Tech Support banner
Status
Not open for further replies.
1 - 4 of 4 Posts

·
Registered
Joined
·
3 Posts
Discussion Starter · #1 ·
hi there,

my explorer won't start anymore when i start my computer. i have to open the taskmanager to start the explorer from there. thank god at least that works!!! anyway, my little brother confessed the other day that he surfed the net and ended on certain sex sites! thank you very much!! now i have that trouble of not being able to erase those stupid cookies and i have popups all the time asking me to install harddrive cleaners, commercials and sex popups, of course. i'm not speaking to him anymore :upset:
i ran an active panda scan, cause i thought there was a virus on my hard drive but no. just those cookies.
a week ago, i uninstalled sp2 (properly) but eversince that week i can't start my computer without shaking: is it going to crash again? cause it does that just like that lately.

i guess it's faulty windows rather than a virus or something. if you would like a hijackthis scan, tell me. i got one ready to post and for you to check.

anyway, how can i fix this mess???????

thanks for all of your help! :sigh:
 

·
Team Manager , Articles Team
Joined
·
11,900 Posts
G'Day Mocca, and Welcome to TSF! :wave:

Going by what you have said, I suggest that you do post that HiJackThis Log, but not in this forum...it will need to be posted on our Security Forums;particularly, the HJT Forum.

Go to the link The 5 Steps in my signature, where you will find comprehensive instructions as to what to do.

Good Luck with it.

:4-cheers:

Dave T.

EDIT:

I will transfer you to the HJT Forum, with your opening post, so that you will not have to re-explain yourself.
 

·
Registered
Joined
·
3 Posts
Discussion Starter · #3 ·
hjt log

hi there, thanks for your quick help!

here's the log:

Logfile of HijackThis v1.99.1
Scan saved at 17:51:30, on 07.01.2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchosts.exe
E:\Programme\ewido anti-spyware 4.0\guard.exe
D:\NORTON~2\GHOSTS~2.EXE
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\Explorer.EXE
E:\Programme\Deamon -Tools\daemon.exe
C:\WINDOWS\System32\S3hotkey.exe
C:\WINDOWS\System32\S3tray2.exe
E:\Programme\Napster\napster.exe
D:\QuickTime\2\qttask.exe
C:\Programme\Java\jre1.5.0_06\bin\jusched.exe
E:\Programme\Easy Eraser V.1.2\Easy Eraser V.1.2.exe
E:\Programme\Jetico\Jetico Personal Firewall\fwsrv.exe
C:\Programme\Gemeinsame Dateien\{AC7FE66C-0534-1031-0202-040125020031}\Update.exe
C:\Programme\Ipwindows\ipwins.exe
C:\WINDOWS\System32\ctfmon.exe
D:\Programme\Web\Webshots\webshots.scr
D:\Opera\opera.exe
C:\WINDOWS\System32\taskmgr.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -

C:\WINDOWS\system32\msdxm.ocx
O3 - Toolbar: Bar888 - {C1B4DEC2-2623-438e-9CA2-C9043AB28508} -

C:\PROGRA~1\GEMEIN~1\{3C7FE~1\Bar888.dll
O3 - Toolbar: &VSAdd-in - {74DD705D-6834-439C-A735-A6DBE2677452} -

C:\Programme\VSAdd-in\VSAdd-in.dll
O4 - HKLM\..\Run: [DAEMON Tools-1033] "E:\Programme\Deamon -Tools\daemon.exe" -lang

1033
O4 - HKLM\..\Run: [S3hotkey] S3hotkey.exe
O4 - HKLM\..\Run: [S3TRAY2] S3tray2.exe
O4 - HKLM\..\Run: [NapsterShell] E:\Programme\Napster\napster.exe /systray
O4 - HKLM\..\Run: [QuickTime Task] "D:\QuickTime\2\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [EasyEraser] "E:\Programme\Easy Eraser V.1.2\Easy Eraser V.1.2.exe"
O4 - HKLM\..\Run: [JeticoPFStartup] "E:\Programme\Jetico\Jetico Personal

Firewall\fwsrv.exe"
O4 - HKLM\..\Run: [{AC7FE66C-0534-1031-0202-040125020031}] "C:\Programme\Gemeinsame

Dateien\{AC7FE66C-0534-1031-0202-040125020031}\Update.exe" mc-110-12-0000272
O4 - HKLM\..\Run: [IpWins] C:\Programme\Ipwindows\ipwins.exe
O4 - HKLM\..\Run: [DllRunning] rundll32.exe "C:\WINDOWS\System32\dfwseehj.dll",setvm
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Chckup] C:\WINDOWS\system32\Netverchk.exe
O4 - Startup: Webshots.lnk = D:\Programme\Web\Webshots\Launcher.exe
O8 - Extra context menu item: Nach Microsoft &Excel exportieren -

res://D:\MICROS~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -

C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501}

- C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} -

%windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 -

{85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} -

C:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} -

C:\Programme\ICQLite\ICQLite.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -

http://update.microsoft.com/microsof...uweb_site.cab?

1151245052149
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -

http://update.microsoft.com/microsof...uweb_site.cab?

1151245022526
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) -

http://acs.pandasoftware.com/actives...ree/asinst.cab
O17 - HKLM\System\CS2\Services\Tcpip\..\{25DE5863-FFAF-4D94-A026-F7465DD21908}:

NameServer = 192.168.0.1,213.133.99.99
O23 - Service: Adobe LM Service - Unknown owner - C:\Programme\Gemeinsame Dateien\Adobe

Systems Shared\Service\Adobelmsvc.exe
O23 - Service: COM+ Messages - Unknown owner - C:\WINDOWS\System32\svchosts.exe" -e

mc-110-12-0000272 (file missing)
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. -

E:\Programme\ewido anti-spyware 4.0\guard.exe
O23 - Service: GhostStartService - Symantec Corporation - D:\NORTON~2\GHOSTS~2.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation -

C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. -

C:\Programme\iPod\bin\iPodService.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown

owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini

(file missing)
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software

GmbH - E:\Programme\TuneUp Utilities 2006\WinStylerThemeSvc.exe

i'm scared to install anything on my computer just yet, i'm afraid the damage could be even worde than it is now ....

can you see anything from the log?

Mocca :4-dontkno
 

·
Registered
Joined
·
2,506 Posts
Hi Mocca, welcome to TSF and thanks for your patience. You may wish to Subscribe to this thread so that you are notified when you receive a reply. To do this click Thread Tools (above the first post), then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

Please turn off Word Wrap in Notepad, which you can do under the Tools menu, as your logs are difficult to read with it turned on. Thanks.

You have an infection that may be hiding from HijackThis. Please rename HijackThis.exe to Deckard.exe and scan your computer again. Post that log for me and we'll get you cleaned up.
 
1 - 4 of 4 Posts
Status
Not open for further replies.
Top