Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Plz Help Me


  • Please log in to reply
1 reply to this topic

#1 erasedworld

erasedworld

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:07:51 PM

Posted 05 November 2006 - 09:16 AM

Logfile of HijackThis v1.99.1
Scan saved at 14:59:08, on

(Moderator edit: log post moved to HJT Forum for team review and member help. jgweed)

2006.11.05.
Platform: Windows XP Szervizcsomag 2

(WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2

(6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common

Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Norton Internet

Security\NISUM.EXE
C:\Program Files\Common

Files\Symantec

Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common

Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Acer\eManager\anbmServ.exe
C:\Program

Files\Symantec\LiveUpdate\ALUSchedule

rSvc.exe
C:\Program Files\Norton Internet

Security\ccPxySvc.exe
C:\Program Files\Norton

AntiVirus\navapsvc.exe
C:\Program Files\Eset\nod32krn.exe
C:\Program

Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program

Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program

Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\acer\epm\epm-dm.exe
C:\PROGRA~1\LAUNCH~1\LManager.exe
C:\Acer\Empowering

Technology\eRecovery\Monitor.exe
C:\Program Files\Common

Files\Symantec Shared\ccApp.exe
C:\Program Files\DAEMON

Tools\daemon.exe
C:\Program Files\Java\jre1.5.0_08

\bin\jusched.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Eset\nod32kui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet

Explorer\iexplore.exe
c:\progra~1\intern~1\iexplore.exe
C:\Program Files\Internet

Explorer\iexplore.exe
C:\Program

Files\BitTorrent\bittorrent.exe
C:\Documents and

Settings\Én\Dokumentumok\hijackthis\H

ijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet

Explorer\Main,Start Page =

http://www.aranysas.hu/
R1 - HKLM\Software\Microsoft\Internet

Explorer\Main,Default_Page_URL =

http://global.acer.com
R0 - HKCU\Software\Microsoft\Internet

Explorer\Toolbar,LinksFolderName =

Hivatkozások
O2 - BHO: AcroIEHlprObj Class -

{06849E9F-C8D7-4D59-B87D-

784B7D6BE0B3} - C:\Program

Files\Adobe\Acrobat 6.0

\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74

-2D53-2644-206D7942484F} -

C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class -

{761497BB-D6F0-462C-B6EB-

D4DAF1D92D43} - C:\Program

Files\Java\jre1.5.0_08\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper

- {9030D464-4C02-4ABF-8ECC-

5164760863C6} - C:\Program

Files\Common Files\Microsoft

Shared\Windows

Live\WindowsLiveLogin.dll
O2 - BHO: NAV Helper - {BDF3E430-

B101-42AD-A544-FADC6B084872} -

C:\Program Files\Norton

AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus -

{42CDD1BF-3FFB-4238-8AD1-

7859DF00B1D6} - C:\Program

Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [SynTPLpr]

C:\Program

Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh]

C:\Program

Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IMJPMIG8.1]

"C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE"

/Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002]

C:\WINDOWS\system32

\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync]

C:\WINDOWS\system32

\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A]

C:\WINDOWS\system32

\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [RemoteControl]

"C:\Program

Files\CyberLink\PowerDVD\PDVDServ.exe

"
O4 - HKLM\..\Run: [SoundMan]

SOUNDMAN.EXE
O4 - HKLM\..\Run: [AGRSMMSG]

AGRSMMSG.exe
O4 - HKLM\..\Run: [EPM-DM]

c:\acer\epm\epm-dm.exe
O4 - HKLM\..\Run: [ePowerManagement]

C:\Acer\ePM\ePM.exe boot
O4 - HKLM\..\Run: [LManager]

C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [eRecoveryService]

C:\Acer\Empowering

Technology\eRecovery\Monitor.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program

Files\Common Files\Symantec

Shared\ccApp.exe"
O4 - HKLM\..\Run: [NeroFilterCheck]

C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [DAEMON Tools]

"C:\Program Files\DAEMON

Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [ccRegVfy]

"C:\Program Files\Common

Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [Symantec NetDriver

Monitor] C:\PROGRA~1\SYMNET~1

\SNDMon.exe /Consumer
O4 - HKLM\..\Run:

[SunJavaUpdateSched] "C:\Program

Files\Java\jre1.5.0_08

\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task]

"C:\Program

Files\QuickTime\qttask.exe" -

atboottime
O4 - HKLM\..\Run: [IgfxTray]

C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds]

C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence]

C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [TestPeakCurbBeep]

C:\Documents and Settings\All

Users\Application Data\Browse Okay

Test Peak\help name.exe
O4 - HKLM\..\Run: [nod32kui]

"C:\Program Files\Eset\nod32kui.exe"

/WAITSERVICE
O4 - HKCU\..\Run: [CTFMON.EXE]

C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr]

"C:\Program Files\MSN

Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Babylon

Translator] C:\Program

Files\Babylon\Babylon.exe
O4 - HKCU\..\Run: [deleteshow]

C:\DOCUME~1\ÉN\APPLIC~1\ACEBIT~1\SURF

SOFTWARE SIZE.exe
O4 - HKCU\..\Run: [BitTorrent]

"C:\Program

Files\BitTorrent\bittorrent.exe" --

force_start_minimized
O9 - Extra button: Messenger -

{FB5F1910-F110-11d2-BB9E-

00C04F795683} - C:\Program

Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows

Messenger - {FB5F1910-F110-11d2-BB9E

-00C04F795683} - C:\Program

Files\Messenger\msmsgs.exe
O16 - DPF: {215B8138-A3CF-44C5-803F-

8226143CFC0A} (Trend Micro ActiveX

Scan Agent 6.6) -

http://housecall65.trendmicro.com/hou

secall/applet/html/native/x86/win32/a

ctivex/hcImpl.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-

5009F29E09E1} (ActiveScan Installer

Class) -

http://acs.pandasoftware.com/activesc

an/as5free/asinst.cab
O18 - Protocol: livecall - {828030A1

-22C1-4009-854F-8E305202313F} -

C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-

22C1-4009-854F-8E305202313F} -

C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: igfxcui -

C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Notebook Manager

Service (anbmService) - OSA

Technologies Inc. -

C:\Acer\eManager\anbmServ.exe
O23 - Service: Automatic LiveUpdate

Scheduler - Symantec Corporation -

C:\Program

Files\Symantec\LiveUpdate\ALUSchedule

rSvc.exe
O23 - Service: Symantec Event Manager

(ccEvtMgr) - Symantec Corporation -

C:\Program Files\Common

Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password

Validation (ccPwdSvc) - Symantec

Corporation - C:\Program Files\Common

Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Proxy Service

(ccPxySvc) - Symantec Corporation -

C:\Program Files\Norton Internet

Security\ccPxySvc.exe
O23 - Service: Symantec Settings

Manager (ccSetMgr) - Symantec

Corporation - C:\Program Files\Common

Files\Symantec Shared\ccSetMgr.exe
O23 - Service: LiveUpdate - Symantec

Corporation - C:\PROGRA~1

\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto

-Protect Service (navapsvc) -

Symantec Corporation - C:\Program

Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Internet

Security Accounts Manager (NISUM) -

Symantec Corporation - C:\Program

Files\Norton Internet

Security\NISUM.EXE
O23 - Service: NOD32 Kernel Service

(NOD32krn) - Eset - C:\Program

Files\Eset\nod32krn.exe
O23 - Service: Norton AntiVirus

Firewall Monitor Service (NPFMntor) -

Symantec Corporation - C:\Program

Files\Norton

AntiVirus\IWP\NPFMntor.exe
O23 - Service: SAVScan - Symantec

Corporation - C:\Program Files\Norton

AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service

(SBService) - Symantec Corporation -

C:\PROGRA~1\COMMON~1\SYMANT~1

\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network

Drivers Service (SNDSrvc) - Symantec

Corporation - C:\Program Files\Common

Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc

(SPBBCSvc) - Symantec Corporation -

C:\Program Files\Common

Files\Symantec

Shared\SPBBC\SPBBCSvc.exe

Edited by jgweed, 05 November 2006 - 11:00 AM.


BC AdBot (Login to Remove)

 


m

#2 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:02:51 PM

Posted 11 November 2006 - 09:29 AM

Hello erasedworld and welcome to the BC HijackThis forum. First let's see if we can get a log that we can read.

We need a complete HijackThis (HJT) log file to be able to analyze what is happening on your computer. Boot normally, start HijackThis and click the Do a system scan and save a log button to perform a scan and create a log file. When the scan is complete, Notepad will open up with the log file in it. While in Notepad, click on the Format menu item. Click on the WordWrap item to remove the checkmark there. Now press Ctrl-A to select all text and then Ctrl-C to copy the text to the clipboard.

POST the log in this thread using the Add Reply button. Click in the data-entry window and press Ctrl-V to paste the log into the window. Add any other comments which you believe might be helpful in our analysis. and click the Add Reply button.

I will review your log when it comes in.


DO NOT MAKE ANY CHANGES OR CLICK "FIX CHECKED" UNTIL I CHECK THE LOG, AS SOME OF THE FILES ARE LEGIT AND VITAL TO THE FUNCTION OF YOUR COMPUTER

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users