Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Trojan-Spy.HTML.Smitfraud.c / Joke.Smitfraudoid

Started by Evocater , Apr 18 2005 11:13 PM

  • Please log in to reply

#1
Evocater
Posted 18 April 2005 - 11:13 PM

Evocater

    Member

  • Member
  • PipPip
  • 30 posts
I have been infected by the trojan, which I believe is Trojan-Spy.HTML.Smitfraud.c or Joke.Smitfraudoid . I have discovered the same symptoms like many other users that postet a thread for Smitfraud:

My desktop is blue and has the following warning:

securty warning
a fatal error in IE has occured at 0028:C0011E36 in VXD VMM<01> +
00010E36. Error was caused by trajan_spy.html.smitfraud.c

* system can not fuction in normal mode.
plese check you securty settings.

* scan your pc with any available antivirus/ spyware remover program to fix the problem.

I have installed and run every programm listed in the thread You Must Read This Before Posting A Hijackthis Log, Required steps before posting your log. by ditto .

I am now running on Windows XP SP2.

As I read through various threads about the Smitrfraud-Trojan I read different approaches to get rid of it.
As a result of that i have deleted the file "C:\wp.exe" with the Killbox programm.

My concerns are to be certain with doing the right things to get rid of the trojan, so I didn't continue working of other people's threads, because my settings might require a different approach.

Please help me Geeks to Go Team!
  • 0

Advertisements

#2
Evocater
Posted 18 April 2005 - 11:18 PM

Evocater

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts
Here is my HijackThis log.
I want to mention that I usually do not use all the processes listed in this log, but I re-enabled everything in the msconfig like suggested in the You Must Read This Before Posting A Hijackthis Log thread.

Thanks in advance!

-------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 11:55:35 PM, on 4/18/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Winamp\Winampa.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\HPQ\One-Touch\OneTouch.EXE
C:\WINDOWS\system32\carpserv.exe
C:\WINDOWS\system32\atiptaxx.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\PROGRA~1\ICQPRO~1\ICQ.exe
C:\WINDOWS\System32\msiexec.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Program Files\D-Link AirPlus\WLANMON.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\Acrodist.exe
C:\Program Files\Trillian\trillian.exe
C:\Documents and Settings\Johannes\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

http://www.google.de
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =

http://websearch.drs...32252662&id=5.0
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =

http://websearch.drs...32252662&id=5.0
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

http://www.starfights.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

http://www.google.de
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =

http://websearch.drs...32252662&id=5.0
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

http://websearch.drs...32252662&id=5.0
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

http://websearch.drs...32252662&id=5.0
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

http://websearch.drs...32252662&id=5.0
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =

websearch.shopnav.com/q.cgi?q=
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext =

http://cf.icq.com/cf...t_password.html
R3 - URLSearchHook: (no name) - _{3D096385-EF29-4DCD-D311-3118BF642F85} - (no

file)
O2 - BHO: (no name) - SOFTWARE - (no file)
O2 - BHO: Band Class - {0007522A-2297-43C1-8EB1-C90B0FF20DA5} -

C:\WINDOWS\enhtb.dll
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} -

C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_19_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -

C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} -

C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} -

c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} -

C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_19_0.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program

files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common

Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone

Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [wwxaff] C:\WINDOWS\System32\yobwazne.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\Winampa.exe"
O4 - HKLM\..\Run: [Win Server Updt] C:\WINDOWS\wupdt.exe
O4 - HKLM\..\Run: [WebRebates0] C:\Program Files\Web_Rebates\WebRebates0.exe
O4 - HKLM\..\Run: [vhpuyypeqep] C:\WINDOWS\System32\yobwazne.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
O4 - HKLM\..\Run: [satmat] C:\WINDOWS\satmat.exe
O4 - HKLM\..\Run: [SAHBundle] C:\DOCUME~1\Johannes\LOCALS~1\Temp\bundle.exe
O4 - HKLM\..\Run: [SAHAgent] C:\WINDOWS\System32\SahAgent.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe"

-atboottime
O4 - HKLM\..\Run: [QT4HPOT] C:\Program Files\HPQ\One-Touch\OneTouch.EXE
O4 - HKLM\..\Run: [PreloadApp] c:\hp\drivers\printers\photosmart\hphprld.exe

c:\hp\drivers\printers\photosmart\setup.exe -d
O4 - HKLM\..\Run: [NaviSearch] C:\Program Files\NaviSearch\bin\nls.exe
O4 - HKLM\..\Run: [Mirabilis ICQ] C:\PROGRA~1\ICQPRO~1\ICQNet.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet

Optimizer\optimize.exe"
O4 - HKLM\..\Run: [enwgrwadbls] C:\WINDOWS\System32\yobwazne.exe
O4 - HKLM\..\Run: [Enh Win Updt] C:\WINDOWS\enhupdt.exe
O4 - HKLM\..\Run: [EbatesMoeMoneyMaker0] "C:\Program

Files\Ebates_MoeMoneyMaker\EbatesMoeMoneyMaker0.exe"
O4 - HKLM\..\Run: [Display Settings] C:\Program Files\HPQ\Notebook

Utilities\hptasks.exe /s
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [ClrSchLoader] C:\Program Files\ClearSearch\Loader.exe
O4 - HKLM\..\Run: [CashBack] C:\Program Files\CashBack\bin\cashback.exe
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [BullsEye Network] C:\Program Files\BullsEye

Network\bin\bargains.exe
O4 - HKLM\..\Run: [ATIPTA] atiptaxx.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator

5\DirectCD\DirectCD.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WindowsFY] c:\wp.exe
O4 - HKCU\..\Run: [qgnfwtk] c:\windows\oveyeyq.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe"

/background
O4 - Startup: Trillian.lnk = C:\Program Files\Trillian\trillian.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat

5.0\Distillr\AcroTray.exe
O4 - Global Startup: D-Link AirPlus DWL-650+ Utility.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft

Office\Office10\OSA.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Google Search - res://c:\program

files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program

Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel -

res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Im Cache gespeicherte Seite - res://c:\program

files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Verweisseiten - res://c:\program

files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program

Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program

Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Ähnliche Seiten - res://c:\program

files\google\GoogleToolbar1.dll/cmsimilar.html
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} -

C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger -

{4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program

Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} -

C:\PROGRA~1\ICQPRO~1\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} -

C:\PROGRA~1\ICQPRO~1\ICQ.exe
O9 - Extra button: ICQ 4.1 - {B863453A-26C3-4e1f-A54D-A2CD196348E9} -

C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite -

{B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -

C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger -

{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

Files\Messenger\msmsgs.exe
O9 - Extra button: Microsoft AntiSpyware helper -

{2FD19AB9-E64C-4B5B-8ECD-91AF0CE2956E} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper -

{2FD19AB9-E64C-4B5B-8ECD-91AF0CE2956E} - (no file) (HKCU)
O9 - Extra button: Ebates - {6685509E-B47B-4f47-8E16-9A5F3A62F683} -

file://C:\Program Files\Ebates_MoeMoneyMaker\Sy350\Tp350\scri350a.htm (file

missing) (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet

Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: *.slotchbar.com
O15 - Trusted Zone: *.windupdates.com
O15 - Trusted Zone: *.skoobidoo.com (HKLM)
O15 - Trusted Zone: *.slotchbar.com (HKLM)
O15 - Trusted Zone: *.windupdates.com (HKLM)
O15 - Trusted IP range: 67.19.185.246
O16 - DPF: Yahoo! Bridge -

http://download.game...nts/y/bt1_x.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) -

http://a840.g.akamai...icro.com/housec

all/xscan53.cab
O16 - DPF: {D8A8A7F1-53EF-41F2-B44D-F3E2E595DC27} -

ms-its:mhtml:file://C:\MAIN.MHT!http://69.50.163.248....chm::/update.e

xe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. -

C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. -

C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe

-------------------------------------------
  • 0

#3
Evocater
Posted 18 April 2005 - 11:21 PM

Evocater

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts
Here is my SilentRunner log:




"Silent Runners.vbs", revision 35, http://www.silentrunners.org/
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by "{++}"


Startup items buried in registry:
---------------------------------

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"ctfmon.exe" = "C:\WINDOWS\system32\ctfmon.exe" [MS]
"WindowsFY" = "c:\wp.exe" [file not found]
"qgnfwtk" = "c:\windows\oveyeyq.exe" [file not found]
"msnmsgr" = ""C:\Program Files\MSN Messenger\msnmsgr.exe" /background" [MS]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"TkBellExe" = ""C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot" ["RealNetworks, Inc."]
"AVG7_CC" = "C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP" ["GRISOFT, s.r.o."]
"AVG7_EMC" = "C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe" ["GRISOFT, s.r.o."]
"Zone Labs Client" = ""C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"" [file not found]
"wwxaff" = "C:\WINDOWS\System32\yobwazne.exe" [file not found]
"WinampAgent" = ""C:\Program Files\Winamp\Winampa.exe"" [null data]
"Win Server Updt" = "C:\WINDOWS\wupdt.exe" [file not found]
"WebRebates0" = "C:\Program Files\Web_Rebates\WebRebates0.exe" [file not found]
"vhpuyypeqep" = "C:\WINDOWS\System32\yobwazne.exe" [file not found]
"SynTPLpr" = "C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" ["Synaptics, Inc."]
"SynTPEnh" = "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" ["Synaptics, Inc."]
"srmclean" = "C:\Cpqs\Scom\srmclean.exe" [null data]
"satmat" = "C:\WINDOWS\satmat.exe" [file not found]
"SAHBundle" = "C:\DOCUME~1\Johannes\LOCALS~1\Temp\bundle.exe" [file not found]
"SAHAgent" = "C:\WINDOWS\System32\SahAgent.exe" [file not found]
"QuickTime Task" = ""C:\Program Files\QuickTime\qttask.exe" -atboottime" ["Apple Computer, Inc."]
"QT4HPOT" = "C:\Program Files\HPQ\One-Touch\OneTouch.EXE" ["Dritek System Inc."]
"PreloadApp" = "c:\hp\drivers\printers\photosmart\hphprld.exe c:\hp\drivers\printers\photosmart\setup.exe -d" [null data]
"NaviSearch" = "C:\Program Files\NaviSearch\bin\nls.exe" [file not found]
"Mirabilis ICQ" = "C:\PROGRA~1\ICQPRO~1\ICQNet.exe" [null data]
"KernelFaultCheck" = "%systemroot%\system32\dumprep 0 -k" [MS]
"Internet Optimizer" = ""C:\Program Files\Internet Optimizer\optimize.exe"" [file not found]
"enwgrwadbls" = "C:\WINDOWS\System32\yobwazne.exe" [file not found]
"Enh Win Updt" = "C:\WINDOWS\enhupdt.exe" [file not found]
"EbatesMoeMoneyMaker0" = ""C:\Program Files\Ebates_MoeMoneyMaker\EbatesMoeMoneyMaker0.exe"" [file not found]
"Display Settings" = "C:\Program Files\HPQ\Notebook Utilities\hptasks.exe /s" ["Hewlett-Packard"]
"Cpqset" = "C:\Program Files\HPQ\Default Settings\cpqset.exe" [null data]
"ClrSchLoader" = "C:\Program Files\ClearSearch\Loader.exe" [file not found]
"CashBack" = "C:\Program Files\CashBack\bin\cashback.exe" [file not found]
"CARPService" = "carpserv.exe" ["Conexant Systems, Inc."]
"BullsEye Network" = "C:\Program Files\BullsEye Network\bin\bargains.exe" [file not found]
"ATIPTA" = "atiptaxx.exe" ["ATI Technologies, Inc."]
"ATIModeChange" = "Ati2mdxx.exe" ["ATI Technologies, Inc."]
"AdaptecDirectCD" = ""C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"" [file not found]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{0007522A-2297-43C1-8EB1-C90B0FF20DA5}\(Default) = "Band Class" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\enhtb.dll" [empty string]
{02478D38-C3F9-4efb-9B51-7695ECA05670}\(Default) = "Yahoo! Companion BHO" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_19_0.dll" ["Yahoo! Inc."]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = "AcroIEHlprObj Class" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx" [empty string]
{53707962-6F74-2D53-2644-206D7942484F}\(Default) = (no title provided)
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\SPYBOT~1\SDHelper.dll" ["Safer Networking Limited"]
{AA58ED58-01DD-4d91-8333-CF10577473F7}\(Default) = "Google Toolbar Helper" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "c:\program files\google\googletoolbar1.dll" ["Google Inc."]

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "HyperTerminal Icon Ext"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."]
  • 0

#4
Evocater
Posted 20 April 2005 - 11:14 AM

Evocater

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts
:tazz:

If nobody has time could you please just tell me if I can do the same fixes that other people got explained in their topics, or would that harm my computer?

Please help me, GeeksToGo-Team, you're awsome!
  • 0

#5
Evocater
Posted 22 April 2005 - 12:56 AM

Evocater

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts
I couldn't stand waiting and doing nothing, so I joined the GeekU and read tutorials about HJT. Then I followed the outlined instructions against this trojan.
I got rid of it by myself now.
But I still haven't tried to fix anything in my hijackthis log. I know that their is still a lot of crab in their that's not supposed to be there, but I don't feel confident enough to mess with that yet.
I will post a new log tomorrow to see if anything changed, because what I did by my own.
  • 0

#6
Michelle
Posted 22 April 2005 - 01:01 AM

Michelle

    Malware Removal Goddess

  • Retired Staff
  • 8,928 posts
Post a new log (NOT doublespaced) and I'll tell you :tazz:
  • 0

#7
Evocater
Posted 22 April 2005 - 03:00 PM

Evocater

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts
Here is my new log. Like already mentioned I don't usually use all the running processes and just re-enabled them in the System Configuration Utitlity (msconfig). That's where I disabled them before, because I didn't need them. :tazz:
Thanks for helping.


