:\WINDOWS\system32\netdde.exe
    O23 - Service: Plug and Play - Unknown - C:\WINDOWS\system32\services.exe
    O23 - Service: Administrador de sesión de Ayuda de escritorio remoto - Unknown - C:\WINDOWS\system32\sessmgr.exe
    O23 - Service: Sistema de ayuda de tarjeta inteligente - Unknown - C:\WINDOWS\System32\SCardSvr.exe
    O23 - Service: Tarjeta inteligente - Unknown - C:\WINDOWS\System32\SCardSvr.exe
    O23 - Service: Registros y alertas de rendimiento - Unknown - C:\WINDOWS\system32\smlogsvc.exe
    O23 - Service: Instantáneas de volumen - Unknown - C:\WINDOWS\System32\vssvc.exe
    O23 - Service: Adaptador de rendimiento de WMI - Unknown - C:\WINDOWS\System32\wbem\wmiapsrv.exe

    Which entries should I delete?
    Reply With Quote Reply With Quote
  2. February 11th, 2005, 04:13 #2
    onewecallgod
    onewecallgod is offline
    Crazed Poster
    Join Date
    Sep 2003
    Location
    USA
    Age
    32
    Posts
    1,796

    Default

    just download spybot and adaware, update them, then boot in safemode and scan there.
    I hate all of you, especially donkeyknob.
    Reply With Quote Reply With Quote
  3. February 11th, 2005, 04:15 #3
    Fable
    Fable is offline
    Urban Ninja Fable's Avatar
    Join Date
    Jan 2005
    Posts
    743

    Default

    yep, try the microsoft beta too.

    Reply With Quote Reply With Quote
  4. February 11th, 2005, 09:38 #4
    Robert
    Robert is offline
    Member
    Join Date
    Oct 2004
    Location
    Land of Oz
    Posts
    600

    Default

    You got a whole heap of stuff there, unfortunately I don't have XP so cannot advise. Personally I would get rid of the stuff I haven't heard of which is most of it.
    Reply With Quote Reply With Quote
  5. February 11th, 2005, 14:23 #5
    Jale
    Jale is offline
    Say wha??? Jale's Avatar
    Join Date
    Nov 2004
    Location
    Santiago, Chile
    Age
    34
    Posts
    6,448

    Default

    Problem solved! It was a Trojan
    Reply With Quote Reply With Quote
  6. February 11th, 2005, 14:44 #6
    Zach
    Zach is offline
    Crazy Frog
    Join Date
    Sep 2003
    Age
    38
    Posts
    3,065

    Default

    Bet you it came from a no-cd crack
    Reply With Quote Reply With Quote
  7. February 11th, 2005, 14:54 #7
    Jale
    Jale is offline
    Say wha??? Jale's Avatar
    Join Date
    Nov 2004
    Location
    Santiago, Chile
    Age
    34
    Posts
    6,448

    Default

    Umm... no. It doesn't. It was in some strange program called MPEG... ugh... I can't remember. I told Fable...
    Last edited by Jale; February 11th, 2005 at 14:57.
    Reply With Quote Reply With Quote
  8. February 12th, 2005, 04:44 #8
    Robert
    Robert is offline
    Member
    Join Date
    Oct 2004
    Location
    Land of Oz
    Posts
    600

    Default

    First time I've seen you lost for words
    Reply With Quote Reply With Quote
  9. February 12th, 2005, 07:36 #9
    Fable
    Fable is offline
    Urban Ninja Fable's Avatar
    Join Date
    Jan 2005
    Posts
    743

    Default

    lol brain dead.....

    Reply With Quote Reply With Quote
  10. February 12th, 2005, 15:05 #10
    Jale
    Jale is offline
    Say wha??? Jale's Avatar
    Join Date
    Nov 2004
    Location
    Santiago, Chile
    Age
    34
    Posts
    6,448

    Default

    Quote Originally Posted by Robert
    First time I've seen you lost for words
    You must have seen me the first time I entered here...
    Reply With Quote Reply With Quote
« Previous Thread | Next Thread »

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules