This topic is locked
I got a Problem with faked windows programms and i am not able to delete these programms. They have the names "Help and Support.exe" and "Windows Update.exe" and they reinstall themself when i deleted them. These programms are on my desktop.
I can not say how i got these programms, they´re just appeared friday, 10.1.2008.
With these programms the process "windows" joined the taskmanager. It eats 100% from my performance and disappear when i start hijackthis.exe. Now i could get it because i opened hijackthis.exe first and waited for it. Here my Scanlog:
Logfile of HijackThis v1.99.1
Scan saved at 16:08:45, on 12.01.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\MySQL\MySQL Server 5.0\bin\mysqld-nt.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\taskmgr.exe
C:\Dokumente und Einstellungen\Administrator\Desktop\DESKTOP\HijackThis.exe
C:\PROGRA~1\MOZILLA.ORG\SEAMON~1\SEAMON~1.EXE
C:\WINDOWS\system32\windows
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://deutsch.eazel....php?rvs=hompag
O4 - HKLM\..\Run: [Ptipbmf] rundll32.exe ptipbmf.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Programme\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Microsoft cache control (MSControlService) - Unknown owner - C:\WINDOWS\system32\windows
O23 - Service: MySQL - Unknown owner - C:\Programme\MySQL\MySQL.exe (file missing) <--- i will solve this problem later
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
I tried to fix the "windows-process"-problem, but it does not help anyway.
I also ran anti-vir and spybot in the secure windows-mode but i´ve nothing found. Ad-adware wasn't able to get started in secure mode, so i ran it in normal mode. Nothing found.
Hopefully you can understand my problem! For a better exposition view this link from a other user with the same problem: http://www.geekstogo...og-t183234.html
With greetings,
FinaL2k7
Edit:
Important: I got strange messages:
System warning:
Windows performed illegal operation. Your system files could have critical errors. It could cause unpredictable or erratic behavior, freezes and crashes. Fixing these errors can increase your computer's performance and prevent data your personal data loss.
Would you like open System Troubleshooting center to fix the problem? (Recommended)
Ok / Cancel
Then:
SysFader: IEXPLORER.EXE - Potential Apllication Error
The instruction at "0x01d62739"referenced memory at "0x02354e50". The memory could not be "read. Click on OK to terminate.
Ok
NOTE: These messages got COPIED, i haven't wrote these mistakes !
Also i forgot to say that i got 1.500 .tmp files in c:\.
Edit2
A new message appeared just now...
Your system could become unstable
A potential problem has been detected and Windows has been shotdown buggy application to prevent damage to your computer. ****WXYZ.SYS - Address F73120AE base at C00000, DataStamp 36b072A3
Kernel Debugger Using: COM2 (Port 0x28f, Baud rate 192000)
OK
Edited by FinaL2k7, 12 January 2008 - 09:41 AM.
Sign In
Create Account