Logfile of HijackThis v1.99.1
Scan saved at 3:53:54 PM, on 4/22/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Winamp\Winampa.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\HPQ\One-Touch\OneTouch.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\system32\HPConfig.exe
C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe
C:\WINDOWS\system32\carpserv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\atiptaxx.exe
C:\PROGRA~1\ICQPRO~1\ICQ.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Program Files\D-Link AirPlus\WLANMON.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\Acrodist.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\Trillian\trillian.exe
C:\WINDOWS\System32\msiexec.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Hijack This\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.de
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drs...32252662&id=5.0
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drs...32252662&id=5.0
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.starfights.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.de
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drs...32252662&id=5.0
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drs...32252662&id=5.0
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://websearch.drs...32252662&id=5.0
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://websearch.drs...32252662&id=5.0
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.shopnav.com/q.cgi?q=
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://cf.icq.com/cf...t_password.html
R3 - URLSearchHook: (no name) - _{3D096385-EF29-4DCD-D311-3118BF642F85} - (no file)
O2 - BHO: (no name) - SOFTWARE - (no file)
O2 - BHO: Band Class - {0007522A-2297-43C1-8EB1-C90B0FF20DA5} - C:\WINDOWS\enhtb.dll
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_19_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_19_0.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [wwxaff] C:\WINDOWS\System32\yobwazne.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\Winampa.exe"
O4 - HKLM\..\Run: [Win Server Updt] C:\WINDOWS\wupdt.exe
O4 - HKLM\..\Run: [WebRebates0] C:\Program Files\Web_Rebates\WebRebates0.exe
O4 - HKLM\..\Run: [vhpuyypeqep] C:\WINDOWS\System32\yobwazne.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
O4 - HKLM\..\Run: [satmat] C:\WINDOWS\satmat.exe
O4 - HKLM\..\Run: [SAHBundle] C:\DOCUME~1\Johannes\LOCALS~1\Temp\bundle.exe
O4 - HKLM\..\Run: [SAHAgent] C:\WINDOWS\System32\SahAgent.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [QT4HPOT] C:\Program Files\HPQ\One-Touch\OneTouch.EXE
O4 - HKLM\..\Run: [PreloadApp] c:\hp\drivers\printers\photosmart\hphprld.exe c:\hp\drivers\printers\photosmart\setup.exe -d
O4 - HKLM\..\Run: [NaviSearch] C:\Program Files\NaviSearch\bin\nls.exe
O4 - HKLM\..\Run: [Mirabilis ICQ] C:\PROGRA~1\ICQPRO~1\ICQNet.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe"
O4 - HKLM\..\Run: [enwgrwadbls] C:\WINDOWS\System32\yobwazne.exe
O4 - HKLM\..\Run: [Enh Win Updt] C:\WINDOWS\enhupdt.exe
O4 - HKLM\..\Run: [EbatesMoeMoneyMaker0] "C:\Program Files\Ebates_MoeMoneyMaker\EbatesMoeMoneyMaker0.exe"
O4 - HKLM\..\Run: [Display Settings] C:\Program Files\HPQ\Notebook Utilities\hptasks.exe /s
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [ClrSchLoader] C:\Program Files\ClearSearch\Loader.exe
O4 - HKLM\..\Run: [CashBack] C:\Program Files\CashBack\bin\cashback.exe
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [BullsEye Network] C:\Program Files\BullsEye Network\bin\bargains.exe
O4 - HKLM\..\Run: [ATIPTA] atiptaxx.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WindowsFY] c:\wp.exe
O4 - HKCU\..\Run: [qgnfwtk] c:\windows\oveyeyq.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Startup: Trillian.lnk = C:\Program Files\Trillian\trillian.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: D-Link AirPlus DWL-650+ Utility.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Im Cache gespeicherte Seite - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Verweisseiten - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Ähnliche Seiten - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQPRO~1\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQPRO~1\ICQ.exe
O9 - Extra button: ICQ 4.1 - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Microsoft AntiSpyware helper - {2FD19AB9-E64C-4B5B-8ECD-91AF0CE2956E} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {2FD19AB9-E64C-4B5B-8ECD-91AF0CE2956E} - (no file) (HKCU)
O9 - Extra button: Ebates - {6685509E-B47B-4f47-8E16-9A5F3A62F683} - file://C:\Program Files\Ebates_MoeMoneyMaker\Sy350\Tp350\scri350a.htm (file missing) (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: Yahoo! Bridge - http://download.game...nts/y/bt1_x.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {9B03C5F1-F5AB-47EE-937D-A8EDA626F876} (Anonymizer Anti-Spyware Scanner) - http://download.zone...ctor/WebAAS.cab
O16 - DPF: {D8A8A7F1-53EF-41F2-B44D-F3E2E595DC27} - ms-its:mhtml:file://C:\MAIN.MHT!http://69.50.163.248...hm::/update.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: HP Configuration Interface Service (HPConfig) - Hewlett-Packard - C:\WINDOWS\system32\HPConfig.exe
O23 - Service: HPWirelessMgr - Hewlett-Packard Co. - C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe
  • 0

#8
Evocater
Posted 27 April 2005 - 04:14 PM

Evocater

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts
If noone replies, I'll be through the practice logs and can fix my computer myself before I get an answer :tazz: .
No, just joking. It's ok... I don't have any serious problems anymore, so I don't mind waiting. I'm busy learning ;) .
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP