Tech Support Forum banner
Cancel

Lightspeed does as requested

Jump to Latest Follow
Status
Not open for further replies.
1 - 8 of 8 Posts
L

· Registered
Joined
·
3 Posts
Discussion Starter · #1 ·
Hi,

so, I open this as told to do since I can not answer in the thread my dear friend Hustler24 has opened for me. Sorry in case me or Hustler24 did upset someone. I am completely new here and do not know my way around here jet. I have been told that the problem posted by Hustler24 namely mine "for lightspeed" will be moved here. And then I hope for resulution. Many thanks in advance.

Sincerely,

lightspeed
 
Ried

· TSF Security Manager, Emeritus
Joined
·
42,952 Posts
#2 ·
Hello lightspeed and welcome to TSF, :smile:

No worries, you have not upset anyone. I will not be able to merge the other thread into this one due to the time stamps of the posts, and when you began this one. I'll need to 'jog' between the 2 threads for a bit until we get the ball rolling over here. :sayyes:

I'll have a reply for you as soon as possible. Could you please tell me the issues you have remaining on this PC?
 
Save Share
Ried

· TSF Security Manager, Emeritus
Joined
·
42,952 Posts
#3 ·
**Mods Note** Copied from http://www.techsupportforum.com/security-center/hijackthis-log-help/128926-lightspeed.html


Hi Ried,

Here is a response from Lightspeed that he e-mailed me:


-----------------



Dear Ried,

I am very sorry about my late reply.
I simply did not find the time to follow your instructions
during a hard work week.
Do ceratinly appreciate your help very much !
Here are the logs you need in order to help.

LOV lightspeed




SmitFraudFix v2.128

Scan done at 16:59:37,56, 08.12.2006
Run from C:\Dokumente und Einstellungen\schorsch\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles


»»»»»»»»»»»»»»»»»»»»»»»» C:\Dokumente und Einstellungen\schorsch


»»»»»»»»»»»»»»»»»»»»»»»» C:\Dokumente und Einstellungen\schorsch\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Start Menu


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOKUME~1\schorsch\FAVORI~1


»»»»»»»»»»»»»»»»»»»»»»»» Desktop


»»»»»»»»»»»»»»»»»»»»»»»» C:\Programme


»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Die derzeitige Homepage"


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32


»»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection


»»»»»»»»»»»»»»»»»»»»»»»» End





schorsch - 06-12-08 17:12:49.48 Service Pack 2
ComboFix 06-12-01W-BetaE - Running from: "C:\Dokumente und Einstellungen\schorsch\Desktop"

(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\Downloaded Program Files\cns*.* nicht gefunden
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Microsoft\Office\SYSTEMDATA
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Microsoft\Office\USERDATA
C:\Programme\Gemeinsame Dateien\*explore.pif nicht gefunden
C:\Programme\Gemeinsame Dateien\mc-*-*.exe nicht gefunden
C:\Programme\Gemeinsame Dateien\Yazzle*.exe nicht gefunden
C:\Dokumente und Einstellungen\schorsch\Eigene Dateien\mc-*-*.exe nicht gefunden
C:\Programme\accoona
C:\Programme\cns*.* nicht gefunden
C:\Programme\internet explorer\*explore.com nicht gefunden
C:\Programme\Internet Explorer\plugins\system??.sys nicht gefunden
C:\Programme\tencent
C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart
C:\WINDOWS\system\?.exe nicht gefunden
C:\WINDOWS\system\078?985* nicht gefunden
C:\Dokumente und Einstellungen\schorsch\Xinstall.exe nicht gefunden
C:\WINDOWS\system32\*.094 nicht gefunden
C:\WINDOWS\system32\?.exe nicht gefunden
C:\WINDOWS\system32\?.txt nicht gefunden
C:\WINDOWS\system32\135??.exe nicht gefunden
C:\WINDOWS\system32\4???ther.exe nicht gefunden
C:\WINDOWS\system32\5*vost.exe nicht gefunden
C:\WINDOWS\system32\8*avpa.exe nicht gefunden
C:\WINDOWS\system32\AlxTB?.dll nicht gefunden
C:\WINDOWS\system32\ATIDEMGRED*.dll nicht gefunden
C:\WINDOWS\system32\atmtd* nicht gefunden
C:\WINDOWS\system32\bdguard?.* nicht gefunden
C:\WINDOWS\system32\bind_*.exe nicht gefunden
C:\WINDOWS\system32\cnscheck*.dll nicht gefunden
C:\WINDOWS\system32\comhelper.* nicht gefunden
C:\WINDOWS\system32\dn_for_*.exe nicht gefunden
C:\WINDOWS\system32\httpdll.dll* nicht gefunden
C:\WINDOWS\system32\huacai*.exe nicht gefunden
C:\WINDOWS\system32\ixt?.dll nicht gefunden
C:\WINDOWS\system32\kb*.log nicht gefunden
C:\WINDOWS\system32\s_bdextinsu2??.exe nicht gefunden
C:\WINDOWS\system32\SafeHelper*.dll nicht gefunden
C:\WINDOWS\system32\sdmAgent*.dll nicht gefunden
C:\WINDOWS\system32\softbox.* nicht gefunden
C:\WINDOWS\system32\vsapidmv*.exe nicht gefunden
C:\WINDOWS\system32\w00*.dll nicht gefunden
C:\WINDOWS\system32\w02*.dll nicht gefunden
C:\WINDOWS\system32\xunleibho*.* nicht gefunden
C:\WINDOWS\system32\yhbo.dll* nicht gefunden
C:\_desktop.ini nicht gefunden
C:\4???ther.exe nicht gefunden
C:\cnsmin* nicht gefunden
C:\jijy??.exe nicht gefunden
C:\mc44a?.exe nicht gefunden
C:\windows????.exe nicht gefunden
C:\WINDOWS\?.exe nicht gefunden
C:\WINDOWS\~tmp*.exe nicht gefunden
C:\WINDOWS\100*.exe nicht gefunden
C:\WINDOWS\101*.exe nicht gefunden
C:\WINDOWS\199019*.exe nicht gefunden
C:\WINDOWS\5*vost.exe nicht gefunden
C:\WINDOWS\8*sohu.exe nicht gefunden
C:\WINDOWS\atmtd* nicht gefunden
C:\WINDOWS\bind_*.exe nicht gefunden
C:\WINDOWS\G_Server*.exe nicht gefunden
C:\WINDOWS\G_xiaojing* nicht gefunden
C:\WINDOWS\huacai*.exe nicht gefunden
C:\WINDOWS\kw_rg_lyric_*.exe nicht gefunden
C:\WINDOWS\lmdm_setup_*.exe nicht gefunden
C:\WINDOWS\newweb*.* nicht gefunden
C:\WINDOWS\realupdate?.exe nicht gefunden
C:\WINDOWS\setup_yh*.exe nicht gefunden
C:\WINDOWS\setup6*.exe nicht gefunden
C:\WINDOWS\setupcmd*.exe nicht gefunden
C:\WINDOWS\skymmstp*.exe nicht gefunden
C:\WINDOWS\ss102??.EXE nicht gefunden
C:\WINDOWS\system\078?985?.* nicht gefunden
C:\WINDOWS\uninstall_nmon* nicht gefunden
C:\WINDOWS\v2006*.* nicht gefunden
C:\WINDOWS\winamp?.exe nicht gefunden
C:\Dokumente und Einstellungen\schorsch\..\dapcon1.2.ini nicht gefunden
C:\WINDOWS\system32\eeee* nicht gefunden
C:\WINDOWS\system32\dlh9jkd*.exe nicht gefunden
C:\WINDOWS\system32\qvx*ga*met* nicht gefunden
C:\WINDOWS\system32\vxg*m*e*.exe nicht gefunden
C:\WINDOWS\system32\?.exe.exe nicht gefunden
C:\WINDOWS\system32\*.txtmp nicht gefunden
C:\WINDOWS\system32\AlxRes*.exe nicht gefunden
C:\WINDOWS\system32\scrsys*.scr nicht gefunden
C:\WINDOWS\system32\winsys32_*.dll nicht gefunden
C:\WINDOWS\system32\scrsys16_*.scr nicht gefunden
C:\WINDOWS\system32\winsys16_*.dll nicht gefunden
C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\NetMon


((((((((((((((((((((((((((((((( Files Created from 2006-11-08 to 2006-12-08 ))))))))))))))))))))))))))))))))))


2006-12-08 16:53 79,360 --a------ C:\WINDOWS\SYSTEM32\swxcacls.exe
2006-12-08 16:53 53,248 --a------ C:\WINDOWS\SYSTEM32\Process.exe
2006-12-08 16:53 51,200 --a------ C:\WINDOWS\SYSTEM32\dumphive.exe
2006-12-08 16:53 40,960 --a------ C:\WINDOWS\SYSTEM32\swsc.exe
2006-12-08 16:53 288,417 --a------ C:\WINDOWS\SYSTEM32\SrchSTS.exe
2006-12-08 16:53 135,168 --a------ C:\WINDOWS\SYSTEM32\swreg.exe
2006-12-06 18:43 2,530 --a------ C:\WINDOWS\SYSTEM32\tmp.reg
2006-12-03 15:26 24,576 --a------ C:\WINDOWS\SYSTEM32\STKIT432.DLL
2006-12-03 15:26 <DIR> d-------- C:\Programme\Registry Mechanic
2006-12-02 15:37 <DIR> d-------- C:\Programme\C-Force
2006-12-02 10:33 <DIR> d-------- C:\Programme\CleanUp!(2)
2006-12-01 15:24 <DIR> d-------- C:\Programme\Spyware Doctor
2006-12-01 09:46 <DIR> d-------- C:\WINDOWS\SYSTEM32\ActiveScan
2006-11-30 22:58 <DIR> d-------- C:\WINDOWS\temp
2006-11-30 19:11 <DIR> d-------- C:\Programme\Grisoft
2006-11-30 15:35 <DIR> d-------- C:\Programme\C-Force(2)
2006-11-27 18:52 <DIR> d----c--- C:\WINDOWS\ie7
2006-11-27 18:52 <DIR> d-------- C:\WINDOWS\SYSTEM32\de-de
2006-11-27 18:50 <DIR> d-------- C:\WINDOWS\network diagnostic


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-12-08 17:09 -------- d-------- C:\Programme\Gemeinsame Dateien\Symantec Shared
2006-12-08 17:08 -------- d-------- C:\Programme\Gemeinsame Dateien
2006-12-03 16:15 -------- d-------- C:\Programme\phonostar
2006-12-03 16:15 -------- d-------- C:\Programme\Norton AntiVirus
2006-12-03 16:14 -------- d-------- C:\Programme\MSN Messenger
2006-12-03 16:13 -------- d-------- C:\Programme\Messenger
2006-12-03 16:12 -------- d-------- C:\Programme\Internet Explorer
2006-12-03 16:10 -------- d-------- C:\Programme\ICQLite
2006-12-03 16:09 -------- d-------- C:\Programme\Google
2006-12-02 15:37 -------- d-------- C:\Programme\Common Files
2006-10-13 13:35 146432 --a------ C:\WINDOWS\SYSTEM32\nwprovau.dll
2006-10-10 17:24 -------- d-------- C:\Programme\Gemeinsame Dateien\Microsoft Shared
2006-09-14 09:39 664576 --a------ C:\WINDOWS\SYSTEM32\wininet(4)(2).dll
2006-09-14 09:39 615936 --a------ C:\WINDOWS\SYSTEM32\urlmon(4)(2).dll
2006-09-14 09:39 474624 --a------ C:\WINDOWS\SYSTEM32\shlwapi(5)(2).dll
2006-09-13 06:02 1084416 --a------ C:\WINDOWS\SYSTEM32\msxml3.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe"
"MSMSGS"="\"C:\\Programme\\Messenger\\msmsgs.exe\" /background"
"SB Audigy 2 Startup Menu"=" /L:GER"
"PhonostarAgent"="C:\\Programme\\phonostar\\ps_agent.exe"
"PhonostarTimer"="C:\\Programme\\phonostar\\ps_timer.exe"
"MsnMsgr"="\"C:\\Programme\\MSN Messenger\\MsnMsgr.Exe\" /background"
"swg"="C:\\Programme\\Google\\GoogleToolbarNotifier\\1.0.720.3640\\GoogleToolbarNotifier.exe"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runonce]
"ICQ Lite"="C:\\Programme\\ICQLite\\ICQLite.exe -trayboot"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"SunJavaUpdateSched"="C:\\Programme\\Java\\jre1.5.0_06\\bin\\jusched.exe"
"IAAnotif"="C:\\Programme\\Intel\\Intel Application Accelerator\\iaanotif.exe"
"DVDLauncher"="\"C:\\Programme\\CyberLink\\PowerDVD\\DVDLauncher.exe\""
"ATIPTA"="C:\\Programme\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe"
"CTSysVol"="C:\\Programme\\Creative\\SBAudigy2\\Surround Mixer\\CTSysVol.exe"
"CTDVDDet"="C:\\Programme\\Creative\\SBAudigy2\\DVDAudio\\CTDVDDet.EXE"
"CTHelper"="CTHELPER.EXE"
"AsioReg"="REGSVR32.EXE /S CTASIO.DLL"
"UpdReg"="C:\\WINDOWS\\UpdReg.EXE"
"dla"="C:\\WINDOWS\\system32\\dla\\tfswctrl.exe"
"UpdateManager"="\"C:\\Programme\\Gemeinsame Dateien\\Sonic\\Update Manager\\sgtray.exe\" /r"
"ccApp"="\"C:\\Programme\\Gemeinsame Dateien\\Symantec Shared\\ccApp.exe\""
"URLLSTCK.exe"="C:\\Programme\\Norton Internet Security\\UrlLstCk.exe"
"Symantec NetDriver Monitor"="C:\\PROGRA~1\\SYMNET~1\\SNDMon.exe"
"TkBellExe"="\"C:\\Programme\\Gemeinsame Dateien\\Real\\Update_OB\\realsched.exe\" -osboot"
"BigDogPath"="C:\\WINDOWS\\VM_STI.EXE BenQ Web Camera"
"ICQ Lite"="\"C:\\Programme\\ICQLite\\ICQLite.exe\" -minimize"
"RegistryMechanic"=""

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000005

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Die derzeitige Homepage"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,00,01,00,00,00,00,00,00,00,04,00,00,e2,03,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,6a,02,00,00,23,00,00,00,a4,00,00,00,9a,00,\
00,00,01,00,00,00

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0


Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\ISP-Anmeldungserinnerung 1.job
C:\WINDOWS\tasks\Norton AntiVirus - Meinen Computer pr�fen - schorsch.job
C:\WINDOWS\tasks\Symantec NetDetect.job

Completion time: 06-12-08 17:16:46.09
C:\ComboFix2.txt ... 06-11-30 22:57







Ereignis Zustand Standort

Adware:adware/webattaker Nicht desinfiziert c:\windows\uniq
Adware:adware/emediacodec Nicht desinfiziert Windows-Registry
Spyware:Cookie/2o7 Nicht desinfiziert C:\Dokumente und Einstellungen\schorsch\Cookies\[email protected][1].txt
Spyware:Cookie/Advertising Nicht desinfiziert C:\Dokumente und Einstellungen\schorsch\Cookies\[email protected][2].txt
Spyware:Cookie/Falkag Nicht desinfiziert C:\Dokumente und Einstellungen\schorsch\Cookies\[email protected][2].txt
Spyware:Cookie/Falkag Nicht desinfiziert C:\Dokumente und Einstellungen\schorsch\Cookies\[email protected][2].txt
Spyware:Cookie/Atlas DMT Nicht desinfiziert C:\Dokumente und Einstellungen\schorsch\Cookies\[email protected][2].txt
Spyware:Cookie/Atwola Nicht desinfiziert C:\Dokumente und Einstellungen\schorsch\Cookies\[email protected][1].txt
Spyware:Cookie/Ccbill Nicht desinfiziert C:\Dokumente und Einstellungen\schorsch\Cookies\[email protected][1].txt
Spyware:Cookie/Doubleclick Nicht desinfiziert C:\Dokumente und Einstellungen\schorsch\Cookies\[email protected][2].txt
Spyware:Cookie/Mediaplex Nicht desinfiziert C:\Dokumente und Einstellungen\schorsch\Cookies\[email protected][1].txt
Spyware:Cookie/Serving-sys Nicht desinfiziert C:\Dokumente und Einstellungen\schorsch\Cookies\[email protected][1].txt
Spyware:Cookie/Tradedoubler Nicht desinfiziert C:\Dokumente und Einstellungen\schorsch\Cookies\[email protected][1].txt
Potenziell unerwünschtes Tool:Application/Processor Nicht desinfiziert C:\Dokumente und Einstellungen\schorsch\Desktop\SmitfraudFix\Process.exe
Potenziell unerwünschtes Tool:Application/JohnTheRipper.A Nicht desinfiziert C:\Programme\John32\run\john.exe
Potenziell unerwünschtes Tool:Application/Processor Nicht desinfiziert C:\WINDOWS\SYSTEM32\Process.exe







Logfile of HijackThis v1.99.1
Scan saved at 18:25:45, on 08.12.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\Java\jre1.5.0_06\bin\jusched.exe
C:\Programme\CyberLink\PowerDVD\DVDLauncher.exe
C:\Programme\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
C:\Programme\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe
C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
C:\WINDOWS\VM_STI.EXE
C:\Programme\ICQLite\ICQLite.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Messenger\msmsgs.exe
C:\Programme\phonostar\ps_agent.exe
C:\Programme\phonostar\ps_timer.exe
C:\Programme\MSN Messenger\MsnMsgr.Exe
C:\Programme\Microsoft Office\Office\OSA.EXE
C:\Programme\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Programme\Intel\Intel Application Accelerator\iaantmon.exe
C:\Programme\Norton AntiVirus\IWP\NPFMntor.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Programme\Norton AntiVirus\navapsvc.exe
C:\Programme\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
C:\Programme\internet explorer\iexplore.exe
C:\WINDOWS\SYSTEM32\WINMINE.EXE
C:\Dokumente und Einstellungen\schorsch\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.euro.dell.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 124.49.135.22:8080
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\toolbaru.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Programme\Gemeinsame Dateien\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programme\google\googletoolbar3.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programme\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Programme\Gemeinsame Dateien\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programme\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\toolbaru.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programme\google\googletoolbar3.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Programme\Intel\Intel Application Accelerator\iaanotif.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Programme\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [ATIPTA] C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Programme\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
O4 - HKLM\..\Run: [CTDVDDet] C:\Programme\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [AsioReg] REGSVR32.EXE /S CTASIO.DLL
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Programme\Gemeinsame Dateien\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [ccApp] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Programme\Norton Internet Security\UrlLstCk.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE BenQ Web Camera
O4 - HKLM\..\Run: [ICQ Lite] "C:\Programme\ICQLite\ICQLite.exe" -minimize
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SB Audigy 2 Startup Menu] /L:GER
O4 - HKCU\..\Run: [PhonostarAgent] C:\Programme\phonostar\ps_agent.exe
O4 - HKCU\..\Run: [PhonostarTimer] C:\Programme\phonostar\ps_timer.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programme\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Programme\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Programme\ICQLite\ICQLite.exe -trayboot
O4 - Global Startup: Adobe Reader - Schnellstart.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Office-Start.lnk = C:\Programme\Microsoft Office\Office\OSA.EXE
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Programme\ICQToolbar\toolbaru.dll/SEARCH.HTML
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://www-secure.symantec.com/techsupp/asa/LSSupCtl.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/273c9c8168193b62de06/netzip/RdxIE601_de.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/asa/SymAData.cab
O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} (Measurement Services Client v.3.7) - http://advisor.futuremark.com/global/msc37.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Automatisches LiveUpdate - Scheduler - Symantec Corporation - C:\Programme\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:\Programme\Intel\Intel Application Accelerator\iaantmon.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~2\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect-Dienst (navapsvc) - Symantec Corporation - C:\Programme\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Programme\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Programme\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\GEMEIN~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: TSMService - T-Systems Nova, Berkom - C:\Programme\T-DSL SpeedManager\tsmsvc.exe
 
Save Share
Ried

· TSF Security Manager, Emeritus
Joined
·
42,952 Posts
#4 ·
Please copy this page to Notepad and save to your desktop for reference as you will not have any browsers open while you are carrying out portions of these instructions.

***************************************************

Go to My Computer->Tools->Folder Options->View tab:
* Under the Hidden files and folders heading:
* select Show hidden files and folders.
* Uncheck Hide protected operating system files (recommended) option.
*Also, make sure there is no checkmark beside Hide file extensions for known file types.
* Click OK.

-----------------------------------

Using 'My Computer', navigate to and delete the following Folders

C:\Programme\John32
c:\windows\uniq

**If any of the above resist deletion, boot into Safe Mode and delete.


-----------------------------------

Please run this online scan to search for any remnants. It can take some time, so please be patient and allow it to run it's full course:

Perform an online scan with Internet Explorer with Panda ActiveScan
  1. Click on
    located at the bottom of the page.
  2. A "pop up" window will appear. * Please ensure that your pop up blocker doesn't block it *
  3. Enter your e-mail address, country, and state & click "Free Online Scan" *The download of the 8 MB Panda's ActiveX control will take place*
Begin the scan by selecting
  • If it finds any malware, it will offer you a report.
  • Please ignore any entry it finds and the offer to buy the program to remove the entry, as we will address this later.
  • Click on
    then click
* You needn't remain online while it's doing the scan but you have to re-connect after it has finished to see the report.
* Turn off the real time scanner of any existing antivirus program while performing the online scan

-----------------------------------

Run a new scan with HijackThis and save the log.

-----------------------------------

Please include the following in your next reply:

Panda results
New HijackThis log

What symptoms are you still experiencing?
 
Save Share
L

· Registered
Joined
·
3 Posts
Discussion Starter · #5 ·
Dear Ried,

first of all thank you VERY much for all your help !
I can right now not check whether certain problems still remain,
but I wanted to give you the logs you need to see as quickly as possible...
Should my computer be clean now ?

LOV lightspeed



Ereignis Zustand Standort

Adware:adware/emediacodec Nicht desinfiziert Windows-Registry
Spyware:Cookie/2o7 Nicht desinfiziert C:\Dokumente und Einstellungen\schorsch\Cookies\[email protected][2].txt
Spyware:Cookie/PointRoll Nicht desinfiziert C:\Dokumente und Einstellungen\schorsch\Cookies\[email protected][2].txt
Spyware:Cookie/Adverserve Nicht desinfiziert C:\Dokumente und Einstellungen\schorsch\Cookies\[email protected][1].txt
Spyware:Cookie/Advertising Nicht desinfiziert C:\Dokumente und Einstellungen\schorsch\Cookies\[email protected][1].txt
Spyware:Cookie/Falkag Nicht desinfiziert C:\Dokumente und Einstellungen\schorsch\Cookies\[email protected][2].txt
Spyware:Cookie/Falkag Nicht desinfiziert C:\Dokumente und Einstellungen\schorsch\Cookies\[email protected][2].txt
Spyware:Cookie/Atlas DMT Nicht desinfiziert C:\Dokumente und Einstellungen\schorsch\Cookies\[email protected][2].txt
Spyware:Cookie/Atwola Nicht desinfiziert C:\Dokumente und Einstellungen\schorsch\Cookies\[email protected][1].txt
Spyware:Cookie/Ccbill Nicht desinfiziert C:\Dokumente und Einstellungen\schorsch\Cookies\[email protected][1].txt
Spyware:Cookie/Doubleclick Nicht desinfiziert C:\Dokumente und Einstellungen\schorsch\Cookies\[email protected][2].txt
Spyware:Cookie/Mediaplex Nicht desinfiziert C:\Dokumente und Einstellungen\schorsch\Cookies\[email protected][1].txt
Spyware:Cookie/QuestionMarket Nicht desinfiziert C:\Dokumente und Einstellungen\schorsch\Cookies\[email protected][1].txt
Spyware:Cookie/Serving-sys Nicht desinfiziert C:\Dokumente und Einstellungen\schorsch\Cookies\[email protected][1].txt
Spyware:Cookie/Tradedoubler Nicht desinfiziert C:\Dokumente und Einstellungen\schorsch\Cookies\[email protected][1].txt
Potenziell unerwünschtes Tool:Application/Processor Nicht desinfiziert C:\Dokumente und Einstellungen\schorsch\Desktop\SmitfraudFix\Process.exe
Potenziell unerwünschtes Tool:Application/Processor Nicht desinfiziert C:\WINDOWS\SYSTEM32\Process.exe






Logfile of HijackThis v1.99.1
Scan saved at 20:11:24, on 11.12.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\Java\jre1.5.0_06\bin\jusched.exe
C:\Programme\CyberLink\PowerDVD\DVDLauncher.exe
C:\Programme\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
C:\Programme\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe
C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
C:\WINDOWS\VM_STI.EXE
C:\Programme\ICQLite\ICQLite.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Messenger\msmsgs.exe
C:\Programme\phonostar\ps_agent.exe
C:\Programme\phonostar\ps_timer.exe
C:\Programme\MSN Messenger\MsnMsgr.Exe
C:\Programme\Microsoft Office\Office\OSA.EXE
C:\Programme\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Programme\Intel\Intel Application Accelerator\iaantmon.exe
C:\Programme\Norton AntiVirus\IWP\NPFMntor.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Center\SymWSC.exe
C:\Programme\Norton AntiVirus\navapsvc.exe
C:\Programme\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Programme\Java\jre1.5.0_06\bin\jucheck.exe
C:\Programme\internet explorer\iexplore.exe
C:\Programme\Microsoft Office\Office\Winword.exe
C:\Dokumente und Einstellungen\schorsch\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.euro.dell.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 124.49.135.22:8080
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\toolbaru.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Programme\Gemeinsame Dateien\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programme\google\googletoolbar3.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programme\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Programme\Gemeinsame Dateien\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programme\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\toolbaru.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programme\google\googletoolbar3.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Programme\Intel\Intel Application Accelerator\iaanotif.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Programme\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [ATIPTA] C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Programme\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
O4 - HKLM\..\Run: [CTDVDDet] C:\Programme\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [AsioReg] REGSVR32.EXE /S CTASIO.DLL
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Programme\Gemeinsame Dateien\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [ccApp] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Programme\Norton Internet Security\UrlLstCk.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE BenQ Web Camera
O4 - HKLM\..\Run: [ICQ Lite] "C:\Programme\ICQLite\ICQLite.exe" -minimize
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SB Audigy 2 Startup Menu] /L:GER
O4 - HKCU\..\Run: [PhonostarAgent] C:\Programme\phonostar\ps_agent.exe
O4 - HKCU\..\Run: [PhonostarTimer] C:\Programme\phonostar\ps_timer.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programme\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Programme\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Programme\ICQLite\ICQLite.exe -trayboot
O4 - Global Startup: Adobe Reader - Schnellstart.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Office-Start.lnk = C:\Programme\Microsoft Office\Office\OSA.EXE
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Programme\ICQToolbar\toolbaru.dll/SEARCH.HTML
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://www-secure.symantec.com/techsupp/asa/LSSupCtl.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/273c9c8168193b62de06/netzip/RdxIE601_de.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/asa/SymAData.cab
O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} (Measurement Services Client v.3.7) - http://advisor.futuremark.com/global/msc37.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Automatisches LiveUpdate - Scheduler - Symantec Corporation - C:\Programme\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:\Programme\Intel\Intel Application Accelerator\iaantmon.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~2\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect-Dienst (navapsvc) - Symantec Corporation - C:\Programme\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Programme\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Programme\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\GEMEIN~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: TSMService - T-Systems Nova, Berkom - C:\Programme\T-DSL SpeedManager\tsmsvc.exe
 
Ried

· TSF Security Manager, Emeritus
Joined
·
42,952 Posts
#6 ·
Hello lightspeed, :smile:

We just need to clear out those cookies:

Clear Internet Explorer Cookies: (you do not need to be connected to the internet to perform this)

Launch Internet Explorer>Tools>Internet Options>Delete Cookies

-----------------------------------

These logs appear clean. How is your system behaving?
 
Save Share
L

· Registered
Joined
·
3 Posts
Discussion Starter · #7 ·
cookies removed...


THANKS !!!

My system is back to normal again as far as I can tell.
And I am VERY happy about that.

So –
thank you Ried for your professional and quick help
and thanks to Hustler24 for showing me this helpful board.

LOV lightspeed :smile:

P.S.:
Should I through Norton over board ?
I mean this „elefant“ was not able to protect my computer...
 
Ried

· TSF Security Manager, Emeritus
Joined
·
42,952 Posts
#8 ·
Hello lightspeed,

You're welcome--glad to have been of assistance. :smile:

If you've already paid for Norton, keep it. My understanding is that you previously had a Smitfraud infection aboard as well as a couple other infections. Anti-Virus programs are mainly used for detecting and removing viruses/trojans only. They aren't meant (and probably won't at least for the present time) detect/block other forms of spyware/malware. To do that, you need Anti-Malware programs which I will list for you below:

Your logs are clean. If there aren't any more problems, please continue with these final instructions and helpful links.

To help protect your computer in the future I recommend that you get the following free programs if you do not already have them:


Download SpywareBlaster 3.5.1 to help prevent spyware from installing in the first place. Install & update SpywareBlaster with the latest definitions. After you have updated, click the button - enable protection for all unprotected items .

Download Spyware Guard to catch and block spyware before it can execute.

Download IE-SPYAD.EXE to block access to malicious websites so you cannot be redirected to them from an infected site or email. IE/Spyad places more than 4000 dubious websites and domains in the IE Restricted list. This severely impairs attempts to infect your system. It basically prevents any downloads (Cookies etc) from the sites listed, although you will still be able to connect to the sites. This is a self-extracting .ZIP file, and save it to your desktop. Once downloaded, double-click on it to extract the files inside (default dir is C:\IE-SPYAD)
  • Now navigate to C:\ie-spyad. Double click to open it.
  • From within the folder, double-click install.bat
  • Select Option #2 - Install the new IE-SPYAD list, by typing 2
  • Then return to the main menu.
  • Select option #4 - Add the old porn sites domain, by typing 4

Download Spybot Search & Destroy 1.4 Run Spybot and click on the 'Search for Updates' button. Install any updates that are available. Now click Mode menu and choose 'Advanced Mode'. Next click on Immunize to your left. Click the Immunize button on top to Immunize your computer - you should do this each time there is an update. Click 'Check for Problems' and fix all the entries, which are indicated in RED.

Download Adaware SE and install it if you don't have it already. Make sure it's the newest version and check for any updates before running it. Also make sure to Customize the settings in Adaware for better scan results. Run the scan and fix everything that it finds.


Update and scan with these programs regularly. Without regular updates you will not be protected when new malicious programs are released.

In light of your recent issue, I'm sure you'll like to avoid any future infections. Please take a look at these well written articles:

PC Safety and Security--What Do I Need?

HOW DID I GET INFECTED IN THE FIRST PLACE? by Tony Klein
THE ANTI-SPYWARE TUTORIAL
MAKING INTERNET EXPLORER SAFER
Understanding and Using Firewalls


**Be very wary with any security software that is advertised in popups or in other ways. They are not only usually of no use, but often have malware in them.

Follow this list and your potential for being infected again will reduce dramatically. :smile:
 
Save Share
1 - 8 of 8 Posts
Status
Not open for further replies.
About this Discussion
7 Replies
2 Participants
Last post:
Ried
Tech Support Forum
A forum community dedicated to tech experts and enthusiasts. Come join the discussion about articles, computer security, Mac, Microsoft, Linux, hardware, networking, gaming, reviews, accessories, and more!
Full Forum Listing
Explore Our Forums
Windows XP Support Windows 7 , Windows Vista Support Motherboards, Bios|UEFI & CPU Networking Support Laptop Support
Top