[toniestes]

Help me I scanned my computer so many times with Ad-Aware, MicrosoftSpyware, Spybot..etc..
My desktop has been hijacked I cannot right-click and Before the scanning there was a warning message, now the desktop has no longer warning message, but it changes color and no right click.




please take a look at my HijackThis log....


Logfile of HijackThis v1.99.1
Scan saved at 13:47:12, on 26.04.2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\LEXBCES.EXE
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\LEXPPS.EXE
C:\Programme\AVPersonal\AVGUARD.EXE
C:\Programme\AVPersonal\AVWUPSRV.EXE
C:\WINNT\System32\CTSvcCDA.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\MsPMSPSv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\Programme\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Programme\Winamp\winampa.exe
C:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe
C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
C:\Programme\QuickTime\qttask.exe
C:\Programme\AVPersonal\AVGNT.EXE
C:\WINNT\sys2544.exe
C:\Programme\Microsoft AntiSpyware\gcasServ.exe
C:\WINNT\system32\internat.exe
C:\Programme\MRU-Blaster\scheduler.exe
C:\Programme\Microsoft AntiSpyware\gcasDtServ.exe
C:\Programme\Yahoo!\Messenger\ymsgr_tray.exe
C:\PROGRA~1\Mozilla1.6\Mozilla.exe
C:\Dokumente und Einstellungen\Administrator\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = www.google.ch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchURL = www.google.ch
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_5_7_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_5_7_0.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Programme\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [BJCFD] C:\Programme\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Programme\Winamp\winampa.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVGCtrl] C:\Programme\AVPersonal\AVGNT.EXE /min
O4 - HKLM\..\Run: [0A037986] C:\WINNT\sys2544.exe
O4 - HKLM\..\Run: [0AA01586] C:\WINNT\sys2556.exe
O4 - HKLM\..\Run: [0FA00F86] C:\WINNT\sys2430.exe
O4 - HKLM\..\Run: [0422D386] C:\WINNT\sys3821.exe
O4 - HKLM\..\Run: [0480C786] C:\WINNT\sys3832.exe
O4 - HKLM\..\Run: [0122CB86] C:\WINNT\sys3843.exe
O4 - HKLM\..\Run: [0480D186] C:\WINNT\sys3931.exe
O4 - HKLM\..\Run: [01238D86] C:\WINNT\sys3949.exe
O4 - HKLM\..\Run: [0780DB86] C:\WINNT\sys3817.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Programme\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKCU\..\Run: [Mozilla Quick Launch] "C:\Programme\Mozilla1.6\Mozilla.exe" -turbo
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Programme\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [0A037986] C:\WINNT\sys2544.exe
O4 - HKCU\..\Run: [0AA01586] C:\WINNT\sys2556.exe
O4 - HKCU\..\Run: [0FA00F86] C:\WINNT\sys2430.exe
O4 - HKCU\..\Run: [0422D386] C:\WINNT\sys3821.exe
O4 - HKCU\..\Run: [0480C786] C:\WINNT\sys3832.exe
O4 - HKCU\..\Run: [0122CB86] C:\WINNT\sys3843.exe
O4 - HKCU\..\Run: [0480D186] C:\WINNT\sys3931.exe
O4 - HKCU\..\Run: [01238D86] C:\WINNT\sys3949.exe
O4 - HKCU\..\Run: [0780DB86] C:\WINNT\sys3817.exe
O4 - HKCU\..\RunOnce: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - Startup: MRU-Blaster Scheduler.lnk = C:\Programme\MRU-Blaster\scheduler.exe
O4 - Startup: MRU-Blaster Silent Clean.lnk = C:\Programme\MRU-Blaster\mrublaster.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Programme\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Programme\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Programme\Yahoo!\Common/ycdict.htm
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Programme\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Programme\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O12 - Plugin for .pdf: C:\Programme\Internet Explorer\PLUGINS\nppdf32.dll
O15 - Trusted Zone: http://*.iframeprofit.com/
O15 - Trusted Zone: http://*.mycounter.biz/
O15 - Trusted Zone: http://*.our-counter.com/
O15 - Trusted Zone: http://*.[bleep]-search.biz/[bleep]/
O16 - DPF: ChatSpace JavaLight Client - http://chat.asmarino.../Java/cslt4.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.co...ad/MsnPUpld.cab
O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Programme\AVPersonal\AVGUARD.EXE
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Programme\AVPersonal\AVWUPSRV.EXE
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINNT\System32\CTSvcCDA.exe
O23 - Service: Verwaltungsdienst für die Verwaltung logischer Datenträger (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINNT\system32\LEXBCES.EXE

[Advertisements]

Hi toniestes,

Sorry you had to wait so long.

Please do an online virusscan for example here: http://housecall.antivirus.com/
Post back with a new HijackThis log if you still require help.

Regards,

[Metallica]

Hi toniestes,

Sorry you had to wait so long.

Please do an online virusscan for example here: http://housecall.antivirus.com/
Post back with a new HijackThis log if you still require help.

Regards,