Hijack

[xonkie]

Can someone please inform me how to originate a hijack file for puroses of investigation purposes as to whether there is a virus on my PC or not.

 

Thanks

[Guest kawabata]

Logfile of IObit HijackScan v1.0.2.0

Scan saved at 10:32:27, on 2011-4-17

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccSvcHst.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Symantec\LiveUpdate\AluSchedulerSvc.exe

C:\Arquivos de programas\Arquivos comuns\LightScribe\LSSrvc.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Steam\Steam.exe

C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe

C:\Arquivos de programas\SRS Labs\Audio Sandbox\SRSSSC.exe

C:\WINDOWS\system32\wdfmgr.exe

C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexStoreSvr.exe

C:\WINDOWS\System32\alg.exe

C:\ARQUIV~1\ARQUIV~1\SYMANT~1\CCPD-LC\symlcsvc.exe

C:\Arquivos de programas\IObit\Advanced SystemCare 3\AWC.exe

C:\Arquivos de programas\IObit\IObit Security 360\is360.exe

C:\Arquivos de programas\IObit\IObit Security 360\IS360tray.exe

C:\Arquivos de programas\IObit\IObit Security 360\IS360srv.exe

C:\Arquivos de programas\Application Updater\ApplicationUpdater.exe

C:\Arquivos de programas\Arquivos comuns\Spigot\Search Settings\SearchSettings.exe

C:\Documents and Settings\Érik H dos S Kawabat\Meus documentos\Downloads\EasyAntiCheat.exe

C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccSvcHst.exe

C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

C:\Arquivos de programas\Windows Live\Contacts\wlcomm.exe

C:\Documents and Settings\Érik H dos S Kawabat\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Érik H dos S Kawabat\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Érik H dos S Kawabat\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe

C:\Arquivos de programas\IObit\IObit Security 360\a_hijackscan.exe

C:\Documents and Settings\Érik H dos S Kawabat\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Érik H dos S Kawabat\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Érik H dos S Kawabat\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe

 

O2 - BHO: IObit Toolbar - {0BDA0769-FD72-49F4-9266-E1FB004F4D8F} - C:\Arquivos de programas\IObit Toolbar\IE\4.3\iobitToolbarIE.dll

O2 - BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Messenger Plus BR Toolbar - {1d80d668-2160-46a2-b3a7-e166795b0b28} - C:\Arquivos de programas\Messenger_Plus_BR\prxtbMess.dll

O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Arquivos de programas\ConduitEngine\prxConduitEngine.dll

O2 - BHO: Unknown - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\coShared\Browser\2.5\coIEPlg.dll

O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\ARQUIV~1\ARQUIV~1\SYMANT~1\IDS\IPSBHO.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\coShared\Browser\2.5\CoIEPlg.dll

O3 - Toolbar: IObit Toolbar - {0BDA0769-FD72-49F4-9266-E1FB004F4D8F} - C:\Arquivos de programas\IObit Toolbar\IE\4.3\iobitToolbarIE.dll

O3 - Toolbar: Messenger Plus BR Toolbar - {1d80d668-2160-46a2-b3a7-e166795b0b28} - C:\Arquivos de programas\Messenger_Plus_BR\prxtbMess.dll

O3 - Toolbar: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Arquivos de programas\ConduitEngine\prxConduitEngine.dll

O4 - HKCU|\Software\Microsoft\Windows\CurrentVersion\Run\: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU|\Software\Microsoft\Windows\CurrentVersion\Run\: [steam] "C:\Arquivos de programas\Steam\steam.exe" -silent

O4 - HKCU|\Software\Microsoft\Windows\CurrentVersion\Run\: [sRS Audio Sandbox] "C:\Arquivos de programas\SRS Labs\Audio Sandbox\SRSSSC.exe" /hideme

O4 - HKLM|\Software\Microsoft\Windows\CurrentVersion\Run\: [Alcmtr] ALCMTR.EXE

O4 - HKLM|\Software\Microsoft\Windows\CurrentVersion\Run\: [osCheck] "C:\Arquivos de programas\Norton Internet Security\osCheck.exe"

O4 - HKLM|\Software\Microsoft\Windows\CurrentVersion\Run\: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM|\Software\Microsoft\Windows\CurrentVersion\Run\: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM|\Software\Microsoft\Windows\CurrentVersion\Run\: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto

O4 - HKLM|\Software\Microsoft\Windows\CurrentVersion\Run\: [iObit Security 360] "C:\Arquivos de programas\IObit\IObit Security 360\IS360tray.exe" /autostart

O9 - Extra button: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F}SysReqLabNVD.Detection.1 - http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab

O23 - Service: Automatic LiveUpdate Scheduler (Automatic LiveUpdate Scheduler) - Symantec Corporation - C:\Arquivos de programas\Symantec\LiveUpdate\AluSchedulerSvc.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccSvcHst.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccSvcHst.exe

O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccSvcHst.exe

O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\VAScanner\comHost.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Arquivos de programas\Arquivos comuns\LightScribe\LSSrvc.exe

O23 - Service: LiveUpdate (LiveUpdate) - Symantec Corporation - C:\Arquivos de programas\Symantec\LiveUpdate\LuComServer_3_4.EXE

O23 - Service: LiveUpdate Notice (LiveUpdate Notice) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccSvcHst.exe

O23 - Service: NBService (NBService) - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Symantec Core LC (Symantec Core LC) - Unknown - C:\ARQUIV~1\ARQUIV~1\SYMANT~1\CCPD-LC\symlcsvc.exe

O23 - Service: IS360service (IS360service) - IObit - C:\Arquivos de programas\IObit\IObit Security 360\IS360srv.exe

O23 - Service: Application Updater (Application Updater) - Spigot, Inc. - C:\Arquivos de programas\Application Updater\ApplicationUpdater.exe