can someone help me with this log file

Unregistered · 18.12.2004 02:41

My computer is running slow so I downloaded hijackthis and it created a log file but I don't understand it. If someone can help with this I would appreciate it very much.

thank you in advance

Code:

 Logfile of HijackThis v1.97.7
 Scan saved at 8:10:22 PM, on 12/17/2004
 Platform: Windows XP SP2 (WinNT 5.01.2600)
 MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
 
 Running processes:
 C:\WINDOWS\System32\smss.exe
 C:\WINDOWS\system32\winlogon.exe
 C:\WINDOWS\system32\services.exe
 C:\WINDOWS\system32\lsass.exe
 C:\WINDOWS\system32\svchost.exe
 C:\WINDOWS\System32\svchost.exe
 C:\WINDOWS\system32\spoolsv.exe
 C:\Program Files\Alias\Maya6.0\docs\Wrapper.exe
 C:\WINDOWS\system32\drivers\CDAC11BA.EXE
 C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
 C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
 C:\Program Files\Norton AntiVirus\navapsvc.exe
 C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
 C:\WINDOWS\system32\nvsvc32.exe
 C:\Program Files\Dantz\Retrospect\retrorun.exe
 C:\PROGRA~1\Dantz\RETROS~1\wdsvc.exe
 C:\Program Files\Alias\Maya6.0\docs\jre\bin\java.exe
 C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
 C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
 C:\WINDOWS\System32\svchost.exe
 C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
 C:\WINDOWS\System32\MsPMSPSv.exe
 C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
 C:\WINDOWS\Explorer.EXE
 C:\windows\system\hpsysdrv.exe
 C:\WINDOWS\system32\ps2.exe
 C:\Program Files\EarthLink 5.0\ConMgr.exe
 C:\Program Files\QuickTime\qttask.exe
 C:\WINDOWS\system32\rundll32.exe
 C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
 C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe
 C:\Program Files\Common Files\Symantec Shared\ccApp.exe
 C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
 C:\WINDOWS\system32\RUNDLL32.EXE
 C:\WINDOWS\system32\WDBtnMgr.exe
 C:\Program Files\Parallel Tasking\ptask.exe
 C:\Program Files\Messenger\msmsgs.exe
 C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe
 C:\Program Files\EarthLink TotalAccess\TaskPanl.exe
 C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
 C:\Program Files\Common Files\Real\Update_OB\realsched.exe
 C:\Program Files\EarthLink TotalAccess\FastLane\IPClient.exe
 C:\PROGRA~1\Lavasoft\AD-AWA~1\Ad-aware.exe
 C:\PROGRA~1\NORTON~1\Navw32.exe
 C:\Program Files\Adobe\Acrobat 5.0\Reader\AcroRd32.exe
 C:\Program Files\Netscape\Netscape\Netscp.exe
 C:\Documents and Settings\Owner\Desktop\max\HijackThis.exe
 
 R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
 R3 - URLSearchHook: (no name) - _{20EC3D2D-33C1-4C9D-BC37-C2D500688DA2} - (no file)
 R3 - URLSearchHook: (no name) - {20EC3D2D-33C1-4C9D-BC37-C2D500688DA2} - (no file)
 N3 - Netscape 7: user_pref("browser.startup.homepage", "http://www.google.com/"); (C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\8muwq5wn.slt\prefs.js)
 N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\8muwq5wn.slt\prefs.js)
 O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn0\ycomp5_3_12_0.dll
 O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
 O2 - BHO: (no name) - {4A89147C-B230-7DE2-8175-6D550BF32A38} - C:\WINDOWS\System32\oirpzq.dll
 O2 - BHO: (no name) - {4B5F2E08-6F39-479a-B547-B2026E4C7EDF} - C:\Program Files\EarthLink TotalAccess\PnEL.dll
 O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
 O2 - BHO: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - C:\PROGRA~1\COMMON~1\WinTools\WToolsB.dll (file missing)
 O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
 O2 - BHO: Search Help - {E8EAEB34-F7B5-4C55-87FF-720FAF53D841} - C:\Documents and Settings\Owner\Local Settings\Temp\T1mCbf69.dll
 O3 - Toolbar: hp toolkit - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\HP\EXPLOREBAR\HPTOOLKT.DLL
 O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn0\ycomp5_3_12_0.dll
 O3 - Toolbar: Pop-Up Blocker - {D7F30B62-8269-41AF-9539-B2697FA7D77E} - C:\Program Files\EarthLink Pop-Up Blocker\PnEL.dll
 O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
 O3 - Toolbar: (no name) - {339BB23F-A864-48C0-A59F-29EA915965EC} - (no file)
 O3 - Toolbar: Search Bar - {0A8CE102-FA03-4612-9BEE-7FE5452F4CB1} - C:\WINDOWS\system32\srchbar.dll
 O4 - HKLM\..\Run: [BlockTracker] c:\hp\bin\BlockTracker.exe
 O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
 O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
 O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r
 O4 - HKLM\..\Run: [AutoTBar] C:\hp\bin\autotbar.exe
 O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
 O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
 O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
 O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
 O4 - HKLM\..\Run: [Ad-aware] "C:\PROGRA~1\Lavasoft\AD-AWA~1\Ad-aware.exe" +c
 O4 - HKLM\..\Run: [ConMgr.exe] "C:\Program Files\EarthLink 5.0\ConMgr.exe"
 O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
 O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
 O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
 O4 - HKLM\..\Run: [RoxioAudioCentral] "C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"
 O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
 O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
 O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
 O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
 O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
 O4 - HKLM\..\Run: [WD Button Manager] WDBtnMgr.exe
 O4 - HKLM\..\Run: [SetIcon] \Program Files\WDC\CR\SetIcon.exe
 O4 - HKLM\..\Run: [dlvryezbfq] C:\WINDOWS\system32\oibsmo.exe
 O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
 O4 - HKLM\..\Run: [WebRebates0] "C:\Program Files\Web_Rebates\WebRebates0.exe"
 O4 - HKLM\..\Run: [Parallel Tasking] C:\Program Files\Parallel Tasking\ptask.exe
 O4 - HKLM\..\Run: [TV Media] C:\Program Files\TV Media\Tvm.exe
 O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
 O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
 O4 - HKCU\..\Run: [Mozilla Quick Launch] "C:\PROGRA~1\NETSCAPE\NETSCAPE\NETSCP.EXE" -turbo
 O4 - HKCU\..\Run: [E6TaskPanel] "C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" -winstart
 O4 - Global Startup: Adobe Gamma Loader.lnk.disabled
 O4 - Global Startup: Quicken Scheduled Updates.lnk.disabled
 O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
 O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
 O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
 O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
 O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
 O9 - Extra 'Tools' menuitem: MaxSpeed (HKLM)
 O9 - Extra button: Messenger (HKLM)
 O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
 O9 - Extra button: Messenger (HKLM)
 O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
 O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://active.macromedia.com/director/cabs/sw.cab
 O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yaho.../yinst0401.cab
 O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yaho...tocomplete.cab
 O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/s...sh/swflash.cab
 O16 - DPF: {E0CE16CB-741C-4B24-8D04-A817856E07F4} (IObjSafety.DemoCtl) - http://cabs.media-motor.net/cabs/diamond.cab
 O17 - HKLM\System\CCS\Services\Tcpip\..\{490CAB88-A489-4D3F-9EF3-E1E3450A4251}: NameServer = 207.69.188.187 207.69.188.185

**peterg70** · 19.12.2004 07:18

Download Latest version of Hijackthis from http://www.spywareinfo.com/~merijn

Download CWSshredder http://cwshredder.net/bin/CWSInstall.exe
Select Fix.

Get Spybot 1.3 - Search & Destroy from http://security.kolla.de
Get AdAware SE Personal from http://www.lavasoft.de/support/download
Ensure you also have downloaded the latest updates
Before running the above configure as per http://www.cjwd.demon.co.uk/spybot-adaware.html

Close all programs
Run Spybot and fix all found items
Reboot
Run Adaware and fix all found items
Reboot

Also run online Virus Checkers (any of these will do)
http://housecall.trendmicro.com
http://www.bitdefender.com/scan/licence.php
http://www3.ca.com/securityadvisor/virusinfo/scan.aspx

Then run the following for Trojans
http://scan.sygatetech.com/pretrojanscan.html
http://www.windowsecurity.com/trojanscan

Close all programs including internet explorer
Reboot and Post a new Hijackthis Logfile

Thema: can someone help me with this log file

Themen-Optionen

can someone help me with this log file

Re: can someone help me with this log file

Aktive Benutzer

Aktive Benutzer

Forumregeln