Wowfx.dll error - similiar to another topic (its closed)

Computer forums for help with removing malicious software (malware) and improving computer security

Welcome Guest to What the Tech! ( Log In | Register ) We specialize in the removal of malicious software (malware), but here you'll find free help and support for all your tech questions. We invite you to ask questions, share experiences, and learn. Explore our message boards, or register now to post messages of your own. Please Start Here. Register today (registration removes advertising)

What the Tech > Spyware / Malware / Virus Removal > HijackThis™ Logs and Infections Removal

Wowfx.dll error - similiar to another topic (its closed), ...

Options

Radon View Member Profile	May 9 2008, 12:44 PM Post #1
New Member Group: New Member Posts: 1 Joined: 9-May 08 Member No.: 78,938 Operating System: Windows XP	Hi there... First a short introduction Well my friend ask me if I could fix some problem on another friends computer, I agreed (dayam me^^). At least it's one of the worst system I've ever seen. Its Windows XP Home. Well I installed Antivir from Avira + Adaware + Hijack this. But first of all I couldnt even start .exe files or even start task manager and so on, there were several registry scripts destroying the registry ~~ at least I could fix this. I scanned with AntiVir and deleted about ~100 Viruses / Trojans what ever. I scanned with Adaware and deleted about ~150 Critical Objects again. I scanned with Hi Jack this and fixed some problems (I used the german advise site, to see what I should fix and what not) But there are still the "hard stuff" on it I guess. For example this stupid wowfx.dll. Well I searched with goolge and foudn this thread: http://forums.whatthetech.com/wowfx_dll_errors_t87427.html I think it's very similar to my problem and I did exactly what was suggested here: http://forums.whatthetech.com/wowfx_dll_er...099#entry432099 And now there are no more AntiVir messages of the wowfx.dll, but I dont know If I'm finished now, so here is the log of combobox and hjackthis (ran after combox, as it was written): (sorry its german ) QUOTE ComboFix 08-05-08.1 - HP_Besitzer 2008-05-09 20:22:51.1 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.49.1031.18.246 [GMT 2:00] ausgeführt von:: C:\Dokumente und Einstellungen\HP_Besitzer\Desktop\ComboFix.exe . (((((((((((((((((((((((((((((((((((( Weitere L”schungen )))))))))))))))))))))))))))))))))))))))))))))))) . C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Microsoft\Network\Downloader\qmgr0.dat C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Microsoft\Network\Downloader\qmgr1.dat C:\Dokumente und Einstellungen\HP_Besitzer\Desktopblackbird.jpg C:\Dokumente und Einstellungen\HP_Besitzer\DesktopEditorFKWP1.5.exe C:\Dokumente und Einstellungen\HP_Besitzer\DesktopEditorFKWP2.0.exe C:\Dokumente und Einstellungen\HP_Besitzer\Desktopfilemanagerclient.exe C:\Dokumente und Einstellungen\HP_Besitzer\Desktopfkwp1.5.exe C:\Dokumente und Einstellungen\HP_Besitzer\Desktopfkwp2.0.exe C:\Dokumente und Einstellungen\HP_Besitzer\Desktopfwebd.exe C:\Dokumente und Einstellungen\HP_Besitzer\DesktopFWebdEditor.exe C:\Dokumente und Einstellungen\HP_Besitzer\DesktopTrojan.Win32.BlackBird.exe C:\Dokumente und Einstellungen\HP_Besitzer\Desktopvirii C:\Dokumente und Einstellungen\HP_Besitzer\ResErrors.log C:\Dokumente und Einstellungen\HP_Besitzer\Startmenü\Programme\Brave-Sentry C:\Dokumente und Einstellungen\HP_Besitzer\Startmenü\Programme\Brave-Sentry\BraveSentry.lnk C:\Dokumente und Einstellungen\HP_Besitzer\Startmenü\Programme\Brave-Sentry\Uninstall.lnk C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\install.dat C:\Programme\akl C:\Programme\akl\akl.dll C:\Programme\akl\akl.exe C:\Programme\akl\uninstall.exe C:\Programme\akl\unsetup.exe C:\Programme\syscmd C:\Programme\syscmd\mscmp.inf C:\Programme\syscmd\uninstall.bat C:\RECYCLER\mxfilerelatedcache.mxc2 C:\WINDOWS\a.bat C:\WINDOWS\base64.tmp C:\WINDOWS\bdn.com C:\WINDOWS\dwltqnmx.exe C:\WINDOWS\FVProtect.exe C:\WINDOWS\Installer\{00a3022d-aa85-4a55-a460-13666cb81582}\ComponentDrv.dll C:\WINDOWS\iTunesMusic.exe C:\WINDOWS\mslagent C:\WINDOWS\mslagent\2_mslagent.dll C:\WINDOWS\mslagent\mslagent.exe C:\WINDOWS\mslagent\uninstall.exe C:\WINDOWS\mssecu.exe C:\WINDOWS\stfngdvw.dll C:\WINDOWS\svpekgonqba.dll C:\WINDOWS\system32\_000003_.tmp.dll C:\WINDOWS\system32\_000006_.tmp.dll C:\WINDOWS\system32\_000007_.tmp.dll C:\WINDOWS\system32\_000008_.tmp.dll C:\WINDOWS\system32\_000009_.tmp.dll C:\WINDOWS\system32\_000010_.tmp.dll C:\WINDOWS\system32\_000012_.tmp.dll C:\WINDOWS\system32\config\systemprofile\Lokale Einstellungen\Anwendungsdaten\Microsoft\Windows Media\10.0\WMSDKNSD.XML C:\WINDOWS\system32\dllgh8jkd1q8.exe C:\WINDOWS\system32\drivers\bvt71.sys C:\WINDOWS\system32\drivers\grande48.sys C:\WINDOWS\system32\drivers\tcpsr.sys C:\WINDOWS\system32\gycwkjqr.ini C:\WINDOWS\system32\JSAKknnn.ini C:\WINDOWS\system32\JSAKknnn.ini2 C:\WINDOWS\system32\svchost.t__ C:\WINDOWS\system32\WinNt32.dll C:\WINDOWS\system32\wowfx.dll C:\WINDOWS\system32akttzn.exe C:\WINDOWS\system32anticipator.dll C:\WINDOWS\system32awtoolb.dll C:\WINDOWS\system32bdn.com C:\WINDOWS\system32bsva-egihsg52.exe C:\WINDOWS\system32dpcproxy.exe C:\WINDOWS\system32emesx.dll C:\WINDOWS\system32h@tkeysh@@k.dll C:\WINDOWS\system32hoproxy.dll C:\WINDOWS\system32hxiwlgpm.dat C:\WINDOWS\system32hxiwlgpm.exe C:\WINDOWS\system32medup012.dll C:\WINDOWS\system32medup020.dll C:\WINDOWS\system32msgp.exe C:\WINDOWS\system32msnbho.dll C:\WINDOWS\system32mssecu.exe C:\WINDOWS\system32msvchost.exe C:\WINDOWS\system32mtr2.exe C:\WINDOWS\system32mwin32.exe C:\WINDOWS\system32netode.exe C:\WINDOWS\system32newsd32.exe C:\WINDOWS\system32ps1.exe C:\WINDOWS\system32psof1.exe C:\WINDOWS\system32psoft1.exe C:\WINDOWS\system32regc64.dll C:\WINDOWS\system32regm64.dll C:\WINDOWS\system32Rundl1.exe C:\WINDOWS\system32smp C:\WINDOWS\system32smp\msrc.exe C:\WINDOWS\system32sncntr.exe C:\WINDOWS\system32ssurf022.dll C:\WINDOWS\system32ssvchost.com C:\WINDOWS\system32ssvchost.exe C:\WINDOWS\system32sysreq.exe C:\WINDOWS\system32taack.dat C:\WINDOWS\system32taack.exe C:\WINDOWS\system32temp#01.exe C:\WINDOWS\system32thun.dll C:\WINDOWS\system32thun32.dll C:\WINDOWS\system32VBIEWER.OCX C:\WINDOWS\system32vbsys2.dll C:\WINDOWS\system32vcatchpi.dll C:\WINDOWS\system32winlogonpc.exe C:\WINDOWS\system32winsystem.exe C:\WINDOWS\system32WINWGPX.EXE C:\WINDOWS\userconfig9x.dll C:\WINDOWS\Web\def.htm C:\WINDOWS\winsystem.exe C:\WINDOWS\zip1.tmp C:\WINDOWS\zip2.tmp C:\WINDOWS\zip3.tmp C:\WINDOWS\zipped.tmp D:\Autorun.inf C:\WINDOWS\system32\WinData.cab . . . . Nicht in der Lage zu löschen ----- BITS: Possible infected sites ----- hxxp://flyvideonetwork.com . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_1GOOGLE_ONLINE_SEARCH_SERVICE -------\Legacy_ASC3550P -------\Legacy_bvt71 -------\Legacy_DHLP -------\Legacy_ICF -------\Legacy_MSUPDATE -------\Legacy_TCPSR -------\Service_1Google Online Search Service -------\Service_bvt71 -------\Service_oqtxde -------\Service_tcpsr ((((((((((((((((((((((( Dateien erstellt von 2008-04-09 bis 2008-05-09 )))))))))))))))))))))))))))))) . 2008-05-09 20:07 . 2008-05-09 20:07 3,712 --a-s---- C:\WINDOWS\system32\MSmouse.sys 2008-05-09 14:37 . 2008-05-09 14:37 <DIR> d-------- C:\Programme\Lavasoft 2008-05-09 14:37 . 2008-05-09 14:37 <DIR> d-------- C:\Programme\Gemeinsame Dateien\Wise Installation Wizard 2008-05-09 14:37 . 2008-05-09 14:39 <DIR> d-------- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Lavasoft 2008-05-09 14:34 . 2008-05-09 14:34 0 --a------ C:\WINDOWS\nsreg.dat 2008-05-09 14:23 . 2008-05-09 14:30 <DIR> d-------- C:\HijackThis 2008-05-09 13:15 . 2008-05-09 13:15 552 --a------ C:\WINDOWS\system32\d3d8caps.dat 2008-05-09 12:01 . 2008-05-09 12:01 <DIR> d-------- C:\Programme\Avira 2008-05-09 12:01 . 2008-05-09 12:01 <DIR> d-------- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Avira 2008-05-09 12:01 . 2008-05-09 12:01 90,752 --a------ C:\WINDOWS\system32\rqjkwcyg.dll 2008-05-09 11:58 . 2008-05-09 11:58 321,152 --a------ C:\WINDOWS\system32\nnnkKASJ.dll 2008-05-09 11:53 . 2008-05-09 11:53 53,760 --a------ C:\WINDOWS\system32\MSmouse.exe 2008-05-09 11:53 . 2008-05-09 11:53 29 --a------ C:\WINDOWS\system32\rgweptso.tmp 2008-05-09 11:52 . 2008-05-09 11:52 30,336 --a------ C:\WINDOWS\system32\byXqrOhf.dll 2008-05-09 11:51 . 2008-05-09 11:51 269,334 --a------ C:\WINDOWS\system32\ctfmonb.bmp 2008-05-09 11:51 . 2008-05-09 11:51 160,256 --a------ C:\WINDOWS\system32\blackster.scr 2008-05-09 11:49 . 2008-05-09 11:49 <DIR> d-------- C:\Dokumente und Einstellungen\LocalService\Startmen 2008-05-09 11:48 . 2008-05-09 11:48 <DIR> dr------- C:\Dokumente und Einstellungen\LocalService\Favoriten 2008-05-09 11:48 . 2008-05-09 12:56 192,512 --a------ C:\WINDOWS\system32\cbOCR.dll 2008-05-09 11:48 . 2008-05-09 20:07 14,976 --a------ C:\WINDOWS\system32\drivers\Sxd38.sys 2008-05-09 11:48 . 2008-05-09 20:07 9,728 --a------ C:\WINDOWS\system32\WinData.cab 2008-05-09 11:48 . 2008-05-09 12:44 565 --a------ C:\WINDOWS\system32\winlogans.tmp 2008-04-16 19:01 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll 2008-04-16 19:01 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui 2008-04-16 00:29 . 2008-04-16 00:29 <DIR> d-------- C:\Programme\Microsoft CAPICOM 2.1.0.2 2008-04-15 23:14 . 2008-04-15 23:14 <DIR> d--hs---- C:\SichererAntivirus 2008-04-15 23:14 . 2008-04-16 00:06 <DIR> d-------- C:\Dokumente und Einstellungen\HP_Besitzer\Anwendungsdaten\SichererAntivirus 2008-04-15 23:12 . 2008-04-15 23:12 <DIR> d-------- C:\WINDOWS\system32\Engines 2008-04-15 23:12 . 2008-05-09 18:18 <DIR> d-------- C:\Programme\SichererAntivirus 2008-04-15 23:12 . 2008-05-09 18:18 <DIR> d-------- C:\Programme\Gemeinsame Dateien\SichererAntivirus 2008-04-15 23:12 . 2001-03-08 18:30 24,064 --a------ C:\WINDOWS\system32\msxml3a.dll 2008-04-15 23:00 . 2008-05-09 11:30 26,397 --a------ C:\Dokumente und Einstellungen\HP_Besitzer\Anwendungsdaten\update.log 2008-04-15 22:39 . 2008-04-15 22:39 <DIR> d-------- C:\Dokumente und Einstellungen\HP_Besitzer\Anwendungsdaten\AdvancedCleaner 2008-04-15 22:33 . 2008-04-15 22:33 373 --a------ C:\WINDOWS\system32\MRT.INI 2008-04-15 22:29 . 2008-05-09 11:39 <DIR> d-------- C:\Programme\Gemeinsame Dateien\AdvancedCleaner 2008-04-15 22:26 . 2008-04-15 22:26 <DIR> d-------- C:\Programme\MSXML 4.0 2008-04-15 22:18 . 2008-04-15 22:18 <DIR> d-------- C:\Programme\CCleaner 2008-04-15 21:48 . 2005-06-28 10:21 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe 6 Datei(en) . 6,719,589 C:\ComboFix\Bytes 2 Datei(en) . 26,459 C:\ComboFix\Bytes . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-05-09 09:52 17,408 ----a-w C:\WINDOWS\system32\svchost.exe 2008-05-09 09:50 --------- d-----w C:\Programme\Symantec 2008-05-09 09:50 --------- d-----w C:\Programme\Gemeinsame Dateien\Symantec Shared 2008-05-09 09:50 --------- d-----w C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Symantec 2008-04-15 21:28 5,750,136 ----a-w C:\WINDOWS\java\Packages\EZJTNDVL.ZIP 2008-04-15 20:33 --------- d-----w C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\qbkfqpgd 2008-04-15 19:51 --------- d-----w C:\Dokumente und Einstellungen\HP_Besitzer\Anwendungsdaten\TmpRecentIcons 2008-03-22 13:32 --------- d-----w C:\Programme\iTunes 2008-03-22 13:32 --------- d-----w C:\Programme\iPod 2008-03-22 13:31 --------- d-----w C:\Programme\Bonjour 2008-03-22 13:30 --------- d-----w C:\Programme\QuickTime 2008-03-22 13:30 --------- d-----w C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Apple Computer 2008-03-22 13:29 --------- d-----w C:\Programme\Gemeinsame Dateien\Apple 2008-03-22 13:29 --------- d-----w C:\Programme\Apple Software Update 2008-03-22 13:29 --------- d-----w C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Apple 2008-03-20 08:03 1,845,376 ----a-w C:\WINDOWS\system32\win32k.sys 2008-03-20 08:03 1,845,376 ----a-w C:\WINDOWS\system32\dllcache\win32k.sys 2008-02-20 06:50 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll 2008-02-20 06:50 282,624 ----a-w C:\WINDOWS\system32\dllcache\gdi32.dll 2008-02-20 05:33 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll 2008-02-20 05:33 45,568 ----a-w C:\WINDOWS\system32\dllcache\dnsrslvr.dll 2008-02-20 05:33 148,992 ----a-w C:\WINDOWS\system32\dllcache\dnsapi.dll 2008-02-16 22:29 3,080,704 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll 2008-02-15 09:23 18,432 ----a-w C:\WINDOWS\system32\dllcache\iedw.exe 2007-10-07 12:16 16 ---ha-w C:\Programme\mxfilerelatedcache.mxc2 . ------- Sigcheck ------- 2008-05-09 11:52 17408 5e512a2aa248990a6cab68753c81d053 C:\WINDOWS\system32\svchost.exe 2004-08-04 06:00 510464 b26654b62edb19968ea31804b18d1565 C:\WINDOWS\system32\winlogon.exe 2007-06-13 15:21 1038848 5fc609c3666e508396800469c6018fe8 C:\WINDOWS\explorer.exe 2007-06-13 15:10 1036288 331ed93570baf3cfe30340298762cd56 C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe 2004-08-04 06:00 1035264 22fe1be02eadde1632e478e4125639e0 C:\WINDOWS\$NtUninstallKB938828$\explorer.exe 2004-08-04 06:00 110592 ce940f077f9a4d39884932a1c69f13b0 C:\WINDOWS\system32\services.exe 2004-08-04 06:00 14848 500ff5e34eedd788f70b319d9118e1cc C:\WINDOWS\system32\lsass.exe . (((((((((((((((((((((((((((( Autostart Punkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 Hinweis leere Eintrage & legitime Standardeintrage werden nicht angezeigt. [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{73FCF11A-EE7C-4592-A608-E4F787F9663F}] 2008-05-09 11:58 321152 --a------ C:\WINDOWS\system32\nnnkKASJ.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C3A9074B-1E3C-45D6-9195-604CE2F1D5B8}] 2008-05-09 11:52 30336 --a------ C:\WINDOWS\system32\byXqrOhf.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MSMSGS"="C:\Programme\Messenger\msmsgs.exe" [2004-10-13 18:24 1694208] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "avgnt"="C:\Programme\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-02-12 10:06 262401] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{C3A9074B-1E3C-45D6-9195-604CE2F1D5B8}"= C:\WINDOWS\system32\byXqrOhf.dll [2008-05-09 11:52 30336] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] "HQELlvz"= {2EA39FAE-8409-3504-B76C-58BC60E7D2A9} - C:\WINDOWS\system32\vrhe.dll [ ] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\byxqrohf] byXqrOhf.dll 2008-05-09 11:52 30336 C:\WINDOWS\system32\byXqrOhf.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\sysfldr] sysfldr.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Sxd38.sys] @="Driver" [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Programme\\Bonjour\\mDNSResponder.exe"= "C:\\Programme\\iTunes\\iTunes.exe"= "\\findfast.exe"= R0 Sxd38;Sxd38;C:\WINDOWS\system32\Drivers\Sxd38.sys [2008-05-09 20:07] S1 pjsapdg;pjsapdg;C:\WINDOWS\system32\pjsapdg.sys [] S2 ms windows mouse;MS Windows Mouse;C:\WINDOWS\system32\MSmouse.exe [2008-05-09 11:53] S2 windows netbalance monitor;Windows NetBalance Monitor;"C:\WINDOWS\system32\msnbm32.exe" [] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D] \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480 . Inhalt des "geplante Tasks" Ordners "2008-03-22 13:29:59 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Programme\Apple Software Update\SoftwareUpdate.exe "2008-05-09 18:32:01 C:\WINDOWS\Tasks\Symantec NetDetect.job" - C:\Programme\Symantec\LiveUpdate\NDetect.exe . ************************************************************************ catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-05-09 20:28:55 Windows 5.1.2600 Service Pack 2 NTFS Scanne versteckte Prozesse... Scanne versteckte Autostart Eintr„ge... Scanne versteckte Dateien... Scan erfolgreich abgeschlossen versteckte Dateien: 0 ********************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- PROCESS: C:\WINDOWS\system32\winlogon.exe -> C:\WINDOWS\system32\byXqrOhf.dll . ------------------------ Other Running Processes ------------------------ . C:\Programme\Lavasoft\Ad-Aware 2007\aawservice.exe C:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe C:\Programme\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Programme\Bonjour\mDNSResponder.exe C:\WINDOWS\system32\wdfmgr.exe C:\Programme\Palm\Hotsync.exe C:\Programme\HP\Digital Imaging\bin\hpqtra08.exe C:\Programme\Cablecom Assistant\bin\mpbtn.exe C:\WINDOWS\system32\wscntfy.exe . ************************************************************************ . Zeit der Fertigstellung: 2008-05-09 20:33:35 - machine was rebooted ComboFix-quarantined-files.txt 2008-05-09 18:33:26 10 Verzeichnis(se), 63,697,383,424 Bytes frei 18 Verzeichnis(se), 63,623,598,080 Bytes frei 293 --- E O F --- 2008-04-15 22:29:45 Hjackthis: QUOTE Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 20:44:30, on 09.05.2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Programme\Lavasoft\Ad-Aware 2007\aawservice.exe C:\WINDOWS\system32\spoolsv.exe C:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe C:\Programme\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Programme\Bonjour\mDNSResponder.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Programme\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\Programme\Messenger\msmsgs.exe C:\Programme\Palm\Hotsync.exe C:\Programme\HP\Digital Imaging\bin\hpqtra08.exe C:\WINDOWS\system32\wuauclt.exe C:\Programme\Cablecom Assistant\bin\mpbtn.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\notepad.exe C:\Programme\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\rundll32.exe C:\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bluewin.ch/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;<local>;*.local O3 - Toolbar: HP-Ansicht - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Programme\HP\Digital Imaging\bin\HPDTLK02.dll O4 - HKLM\..\Run: [avgnt] "C:\Programme\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [2ea39f02] rundll32.exe "C:\WINDOWS\system32\nakelrrx.dll",b O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background O4 - Startup: Palm Registration.lnk = C:\Programme\Palm\register.exe O4 - Global Startup: cablecom assistant.lnk = C:\Programme\Cablecom Assistant\bin\matcli.exe O4 - Global Startup: HOTSYNCSHORTCUTNAME.lnk = C:\Programme\Palm\Hotsync.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programme\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office\OSA9.EXE O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0\bin\npjpi150.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0\bin\npjpi150.dll O9 - Extra button: Hilfe zu Verbindungen - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm O9 - Extra 'Tools' menuitem: Hilfe zu Verbindungen - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra button: Hilfe zu Verbindungen - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU) O9 - Extra 'Tools' menuitem: Hilfe zu Verbindungen - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU) O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1208293195187 O21 - SSODL: HQELlvz - {2EA39FAE-8409-3504-B76C-58BC60E7D2A9} - C:\WINDOWS\system32\vrhe.dll (file missing) O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Programme\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Avira AntiVir Personal – Free Antivirus Planer (AntiVirScheduler) - Avira GmbH - C:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Programme\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Bonjour-Dienst (Bonjour Service) - Apple Inc. - C:\Programme\Bonjour\mDNSResponder.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Programme\iPod\bin\iPodService.exe O23 - Service: MS Windows Mouse (ms windows mouse) - Unknown owner - C:\WINDOWS\system32\MSmouse.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - c:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe O23 - Service: Windows NetBalance Monitor (windows netbalance monitor) - Unknown owner - C:\WINDOWS\system32\msnbm32.exe (file missing) -- End of file - 5962 bytes Thanks for help in advance, and I'm sorry for my english. Greetings from Switzerland Radon

« Next Oldest · HijackThis™ Logs and Infections Removal · Next Newest »

1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)

0 Members:

Topic Title	Replies	Topic Starter	Views	Last Action
Microsoft Windows™ Event Viewer shows error every 2 minutes	0	Jkc73	21	Today, 02:12 PM Last post by: Jkc73
HijackThis™ Logs and Infections Removal [Closed] HJT Log - Please help, so so many popups	6	Pepito00	79	Today, 09:00 AM Last post by: BHowett
HijackThis™ Logs and Infections Removal [Closed] Please help me to remove Rapid Antivirus	8	fragolla	320	Today, 08:59 AM Last post by: BHowett
HijackThis™ Logs and Infections Removal [Closed] Help with System	2	naveed	41	Today, 01:29 AM Last post by: jpshortstuff