Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 91866 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

Wowfx.dll error - similiar to another topic (its closed)


  • This topic is locked This topic is locked
No replies to this topic

#1 Radon

Radon

    New Member

  • New Member
  • Pip
  • 1 posts

Posted 09 May 2008 - 12:44 PM

Hi there...

First a short introduction :)
Well my friend ask me if I could fix some problem on another friends computer, I agreed (dayam me^^).
At least it's one of the worst system I've ever seen. Its Windows XP Home.
Well I installed Antivir from Avira + Adaware + Hijack this. But first of all I couldnt even start .exe files or even start task manager and so on, there were several registry scripts destroying the registry ~~ at least I could fix this.
I scanned with AntiVir and deleted about ~100 Viruses / Trojans what ever.
I scanned with Adaware and deleted about ~150 Critical Objects again.
I scanned with Hi Jack this and fixed some problems (I used the german advise site, to see what I should fix and what not)

But there are still the "hard stuff" on it I guess. For example this stupid wowfx.dll. Well I searched with goolge and foudn this thread:

http://forums.whatth...ors_t87427.html

I think it's very similar to my problem and I did exactly what was suggested here:
http://forums.whatth...099#entry432099

And now there are no more AntiVir messages of the wowfx.dll, but I dont know If I'm finished now, so here is the log of combobox and hjackthis (ran after combox, as it was written):
(sorry its german :( )

ComboFix 08-05-08.1 - HP_Besitzer 2008-05-09 20:22:51.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.49.1031.18.246 [GMT 2:00]
ausgeführt von:: C:\Dokumente und Einstellungen\HP_Besitzer\Desktop\ComboFix.exe
.

