Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Trojans... need help [CLOSED]


  • This topic is locked This topic is locked

#1
kardo

kardo

    Member

  • Member
  • PipPip
  • 11 posts
Hi!

I need help with a computer. The antivirus program failed or something and it got effected with many trojans an few worms. Norton wouldent work no more so i installed Antivir and I ran a full system scan. There was about 30 problems and I deleted all. Please help me.

Here is the logfile:

Logfile of HijackThis v1.99.1
Scan saved at 13:27:10, on 7.4.2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\AVPersonal\AVGUARD.EXE
D:\Program Files\AVPersonal\AVWUPSRV.EXE
D:\Program Files\QuickTime\qttask.exe
C:\m2.exe
C:\Syste.exe
D:\WINDOWS\xkmtwp.exe
D:\Program Files\AVPersonal\AVGNT.EXE
D:\WINDOWS\system32\ctfmon.exe
D:\WINDOWS\system32\wscntfy.exe
D:\Program Files\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://searchmiracle.com/sp.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchmiracle.com/sp.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchmiracle.com/sp.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.rahina.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchmiracle.com/sp.php
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: &EliteBar - {28CAEFF3-0F18-4036-B504-51D73BD81ABC} - D:\WINDOWS\EliteToolBar\EliteToolBar version 60.dll (file missing)
O2 - BHO: &EliteSideBar - {ED103D9F-3070-4580-AB1E-E5C179C1AE41} - D:\WINDOWS\EliteSideBar\EliteSideBar 08.dll
O4 - HKLM\..\Run: [NeroFilterCheck] D:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [REGRUN] C:\m2.exe
O4 - HKLM\..\Run: [ajV7R] D:\WINDOWS\xkmtwp.exe
O4 - HKLM\..\Run: [Anti-Virus Update Scheduler V1.39.12R] C:\Syste.exe
O4 - HKLM\..\Run: [ajVh$v/fD:\Program Files\ISTsvc\istsvc.exe] D:\WINDOWS\xkmtwp.exe
O4 - HKLM\..\Run: [# "h'9ӜU3rŲWD:\Program Files\ISTsvc\istsvc.exe] D:\WINDOWS\xkmtwp.exe
O4 - HKLM\..\Run: [ASDPLUGIN] D:\WINDOWS\system32\finland.exe -N
O4 - HKLM\..\Run: [ccApp] "D:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [AVGCtrl] "D:\Program Files\AVPersonal\AVGNT.EXE" /min
O4 - HKLM\..\Run: [etbrun] D:\windows\system32\eliteysz32.exe
O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe
O9 - Extra button: SideFind - {10E42047-DEB9-4535-A118-B3F6EC39B807} - D:\Program Files\SideFind\sidefind.dll (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://ny.contentmatch.net (HKLM)
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {7C559105-9ECF-42B8-B3F7-832E75EDD959} (Installer Class) - http://www.xxxtoolba...006_regular.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zon...ro.cab32846.cab
O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - D:\Program Files\AVPersonal\AVGUARD.EXE
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - D:\Program Files\AVPersonal\AVWUPSRV.EXE

Edited by kardo, 15 May 2005 - 03:55 AM.

  • 0

Advertisements


#2
Guest_usetobe_*

Guest_usetobe_*
  • Guest
Welcome to Geeks 2 Go. Sorry about the delay in getting to your post, we have been very busy.

Do you still require help or are your problems resolved.

Please let me know and if you still require assistance, please post a fresh HJT log.

Regards,

Usetobe
  • 0

#3
kardo

kardo

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Yes I would still need help on this. Thanks
  • 0

#4
Guest_usetobe_*

Guest_usetobe_*
  • Guest
Hi Kardo,

Please post a new HJT log
  • 0

#5
Guest_usetobe_*

Guest_usetobe_*
  • Guest
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member with address of this thread. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP