Jump to content


Photo

Help needed with infected PC


  • Please log in to reply
1 reply to this topic

#1 apfred

apfred

    Member

  • New Member
  • Pip
  • 1 posts

Posted 15 July 2004 - 12:52 PM

This is my report from HIJACKTHIS-file. Please help me to get rid of my problems. I have tried several times:

Logfile of HijackThis v1.97.3
Scan saved at 11:15:46, on 08.07.2004
Platform: Windows 2000 SP2 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\csrss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\CTsvcCDA.EXE
C:\Programfiler\Norton SystemWorks\Norton Ghost\GhostStartService.exe
C:\Programfiler\Intel\LDCM\bin\IIDS.exe
C:\WINNT\system32\cba\pds.exe
C:\Programfiler\Intel\LDCM\bin\ssm.exe
C:\WINNT\System32\mgabg.exe
C:\Programfiler\NetOp School\TEACHER\NHOSTSVC.EXE
C:\Norman\NVC\BIN\Zanda.exe
C:\Programfiler\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\WINNT\System32\nvsvc32.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\mspmspsv.exe
C:\WINNT\system32\atllk32.exe
C:\WINNT\system32\cba\xfr.exe
C:\WINNT\system32\MsgSys.EXE
C:\NORMAN\nvc\BIN\nvcoas.exe
C:\NORMAN\nvc\BIN\NVCSCHED.EXE
C:\NORMAN\Nvc\BIN\nipsvc.exe
C:\NORMAN\nvc\BIN\NJEEVES.EXE
C:\WINNT\Explorer.EXE
C:\Programfiler\Microsoft Hardware\Keyboard\type32.exe
C:\WINNT\System32\TrayIcon.exe
C:\Programfiler\Intel\LDCM\Bin\USM.exe
C:\WINNT\Mixer.exe
C:\WINNT\System32\NILaunch.exe
C:\Programfiler\Fellesfiler\Logitech\QCDriver\LVCOMS.EXE
C:\NORMAN\Nvc\BIN\ZLH.EXE
C:\WINNT\System32\PDesk\PDesk.exe
C:\Programfiler\Fellesfiler\Real\Update_OB\realsched.exe
C:\NORMAN\Nvc\BIN\NYMSE.EXE
C:\NORMAN\Nvc\BIN\cclaw.exe
C:\NORMAN\Nvc\BIN\NIP.EXE
C:\Programfiler\Creative\ShareDLL\CtNotify.exe
C:\PROGRA~1\FELLES~1\XCPCSync\TRANSL~1\ErPhn2\ErTray.exe
C:\WINNT\loadqm.exe
C:\Programfiler\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Programfiler\Creative\ShareDLL\MediaDet.Exe
C:\Programfiler\Telenor Plus\Forbruksmåler\Forbruksmåler.exe
C:\WINNT\system32\appjl.exe
C:\Programfiler\QuickTime\qttask.exe
C:\WINNT\System32\internat.exe
C:\Programfiler\Microsoft ActiveSync\WCESCOMM.EXE
C:\Programfiler\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Programfiler\OLYMPUS\CAMEDIA Master 4.1\CM_camera.exe
C:\Programfiler\lotus\organize\easyclip.exe
C:\Documents and Settings\Arne\Divere og dokumentasjon\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINNT\system32\vbyjs.dll/sp.html#12802
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://vbyjs.dll/index.html#12802
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.startsiden.no
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = res://vbyjs.dll/index.html#12802
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINNT\system32\vbyjs.dll/sp.html#12802
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://vbyjs.dll/index.html#12802
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINNT\system32\vbyjs.dll/sp.html#12802
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {A226A0DD-6A2C-678A-5DD4-EDA75DCB52B3} - C:\WINNT\system32\mson.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [IntelliType] "C:\Programfiler\Microsoft Hardware\Keyboard\type32.exe"
O4 - HKLM\..\Run: [DisplayTrayIcon] C:\WINNT\System32\TrayIcon.exe
O4 - HKLM\..\Run: [User Space Manager] C:\Programfiler\Intel\LDCM\Bin\USM.exe
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [Net-It Launcher] C:\WINNT\System32\NILaunch.exe
O4 - HKLM\..\Run: [LVCOMS] C:\Programfiler\Fellesfiler\Logitech\QCDriver\LVCOMS.EXE
O4 - HKLM\..\Run: [Norman ZANDA] C:\NORMAN\Nvc\BIN\ZLH.EXE /LOAD /SPLASH
O4 - HKLM\..\Run: [Matrox Powerdesk] C:\WINNT\System32\PDesk\PDesk.exe /Autolaunch
O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
O4 - HKLM\..\Run: [TkBellExe] "C:\Programfiler\Fellesfiler\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\System32\NeroCheck.exe
O4 - HKLM\..\Run: [Disc Detector] C:\Programfiler\Creative\ShareDLL\CtNotify.exe
O4 - HKLM\..\Run: [XTNDConnect PC - ErPhn2] C:\PROGRA~1\FELLES~1\XCPCSync\TRANSL~1\ErPhn2\ErTray.exe
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [MMTray] C:\Programfiler\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [start_forbruksmåler] C:\Programfiler\Telenor Plus\Forbruksmåler\Forbruksmåler.exe C:\Programfiler\Telenor Plus\Forbruksmåler
O4 - HKLM\..\Run: [appjl.exe] C:\WINNT\system32\appjl.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Programfiler\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - Startup: Lotus Hurtigstart.lnk = C:\Programfiler\lotus\wordpro\ltsstart.exe
O4 - Startup: Lotus Organizer EasyClip.lnk = C:\Programfiler\lotus\organize\easyclip.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Programfiler\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: CAMEDIA Master.lnk = C:\Programfiler\OLYMPUS\CAMEDIA Master 4.1\CM_camera.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programfiler\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com...ex/qtplugin.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://active.macrom...abs/swflash.cab

#2 808chick

808chick

    SWI Junkie

  • Retired Staff - Helper
  • PipPipPipPip
  • 262 posts

Posted 18 July 2004 - 03:09 AM

Hey apfred,
If you still need help with this problem, please post a new log here.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button