Tech Support banner

Status
Not open for further replies.
1 - 2 of 2 Posts

·
Registered
Joined
·
7 Posts
Discussion Starter · #1 ·
Hi,

I am suffering from sudden cpu spikes on my system. I have already removed some malware, including the one that causes popups for drive cleaner and stuff. However, I still seem to suffer from a malicious program. I hope someone can help me get rid of it! :1angel:

[hjt]
Logfile of HijackThis v1.99.1
Scan saved at 20:31:40, on 9-4-2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
c:\windows\system32\smss.exe
c:\windows\system32\winlogon.exe
c:\windows\system32\services.exe
c:\windows\system32\lsass.exe
c:\windows\system32\svchost.exe
c:\windows\system32\svchost.exe
c:\windows\explorer.exe
c:\windows\system32\ctfmon.exe
c:\program files\internet explorer\iexplore.exe
c:\program files\outlook express\msimn.exe
c:\hijackthis.exe

r1 - hklm\software\microsoft\internet explorer\main,default_page_url = http://go.microsoft.com/fwlink/?linkid=69157
r1 - hklm\software\microsoft\internet explorer\main,default_search_url = http://go.microsoft.com/fwlink/?linkid=54896
r1 - hklm\software\microsoft\internet explorer\main,search page = http://go.microsoft.com/fwlink/?linkid=54896
r0 - hklm\software\microsoft\internet explorer\main,start page = http://go.microsoft.com/fwlink/?linkid=69157
r1 - hkcu\software\microsoft\internet explorer\main,window title = microsoft internet explorer
r0 - hkcu\software\microsoft\internet explorer\toolbar,linksfoldername = koppelingen
o2 - bho: (no name) - {02dca195-602b-4b1f-83ff-381b7e804bdb} - c:\windows\system32\hdbho.dll
o2 - bho: bho2gr class - {31ff080d-12a3-439a-a2ef-4ba95a3148e8} - c:\program files\getright\xx2gr.dll
o2 - bho: (no name) - {53707962-6f74-2d53-2644-206d7942484f} - blank (file missing)
o2 - bho: ssvhelper class - {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.5.0_11\bin\ssv.dll
o4 - hklm\..\run: [daemon tools-1033] c:\program files\d-tools\daemon.exe -lang 1033
o4 - hklm\..\run: [sunjavaupdatesched] c:\program files\java\jre1.5.0_11\bin\jusched.exe
o4 - hklm\..\run: [snpstd] c:\windows\vsnpstd.exe
o4 - hklm\..\run: [quicktime task] c:\program files\quicktime alternative\qttask.exe -atboottime
o4 - hklm\..\run: [ptipbmf] rundll32.exe ptipbmf.dll,setwritecachemode
o4 - hklm\..\run: [pcsuitetrayapplication] c:\program files\nokia\nokia pc suite 6\launchapplication.exe -startup
o4 - hklm\..\run: [nerofiltercheck] c:\windows\system32\nerocheck.exe
o4 - hklm\..\run: [m-audio delta taskbar icon] c:\windows\system32\delttray.exe
o4 - hklm\..\run: [ituneshelper] c:\program files\itunes\ituneshelper.exe
o4 - hklm\..\run: [delttray] delttray.exe
o4 - hklm\..\run: [bluetoothauthenticationagent] rundll32.exe bthprops.cpl,,bluetoothauthenticationagent
o4 - hklm\..\run: [atipta] c:\program files\ati technologies\ati control panel\atiptaxx.exe
o4 - hkcu\..\run: [ctfmon.exe] c:\windows\system32\ctfmon.exe
o4 - hkcu\..\run: [msnmsgr] c:\program files\msn messenger\msnmsgr.exe /background
o8 - extra context menu item: download with getright - c:\program files\getright\grdownload.htm
o8 - extra context menu item: e&xport to microsoft excel - res://c:\progra~1\micros~2\office10\excel.exe/3000
o8 - extra context menu item: open with getright browser - c:\program files\getright\grbrowse.htm
o9 - extra button: (no name) - {08b0e5c0-4fcb-11cf-aaa5-00401c608501} - c:\program files\java\jre1.5.0_11\bin\ssv.dll
o9 - extra 'tools' menuitem: sun java console - {08b0e5c0-4fcb-11cf-aaa5-00401c608501} - c:\program files\java\jre1.5.0_11\bin\ssv.dll
o9 - extra button: partypoker.com - {b7fe5d70-9aa2-40f1-9c6b-12a255f085e1} - c:\program files\partygaming\partypoker\runapp.exe
o9 - extra 'tools' menuitem: partypoker.com - {b7fe5d70-9aa2-40f1-9c6b-12a255f085e1} - c:\program files\partygaming\partypoker\runapp.exe
o9 - extra button: messenger - {fb5f1910-f110-11d2-bb9e-00c04f795683} - c:\windows\system32\shdocvw.dll
o9 - extra 'tools' menuitem: windows messenger - {fb5f1910-f110-11d2-bb9e-00c04f795683} - c:\windows\system32\shdocvw.dll
o9 - extra button: flash decompiler swf capture tool - {86b4fc19-8fa4-4fd3-b243-9aedb42fa2d5} - c:\windows\system32\shdocvw.dll (hkcu)
o9 - extra 'tools' menuitem: flash decompiler swf capture tool menu - {86b4fc19-8fa4-4fd3-b243-9aedb42fa2d5} - c:\windows\system32\shdocvw.dll (hkcu)
o11 - options group: [international] international*
o15 - trusted zone: http://www.rapidshare.com
o16 - dpf: {17492023-c23a-453e-a040-c7c580bbf700} (windows genuine advantage validation tool) - http://go.microsoft.com/fwlink/?linkid=39204
o16 - dpf: {9a9307a0-7da4-4daf-b042-5009f29e09e1} (activescan installer class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
o17 - hklm\system\ccs\services\tcpip\..\{5563af57-707d-4661-83c7-9b725301013c}: nameserver = 192.168.0.1
o18 - protocol: livecall - {828030a1-22c1-4009-854f-8e305202313f} - c:\progra~1\msnmes~1\msgrap~1.dll
o18 - protocol: msnim - {828030a1-22c1-4009-854f-8e305202313f} - c:\progra~1\msnmes~1\msgrap~1.dll
o20 - winlogon notify: wgalogon - c:\windows\system32\wgalogon.dll
o21 - ssodl: wpdshserviceobj - {aaa288ba-9a4c-45b0-95d7-94d524869db5} - c:\windows\system32\wpdshserviceobj.dll
o23 - service: adobe lm service - adobe systems - c:\program files\common files\adobe systems shared\service\adobelmsvc.exe
o23 - service: installdriver table manager (idrivert) - macrovision corporation - c:\program files\common files\installshield\driver\1050\intel 32\idrivert.exe
o23 - service: lightscribeservice direct disc labeling service (lightscribeservice) - hewlett-packard company - c:\program files\common files\lightscribe\lssrvc.exe
o23 - service: servicelayer - nokia. - c:\program files\pc connectivity solution\servicelayer.exe

[/hjt]
 
1 - 2 of 2 Posts
Status
Not open for further replies.
Top