Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

there still is something,....

Started by herzkartoffel , Feb 27 2005 05:25 PM

  • Please log in to reply

#1
herzkartoffel
Posted 27 February 2005 - 05:25 PM

herzkartoffel

    New Member

  • Member
  • Pip
  • 1 posts
i'm working with windows2000, tried to remove every malware with the stuff i downloaded from this site. online-malware-checks didn't work, but i think at least the about-blank-thing is gone.
but there are still "you may have spyware"-popups (even when i'm offline) and it don't seem that any of the downloaded stuff wants to remove this problem.
and i'm not sure - maybe "spooner a" is still with me...?

thx for help!
here's my log:

Logfile of HijackThis v1.99.1
Scan saved at 00:27:31, on 28.02.2005
Platform: Windows 2000 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
E:\antivir\AVWUPSRV.EXE
C:\Programme\Gemeinsame Dateien\EPSON\EBAPI\SAgent2.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\Programme\WZCBDL Service\WZCBDLS.exe
C:\WINNT\Explorer.exe
C:\WINNT\System32\devldr32.exe
C:\WheelMou\wh_exec.exe
E:\d-link dwl 510\AirCFG.exe
C:\Programme\QuickTime\qttask.exe
E:\icq\ICQLite\ICQLite.exe
C:\WINNT\System32\rundll32.exe
C:\WINNT\System32\internat.exe
C:\WINNT\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\Programme\Nikon\PictureProject\NkbMonitor.exe
C:\Programme\Mozilla Firefox\firefox.exe
C:\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.de
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [WheelMouse] C:\WheelMou\wh_exec.exe
O4 - HKLM\..\Run: [UpdReg] C:\WINNT\Updreg.exe
O4 - HKLM\..\Run: [AHQInit] e:\Soundblaster\Program\AHQInit.exe
O4 - HKLM\..\Run: [D-Link Air Utility] E:\d-link dwl 510\AirCFG.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\System32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ICQ Lite] E:\icq\ICQLite\ICQLite.exe -minimize
O4 - HKLM\..\Run: [expolersys] C:\WINNT\System32\dirhost32.exe
O4 - HKLM\..\Run: [datacryptdirx] C:\WINNT\System32\direxpoler.exe %srun%
O4 - HKLM\..\Run: [sp] rundll32 C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\se.dll,DllInstall
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKCU\..\RunOnce: [ICQ Lite] E:\icq\ICQLite\ICQLite.exe -trayboot
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINNT\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Programme\Nikon\PictureProject\NkbMonitor.exe
O9 - Extra button: ICQ 4.1 - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - E:\icq\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - E:\icq\ICQLite\ICQLite.exe
O14 - IERESET.INF: SEARCH_PAGE_URL=
O14 - IERESET.INF: START_PAGE_URL=
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540006} - http://www.errorguar...ion/Install.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.r...RdxIE601_de.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{E2E87B72-8870-40F6-9DB3-C60D1EF47896}: NameServer = 195.58.160.2,195.58.161.3
O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - E:\antivir\AVGUARD.EXE
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - E:\antivir\AVWUPSRV.EXE
O23 - Service: Verwaltungsdienst für die Verwaltung logischer Datenträger (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Programme\Gemeinsame Dateien\EPSON\EBAPI\SAgent2.exe
O23 - Service: WZCBDL Service (WZCBDLService) - D-Link - C:\Programme\WZCBDL Service\WZCBDLS.exe
  • 0

Advertisements

#2
don77
Posted 16 March 2005 - 06:04 AM

don77

    Malware Expert

  • Retired Staff
  • 18,526 posts
Hi and welcome herzkartoffel

Sorry for the late reply, If your still looking to resolve this issue,
Please run through steps 1 and 2 outlined in this Topic
Post back a fresh HJT log to this thread please,

If you have fixed your issue please let us know,

Thanks and again sorry for the late reply


Don
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP