Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

changed desktop [CLOSED]


  • This topic is locked This topic is locked

#1
Init

Init

    New Member

  • Member
  • Pip
  • 6 posts
Hi there! I desperately need help! I scanned with a professional antivirus kit (G DATA), adaware, spybot but nothing worked. My desktop background changed to some weird warning signs like "the FBI knows anything about you" or "your activity is tracked". The homepage it wants me to open to "stop this threat" is "cleanprivacy.info". Additionally, every 10 minutes or so the cd-drive opens. ;)

Please help! :tazz:

Find my hijackThis file attached



Logfile of HijackThis v1.99.1
Scan saved at 16:36:55, on 07.08.2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\Programme\AntiVirenKit InternetSecurity\AVK\AVKService.exe
C:\Programme\AntiVirenKit InternetSecurity\AVK\AVKWCtl.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Programme\QKeys\QKeys.EXE
C:\Programme\Java\j2re1.4.2_08\bin\jusched.exe
C:\Programme\Gemeinsame Dateien\G DATA\AVKMail\AVKPOP.EXE
C:\Programme\QuickTime\qttask.exe
C:\Programme\iTunes\iTunesHelper.exe
C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
C:\PROGRA~1\GEMEIN~1\PCSuite\DATALA~1\DATALA~1.EXE
C:\PROGRA~1\Nokia\NOKIAP~1\TRAYAP~1.EXE
C:\Programme\iPod\bin\iPodService.exe
C:\WINDOWS\System32\ctfmon.exe
C:\PROGRA~1\GEMEIN~1\PCSuite\Services\SERVIC~1.EXE
C:\Programme\Tools\Spybot - Search & Destroy\TeaTimer.exe
C:\Programme\22M WLAN Adapter\WLANMON.exe
C:\Programme\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Programme\AntiVirenKit InternetSecurity\Firewall\kavpf.exe
C:\Programme\ACT\SideACT.exe
C:\Programme\AntiVirenKit InternetSecurity\Webfilter\Webfilter.exe
C:\PROGRA~1\ANTIVI~1\WEBFIL~1\ADSCLE~1.EXE
C:\Dokumente und Einstellungen\Alle\Lokale Einstellungen\Temp\Temporäres Verzeichnis 7 für hijackthis.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://w-find.com/sp.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://w-find.com/index.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft...er=6&ar=msnhome
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft...=ie&ar=iesearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft...B_PVER}&ar=home
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://w-find.com/sp.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://w-find.com/index.htm
O2 - BHO: Poly HTML Filter BHO - {0140DF95-9128-4053-AE72-F43F0CFCA062} - C:\WINDOWS\system32\SiKernel.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: SearchToolbar - {08BEC6AA-49FC-4379-3587-4B21E286C19E} - (no file)
O2 - BHO: SIPAKBHO Class - {40FB69E1-9B7B-453F-B238-37D8E9528929} - C:\Programme\AntiVirenKit InternetSecurity\Webfilter\PAKIEPlugins.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Tools\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: ActiveX Control - {C5ADE1EF-8F3F-4573-A179-9CFA1D20CBE5} - C:\WINDOWS\System32\msklc.dll (file missing)
O2 - BHO: Offliner AdFilter Helper - {DC9377A2-2E8D-44A1-99DB-F8A821DF254D} - C:\WINDOWS\system32\SiPlugins.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: SearchToolbar - {08BEC6AA-49FC-4379-3587-4B21E286C19E} - (no file)
O3 - Toolbar: WebFilter-Leiste - {75CD0BC5-E317-449C-9FF6-4986B3D48F64} - C:\PROGRA~1\ANTIVI~1\WEBFIL~1\PAKIEGUI.dll
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [QKeys] C:\Programme\QKeys\QKeys.EXE
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM\..\Run: [Windows Task Manager] c:\windows\system32\taskmg.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\j2re1.4.2_08\bin\jusched.exe
O4 - HKLM\..\Run: [AVK Mail Checker] "C:\Programme\Gemeinsame Dateien\G DATA\AVKMail\AVKPOP.EXE"
O4 - HKLM\..\Run: [Internet Shedule] C:\WINDOWS\System32\runoound.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programme\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [DataLayer] C:\PROGRA~1\GEMEIN~1\PCSuite\DATALA~1\DATALA~1.EXE
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\TRAYAP~1.EXE
O4 - HKLM\..\Run: [d289ead266d] C:\WINDOWS\System32\d289ead266d.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [xoojdit] c:\windows\yaafoai.exe
O4 - HKCU\..\Run: [qfiyvsl] c:\windows\yaafoai.exe
O4 - HKCU\..\Run: [hcwdipn] c:\windows\yaafoai.exe
O4 - HKCU\..\Run: [illxuit] c:\windows\yaafoai.exe
O4 - HKCU\..\Run: [ubtvfvn] c:\windows\yaafoai.exe
O4 - HKCU\..\Run: [qpovbdl] c:\windows\yaafoai.exe
O4 - HKCU\..\Run: [oqkirgn] c:\windows\yaafoai.exe
O4 - HKCU\..\Run: [ycwxlnw] c:\windows\yaafoai.exe
O4 - HKCU\..\Run: [qllxaxt] c:\windows\yaafoai.exe
O4 - HKCU\..\Run: [tsltrjw] c:\windows\yaafoai.exe
O4 - HKCU\..\Run: [kfbjiyf] c:\windows\yaafoai.exe
O4 - HKCU\..\Run: [rauabdn] c:\windows\yaafoai.exe
O4 - HKCU\..\Run: [rxvvnht] c:\windows\yaafoai.exe
O4 - HKCU\..\Run: [mljmlmk] c:\windows\yaafoai.exe
O4 - HKCU\..\Run: [ufsnncb] c:\windows\yaafoai.exe
O4 - HKCU\..\Run: [mvoyuij] c:\windows\yaafoai.exe
O4 - HKCU\..\Run: [oanbnul] c:\windows\yaafoai.exe
O4 - HKCU\..\Run: [iwxjnug] c:\windows\yaafoai.exe
O4 - HKCU\..\Run: [pjidcoi] c:\windows\yaafoai.exe
O4 - HKCU\..\Run: [dnspshh] c:\windows\yaafoai.exe
O4 - HKCU\..\Run: [timkyft] c:\windows\kthrwrf.exe
O4 - HKCU\..\Run: [mikkoxn] c:\windows\kthrwrf.exe
O4 - HKCU\..\Run: [nguahtq] c:\windows\kthrwrf.exe
O4 - HKCU\..\Run: [txlvaxa] c:\windows\kthrwrf.exe
O4 - HKCU\..\Run: [bjlgvef] c:\windows\kthrwrf.exe
O4 - HKCU\..\Run: [hibogmj] c:\windows\kthrwrf.exe
O4 - HKCU\..\Run: [hnjkbkh] c:\windows\kthrwrf.exe
O4 - HKCU\..\Run: [kioyjiw] c:\windows\kuakide.exe
O4 - HKCU\..\Run: [cugschw] c:\windows\kuakide.exe
O4 - HKCU\..\Run: [hmqawpl] c:\windows\kuakide.exe
O4 - HKCU\..\Run: [xsvnrrv] c:\windows\kuakide.exe
O4 - HKCU\..\Run: [rftbvvt] c:\windows\cnrxibr.exe
O4 - HKCU\..\Run: [ttsydtb] c:\windows\cnrxibr.exe
O4 - HKCU\..\Run: [nsidaoj] c:\windows\cnrxibr.exe
O4 - HKCU\..\Run: [pnvdsiy] c:\windows\cnrxibr.exe
O4 - HKCU\..\Run: [gmdxcor] c:\windows\cnrxibr.exe
O4 - HKCU\..\Run: [dbxugll] c:\windows\cnrxibr.exe
O4 - HKCU\..\Run: [dqfjbhf] c:\windows\cnrxibr.exe
O4 - HKCU\..\Run: [tlvfbax] c:\windows\cnrxibr.exe
O4 - HKCU\..\Run: [ykwafob] c:\windows\cnrxibr.exe
O4 - HKCU\..\Run: [ivoskbn] c:\windows\cnrxibr.exe
O4 - HKCU\..\Run: [lmnlyiw] c:\windows\cnrxibr.exe
O4 - HKCU\..\Run: [sjaqhtk] c:\windows\cnrxibr.exe
O4 - HKCU\..\Run: [iccuggp] c:\windows\cnrxibr.exe
O4 - HKCU\..\Run: [wayeqyl] c:\windows\cnrxibr.exe
O4 - HKCU\..\Run: [xbdudae] c:\windows\cnrxibr.exe
O4 - HKCU\..\Run: [sfmulxq] c:\windows\cnrxibr.exe
O4 - HKCU\..\Run: [jjodnll] c:\windows\cnrxibr.exe
O4 - HKCU\..\Run: [qgqdcjc] c:\windows\cnrxibr.exe
O4 - HKCU\..\Run: [rcufeor] c:\windows\bdxqmhx.exe
O4 - HKCU\..\Run: [daadyhe] c:\windows\bdxqmhx.exe
O4 - HKCU\..\Run: [cqfvlbk] c:\windows\bdxqmhx.exe
O4 - HKCU\..\Run: [yenwxom] c:\windows\bdxqmhx.exe
O4 - HKCU\..\Run: [cjkdhab] c:\windows\bdxqmhx.exe
O4 - HKCU\..\Run: [lcvsjfb] c:\windows\bdxqmhx.exe
O4 - HKCU\..\Run: [oppacso] c:\windows\bdxqmhx.exe
O4 - HKCU\..\Run: [makchgx] c:\windows\bdxqmhx.exe
O4 - HKCU\..\Run: [smbmpgm] c:\windows\bdxqmhx.exe
O4 - HKCU\..\Run: [tufarjy] c:\windows\cuswljb.exe
O4 - HKCU\..\Run: [vllhwta] c:\windows\cuswljb.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programme\Tools\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [d289ead266d] C:\WINDOWS\System32\d289ead266d.exe
O4 - Global Startup: 22M WLAN Adapter.lnk = ?
O4 - Global Startup: Acrobat Assistant.lnk = C:\Programme\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Firewall.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: SideACT!.lnk = C:\Programme\ACT\SideACT.exe
O4 - Global Startup: Webfilter.lnk = C:\Programme\AntiVirenKit InternetSecurity\Webfilter\Webfilter.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Add selected links to Link Container - C:\PROGRA~1\ANTIVI~1\WEBFIL~1\System\Scripts\off_collector_sel.htm
O8 - Extra context menu item: Show domain links - C:\PROGRA~1\ANTIVI~1\WEBFIL~1\System\Scripts\off_domain_links.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\j2re1.4.2_08\bin\npjpi142_08.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\j2re1.4.2_08\bin\npjpi142_08.dll
O9 - Extra button: Microsoft AntiSpyware helper - {1EA89F80-32C1-4082-AB2B-D8A2A83A308A} - C:\WINDOWS\System32\wldr.dll (file missing)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {1EA89F80-32C1-4082-AB2B-D8A2A83A308A} - C:\WINDOWS\System32\wldr.dll (file missing)
O9 - Extra button: Microsoft AntiSpyware helper - {1EA89F80-32C1-4082-AB2B-D8A2A83A308A} - C:\WINDOWS\System32\wldr.dll (file missing) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {1EA89F80-32C1-4082-AB2B-D8A2A83A308A} - C:\WINDOWS\System32\wldr.dll (file missing) (HKCU)
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windup.../bridge-c11.cab
O16 - DPF: {1E2941E3-8E63-11D4-9D5A-00902742D6E0} (iNotes Class) - https://inotes.olymp....com/iNotes.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.r...RdxIE601_de.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1105125037141
O17 - HKLM\System\CCS\Services\Tcpip\..\{3D40D8F5-354A-4841-A714-51CA22C9AE4E}: NameServer = 69.50.176.156,195.225.176.31
O17 - HKLM\System\CCS\Services\Tcpip\..\{684CA4D2-375D-4FF1-8977-876C2B033E87}: NameServer = 69.50.176.156,195.225.176.31
O17 - HKLM\System\CCS\Services\Tcpip\..\{74A232CC-D7E8-4299-8DF4-29E98B879926}: NameServer = 69.50.176.156,195.225.176.31
O17 - HKLM\System\CCS\Services\Tcpip\..\{8A0C894B-618A-48C0-9673-597069F33E15}: NameServer = 69.50.176.156,195.225.176.31
O17 - HKLM\System\CCS\Services\Tcpip\..\{E33D3A9D-EBF9-4620-A7D3-0BF4AB609812}: NameServer = 69.50.176.156,195.225.176.31
O21 - SSODL: eplrr - {071DEC82-AF0D-4547-8AEC-4185B0EBFC1D} - C:\WINDOWS\System32\eplrr3.dll (file missing)
O21 - SSODL: Client Shedule - {D68C41F1-92CE-43A7-B4DD-2CB15743DC99} - C:\WINDOWS\System32\comasapi.dll (file missing)
O23 - Service: Trace network connections (ACCRA) - Unknown owner - C:\WINDOWS\System32\mocih.exe (file missing)
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: AVK Service (AVKService) - Unknown owner - C:\Programme\AntiVirenKit InternetSecurity\AVK\AVKService.exe
O23 - Service: AVK Wächter (AVKWCtl) - Unknown owner - C:\Programme\AntiVirenKit InternetSecurity\AVK\AVKWCtl.exe
O23 - Service: WindowInstallSystem (d289ead266dsvr) - Unknown owner - C:\WINDOWS\d289ead266d.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Programme\iPod\bin\iPodService.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
  • 0

Advertisements


#2
didom

didom

    Member 1K

  • Member
  • PipPipPipPip
  • 1,919 posts
First, download, install, and run CleanUp! (so the scan won't take as long because cleanup will clear temporary files) *NOTE* Cleanup deletes EVERYTHING out of temp/temporary folders. If you have anything in a temp folder, backup it up or move it to a permanent folder prior to running Cleanup!

Please download ewido security suite

Install ewido security suite
Launch ewido, there should be a big E icon on your desktop, double-click it.
The program will prompt you to update click the OK button
The program will now go to the main screen

You will need to update ewido to the latest definition files.
  • On the left hand side of the main screen click update
  • Click on Start
The update will start and a progress bar will show the updates being installed.

Once the updates are installed do the following:
  • Reboot into Safe Mode, you can do this by restarting your computer, then contiunally tapping F8 until a menu appears. Use your up arrow key to highlight Safe Mode, then hit enter. Then, run Ewido.
  • Click on scanner
  • Make sure the following boxes are checked before scanning:
    • Binder
    • Crypter
    • Archives
  • Click on Start Scan
  • Let the program scan the machine
While the scan is in progress you will be prompted to clean files, click OK

Once the scan has completed, there will be a button located on the bottom of the screen named Save report
  • Click Save report
  • Save the report to your desktop

Reboot into normal mode.

Then, please run this online virus scan:
ActiveScan

Save the results from ActiveScan.

I need you to post the log from Ewido, the log from ActiveScan and a new HiJackThis log.
  • 0

#3
Init

Init

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Hi didom,
thanks for the reply. I did what you suggested. So far the problem still persists. :tazz: I saw a post from the member "edwardel" which has exactly the same desktop like me and also the problem with the problem of this poping up of the CD rom. So it looks like he/she has exactly the same problem than me?? Thanks in advance!!

Anyway, here are the logfiles you asked for. Thanks in advance.

---------------------------------------------------------
ewido security suite - Scan Report
---------------------------------------------------------

+ Erstellt am: 22:41:31, 16.08.2005
+ Report-Checksumme: 72B0575

+ Scanergebnis:

HKLM\SOFTWARE\Classes\CLSID\{08BEC6AA-49FC-4379-3587-4B21E286C19E} -> Spyware.SBSoft : Gesäubert mit Backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{08BEC6AA-49FC-4379-3587-4B21E286C19E} -> Spyware.SBSoft : Gesäubert mit Backup
:mozilla.6:C:\Dokumente und Einstellungen\Alle\Anwendungsdaten\Mozilla\Firefox\Profiles\kr2jfeff.Standard-Benutzer\cookies.txt -> Spyware.Cookie.Sexlist : Gesäubert mit Backup
:mozilla.7:C:\Dokumente und Einstellungen\Alle\Anwendungsdaten\Mozilla\Firefox\Profiles\kr2jfeff.Standard-Benutzer\cookies.txt -> Spyware.Cookie.Sexlist : Gesäubert mit Backup
:mozilla.8:C:\Dokumente und Einstellungen\Alle\Anwendungsdaten\Mozilla\Firefox\Profiles\kr2jfeff.Standard-Benutzer\cookies.txt -> Spyware.Cookie.Sexlist : Gesäubert mit Backup
:mozilla.9:C:\Dokumente und Einstellungen\Alle\Anwendungsdaten\Mozilla\Firefox\Profiles\kr2jfeff.Standard-Benutzer\cookies.txt -> Spyware.Cookie.Sexlist : Gesäubert mit Backup
:mozilla.26:C:\Dokumente und Einstellungen\Alle\Anwendungsdaten\Mozilla\Firefox\Profiles\kr2jfeff.Standard-Benutzer\cookies.txt -> Spyware.Cookie.Sexcounter : Gesäubert mit Backup
:mozilla.27:C:\Dokumente und Einstellungen\Alle\Anwendungsdaten\Mozilla\Firefox\Profiles\kr2jfeff.Standard-Benutzer\cookies.txt -> Spyware.Cookie.Sexcounter : Gesäubert mit Backup
:mozilla.28:C:\Dokumente und Einstellungen\Alle\Anwendungsdaten\Mozilla\Firefox\Profiles\kr2jfeff.Standard-Benutzer\cookies.txt -> Spyware.Cookie.Sexcounter : Gesäubert mit Backup
:mozilla.29:C:\Dokumente und Einstellungen\Alle\Anwendungsdaten\Mozilla\Firefox\Profiles\kr2jfeff.Standard-Benutzer\cookies.txt -> Spyware.Cookie.Sexcounter : Gesäubert mit Backup
:mozilla.30:C:\Dokumente und Einstellungen\Alle\Anwendungsdaten\Mozilla\Firefox\Profiles\kr2jfeff.Standard-Benutzer\cookies.txt -> Spyware.Cookie.Sexcounter : Gesäubert mit Backup
:mozilla.31:C:\Dokumente und Einstellungen\Alle\Anwendungsdaten\Mozilla\Firefox\Profiles\kr2jfeff.Standard-Benutzer\cookies.txt -> Spyware.Cookie.Sexcounter : Gesäubert mit Backup
:mozilla.32:C:\Dokumente und Einstellungen\Alle\Anwendungsdaten\Mozilla\Firefox\Profiles\kr2jfeff.Standard-Benutzer\cookies.txt -> Spyware.Cookie.Sexcounter : Gesäubert mit Backup
:mozilla.33:C:\Dokumente und Einstellungen\Alle\Anwendungsdaten\Mozilla\Firefox\Profiles\kr2jfeff.Standard-Benutzer\cookies.txt -> Spyware.Cookie.Sexcounter : Gesäubert mit Backup
:mozilla.34:C:\Dokumente und Einstellungen\Alle\Anwendungsdaten\Mozilla\Firefox\Profiles\kr2jfeff.Standard-Benutzer\cookies.txt -> Spyware.Cookie.Sexcounter : Gesäubert mit Backup
:mozilla.35:C:\Dokumente und Einstellungen\Alle\Anwendungsdaten\Mozilla\Firefox\Profiles\kr2jfeff.Standard-Benutzer\cookies.txt -> Spyware.Cookie.Sexcounter : Gesäubert mit Backup
:mozilla.36:C:\Dokumente und Einstellungen\Alle\Anwendungsdaten\Mozilla\Firefox\Profiles\kr2jfeff.Standard-Benutzer\cookies.txt -> Spyware.Cookie.Sexcounter : Gesäubert mit Backup
:mozilla.37:C:\Dokumente und Einstellungen\Alle\Anwendungsdaten\Mozilla\Firefox\Profiles\kr2jfeff.Standard-Benutzer\cookies.txt -> Spyware.Cookie.Sexcounter : Gesäubert mit Backup
:mozilla.38:C:\Dokumente und Einstellungen\Alle\Anwendungsdaten\Mozilla\Firefox\Profiles\kr2jfeff.Standard-Benutzer\cookies.txt -> Spyware.Cookie.Sexcounter : Gesäubert mit Backup
:mozilla.39:C:\Dokumente und Einstellungen\Alle\Anwendungsdaten\Mozilla\Firefox\Profiles\kr2jfeff.Standard-Benutzer\cookies.txt -> Spyware.Cookie.Sexcounter : Gesäubert mit Backup
:mozilla.40:C:\Dokumente und Einstellungen\Alle\Anwendungsdaten\Mozilla\Firefox\Profiles\kr2jfeff.Standard-Benutzer\cookies.txt -> Spyware.Cookie.Sexcounter : Gesäubert mit Backup
:mozilla.41:C:\Dokumente und Einstellungen\Alle\Anwendungsdaten\Mozilla\Firefox\Profiles\kr2jfeff.Standard-Benutzer\cookies.txt -> Spyware.Cookie.Sexcounter : Gesäubert mit Backup
:mozilla.42:C:\Dokumente und Einstellungen\Alle\Anwendungsdaten\Mozilla\Firefox\Profiles\kr2jfeff.Standard-Benutzer\cookies.txt -> Spyware.Cookie.Sexcounter : Gesäubert mit Backup
:mozilla.43:C:\Dokumente und Einstellungen\Alle\Anwendungsdaten\Mozilla\Firefox\Profiles\kr2jfeff.Standard-Benutzer\cookies.txt -> Spyware.Cookie.Sexcounter : Gesäubert mit Backup
:mozilla.44:C:\Dokumente und Einstellungen\Alle\Anwendungsdaten\Mozilla\Firefox\Profiles\kr2jfeff.Standard-Benutzer\cookies.txt -> Spyware.Cookie.Sexcounter : Gesäubert mit Backup
:mozilla.45:C:\Dokumente und Einstellungen\Alle\Anwendungsdaten\Mozilla\Firefox\Profiles\kr2jfeff.Standard-Benutzer\cookies.txt -> Spyware.Cookie.Sexcounter : Gesäubert mit Backup
:mozilla.46:C:\Dokumente und Einstellungen\Alle\Anwendungsdaten\Mozilla\Firefox\Profiles\kr2jfeff.Standard-Benutzer\cookies.txt -> Spyware.Cookie.Sexcounter : Gesäubert mit Backup
:mozilla.47:C:\Dokumente und Einstellungen\Alle\Anwendungsdaten\Mozilla\Firefox\Profiles\kr2jfeff.Standard-Benutzer\cookies.txt -> Spyware.Cookie.Sexcounter : Gesäubert mit Backup
:mozilla.48:C:\Dokumente und Einstellungen\Alle\Anwendungsdaten\Mozilla\Firefox\Profiles\kr2jfeff.Standard-Benutzer\cookies.txt -> Spyware.Cookie.Sexcounter : Gesäubert mit Backup
:mozilla.49:C:\Dokumente und Einstellungen\Alle\Anwendungsdaten\Mozilla\Firefox\Profiles\kr2jfeff.Standard-Benutzer\cookies.txt -> Spyware.Cookie.Sexcounter : Gesäubert mit Backup
:mozilla.50:C:\Dokumente und Einstellungen\Alle\Anwendungsdaten\Mozilla\Firefox\Profiles\kr2jfeff.Standard-Benutzer\cookies.txt -> Spyware.Cookie.Sexcounter : Gesäubert mit Backup
:mozilla.51:C:\Dokumente und Einstellungen\Alle\Anwendungsdaten\Mozilla\Firefox\Profiles\kr2jfeff.Standard-Benutzer\cookies.txt -> Spyware.Cookie.Sexcounter : Gesäubert mit Backup
:mozilla.52:C:\Dokumente und Einstellungen\Alle\Anwendungsdaten\Mozilla\Firefox\Profiles\kr2jfeff.Standard-Benutzer\cookies.txt -> Spyware.Cookie.Sexcounter : Gesäubert mit Backup
:mozilla.53:C:\Dokumente und Einstellungen\Alle\Anwendungsdaten\Mozilla\Firefox\Profiles\kr2jfeff.Standard-Benutzer\cookies.txt -> Spyware.Cookie.Sexcounter : Gesäubert mit Backup
:mozilla.54:C:\Dokumente und Einstellungen\Alle\Anwendungsdaten\Mozilla\Firefox\Profiles\kr2jfeff.Standard-Benutzer\cookies.txt -> Spyware.Cookie.Sexcounter : Gesäubert mit Backup
:mozilla.55:C:\Dokumente und Einstellungen\Alle\Anwendungsdaten\Mozilla\Firefox\Profiles\kr2jfeff.Standard-Benutzer\cookies.txt -> Spyware.Cookie.Sexcounter : Gesäubert mit Backup
:mozilla.56:C:\Dokumente und Einstellungen\Alle\Anwendungsdaten\Mozilla\Firefox\Profiles\kr2jfeff.Standard-Benutzer\cookies.txt -> Spyware.Cookie.Sexcounter : Gesäubert mit Backup
:mozilla.57:C:\Dokumente und Einstellungen\Alle\Anwendungsdaten\Mozilla\Firefox\Profiles\kr2jfeff.Standard-Benutzer\cookies.txt -> Spyware.Cookie.Sexcounter : Gesäubert mit Backup
:mozilla.58:C:\Dokumente und Einstellungen\Alle\Anwendungsdaten\Mozilla\Firefox\Profiles\kr2jfeff.Standard-Benutzer\cookies.txt -> Spyware.Cookie.Sexcounter : Gesäubert mit Backup
:mozilla.59:C:\Dokumente und Einstellungen\Alle\Anwendungsdaten\Mozilla\Firefox\Profiles\kr2jfeff.Standard-Benutzer\cookies.txt -> Spyware.Cookie.Sexcounter : Gesäubert mit Backup
:mozilla.60:C:\Dokumente und Einstellungen\Alle\Anwendungsdaten\Mozilla\Firefox\Profiles\kr2jfeff.Standard-Benutzer\cookies.txt -> Spyware.Cookie.Sexcounter : Gesäubert mit Backup
:mozilla.61:C:\Dokumente und Einstellungen\Alle\Anwendungsdaten\Mozilla\Firefox\Profiles\kr2jfeff.Standard-Benutzer\cookies.txt -> Spyware.Cookie.Sexcounter : Gesäubert mit Backup
:mozilla.62:C:\Dokumente und Einstellungen\Alle\Anwendungsdaten\Mozilla\Firefox\Profiles\kr2jfeff.Standard-Benutzer\cookies.txt -> Spyware.Cookie.Sexcounter : Gesäubert mit Backup
:mozilla.63:C:\Dokumente und Einstellungen\Alle\Anwendungsdaten\Mozilla\Firefox\Profiles\kr2jfeff.Standard-Benutzer\cookies.txt -> Spyware.Cookie.Sexcounter : Gesäubert mit Backup
:mozilla.64:C:\Dokumente und Einstellungen\Alle\Anwendungsdaten\Mozilla\Firefox\Profiles\kr2jfeff.Standard-Benutzer\cookies.txt -> Spyware.Cookie.Sexcounter : Gesäubert mit Backup
:mozilla.65:C:\Dokumente und Einstellungen\Alle\Anwendungsdaten\Mozilla\Firefox\Profiles\kr2jfeff.Standard-Benutzer\cookies.txt -> Spyware.Cookie.Sexcounter : Gesäubert mit Backup
:mozilla.66:C:\Dokumente und Einstellungen\Alle\Anwendungsdaten\Mozilla\Firefox\Profiles\kr2jfeff.Standard-Benutzer\cookies.txt -> Spyware.Cookie.Sexcounter : Gesäubert mit Backup
:mozilla.67:C:\Dokumente und Einstellungen\Alle\Anwendungsdaten\Mozilla\Firefox\Profiles\kr2jfeff.Standard-Benutzer\cookies.txt -> Spyware.Cookie.Sexcounter : Gesäubert mit Backup
:mozilla.68:C:\Dokumente und Einstellungen\Alle\Anwendungsdaten\Mozilla\Firefox\Profiles\kr2jfeff.Standard-Benutzer\cookies.txt -> Spyware.Cookie.Sexcounter : Gesäubert mit Backup
:mozilla.69:C:\Dokumente und Einstellungen\Alle\Anwendungsdaten\Mozilla\Firefox\Profiles\kr2jfeff.Standard-Benutzer\cookies.txt -> Spyware.Cookie.Sexcounter : Gesäubert mit Backup
:mozilla.70:C:\Dokumente und Einstellungen\Alle\Anwendungsdaten\Mozilla\Firefox\Profiles\kr2jfeff.Standard-Benutzer\cookies.txt -> Spyware.Cookie.Sexcounter : Gesäubert mit Backup
:mozilla.71:C:\Dokumente und Einstellungen\Alle\Anwendungsdaten\Mozilla\Firefox\Profiles\kr2jfeff.Standard-Benutzer\cookies.txt -> Spyware.Cookie.Sexcounter : Gesäubert mit Backup
:mozilla.72:C:\Dokumente und Einstellungen\Alle\Anwendungsdaten\Mozilla\Firefox\Profiles\kr2jfeff.Standard-Benutzer\cookies.txt -> Spyware.Cookie.Sexcounter : Gesäubert mit Backup
:mozilla.73:C:\Dokumente und Einstellungen\Alle\Anwendungsdaten\Mozilla\Firefox\Profiles\kr2jfeff.Standard-Benutzer\cookies.txt -> Spyware.Cookie.Sexcounter : Gesäubert mit Backup
:mozilla.74:C:\Dokumente und Einstellungen\Alle\Anwendungsdaten\Mozilla\Firefox\Profiles\kr2jfeff.Standard-Benutzer\cookies.txt -> Spyware.Cookie.Sexcounter : Gesäubert mit Backup
:mozilla.75:C:\Dokumente und Einstellungen\Alle\Anwendungsdaten\Mozilla\Firefox\Profiles\kr2jfeff.Standard-Benutzer\cookies.txt -> Spyware.Cookie.Sexcounter : Gesäubert mit Backup
:mozilla.76:C:\Dokumente und Einstellungen\Alle\Anwendungsdaten\Mozilla\Firefox\Profiles\kr2jfeff.Standard-Benutzer\cookies.txt -> Spyware.Cookie.Paycounter : Gesäubert mit Backup
:mozilla.77:C:\Dokumente und Einstellungen\Alle\Anwendungsdaten\Mozilla\Firefox\Profiles\kr2jfeff.Standard-Benutzer\cookies.txt -> Spyware.Cookie.Sextracker : Gesäubert mit Backup
:mozilla.78:C:\Dokumente und Einstellungen\Alle\Anwendungsdaten\Mozilla\Firefox\Profiles\kr2jfeff.Standard-Benutzer\cookies.txt -> Spyware.Cookie.Sextracker : Gesäubert mit Backup
:mozilla.79:C:\Dokumente und Einstellungen\Alle\Anwendungsdaten\Mozilla\Firefox\Profiles\kr2jfeff.Standard-Benutzer\cookies.txt -> Spyware.Cookie.Sextracker : Gesäubert mit Backup
:mozilla.80:C:\Dokumente und Einstellungen\Alle\Anwendungsdaten\Mozilla\Firefox\Profiles\kr2jfeff.Standard-Benutzer\cookies.txt -> Spyware.Cookie.Sextracker : Gesäubert mit Backup
:mozilla.81:C:\Dokumente und Einstellungen\Alle\Anwendungsdaten\Mozilla\Firefox\Profiles\kr2jfeff.Standard-Benutzer\cookies.txt -> Spyware.Cookie.Sextracker : Gesäubert mit Backup
:mozilla.82:C:\Dokumente und Einstellungen\Alle\Anwendungsdaten\Mozilla\Firefox\Profiles\kr2jfeff.Standard-Benutzer\cookies.txt -> Spyware.Cookie.Sextracker : Gesäubert mit Backup
:mozilla.83:C:\Dokumente und Einstellungen\Alle\Anwendungsdaten\Mozilla\Firefox\Profiles\kr2jfeff.Standard-Benutzer\cookies.txt -> Spyware.Cookie.Sextracker : Gesäubert mit Backup
:mozilla.84:C:\Dokumente und Einstellungen\Alle\Anwendungsdaten\Mozilla\Firefox\Profiles\kr2jfeff.Standard-Benutzer\cookies.txt -> Spyware.Cookie.Sextracker : Gesäubert mit Backup
:mozilla.85:C:\Dokumente und Einstellungen\Alle\Anwendungsdaten\Mozilla\Firefox\Profiles\kr2jfeff.Standard-Benutzer\cookies.txt -> Spyware.Cookie.Sextracker : Gesäubert mit Backup
:mozilla.86:C:\Dokumente und Einstellungen\Alle\Anwendungsdaten\Mozilla\Firefox\Profiles\kr2jfeff.Standard-Benutzer\cookies.txt -> Spyware.Cookie.Sextracker : Gesäubert mit Backup
:mozilla.87:C:\Dokumente und Einstellungen\Alle\Anwendungsdaten\Mozilla\Firefox\Profiles\kr2jfeff.Standard-Benutzer\cookies.txt -> Spyware.Cookie.Sextracker : Gesäubert mit Backup
:mozilla.88:C:\Dokumente und Einstellungen\Alle\Anwendungsdaten\Mozilla\Firefox\Profiles\kr2jfeff.Standard-Benutzer\cookies.txt -> Spyware.Cookie.Sextracker : Gesäubert mit Backup
:mozilla.89:C:\Dokumente und Einstellungen\Alle\Anwendungsdaten\Mozilla\Firefox\Profiles\kr2jfeff.Standard-Benutzer\cookies.txt -> Spyware.Cookie.Sextracker : Gesäubert mit Backup
:mozilla.101:C:\Dokumente und Einstellungen\Alle\Anwendungsdaten\Mozilla\Firefox\Profiles\kr2jfeff.Standard-Benutzer\cookies.txt -> Spyware.Cookie.Clickzs : Gesäubert mit Backup
:mozilla.102:C:\Dokumente und Einstellungen\Alle\Anwendungsdaten\Mozilla\Firefox\Profiles\kr2jfeff.Standard-Benutzer\cookies.txt -> Spyware.Cookie.Clickzs : Gesäubert mit Backup
:mozilla.103:C:\Dokumente und Einstellungen\Alle\Anwendungsdaten\Mozilla\Firefox\Profiles\kr2jfeff.Standard-Benutzer\cookies.txt -> Spyware.Cookie.Sextracker : Gesäubert mit Backup
:mozilla.104:C:\Dokumente und Einstellungen\Alle\Anwendungsdaten\Mozilla\Firefox\Profiles\kr2jfeff.Standard-Benutzer\cookies.txt -> Spyware.Cookie.Sextracker : Gesäubert mit Backup
:mozilla.105:C:\Dokumente und Einstellungen\Alle\Anwendungsdaten\Mozilla\Firefox\Profiles\kr2jfeff.Standard-Benutzer\cookies.txt -> Spyware.Cookie.Sextracker : Gesäubert mit Backup
:mozilla.135:C:\Dokumente und Einstellungen\Alle\Anwendungsdaten\Mozilla\Firefox\Profiles\kr2jfeff.Standard-Benutzer\cookies.txt -> Spyware.Cookie.Sextracker : Gesäubert mit Backup
:mozilla.137:C:\Dokumente und Einstellungen\Alle\Anwendungsdaten\Mozilla\Firefox\Profiles\kr2jfeff.Standard-Benutzer\cookies.txt -> Spyware.Cookie.Xxxcounter : Gesäubert mit Backup
:mozilla.138:C:\Dokumente und Einstellungen\Alle\Anwendungsdaten\Mozilla\Firefox\Profiles\kr2jfeff.Standard-Benutzer\cookies.txt -> Spyware.Cookie.Xxxcounter : Gesäubert mit Backup
:mozilla.139:C:\Dokumente und Einstellungen\Alle\Anwendungsdaten\Mozilla\Firefox\Profiles\kr2jfeff.Standard-Benutzer\cookies.txt -> Spyware.Cookie.Xxxcounter : Gesäubert mit Backup
:mozilla.140:C:\Dokumente und Einstellungen\Alle\Anwendungsdaten\Mozilla\Firefox\Profiles\kr2jfeff.Standard-Benutzer\cookies.txt -> Spyware.Cookie.Sextracker : Gesäubert mit Backup
:mozilla.141:C:\Dokumente und Einstellungen\Alle\Anwendungsdaten\Mozilla\Firefox\Profiles\kr2jfeff.Standard-Benutzer\cookies.txt -> Spyware.Cookie.Xxxcounter : Gesäubert mit Backup
:mozilla.142:C:\Dokumente und Einstellungen\Alle\Anwendungsdaten\Mozilla\Firefox\Profiles\kr2jfeff.Standard-Benutzer\cookies.txt -> Spyware.Cookie.Sextracker : Gesäubert mit Backup
:mozilla.198:C:\Dokumente und Einstellungen\Alle\Anwendungsdaten\Mozilla\Firefox\Profiles\kr2jfeff.Standard-Benutzer\cookies.txt -> Spyware.Cookie.Masterstats : Gesäubert mit Backup
:mozilla.212:C:\Dokumente und Einstellungen\Alle\Anwendungsdaten\Mozilla\Firefox\Profiles\kr2jfeff.Standard-Benutzer\cookies.txt -> Spyware.Cookie.Sextracker : Gesäubert mit Backup
:mozilla.214:C:\Dokumente und Einstellungen\Alle\Anwendungsdaten\Mozilla\Firefox\Profiles\kr2jfeff.Standard-Benutzer\cookies.txt -> Spyware.Cookie.Sextracker : Gesäubert mit Backup
:mozilla.230:C:\Dokumente und Einstellungen\Alle\Anwendungsdaten\Mozilla\Firefox\Profiles\kr2jfeff.Standard-Benutzer\cookies.txt -> Spyware.Cookie.Sextracker : Gesäubert mit Backup
:mozilla.242:C:\Dokumente und Einstellungen\Alle\Anwendungsdaten\Mozilla\Firefox\Profiles\kr2jfeff.Standard-Benutzer\cookies.txt -> Spyware.Cookie.Atdmt : Gesäubert mit Backup
C:\WINDOWS\system32\SiKernel.dll -> Spyware.PolyFilter : Gesäubert mit Backup
C:\WINDOWS\system32\SiPlugins.dll -> Spyware.Poly : Gesäubert mit Backup


::Report Ende


Incident Status Location

Possible Virus. No disinfected C:\Programme\AntiVirenKit InternetSecurity\Webfilter\PAKIEPlugins.dll
Adware:adware/adsmart No disinfected C:\WINDOWS\SYSTEM32\thun.dll
Adware:adware/sbsoft No disinfected C:\WINDOWS\rdt.ini
Adware:adware/wupd No disinfected Windows Registry
Possible Virus. No disinfected C:\Programme\AntiVirenKit InternetSecurity\Webfilter\PAKIEPlugins.dll
Adware:Adware/Startpage.XL No disinfected C:\RECYCLER\Q678341.exe



Logfile of HijackThis v1.99.1
Scan saved at 23:34:10, on 16.08.2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\Programme\AntiVirenKit InternetSecurity\AVK\AVKService.exe
C:\Programme\AntiVirenKit InternetSecurity\AVK\AVKWCtl.exe
C:\Programme\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Programme\QKeys\QKeys.EXE
C:\Programme\Java\j2re1.4.2_08\bin\jusched.exe
C:\Programme\Gemeinsame Dateien\G DATA\AVKMail\AVKPOP.EXE
C:\Programme\QuickTime\qttask.exe
C:\Programme\iTunes\iTunesHelper.exe
C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
C:\PROGRA~1\GEMEIN~1\PCSuite\DATALA~1\DATALA~1.EXE
C:\PROGRA~1\Nokia\NOKIAP~1\TRAYAP~1.EXE
C:\Programme\iPod\bin\iPodService.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Programme\Tools\Spybot - Search & Destroy\TeaTimer.exe
C:\PROGRA~1\GEMEIN~1\PCSuite\Services\SERVIC~1.EXE
C:\Programme\22M WLAN Adapter\WLANMON.exe
C:\Programme\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Programme\AntiVirenKit InternetSecurity\Firewall\kavpf.exe
C:\Programme\ACT\SideACT.exe
C:\Programme\AntiVirenKit InternetSecurity\Webfilter\Webfilter.exe
C:\PROGRA~1\ANTIVI~1\WEBFIL~1\ADSCLE~1.EXE
C:\Dokumente und Einstellungen\Alle\Lokale Einstellungen\Temp\Temporäres Verzeichnis 1 für hijackthis.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://w-find.com/sp.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://w-find.com/index.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft...er=6&ar=msnhome
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft...=ie&ar=iesearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft...B_PVER}&ar=home
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://w-find.com/sp.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://w-find.com/index.htm
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: SIPAKBHO Class - {40FB69E1-9B7B-453F-B238-37D8E9528929} - C:\Programme\AntiVirenKit InternetSecurity\Webfilter\PAKIEPlugins.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\Tools\SPYBOT~1\SDHelper.dll
O2 - BHO: ActiveX Control - {C5ADE1EF-8F3F-4573-A179-9CFA1D20CBE5} - C:\WINDOWS\System32\msklc.dll (file missing)
O2 - BHO: Offliner AdFilter Helper - {DC9377A2-2E8D-44A1-99DB-F8A821DF254D} - C:\WINDOWS\system32\SiPlugins.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: (no name) - {08BEC6AA-49FC-4379-3587-4B21E286C19E} - (no file)
O3 - Toolbar: WebFilter-Leiste - {75CD0BC5-E317-449C-9FF6-4986B3D48F64} - C:\PROGRA~1\ANTIVI~1\WEBFIL~1\PAKIEGUI.dll
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [QKeys] C:\Programme\QKeys\QKeys.EXE
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\j2re1.4.2_08\bin\jusched.exe
O4 - HKLM\..\Run: [AVK Mail Checker] "C:\Programme\Gemeinsame Dateien\G DATA\AVKMail\AVKPOP.EXE"
O4 - HKLM\..\Run: [Internet Shedule] C:\WINDOWS\System32\runoound.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programme\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [DataLayer] C:\PROGRA~1\GEMEIN~1\PCSuite\DATALA~1\DATALA~1.EXE
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\TRAYAP~1.EXE
O4 - HKLM\..\Run: [d289ead266d] C:\WINDOWS\System32\d289ead266d.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [xoojdit] c:\windows\yaafoai.exe
O4 - HKCU\..\Run: [qfiyvsl] c:\windows\yaafoai.exe
O4 - HKCU\..\Run: [hcwdipn] c:\windows\yaafoai.exe
O4 - HKCU\..\Run: [illxuit] c:\windows\yaafoai.exe
O4 - HKCU\..\Run: [ubtvfvn] c:\windows\yaafoai.exe
O4 - HKCU\..\Run: [qpovbdl] c:\windows\yaafoai.exe
O4 - HKCU\..\Run: [oqkirgn] c:\windows\yaafoai.exe
O4 - HKCU\..\Run: [ycwxlnw] c:\windows\yaafoai.exe
O4 - HKCU\..\Run: [qllxaxt] c:\windows\yaafoai.exe
O4 - HKCU\..\Run: [tsltrjw] c:\windows\yaafoai.exe
O4 - HKCU\..\Run: [kfbjiyf] c:\windows\yaafoai.exe
O4 - HKCU\..\Run: [rauabdn] c:\windows\yaafoai.exe
O4 - HKCU\..\Run: [rxvvnht] c:\windows\yaafoai.exe
O4 - HKCU\..\Run: [mljmlmk] c:\windows\yaafoai.exe
O4 - HKCU\..\Run: [ufsnncb] c:\windows\yaafoai.exe
O4 - HKCU\..\Run: [mvoyuij] c:\windows\yaafoai.exe
O4 - HKCU\..\Run: [oanbnul] c:\windows\yaafoai.exe
O4 - HKCU\..\Run: [iwxjnug] c:\windows\yaafoai.exe
O4 - HKCU\..\Run: [pjidcoi] c:\windows\yaafoai.exe
O4 - HKCU\..\Run: [dnspshh] c:\windows\yaafoai.exe
O4 - HKCU\..\Run: [timkyft] c:\windows\kthrwrf.exe
O4 - HKCU\..\Run: [mikkoxn] c:\windows\kthrwrf.exe
O4 - HKCU\..\Run: [nguahtq] c:\windows\kthrwrf.exe
O4 - HKCU\..\Run: [txlvaxa] c:\windows\kthrwrf.exe
O4 - HKCU\..\Run: [bjlgvef] c:\windows\kthrwrf.exe
O4 - HKCU\..\Run: [hibogmj] c:\windows\kthrwrf.exe
O4 - HKCU\..\Run: [hnjkbkh] c:\windows\kthrwrf.exe
O4 - HKCU\..\Run: [kioyjiw] c:\windows\kuakide.exe
O4 - HKCU\..\Run: [cugschw] c:\windows\kuakide.exe
O4 - HKCU\..\Run: [hmqawpl] c:\windows\kuakide.exe
O4 - HKCU\..\Run: [xsvnrrv] c:\windows\kuakide.exe
O4 - HKCU\..\Run: [rftbvvt] c:\windows\cnrxibr.exe
O4 - HKCU\..\Run: [ttsydtb] c:\windows\cnrxibr.exe
O4 - HKCU\..\Run: [nsidaoj] c:\windows\cnrxibr.exe
O4 - HKCU\..\Run: [pnvdsiy] c:\windows\cnrxibr.exe
O4 - HKCU\..\Run: [gmdxcor] c:\windows\cnrxibr.exe
O4 - HKCU\..\Run: [dbxugll] c:\windows\cnrxibr.exe
O4 - HKCU\..\Run: [dqfjbhf] c:\windows\cnrxibr.exe
O4 - HKCU\..\Run: [tlvfbax] c:\windows\cnrxibr.exe
O4 - HKCU\..\Run: [ykwafob] c:\windows\cnrxibr.exe
O4 - HKCU\..\Run: [ivoskbn] c:\windows\cnrxibr.exe
O4 - HKCU\..\Run: [lmnlyiw] c:\windows\cnrxibr.exe
O4 - HKCU\..\Run: [sjaqhtk] c:\windows\cnrxibr.exe
O4 - HKCU\..\Run: [iccuggp] c:\windows\cnrxibr.exe
O4 - HKCU\..\Run: [wayeqyl] c:\windows\cnrxibr.exe
O4 - HKCU\..\Run: [xbdudae] c:\windows\cnrxibr.exe
O4 - HKCU\..\Run: [sfmulxq] c:\windows\cnrxibr.exe
O4 - HKCU\..\Run: [jjodnll] c:\windows\cnrxibr.exe
O4 - HKCU\..\Run: [qgqdcjc] c:\windows\cnrxibr.exe
O4 - HKCU\..\Run: [rcufeor] c:\windows\bdxqmhx.exe
O4 - HKCU\..\Run: [daadyhe] c:\windows\bdxqmhx.exe
O4 - HKCU\..\Run: [cqfvlbk] c:\windows\bdxqmhx.exe
O4 - HKCU\..\Run: [yenwxom] c:\windows\bdxqmhx.exe
O4 - HKCU\..\Run: [cjkdhab] c:\windows\bdxqmhx.exe
O4 - HKCU\..\Run: [lcvsjfb] c:\windows\bdxqmhx.exe
O4 - HKCU\..\Run: [oppacso] c:\windows\bdxqmhx.exe
O4 - HKCU\..\Run: [makchgx] c:\windows\bdxqmhx.exe
O4 - HKCU\..\Run: [smbmpgm] c:\windows\bdxqmhx.exe
O4 - HKCU\..\Run: [tufarjy] c:\windows\cuswljb.exe
O4 - HKCU\..\Run: [vllhwta] c:\windows\cuswljb.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programme\Tools\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [d289ead266d] C:\WINDOWS\System32\d289ead266d.exe
O4 - Global Startup: 22M WLAN Adapter.lnk = ?
O4 - Global Startup: Acrobat Assistant.lnk = C:\Programme\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Firewall.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: SideACT!.lnk = C:\Programme\ACT\SideACT.exe
O4 - Global Startup: Webfilter.lnk = C:\Programme\AntiVirenKit InternetSecurity\Webfilter\Webfilter.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Add selected links to Link Container - C:\PROGRA~1\ANTIVI~1\WEBFIL~1\System\Scripts\off_collector_sel.htm
O8 - Extra context menu item: Show domain links - C:\PROGRA~1\ANTIVI~1\WEBFIL~1\System\Scripts\off_domain_links.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\j2re1.4.2_08\bin\npjpi142_08.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\j2re1.4.2_08\bin\npjpi142_08.dll
O9 - Extra button: Microsoft AntiSpyware helper - {1EA89F80-32C1-4082-AB2B-D8A2A83A308A} - C:\WINDOWS\System32\wldr.dll (file missing)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {1EA89F80-32C1-4082-AB2B-D8A2A83A308A} - C:\WINDOWS\System32\wldr.dll (file missing)
O9 - Extra button: Microsoft AntiSpyware helper - {1EA89F80-32C1-4082-AB2B-D8A2A83A308A} - C:\WINDOWS\System32\wldr.dll (file missing) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {1EA89F80-32C1-4082-AB2B-D8A2A83A308A} - C:\WINDOWS\System32\wldr.dll (file missing) (HKCU)
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windup.../bridge-c11.cab
O16 - DPF: {1E2941E3-8E63-11D4-9D5A-00902742D6E0} (iNotes Class) - https://inotes.olymp....com/iNotes.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.r...RdxIE601_de.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1123534100868
O17 - HKLM\System\CCS\Services\Tcpip\..\{3D40D8F5-354A-4841-A714-51CA22C9AE4E}: NameServer = 69.50.176.156,195.225.176.31
O17 - HKLM\System\CCS\Services\Tcpip\..\{684CA4D2-375D-4FF1-8977-876C2B033E87}: NameServer = 69.50.176.156,195.225.176.31
O17 - HKLM\System\CCS\Services\Tcpip\..\{74A232CC-D7E8-4299-8DF4-29E98B879926}: NameServer = 69.50.176.156,195.225.176.31
O17 - HKLM\System\CCS\Services\Tcpip\..\{8A0C894B-618A-48C0-9673-597069F33E15}: NameServer = 69.50.176.156,195.225.176.31
O17 - HKLM\System\CCS\Services\Tcpip\..\{E33D3A9D-EBF9-4620-A7D3-0BF4AB609812}: NameServer = 69.50.176.156,195.225.176.31
O21 - SSODL: eplrr - {071DEC82-AF0D-4547-8AEC-4185B0EBFC1D} - C:\WINDOWS\System32\eplrr3.dll (file missing)
O21 - SSODL: Client Shedule - {D68C41F1-92CE-43A7-B4DD-2CB15743DC99} - C:\WINDOWS\System32\comasapi.dll (file missing)
O23 - Service: Trace network connections (ACCRA) - Unknown owner - C:\WINDOWS\System32\mocih.exe (file missing)
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: AVK Service (AVKService) - Unknown owner - C:\Programme\AntiVirenKit InternetSecurity\AVK\AVKService.exe
O23 - Service: AVK Wächter (AVKWCtl) - Unknown owner - C:\Programme\AntiVirenKit InternetSecurity\AVK\AVKWCtl.exe
O23 - Service: WindowInstallSystem (d289ead266dsvr) - Unknown owner - C:\WINDOWS\d289ead266d.exe
O23 - Service: ewido security suite control - ewido networks - C:\Programme\ewido\security suite\ewidoctrl.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Programme\iPod\bin\iPodService.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
  • 0

#4
didom

didom

    Member 1K

  • Member
  • PipPipPipPip
  • 1,919 posts
You have Spybot s&d (Teatimer option) running on your machine and that is good.

But prior to doing the fix below with hijackthis it need to be turned off.
Please do the following.

Right click the running icon of spybot's teatimer, and choose exit.

Unlessit is turned off it could interfer with the fix by hijackthis.

--------------------------------------------------------------------------------

Unzip HJT into it's own permanent folder before doing anything in order for it to create backups. (Not a temporary folder & not on the desktop).
Please create a directory on your c: drive called c:\hijackthis (and download) and unzip hijackthis into that directory. Run the program from that directory from now on. It is essential that you follow these steps or certain important features of the program will not function correctly.

--------------------------------------------------------------------------------

Click Start>Run, type services.msc into the Open: text box and click the Ok button.
  • In the Services window look for the Trace network connections (ACCRA) service and double-click on it.
  • Click on the Stop button
  • In the Startup type dropdown box select Disabled
  • Click Apply button and then the Ok button.
  • Please run HijackThis and click Config -> Misc Tools -> Delete an NT service.
  • In the Delete window, type ACCRA and press OK.
  • OK any prompts, close HijackThis, and restart your computer.
--------------------------------------------------------------------------------
Download smitRem.exe and save the file to your desktop.
Double click on the file to extract it to it's own folder on the desktop.

Place a shortcut to Panda ActiveScan on your desktop.

Please download the trial version of Ewido Security Suite here:
http://www.ewido.net/en/download/

Please read Ewido Setup Instructions
Install it, and update the definitions to the newest files. Do NOT run a scan yet.

If you have not already installed Ad-Aware SE 1.06, follow these download and setup instructions, otherwise, check for updates:
Ad-Aware SE Setup
Don't run it yet!

Next, please reboot your computer in SafeMode by doing the following:
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
  • Instead of Windows loading as normal, a menu should appear
  • Select the first option, to run Windows in Safe Mode.
Scan again with HijackThis and check the following items:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://w-find.com/sp.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://w-find.com/index.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://w-find.com/sp.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://w-find.com/index.htm
O2 - BHO: ActiveX Control - {C5ADE1EF-8F3F-4573-A179-9CFA1D20CBE5} - C:\WINDOWS\System32\msklc.dll (file missing)
O2 - BHO: Offliner AdFilter Helper - {DC9377A2-2E8D-44A1-99DB-F8A821DF254D} - C:\WINDOWS\system32\SiPlugins.dll (file missing)
O3 - Toolbar: (no name) - {08BEC6AA-49FC-4379-3587-4B21E286C19E} - (no file)
O4 - HKLM\..\Run: [Internet Shedule] C:\WINDOWS\System32\runoound.exe
O4 - HKLM\..\Run: [d289ead266d] C:\WINDOWS\System32\d289ead266d.exe
O4 - HKCU\..\Run: [xoojdit] c:\windows\yaafoai.exe
O4 - HKCU\..\Run: [qfiyvsl] c:\windows\yaafoai.exe
O4 - HKCU\..\Run: [hcwdipn] c:\windows\yaafoai.exe
O4 - HKCU\..\Run: [illxuit] c:\windows\yaafoai.exe
O4 - HKCU\..\Run: [ubtvfvn] c:\windows\yaafoai.exe
O4 - HKCU\..\Run: [qpovbdl] c:\windows\yaafoai.exe
O4 - HKCU\..\Run: [oqkirgn] c:\windows\yaafoai.exe
O4 - HKCU\..\Run: [ycwxlnw] c:\windows\yaafoai.exe
O4 - HKCU\..\Run: [qllxaxt] c:\windows\yaafoai.exe
O4 - HKCU\..\Run: [tsltrjw] c:\windows\yaafoai.exe
O4 - HKCU\..\Run: [kfbjiyf] c:\windows\yaafoai.exe
O4 - HKCU\..\Run: [rauabdn] c:\windows\yaafoai.exe
O4 - HKCU\..\Run: [rxvvnht] c:\windows\yaafoai.exe
O4 - HKCU\..\Run: [mljmlmk] c:\windows\yaafoai.exe
O4 - HKCU\..\Run: [ufsnncb] c:\windows\yaafoai.exe
O4 - HKCU\..\Run: [mvoyuij] c:\windows\yaafoai.exe
O4 - HKCU\..\Run: [oanbnul] c:\windows\yaafoai.exe
O4 - HKCU\..\Run: [iwxjnug] c:\windows\yaafoai.exe
O4 - HKCU\..\Run: [pjidcoi] c:\windows\yaafoai.exe
O4 - HKCU\..\Run: [dnspshh] c:\windows\yaafoai.exe
O4 - HKCU\..\Run: [timkyft] c:\windows\kthrwrf.exe
O4 - HKCU\..\Run: [mikkoxn] c:\windows\kthrwrf.exe
O4 - HKCU\..\Run: [nguahtq] c:\windows\kthrwrf.exe
O4 - HKCU\..\Run: [txlvaxa] c:\windows\kthrwrf.exe
O4 - HKCU\..\Run: [bjlgvef] c:\windows\kthrwrf.exe
O4 - HKCU\..\Run: [hibogmj] c:\windows\kthrwrf.exe
O4 - HKCU\..\Run: [hnjkbkh] c:\windows\kthrwrf.exe
O4 - HKCU\..\Run: [kioyjiw] c:\windows\kuakide.exe
O4 - HKCU\..\Run: [cugschw] c:\windows\kuakide.exe
O4 - HKCU\..\Run: [hmqawpl] c:\windows\kuakide.exe
O4 - HKCU\..\Run: [xsvnrrv] c:\windows\kuakide.exe
O4 - HKCU\..\Run: [rftbvvt] c:\windows\cnrxibr.exe
O4 - HKCU\..\Run: [ttsydtb] c:\windows\cnrxibr.exe
O4 - HKCU\..\Run: [nsidaoj] c:\windows\cnrxibr.exe
O4 - HKCU\..\Run: [pnvdsiy] c:\windows\cnrxibr.exe
O4 - HKCU\..\Run: [gmdxcor] c:\windows\cnrxibr.exe
O4 - HKCU\..\Run: [dbxugll] c:\windows\cnrxibr.exe
O4 - HKCU\..\Run: [dqfjbhf] c:\windows\cnrxibr.exe
O4 - HKCU\..\Run: [tlvfbax] c:\windows\cnrxibr.exe
O4 - HKCU\..\Run: [ykwafob] c:\windows\cnrxibr.exe
O4 - HKCU\..\Run: [ivoskbn] c:\windows\cnrxibr.exe
O4 - HKCU\..\Run: [lmnlyiw] c:\windows\cnrxibr.exe
O4 - HKCU\..\Run: [sjaqhtk] c:\windows\cnrxibr.exe
O4 - HKCU\..\Run: [iccuggp] c:\windows\cnrxibr.exe
O4 - HKCU\..\Run: [wayeqyl] c:\windows\cnrxibr.exe
O4 - HKCU\..\Run: [xbdudae] c:\windows\cnrxibr.exe
O4 - HKCU\..\Run: [sfmulxq] c:\windows\cnrxibr.exe
O4 - HKCU\..\Run: [jjodnll] c:\windows\cnrxibr.exe
O4 - HKCU\..\Run: [qgqdcjc] c:\windows\cnrxibr.exe
O4 - HKCU\..\Run: [rcufeor] c:\windows\bdxqmhx.exe
O4 - HKCU\..\Run: [daadyhe] c:\windows\bdxqmhx.exe
O4 - HKCU\..\Run: [cqfvlbk] c:\windows\bdxqmhx.exe
O4 - HKCU\..\Run: [yenwxom] c:\windows\bdxqmhx.exe
O4 - HKCU\..\Run: [cjkdhab] c:\windows\bdxqmhx.exe
O4 - HKCU\..\Run: [lcvsjfb] c:\windows\bdxqmhx.exe
O4 - HKCU\..\Run: [oppacso] c:\windows\bdxqmhx.exe
O4 - HKCU\..\Run: [makchgx] c:\windows\bdxqmhx.exe
O4 - HKCU\..\Run: [smbmpgm] c:\windows\bdxqmhx.exe
O4 - HKCU\..\Run: [tufarjy] c:\windows\cuswljb.exe
O4 - HKCU\..\Run: [vllhwta] c:\windows\cuswljb.exe
O4 - HKCU\..\Run: [d289ead266d] C:\WINDOWS\System32\d289ead266d.exe
O9 - Extra button: Microsoft AntiSpyware helper - {1EA89F80-32C1-4082-AB2B-D8A2A83A308A} - C:\WINDOWS\System32\wldr.dll (file missing)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {1EA89F80-32C1-4082-AB2B-D8A2A83A308A} - C:\WINDOWS\System32\wldr.dll (file missing)
O9 - Extra button: Microsoft AntiSpyware helper - {1EA89F80-32C1-4082-AB2B-D8A2A83A308A} - C:\WINDOWS\System32\wldr.dll (file missing) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {1EA89F80-32C1-4082-AB2B-D8A2A83A308A} - C:\WINDOWS\System32\wldr.dll (file missing) (HKCU)
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windup.../bridge-c11.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.r...RdxIE601_de.cab
O21 - SSODL: eplrr - {071DEC82-AF0D-4547-8AEC-4185B0EBFC1D} - C:\WINDOWS\System32\eplrr3.dll (file missing)
O21 - SSODL: Client Shedule - {D68C41F1-92CE-43A7-B4DD-2CB15743DC99} - C:\WINDOWS\System32\comasapi.dll (file missing)
O23 - Service: Trace network connections (ACCRA) - Unknown owner - C:\WINDOWS\System32\mocih.exe (file missing)

After checking these items, close all browser windows except HijackThis and click "Fix checked".


Open the smitRem folder, then double click the RunThis.bat file to start the tool. Follow the prompts on screen.
Wait for the tool to complete and disk cleanup to finish.

The tool will create a log named smitfiles.txt in the root of your drive, eg; Local Disk C: or partition where your operating system is installed. Please post that log along with all others requested in your next reply.


Open Ad-aware and do a full scan. Remove all it finds.


Run Ewido:
  • Click on scanner
  • Click on Complete System Scan and the scan will begin.
  • NOTE: During some scans with ewido it is finding cases of false positives.
  • You will need to step through the process of cleaning files one-by-one.
  • If ewido detects a file you KNOW to be legitimate, select none as the action.
  • DO NOT select "Perform action on all infections"
  • If you are unsure of any entry found select none for now.
  • When the scan is finished, click the Save report button at the bottom of the screen.
  • Save the report to your desktop
Close Ewido

Next go to Control Panel click Display > Desktop > Customize Desktop > Web > Uncheck "Security Info" if present.

Reboot back into Windows and click the Panda ActiveScan shortcut, then do a full system scan.
Save the scan log and post it along with a new HijackThis Log, the contents of the smitfiles.txt (C:\smitfiles.txt) log and the Ewido Log by using Add Reply.
Let us know if any problems persist.

--------------------------------------------------------------------------------

Download Silent Runners
Unzip it to a permanent folder.
Start SilentRunners.vbs
When your antivirus is giving an alert, do not block this. Allow the script.
Copy and paste the content of the txtfile you get afterwards in your next reply.
  • 0

#5
Init

Init

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Hi Didom,
so after all these scanning it looks quite good for now. The desktop background disappeared and the CDRom drive stays closed. :tazz: Thanks a lot!
Anyway I send you all the logfiles you requested. One problem occurs now after reboot of the system my Spybot Teatimer keeps giving the messages of the changed Registry entries. Do I just have to tell him to allow it and remind?

Here are all the logs:

Logfile of HijackThis v1.99.1
Scan saved at 21:45:54, on 22.08.2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\Programme\AntiVirenKit InternetSecurity\AVK\AVKService.exe
C:\Programme\AntiVirenKit InternetSecurity\AVK\AVKWCtl.exe
C:\Programme\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Programme\QKeys\QKeys.EXE
C:\Programme\Java\j2re1.4.2_08\bin\jusched.exe
C:\Programme\Gemeinsame Dateien\G DATA\AVKMail\AVKPOP.EXE
C:\Programme\QuickTime\qttask.exe
C:\Programme\iTunes\iTunesHelper.exe
C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
C:\PROGRA~1\GEMEIN~1\PCSuite\DATALA~1\DATALA~1.EXE
C:\PROGRA~1\Nokia\NOKIAP~1\TRAYAP~1.EXE
C:\WINDOWS\System32\ctfmon.exe
C:\Programme\Tools\Spybot - Search & Destroy\TeaTimer.exe
C:\Programme\22M WLAN Adapter\WLANMON.exe
C:\Programme\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Programme\iPod\bin\iPodService.exe
C:\Programme\AntiVirenKit InternetSecurity\Firewall\kavpf.exe
C:\Programme\ACT\SideACT.exe
C:\PROGRA~1\GEMEIN~1\PCSuite\Services\SERVIC~1.EXE
C:\Programme\AntiVirenKit InternetSecurity\Webfilter\Webfilter.exe
C:\PROGRA~1\ANTIVI~1\WEBFIL~1\ADSCLE~1.EXE
C:\WINDOWS\System32\wuauclt.exe
C:\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.msn.com/spbasic.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft...er=6&ar=msnhome
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft...=ie&ar=iesearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft...B_PVER}&ar=home
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.microsoft...=ie&ar=iesearch
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: SIPAKBHO Class - {40FB69E1-9B7B-453F-B238-37D8E9528929} - C:\Programme\AntiVirenKit InternetSecurity\Webfilter\PAKIEPlugins.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\Tools\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {C5ADE1EF-8F3F-4573-A179-9CFA1D20CBE5} - (no file)
O2 - BHO: (no name) - {DC9377A2-2E8D-44A1-99DB-F8A821DF254D} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: WebFilter-Leiste - {75CD0BC5-E317-449C-9FF6-4986B3D48F64} - C:\PROGRA~1\ANTIVI~1\WEBFIL~1\PAKIEGUI.dll
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [QKeys] C:\Programme\QKeys\QKeys.EXE
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\j2re1.4.2_08\bin\jusched.exe
O4 - HKLM\..\Run: [AVK Mail Checker] "C:\Programme\Gemeinsame Dateien\G DATA\AVKMail\AVKPOP.EXE"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programme\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [DataLayer] C:\PROGRA~1\GEMEIN~1\PCSuite\DATALA~1\DATALA~1.EXE
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\TRAYAP~1.EXE
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programme\Tools\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: 22M WLAN Adapter.lnk = ?
O4 - Global Startup: Acrobat Assistant.lnk = C:\Programme\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Firewall.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: SideACT!.lnk = C:\Programme\ACT\SideACT.exe
O4 - Global Startup: Webfilter.lnk = C:\Programme\AntiVirenKit InternetSecurity\Webfilter\Webfilter.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Add selected links to Link Container - C:\PROGRA~1\ANTIVI~1\WEBFIL~1\System\Scripts\off_collector_sel.htm
O8 - Extra context menu item: Show domain links - C:\PROGRA~1\ANTIVI~1\WEBFIL~1\System\Scripts\off_domain_links.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\j2re1.4.2_08\bin\npjpi142_08.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\j2re1.4.2_08\bin\npjpi142_08.dll
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} -
O16 - DPF: {1E2941E3-8E63-11D4-9D5A-00902742D6E0} (iNotes Class) - https://inotes.olymp....com/iNotes.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} -
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1123534100868
O17 - HKLM\System\CCS\Services\Tcpip\..\{3D40D8F5-354A-4841-A714-51CA22C9AE4E}: NameServer = 69.50.176.156,195.225.176.31
O17 - HKLM\System\CCS\Services\Tcpip\..\{684CA4D2-375D-4FF1-8977-876C2B033E87}: NameServer = 69.50.176.156,195.225.176.31
O17 - HKLM\System\CCS\Services\Tcpip\..\{74A232CC-D7E8-4299-8DF4-29E98B879926}: NameServer = 69.50.176.156,195.225.176.31
O17 - HKLM\System\CCS\Services\Tcpip\..\{8A0C894B-618A-48C0-9673-597069F33E15}: NameServer = 69.50.176.156,195.225.176.31
O17 - HKLM\System\CCS\Services\Tcpip\..\{E33D3A9D-EBF9-4620-A7D3-0BF4AB609812}: NameServer = 69.50.176.156,195.225.176.31
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: AVK Service (AVKService) - Unknown owner - C:\Programme\AntiVirenKit InternetSecurity\AVK\AVKService.exe
O23 - Service: AVK Wächter (AVKWCtl) - Unknown owner - C:\Programme\AntiVirenKit InternetSecurity\AVK\AVKWCtl.exe
O23 - Service: WindowInstallSystem (d289ead266dsvr) - Unknown owner - C:\WINDOWS\d289ead266d.exe
O23 - Service: ewido security suite control - ewido networks - C:\Programme\ewido\security suite\ewidoctrl.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Programme\iPod\bin\iPodService.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe



Active scan Panda
Incident Status Location

Possible Virus. No disinfected C:\Programme\AntiVirenKit InternetSecurity\Webfilter\PAKIEPlugins.dll
Adware:adware/adsmart No disinfected C:\WINDOWS\SYSTEM32\thun.dll
Adware:adware/sbsoft No disinfected C:\WINDOWS\rdt.ini
Adware:adware/wupd No disinfected Windows Registry
Possible Virus. No disinfected C:\Programme\AntiVirenKit InternetSecurity\Webfilter\PAKIEPlugins.dll
Adware:Adware/Startpage.XL No disinfected C:\RECYCLER\Q678341.exe
Possible Virus. No disinfected C:\WINDOWS\temp\ASHeuristic\PAKIEPlugins.dll.vir

ewido security suite - Scan Report
---------------------------------------------------------

+ Erstellt am: 21:00:57, 22.08.2005
+ Report-Checksumme: 9C13123B

+ Scanergebnis:

Keine infizierten Objekte gefunden.


::Report Ende


smitRem log file
version 2.3

by noahdfear


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Pre-run Files Present


~~~ Program Files ~~~



~~~ Shortcuts ~~~



~~~ Favorites ~~~



~~~ system32 folder ~~~



~~~ Icons in System32 ~~~



~~~ Windows directory ~~~



~~~ Drive root ~~~

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


Post-run Files Present


~~~ Program Files ~~~



~~~ Shortcuts ~~~



~~~ Favorites ~~~



~~~ system32 folder ~~~



~~~ Icons in System32 ~~~



~~~ Windows directory ~~~



~~~ Drive root ~~~



~~~ Wininet.dll ~~~

CLEAN! :)

"Silent Runners.vbs", revision 40, http://www.silentrunners.org/
Operating System: Windows XP
Output limited to non-default values, except where indicated by "{++}"


Startup items buried in registry:
---------------------------------

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"CTFMON.EXE" = "C:\WINDOWS\System32\ctfmon.exe" [MS]
"SpybotSD TeaTimer" = "C:\Programme\Tools\Spybot - Search & Destroy\TeaTimer.exe" ["Safer Networking Limited"]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"SiSUSBRG" = "C:\WINDOWS\SiSUSBrg.exe" ["Silicon Integrated Systems Corp."]
"ATIModeChange" = "Ati2mdxx.exe" ["ATI Technologies, Inc."]
"ATIPTA" = "C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe" ["ATI Technologies, Inc."]
"QKeys" = "C:\Programme\QKeys\QKeys.EXE" ["Taiwan OEM"]
"NeroCheck" = "C:\WINDOWS\System32\NeroCheck.exe" ["Ahead Software Gmbh"]
"SunJavaUpdateSched" = "C:\Programme\Java\j2re1.4.2_08\bin\jusched.exe" [null data]
"AVK Mail Checker" = ""C:\Programme\Gemeinsame Dateien\G DATA\AVKMail\AVKPOP.EXE"" ["G DATA Software AG"]
"QuickTime Task" = ""C:\Programme\QuickTime\qttask.exe" -atboottime" ["Apple Computer, Inc."]
"iTunesHelper" = ""C:\Programme\iTunes\iTunesHelper.exe"" ["Apple Computer, Inc."]
"TkBellExe" = ""C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot" ["RealNetworks, Inc."]
"DataLayer" = "C:\PROGRA~1\GEMEIN~1\PCSuite\DATALA~1\DATALA~1.EXE" ["Nokia Mobile Phones Ltd."]
"PCSuiteTrayApplication" = "C:\PROGRA~1\Nokia\NOKIAP~1\TRAYAP~1.EXE" [empty string]

HKLM\Software\Microsoft\Active Setup\Installed Components\
{306D6C21-C1B6-4629-986C-E59E1875B8AF}\(Default) = (no title provided)
\StubPath = ""C:\WINDOWS\System32\rundll32.exe" "C:\Programme\Messenger\msgsc.dll",ShowIconsUser" [MS]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = "AcroIEHlprObj Class" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\Programme\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx" [empty string]
{40FB69E1-9B7B-453F-B238-37D8E9528929}\(Default) = "SIPAKBHO Class" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\Programme\AntiVirenKit InternetSecurity\Webfilter\PAKIEPlugins.dll" ["TODO: <Company name>"]
{53707962-6F74-2D53-2644-206D7942484F}\(Default) = (no title provided)
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\Tools\SPYBOT~1\SDHelper.dll" ["Safer Networking Limited"]

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "CPL-Erweiterung für Anzeigeverschiebung"
-> {CLSID}\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Erweiterung für HyperTerminal-Icons"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."]
"{0006F045-0000-0000-C000-000000000046}" = "Microsoft Outlook Custom Icon Handler"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office\OLKFSTUB.DLL" [MS]
"{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}" = "Shell Extensions for RealOne Player"
-> {CLSID}\InProcServer32\(Default) = "C:\Programme\Real\RealPlayer\rpshell.dll" ["RealNetworks, Inc."]
"{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF}" = "iTunes"
-> {CLSID}\InProcServer32\(Default) = "C:\Programme\iTunes\iTunesMiniPlayer.dll" ["Apple Computer, Inc."]
"{40950107-FEA6-4d53-A65F-B2DCBA57DD58}" = "Nokia Phone Browser"
-> {CLSID}\InProcServer32\(Default) = "C:\Programme\Nokia\Nokia PC Suite 6\Components\PhoneBrowserComponents\NokiaPhoneBrowser.dll" ["Nokia"]
"{FBFE7864-D495-41f0-B7DC-4BB601CC295E}" = "Contact View"
-> {CLSID}\InProcServer32\(Default) = "C:\Programme\Nokia\Nokia PC Suite 6\Components\PhoneBrowserComponents\ContactView.dll" ["Nokia"]

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
AVK9CM\(Default) = "{CAF4C320-32F5-11D3-A222-004095200FF2}"
-> {CLSID}\InProcServer32\(Default) = "C:\Programme\AntiVirenKit InternetSecurity\AVK\ShellExt.dll" [empty string]
ewido\(Default) = "{57BD36D7-CE32-4600-9B1C-1A0C47EFC02E}"
-> {CLSID}\InProcServer32\(Default) = "C:\Programme\ewido\security suite\context.dll" ["ewido networks"]

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\
ewido\(Default) = "{57BD36D7-CE32-4600-9B1C-1A0C47EFC02E}"
-> {CLSID}\InProcServer32\(Default) = "C:\Programme\ewido\security suite\context.dll" ["ewido networks"]

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
AVK9CM\(Default) = "{CAF4C320-32F5-11D3-A222-004095200FF2}"
-> {CLSID}\InProcServer32\(Default) = "C:\Programme\AntiVirenKit InternetSecurity\AVK\ShellExt.dll" [empty string]


Active Desktop and Wallpaper:
-----------------------------

Active Desktop is disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState


Enabled Screen Saver:
---------------------

HKCU\Control Panel\Desktop\
"SCRNSAVE.EXE" = "C:\WINDOWS\System32\logon.scr" [MS]


Startup items in "Alle" & "All Users" startup folders:
------------------------------------------------------

C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart
"22M WLAN Adapter" -> shortcut to: "C:\Programme\22M WLAN Adapter\WLANMON.exe" [" "]
"Acrobat Assistant" -> shortcut to: "C:\Programme\Adobe\Acrobat 5.0\Distillr\AcroTray.exe" ["Adobe Systems Inc."]
"Firewall" -> shortcut to: "C:\Programme\AntiVirenKit InternetSecurity\Firewall\kavpf.exe /silence" ["Kaspersky Labs"]
"Microsoft Office" -> shortcut to: "C:\Programme\Microsoft Office\Office\OSA9.EXE -b -l" [MS]
"SideACT!" -> shortcut to: "C:\Programme\ACT\SideACT.exe /s" ["Interact Commerce Corporation"]
"Webfilter" -> shortcut to: "C:\Programme\AntiVirenKit InternetSecurity\Webfilter\Webfilter.exe /GER" ["G DATA Software AG"]


Winsock2 Service Provider DLLs:
-------------------------------

Namespace Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

Transport Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 26
%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05


Toolbars, Explorer Bars, Extensions:
------------------------------------

Toolbars

HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\
"{75CD0BC5-E317-449C-9FF6-4986B3D48F64}" = "WebFilter-Leiste" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\ANTIVI~1\WEBFIL~1\PAKIEGUI.dll" [null data]

"{EB740041-E2A0-4346-A4DF-F2AFF42AB23D}" = (no title provided)
-> {CLSID}\InProcServer32\(Default) = "tpug05ca.dll" [file not found]

HKLM\Software\Microsoft\Internet Explorer\Toolbar\
"{75CD0BC5-E317-449C-9FF6-4986B3D48F64}" = "WebFilter-Leiste"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\ANTIVI~1\WEBFIL~1\PAKIEGUI.dll" [null data]

Extensions (Tools menu items, main toolbar menu buttons)

HKLM\Software\Microsoft\Internet Explorer\Extensions\
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\
"MenuText" = "Sun Java Konsole"
"CLSIDExtension" = "{08B0E5C0-4FCB-11CF-AAA5-00401C608501}"


Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------

Ati HotKey Poller, Ati HotKey Poller, "C:\WINDOWS\System32\Ati2evxx.exe" ["ATI Technologies Inc."]
AVK Service, AVKService, "C:\Programme\AntiVirenKit InternetSecurity\AVK\AVKService.exe" [empty string]
AVK Wächter, AVKWCtl, "C:\Programme\AntiVirenKit InternetSecurity\AVK\AVKWCtl.exe" [empty string]
ewido security suite control, ewido security suite control, "C:\Programme\ewido\security suite\ewidoctrl.exe" ["ewido networks"]
iPod Service, iPodService, "C:\Programme\iPod\bin\iPodService.exe" ["Apple Computer, Inc."]
SmartLinkService, SLService, "slserv.exe" [" "]


----------
+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ To search all directories of local fixed drives for DESKTOP.INI
DLL launch points and all Registry CLSIDs for dormant Explorer Bars,
use the -supp parameter or answer "Yes" at the first message box.
---------- (total run time: 70 seconds, including 18 seconds for message boxes)



:)
  • 0

#6
didom

didom

    Member 1K

  • Member
  • PipPipPipPip
  • 1,919 posts

Do I just have to tell him to allow it and remind?

Yes, please do so!

Scan again with HijackThis and check the following items:

O2 - BHO: (no name) - {C5ADE1EF-8F3F-4573-A179-9CFA1D20CBE5} - (no file)
O2 - BHO: (no name) - {DC9377A2-2E8D-44A1-99DB-F8A821DF254D} - (no file)
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} -
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} -

After checking these items, close all browser windows except HijackThis and click "Fix checked".

Make sure all hidden files and folders are visible (Instructions )
Reboot your computer into safe mode (Instructions)

Find and delete these files (if they are still there):

C:\WINDOWS\SYSTEM32\thun.dll
C:\WINDOWS\rdt.ini

Go to start > run and type: cleanmgr and click ok.
Let it scan your system for files to remove.
Make sure Temporary Files, Temporary Internet Files, and Recycle Bin are the only things checked.
Press OK to remove them.

Reboot your computer back into normal mode.

Please download RKFiles from HERE
  • Unzip RKfiles.zip to the desktop
  • Double-click RKFiles.bat to run it.
    • It may take a while.
  • When it is finished a window should appear with a log.
  • Please copy the contents of the log and paste them here
    • Note: the log with be saved at c:\log.txt

  • 0

#7
Init

Init

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Hello again,
I deleted the files. Can you tell me how to stop the windows from Teatimer to pop up telling me that I alowed all these changes?
For now everything else seems to be fine! :tazz:
Here is the log of RKfiles. Do you also want a new Hijackthis? Thanks again.

C:\rk

PLEASE NOTE THAT ALL FILES FOUND BY THIS METHOD ARE NOT BAD FILES, THERE MIGHT BE LEGIT FILES LISTED AND PLEASE BE CAREFUL WHILE FIXING. IF YOU ARE UNSURE OF WHAT IT IS LEAVE THEM ALONE.
Files Found in system Folder............
------------------------
C:\WINDOWS\system32\SiRPCPrx.dll: UPX!
C:\WINDOWS\system32\SiRPCSrv2.dll: UPX!
C:\WINDOWS\system32\SI_APP.dll: UPX!
C:\WINDOWS\system32\dfrg.msc: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQAAAAAwGpEc213
C:\WINDOWS\system32\oembios.bin: qPEc2H
C:\WINDOWS\system32\dfrg.msc: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQAAAAAwGpEc213
C:\WINDOWS\system32\oembios.bin: qPEc2H

Files Found in all users startup Folder............
------------------------
C:\WINDOWS\system32\SiRPCPrx.dll: UPX!
C:\WINDOWS\system32\SiRPCSrv2.dll: UPX!
C:\WINDOWS\system32\SI_APP.dll: UPX!
Files Found in all users windows Folder............
------------------------
Finished
bye
  • 0

#8
didom

didom

    Member 1K

  • Member
  • PipPipPipPip
  • 1,919 posts
Download CCleaner and install this program.

Download remv3.zip and unzip it to its own folder (otherwise it willnot work)

Restart your computer in Safe Mode. How do I Safe Boot my computer?

Scan again with HijackThis and check the following items:

O17 - HKLM\System\CCS\Services\Tcpip\..\{3D40D8F5-354A-4841-A714-51CA22C9AE4E}: NameServer = 69.50.176.156,195.225.176.31
O17 - HKLM\System\CCS\Services\Tcpip\..\{684CA4D2-375D-4FF1-8977-876C2B033E87}: NameServer = 69.50.176.156,195.225.176.31
O17 - HKLM\System\CCS\Services\Tcpip\..\{74A232CC-D7E8-4299-8DF4-29E98B879926}: NameServer = 69.50.176.156,195.225.176.31
O17 - HKLM\System\CCS\Services\Tcpip\..\{8A0C894B-618A-48C0-9673-597069F33E15}: NameServer = 69.50.176.156,195.225.176.31
O17 - HKLM\System\CCS\Services\Tcpip\..\{E33D3A9D-EBF9-4620-A7D3-0BF4AB609812}: NameServer = 69.50.176.156,195.225.176.31

After checking these items, close all browser windows except HijackThis and click "Fix checked".

Start CCleaner and click the button "Run Cleaner".
Open the folder you've extracted remv3.zip to and doubleclick remv3.bat.

Then reboot your computer back into normal mode.

Please go to "Start" --> Control Panel. In the windows control panel. If you are using Windows XP's Category View, select the Network and Internet Connections category otherwise double click on Network Connections. Then right click on your default connection, usually local area connection for cable and dsl, and left click on properties. Click the Networking tab. Double-click on the Internet Protocol (TCP/IP) item and select the radio dial that says Obtain DNS servers automatically

Press OK twice to get out of the properties screen and reboot if it asks.
That option might not be avaiable one some systems
Next Go start run type cmd and hit OK
type
ipconfig /flushdns
then hit enter, type exit hit enter
(that space between g and / is needed)

Then, restart your computer and post c:\log.txt and a fresh log from HijackThis.
  • 0

#9
Init

Init

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Hello again,
it took me a while to get back to my PC. But here is my new logfile from Hijackthis and from this remv3

Logfile of HijackThis v1.99.1
Scan saved at 22:30:26, on 28.08.2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\Programme\AntiVirenKit InternetSecurity\AVK\AVKService.exe
C:\Programme\AntiVirenKit InternetSecurity\AVK\AVKWCtl.exe
C:\Programme\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Programme\QKeys\QKeys.EXE
C:\Programme\Java\j2re1.4.2_08\bin\jusched.exe
C:\Programme\Gemeinsame Dateien\G DATA\AVKMail\AVKPOP.EXE
C:\Programme\QuickTime\qttask.exe
C:\Programme\iTunes\iTunesHelper.exe
C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
C:\PROGRA~1\GEMEIN~1\PCSuite\DATALA~1\DATALA~1.EXE
C:\PROGRA~1\Nokia\NOKIAP~1\TRAYAP~1.EXE
C:\WINDOWS\System32\ctfmon.exe
C:\Programme\Tools\Spybot - Search & Destroy\TeaTimer.exe
C:\Programme\22M WLAN Adapter\WLANMON.exe
C:\Programme\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Programme\AntiVirenKit InternetSecurity\Firewall\kavpf.exe
C:\Programme\ACT\SideACT.exe
C:\Programme\AntiVirenKit InternetSecurity\Webfilter\Webfilter.exe
C:\Programme\iPod\bin\iPodService.exe
C:\PROGRA~1\GEMEIN~1\PCSuite\Services\SERVIC~1.EXE
C:\PROGRA~1\ANTIVI~1\WEBFIL~1\ADSCLE~1.EXE
C:\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.msn.com/spbasic.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wetteronline.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft...er=6&ar=msnhome
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft...=ie&ar=iesearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft...B_PVER}&ar=home
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.microsoft...=ie&ar=iesearch
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: SIPAKBHO Class - {40FB69E1-9B7B-453F-B238-37D8E9528929} - C:\Programme\AntiVirenKit InternetSecurity\Webfilter\PAKIEPlugins.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\Tools\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {C5ADE1EF-8F3F-4573-A179-9CFA1D20CBE5} - (no file)
O2 - BHO: (no name) - {DC9377A2-2E8D-44A1-99DB-F8A821DF254D} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: WebFilter-Leiste - {75CD0BC5-E317-449C-9FF6-4986B3D48F64} - C:\PROGRA~1\ANTIVI~1\WEBFIL~1\PAKIEGUI.dll
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [QKeys] C:\Programme\QKeys\QKeys.EXE
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\j2re1.4.2_08\bin\jusched.exe
O4 - HKLM\..\Run: [AVK Mail Checker] "C:\Programme\Gemeinsame Dateien\G DATA\AVKMail\AVKPOP.EXE"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programme\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [DataLayer] C:\PROGRA~1\GEMEIN~1\PCSuite\DATALA~1\DATALA~1.EXE
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\TRAYAP~1.EXE
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programme\Tools\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: 22M WLAN Adapter.lnk = ?
O4 - Global Startup: Acrobat Assistant.lnk = C:\Programme\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Firewall.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: SideACT!.lnk = C:\Programme\ACT\SideACT.exe
O4 - Global Startup: Webfilter.lnk = C:\Programme\AntiVirenKit InternetSecurity\Webfilter\Webfilter.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Add selected links to Link Container - C:\PROGRA~1\ANTIVI~1\WEBFIL~1\System\Scripts\off_collector_sel.htm
O8 - Extra context menu item: Show domain links - C:\PROGRA~1\ANTIVI~1\WEBFIL~1\System\Scripts\off_domain_links.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\j2re1.4.2_08\bin\npjpi142_08.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\j2re1.4.2_08\bin\npjpi142_08.dll
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} -
O16 - DPF: {1E2941E3-8E63-11D4-9D5A-00902742D6E0} (iNotes Class) - https://inotes.olymp....com/iNotes.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} -
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1123534100868
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: AVK Service (AVKService) - Unknown owner - C:\Programme\AntiVirenKit InternetSecurity\AVK\AVKService.exe
O23 - Service: AVK Wächter (AVKWCtl) - Unknown owner - C:\Programme\AntiVirenKit InternetSecurity\AVK\AVKWCtl.exe
O23 - Service: WindowInstallSystem (d289ead266dsvr) - Unknown owner - C:\WINDOWS\d289ead266d.exe
O23 - Service: ewido security suite control - ewido networks - C:\Programme\ewido\security suite\ewidoctrl.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Programme\iPod\bin\iPodService.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe


The batch is run from -- C:\Programme\remv3

Files Found.................
----------------------------------------

Files Not deleted.................
----------------------------------------

Merging registry entries
-----------------------------------------------------------------
The Registry Entries Found...
-----------------------------------------------------------------


Other bad files to be Manually deleted.. Please note that this might also list legit Files, be careful while deleting
-----------------------------------------------------------------
Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: 3824-EB9A

Verzeichnis von C:\WINDOWS\system32

msi.dll
Finished


Does it look good now??
  • 0

#10
didom

didom

    Member 1K

  • Member
  • PipPipPipPip
  • 1,919 posts
You have Spybot s&d (Teatimer option) running on your machine and that is good.

But prior to doing the fix below with hijackthis it need to be turned off.
Please do the following.

Right click the running icon of spybot's teatimer, and choose exit.

Unlessit is turned off it could interfer with the fix by hijackthis.

----------------------------------------

Scan again with HijackThis and check the following items:


O2 - BHO: (no name) - {C5ADE1EF-8F3F-4573-A179-9CFA1D20CBE5} - (no file)
O2 - BHO: (no name) - {DC9377A2-2E8D-44A1-99DB-F8A821DF254D} - (no file)
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} -
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} -

After checking these items, close all browser windows except HijackThis and click "Fix checked".

Reboot your computer and post a new HijackThis log,

Let me know if any problems persist.
  • 0

#11
Init

Init

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Hello again,
here is the new hijack logfile.
Logfile of HijackThis v1.99.1
Scan saved at 22:37:16, on 04.09.2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\Programme\AntiVirenKit InternetSecurity\AVK\AVKService.exe
C:\Programme\AntiVirenKit InternetSecurity\AVK\AVKWCtl.exe
C:\Programme\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Programme\QKeys\QKeys.EXE
C:\Programme\Java\j2re1.4.2_08\bin\jusched.exe
C:\Programme\Gemeinsame Dateien\G DATA\AVKMail\AVKPOP.EXE
C:\Programme\QuickTime\qttask.exe
C:\Programme\iTunes\iTunesHelper.exe
C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
C:\PROGRA~1\GEMEIN~1\PCSuite\DATALA~1\DATALA~1.EXE
C:\PROGRA~1\Nokia\NOKIAP~1\TRAYAP~1.EXE
C:\WINDOWS\System32\ctfmon.exe
C:\Programme\Tools\Spybot - Search & Destroy\TeaTimer.exe
C:\Programme\22M WLAN Adapter\WLANMON.exe
C:\Programme\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Programme\AntiVirenKit InternetSecurity\Firewall\kavpf.exe
C:\Programme\ACT\SideACT.exe
C:\Programme\AntiVirenKit InternetSecurity\Webfilter\Webfilter.exe
C:\Programme\iPod\bin\iPodService.exe
C:\PROGRA~1\GEMEIN~1\PCSuite\Services\SERVIC~1.EXE
C:\PROGRA~1\ANTIVI~1\WEBFIL~1\ADSCLE~1.EXE
C:\WINDOWS\System32\wuauclt.exe
C:\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.msn.com/spbasic.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wetteronline.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft...er=6&ar=msnhome
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft...=ie&ar=iesearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft...B_PVER}&ar=home
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.microsoft...=ie&ar=iesearch
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: SIPAKBHO Class - {40FB69E1-9B7B-453F-B238-37D8E9528929} - C:\Programme\AntiVirenKit InternetSecurity\Webfilter\PAKIEPlugins.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\Tools\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {C5ADE1EF-8F3F-4573-A179-9CFA1D20CBE5} - (no file)
O2 - BHO: (no name) - {DC9377A2-2E8D-44A1-99DB-F8A821DF254D} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: WebFilter-Leiste - {75CD0BC5-E317-449C-9FF6-4986B3D48F64} - C:\PROGRA~1\ANTIVI~1\WEBFIL~1\PAKIEGUI.dll
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [QKeys] C:\Programme\QKeys\QKeys.EXE
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\j2re1.4.2_08\bin\jusched.exe
O4 - HKLM\..\Run: [AVK Mail Checker] "C:\Programme\Gemeinsame Dateien\G DATA\AVKMail\AVKPOP.EXE"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programme\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [DataLayer] C:\PROGRA~1\GEMEIN~1\PCSuite\DATALA~1\DATALA~1.EXE
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\TRAYAP~1.EXE
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programme\Tools\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: 22M WLAN Adapter.lnk = ?
O4 - Global Startup: Acrobat Assistant.lnk = C:\Programme\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Firewall.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: SideACT!.lnk = C:\Programme\ACT\SideACT.exe
O4 - Global Startup: Webfilter.lnk = C:\Programme\AntiVirenKit InternetSecurity\Webfilter\Webfilter.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Add selected links to Link Container - C:\PROGRA~1\ANTIVI~1\WEBFIL~1\System\Scripts\off_collector_sel.htm
O8 - Extra context menu item: Show domain links - C:\PROGRA~1\ANTIVI~1\WEBFIL~1\System\Scripts\off_domain_links.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\j2re1.4.2_08\bin\npjpi142_08.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\j2re1.4.2_08\bin\npjpi142_08.dll
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} -
O16 - DPF: {1E2941E3-8E63-11D4-9D5A-00902742D6E0} (iNotes Class) - https://inotes.olymp....com/iNotes.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} -
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1123534100868
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: AVK Service (AVKService) - Unknown owner - C:\Programme\AntiVirenKit InternetSecurity\AVK\AVKService.exe
O23 - Service: AVK Wächter (AVKWCtl) - Unknown owner - C:\Programme\AntiVirenKit InternetSecurity\AVK\AVKWCtl.exe
O23 - Service: WindowInstallSystem (d289ead266dsvr) - Unknown owner - C:\WINDOWS\d289ead266d.exe
O23 - Service: ewido security suite control - ewido networks - C:\Programme\ewido\security suite\ewidoctrl.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Programme\iPod\bin\iPodService.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe


So far no more problems occured. Thanks!
  • 0

#12
didom

didom

    Member 1K

  • Member
  • PipPipPipPip
  • 1,919 posts
I notice that you have Spybot's TeaTimer running. While this is normally a wonderful tool to protect against hijackers, it can also interfere with HijackThis fixes. So please disable TeaTimer by doing the following:

1) Run Spybot-S&D
2) Go to the Mode menu, and make sure "Advanced Mode" is selected
3) On the left hand side, choose Tools -> Resident
4) Uncheck "Resident TeaTimer" and OK any prompts
You can reenable TeaTimer once your system is clean.


----------------------------------------

Scan again with HijackThis and check the following items:


O2 - BHO: (no name) - {C5ADE1EF-8F3F-4573-A179-9CFA1D20CBE5} - (no file)
O2 - BHO: (no name) - {DC9377A2-2E8D-44A1-99DB-F8A821DF254D} - (no file)
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} -
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} -

After checking these items, close all browser windows except HijackThis and click "Fix checked".

Reboot your computer and post a new HijackThis log,

Let me know if any problems persist.
  • 0

#13
didom

didom

    Member 1K

  • Member
  • PipPipPipPip
  • 1,919 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP