Jump to content


Photo

help removing malware


  • Please log in to reply
1 reply to this topic

#1 mikpede

mikpede

    Member

  • Full Member
  • Pip
  • 3 posts

Posted 25 May 2007 - 12:12 PM

my computer is acting strange and uses a lot bandwidth on internet,
heres my hijack this log:

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 19:12:30, on 25.05.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programfiler\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Programfiler\Raxco\PerfectDisk\PDAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Programfiler\Webroot\Spy Sweeper\SpySweeper.exe
C:\Programfiler\Raxco\PerfectDisk\PDEngine.exe
C:\Programfiler\iPod\bin\iPodService.exe
C:\Programfiler\MSN Messenger\usnsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\nvraidservice.exe
C:\Programfiler\Java\jre1.6.0_01\bin\jusched.exe
C:\Programfiler\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Programfiler\Mozilla Firefox\firefox.exe
C:\Documents and Settings\kim pedersen\Skrivebord\HiJackThis_v2.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Fellesfiler\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {11E7F410-45F4-6971-AB4E-6CE34CEAA8EA} - (no file)
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Programfiler\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Programfiler\Siber Systems\AI RoboForm\roboform.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NVRaidService] C:\WINDOWS\system32\nvraidservice.exe
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programfiler\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Programfiler\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programfiler\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Programfiler\Adobe\Photoshop Elements 5.0\apdproxy.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SpySweeper] "C:\Programfiler\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKCU\..\Run: [ÁTorrent] "C:\Programfiler\uTorrent\utorrent.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programfiler\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [RoboForm] "C:\Programfiler\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programfiler\Fellesfiler\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Programfiler\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [Cwca] "C:\DOCUME~1\KIMPED~1\MINEDO~1\DOBE~1\dllhost.exe" -vt yazb
O4 - HKCU\..\Run: [Rainlendar2] C:\Programfiler\Rainlendar2\Rainlendar2.exe
O4 - HKCU\..\Run: [eMuleAutoStart] C:\Programfiler\eMule\emule.exe -AutoStart
O4 - HKCU\..\Policies\Explorer\Run: [{68377F2F-07D9-1044-1120-04080405002f}] "C:\Programfiler\Fellesfiler\{68377F2F-07D9-1044-1120-04080405002f}\Update.exe" mc-110-12-0002397
O4 - HKUS\S-1-5-18\..\Policies\Explorer\Run: [{68377F2F-07DA-1044-1120-04080405002f}] "C:\Programfiler\Fellesfiler\{68377F2F-07DA-1044-1120-04080405002f}\Update.exe" mc-110-12-0002397 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Policies\Explorer\Run: [{68377F2F-07DA-1044-1120-04080405002f}] "C:\Programfiler\Fellesfiler\{68377F2F-07DA-1044-1120-04080405002f}\Update.exe" mc-110-12-0002397 (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programfiler\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Programfiler\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Fyll Skjema - file://C:\Programfiler\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: Lagre Skjema - file://C:\Programfiler\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O8 - Extra context menu item: RoboForm Verkt°ylinje - file://C:\Programfiler\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Tilpass Meny - file://C:\Programfiler\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Fyll ut skjemaer - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Programfiler\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fyll Skjema - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Programfiler\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Lagre - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Programfiler\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Lagre Skjema - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Programfiler\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Programfiler\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Verkt°ylinje - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Programfiler\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe
O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - C:\Programfiler\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Programfiler\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PDAgent - Raxco Software, Inc. - C:\Programfiler\Raxco\PerfectDisk\PDAgent.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Programfiler\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Programfiler\Webroot\Spy Sweeper\SpySweeper.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Programfiler\RealVNC\VNC4\WinVNC4.exe

--
End of file - 7311 bytes

#2 SWI Support Robot

SWI Support Robot

    Helper robot

  • SWI Bot
  • PipPipPipPipPip
  • 23,523 posts

Posted 28 May 2007 - 06:30 AM

Welcome to SWI. We apologize for the delay; our helpers have been very busy.
If you have not received help after 3 days, please CLICK HERE, and post a link to your log and the date it was originally posted.

Thank you for your patience.

[this is an automated reply]
This is an automated message. It does not count as help.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button