(((((((((((((((((((((((((((((((((((( Weitere L”schungen ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Microsoft\Network\Downloader\qmgr0.dat
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Microsoft\Network\Downloader\qmgr1.dat
C:\Dokumente und Einstellungen\HP_Besitzer\Desktopblackbird.jpg
C:\Dokumente und Einstellungen\HP_Besitzer\DesktopEditorFKWP1.5.exe
C:\Dokumente und Einstellungen\HP_Besitzer\DesktopEditorFKWP2.0.exe
C:\Dokumente und Einstellungen\HP_Besitzer\Desktopfilemanagerclient.exe
C:\Dokumente und Einstellungen\HP_Besitzer\Desktopfkwp1.5.exe
C:\Dokumente und Einstellungen\HP_Besitzer\Desktopfkwp2.0.exe
C:\Dokumente und Einstellungen\HP_Besitzer\Desktopfwebd.exe
C:\Dokumente und Einstellungen\HP_Besitzer\DesktopFWebdEditor.exe
C:\Dokumente und Einstellungen\HP_Besitzer\DesktopTrojan.Win32.BlackBird.exe
C:\Dokumente und Einstellungen\HP_Besitzer\Desktopvirii
C:\Dokumente und Einstellungen\HP_Besitzer\ResErrors.log
C:\Dokumente und Einstellungen\HP_Besitzer\Startmenü\Programme\Brave-Sentry
C:\Dokumente und Einstellungen\HP_Besitzer\Startmenü\Programme\Brave-Sentry\BraveSentry.lnk
C:\Dokumente und Einstellungen\HP_Besitzer\Startmenü\Programme\Brave-Sentry\Uninstall.lnk
C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\install.dat
C:\Programme\akl
C:\Programme\akl\akl.dll
C:\Programme\akl\akl.exe
C:\Programme\akl\uninstall.exe
C:\Programme\akl\unsetup.exe
C:\Programme\syscmd
C:\Programme\syscmd\mscmp.inf
C:\Programme\syscmd\uninstall.bat
C:\RECYCLER\mxfilerelatedcache.mxc2
C:\WINDOWS\a.bat
C:\WINDOWS\base64.tmp
C:\WINDOWS\bdn.com
C:\WINDOWS\dwltqnmx.exe
C:\WINDOWS\FVProtect.exe
C:\WINDOWS\Installer\{00a3022d-aa85-4a55-a460-13666cb81582}\ComponentDrv.dll
C:\WINDOWS\iTunesMusic.exe
C:\WINDOWS\mslagent
C:\WINDOWS\mslagent\2_mslagent.dll
C:\WINDOWS\mslagent\mslagent.exe
C:\WINDOWS\mslagent\uninstall.exe
C:\WINDOWS\mssecu.exe
C:\WINDOWS\stfngdvw.dll
C:\WINDOWS\svpekgonqba.dll
C:\WINDOWS\system32\_000003_.tmp.dll
C:\WINDOWS\system32\_000006_.tmp.dll
C:\WINDOWS\system32\_000007_.tmp.dll
C:\WINDOWS\system32\_000008_.tmp.dll
C:\WINDOWS\system32\_000009_.tmp.dll
C:\WINDOWS\system32\_000010_.tmp.dll
C:\WINDOWS\system32\_000012_.tmp.dll
C:\WINDOWS\system32\config\systemprofile\Lokale Einstellungen\Anwendungsdaten\Microsoft\Windows Media\10.0\WMSDKNSD.XML
C:\WINDOWS\system32\dllgh8jkd1q8.exe
C:\WINDOWS\system32\drivers\bvt71.sys
C:\WINDOWS\system32\drivers\grande48.sys
C:\WINDOWS\system32\drivers\tcpsr.sys
C:\WINDOWS\system32\gycwkjqr.ini
C:\WINDOWS\system32\JSAKknnn.ini
C:\WINDOWS\system32\JSAKknnn.ini2
C:\WINDOWS\system32\svchost.t__
C:\WINDOWS\system32\WinNt32.dll
C:\WINDOWS\system32\wowfx.dll
C:\WINDOWS\system32akttzn.exe
C:\WINDOWS\system32anticipator.dll
C:\WINDOWS\system32awtoolb.dll
C:\WINDOWS\system32bdn.com
C:\WINDOWS\system32bsva-egihsg52.exe
C:\WINDOWS\system32dpcproxy.exe
C:\WINDOWS\system32emesx.dll
C:\WINDOWS\system32h@tkeysh@@k.dll
C:\WINDOWS\system32hoproxy.dll
C:\WINDOWS\system32hxiwlgpm.dat
C:\WINDOWS\system32hxiwlgpm.exe
C:\WINDOWS\system32medup012.dll
C:\WINDOWS\system32medup020.dll
C:\WINDOWS\system32msgp.exe
C:\WINDOWS\system32msnbho.dll
C:\WINDOWS\system32mssecu.exe
C:\WINDOWS\system32msvchost.exe
C:\WINDOWS\system32mtr2.exe
C:\WINDOWS\system32mwin32.exe
C:\WINDOWS\system32netode.exe
C:\WINDOWS\system32newsd32.exe
C:\WINDOWS\system32ps1.exe
C:\WINDOWS\system32psof1.exe
C:\WINDOWS\system32psoft1.exe
C:\WINDOWS\system32regc64.dll
C:\WINDOWS\system32regm64.dll
C:\WINDOWS\system32Rundl1.exe
C:\WINDOWS\system32smp
C:\WINDOWS\system32smp\msrc.exe
C:\WINDOWS\system32sncntr.exe
C:\WINDOWS\system32ssurf022.dll
C:\WINDOWS\system32ssvchost.com
C:\WINDOWS\system32ssvchost.exe
C:\WINDOWS\system32sysreq.exe
C:\WINDOWS\system32taack.dat
C:\WINDOWS\system32taack.exe
C:\WINDOWS\system32temp#01.exe
C:\WINDOWS\system32thun.dll
C:\WINDOWS\system32thun32.dll
C:\WINDOWS\system32VBIEWER.OCX
C:\WINDOWS\system32vbsys2.dll
C:\WINDOWS\system32vcatchpi.dll
C:\WINDOWS\system32winlogonpc.exe
C:\WINDOWS\system32winsystem.exe
C:\WINDOWS\system32WINWGPX.EXE
C:\WINDOWS\userconfig9x.dll
C:\WINDOWS\Web\def.htm
C:\WINDOWS\winsystem.exe
C:\WINDOWS\zip1.tmp
C:\WINDOWS\zip2.tmp
C:\WINDOWS\zip3.tmp
C:\WINDOWS\zipped.tmp
D:\Autorun.inf
C:\WINDOWS\system32\WinData.cab . . . . Nicht in der Lage zu löschen

----- BITS: Possible infected sites -----

hxxp://flyvideonetwork.com
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_1GOOGLE_ONLINE_SEARCH_SERVICE
-------\Legacy_ASC3550P
-------\Legacy_bvt71
-------\Legacy_DHLP
-------\Legacy_ICF
-------\Legacy_MSUPDATE
-------\Legacy_TCPSR
-------\Service_1Google Online Search Service
-------\Service_bvt71
-------\Service_oqtxde
-------\Service_tcpsr


((((((((((((((((((((((( Dateien erstellt von 2008-04-09 bis 2008-05-09 ))))))))))))))))))))))))))))))
.

2008-05-09 20:07 . 2008-05-09 20:07 3,712 --a-s---- C:\WINDOWS\system32\MSmouse.sys
2008-05-09 14:37 . 2008-05-09 14:37 <DIR> d-------- C:\Programme\Lavasoft
2008-05-09 14:37 . 2008-05-09 14:37 <DIR> d-------- C:\Programme\Gemeinsame Dateien\Wise Installation Wizard
2008-05-09 14:37 . 2008-05-09 14:39 <DIR> d-------- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Lavasoft
2008-05-09 14:34 . 2008-05-09 14:34 0 --a------ C:\WINDOWS\nsreg.dat
2008-05-09 14:23 . 2008-05-09 14:30 <DIR> d-------- C:\HijackThis
2008-05-09 13:15 . 2008-05-09 13:15 552 --a------ C:\WINDOWS\system32\d3d8caps.dat
2008-05-09 12:01 . 2008-05-09 12:01 <DIR> d-------- C:\Programme\Avira
2008-05-09 12:01 . 2008-05-09 12:01 <DIR> d-------- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Avira
2008-05-09 12:01 . 2008-05-09 12:01 90,752 --a------ C:\WINDOWS\system32\rqjkwcyg.dll
2008-05-09 11:58 . 2008-05-09 11:58 321,152 --a------ C:\WINDOWS\system32\nnnkKASJ.dll
2008-05-09 11:53 . 2008-05-09 11:53 53,760 --a------ C:\WINDOWS\system32\MSmouse.exe
2008-05-09 11:53 . 2008-05-09 11:53 29 --a------ C:\WINDOWS\system32\rgweptso.tmp
2008-05-09 11:52 . 2008-05-09 11:52 30,336 --a------ C:\WINDOWS\system32\byXqrOhf.dll
2008-05-09 11:51 . 2008-05-09 11:51 269,334 --a------ C:\WINDOWS\system32\ctfmonb.bmp
2008-05-09 11:51 . 2008-05-09 11:51 160,256 --a------ C:\WINDOWS\system32\blackster.scr
2008-05-09 11:49 . 2008-05-09 11:49 <DIR> d-------- C:\Dokumente und Einstellungen\LocalService\Startmen
2008-05-09 11:48 . 2008-05-09 11:48 <DIR> dr------- C:\Dokumente und Einstellungen\LocalService\Favoriten
2008-05-09 11:48 . 2008-05-09 12:56 192,512 --a------ C:\WINDOWS\system32\cbOCR.dll
2008-05-09 11:48 . 2008-05-09 20:07 14,976 --a------ C:\WINDOWS\system32\drivers\Sxd38.sys
2008-05-09 11:48 . 2008-05-09 20:07 9,728 --a------ C:\WINDOWS\system32\WinData.cab
2008-05-09 11:48 . 2008-05-09 12:44 565 --a------ C:\WINDOWS\system32\winlogans.tmp
2008-04-16 19:01 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-04-16 19:01 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-04-16 00:29 . 2008-04-16 00:29 <DIR> d-------- C:\Programme\Microsoft CAPICOM 2.1.0.2
2008-04-15 23:14 . 2008-04-15 23:14 <DIR> d--hs---- C:\SichererAntivirus
2008-04-15 23:14 . 2008-04-16 00:06 <DIR> d-------- C:\Dokumente und Einstellungen\HP_Besitzer\Anwendungsdaten\SichererAntivirus
2008-04-15 23:12 . 2008-04-15 23:12 <DIR> d-------- C:\WINDOWS\system32\Engines
2008-04-15 23:12 . 2008-05-09 18:18 <DIR> d-------- C:\Programme\SichererAntivirus
2008-04-15 23:12 . 2008-05-09 18:18 <DIR> d-------- C:\Programme\Gemeinsame Dateien\SichererAntivirus
2008-04-15 23:12 . 2001-03-08 18:30 24,064 --a------ C:\WINDOWS\system32\msxml3a.dll
2008-04-15 23:00 . 2008-05-09 11:30 26,397 --a------ C:\Dokumente und Einstellungen\HP_Besitzer\Anwendungsdaten\update.log
2008-04-15 22:39 . 2008-04-15 22:39 <DIR> d-------- C:\Dokumente und Einstellungen\HP_Besitzer\Anwendungsdaten\AdvancedCleaner
2008-04-15 22:33 . 2008-04-15 22:33 373 --a------ C:\WINDOWS\system32\MRT.INI
2008-04-15 22:29 . 2008-05-09 11:39 <DIR> d-------- C:\Programme\Gemeinsame Dateien\AdvancedCleaner
2008-04-15 22:26 . 2008-04-15 22:26 <DIR> d-------- C:\Programme\MSXML 4.0
2008-04-15 22:18 . 2008-04-15 22:18 <DIR> d-------- C:\Programme\CCleaner
2008-04-15 21:48 . 2005-06-28 10:21 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe
6 Datei(en) . 6,719,589 C:\ComboFix\Bytes
2 Datei(en) . 26,459 C:\ComboFix\Bytes

.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-09 09:52 17,408 ----a-w C:\WINDOWS\system32\svchost.exe
2008-05-09 09:50 --------- d-----w C:\Programme\Symantec
2008-05-09 09:50 --------- d-----w C:\Programme\Gemeinsame Dateien\Symantec Shared
2008-05-09 09:50 --------- d-----w C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Symantec
2008-04-15 21:28 5,750,136 ----a-w C:\WINDOWS\java\Packages\EZJTNDVL.ZIP
2008-04-15 20:33 --------- d-----w C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\qbkfqpgd
2008-04-15 19:51 --------- d-----w C:\Dokumente und Einstellungen\HP_Besitzer\Anwendungsdaten\TmpRecentIcons
2008-03-22 13:32 --------- d-----w C:\Programme\iTunes
2008-03-22 13:32 --------- d-----w C:\Programme\iPod
2008-03-22 13:31 --------- d-----w C:\Programme\Bonjour
2008-03-22 13:30 --------- d-----w C:\Programme\QuickTime
2008-03-22 13:30 --------- d-----w C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Apple Computer
2008-03-22 13:29 --------- d-----w C:\Programme\Gemeinsame Dateien\Apple
2008-03-22 13:29 --------- d-----w C:\Programme\Apple Software Update
2008-03-22 13:29 --------- d-----w C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Apple
2008-03-20 08:03 1,845,376 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-20 08:03 1,845,376 ----a-w C:\WINDOWS\system32\dllcache\win32k.sys
2008-02-20 06:50 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 06:50 282,624 ----a-w C:\WINDOWS\system32\dllcache\gdi32.dll
2008-02-20 05:33 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
2008-02-20 05:33 45,568 ----a-w C:\WINDOWS\system32\dllcache\dnsrslvr.dll
2008-02-20 05:33 148,992 ----a-w C:\WINDOWS\system32\dllcache\dnsapi.dll
2008-02-16 22:29 3,080,704 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
2008-02-15 09:23 18,432 ----a-w C:\WINDOWS\system32\dllcache\iedw.exe
2007-10-07 12:16 16 ---ha-w C:\Programme\mxfilerelatedcache.mxc2
.

------- Sigcheck -------

2008-05-09 11:52 17408 5e512a2aa248990a6cab68753c81d053 C:\WINDOWS\system32\svchost.exe

2004-08-04 06:00 510464 b26654b62edb19968ea31804b18d1565 C:\WINDOWS\system32\winlogon.exe

2007-06-13 15:21 1038848 5fc609c3666e508396800469c6018fe8 C:\WINDOWS\explorer.exe
2007-06-13 15:10 1036288 331ed93570baf3cfe30340298762cd56 C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
2004-08-04 06:00 1035264 22fe1be02eadde1632e478e4125639e0 C:\WINDOWS\$NtUninstallKB938828$\explorer.exe

2004-08-04 06:00 110592 ce940f077f9a4d39884932a1c69f13b0 C:\WINDOWS\system32\services.exe

2004-08-04 06:00 14848 500ff5e34eedd788f70b319d9118e1cc C:\WINDOWS\system32\lsass.exe
.
(((((((((((((((((((((((((((( Autostart Punkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Hinweis* leere Eintrage & legitime Standardeintrage werden nicht angezeigt.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{73FCF11A-EE7C-4592-A608-E4F787F9663F}]
2008-05-09 11:58 321152 --a------ C:\WINDOWS\system32\nnnkKASJ.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C3A9074B-1E3C-45D6-9195-604CE2F1D5B8}]
2008-05-09 11:52 30336 --a------ C:\WINDOWS\system32\byXqrOhf.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Programme\Messenger\msmsgs.exe" [2004-10-13 18:24 1694208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="C:\Programme\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-02-12 10:06 262401]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{C3A9074B-1E3C-45D6-9195-604CE2F1D5B8}"= C:\WINDOWS\system32\byXqrOhf.dll [2008-05-09 11:52 30336]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"HQELlvz"= {2EA39FAE-8409-3504-B76C-58BC60E7D2A9} - C:\WINDOWS\system32\vrhe.dll [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\byxqrohf]
byXqrOhf.dll 2008-05-09 11:52 30336 C:\WINDOWS\system32\byXqrOhf.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\sysfldr]
sysfldr.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Sxd38.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Programme\\Bonjour\\mDNSResponder.exe"=
"C:\\Programme\\iTunes\\iTunes.exe"=
"\\findfast.exe"=

R0 Sxd38;Sxd38;C:\WINDOWS\system32\Drivers\Sxd38.sys [2008-05-09 20:07]
S1 pjsapdg;pjsapdg;C:\WINDOWS\system32\pjsapdg.sys []
S2 ms windows mouse;MS Windows Mouse;C:\WINDOWS\system32\MSmouse.exe [2008-05-09 11:53]
S2 windows netbalance monitor;Windows NetBalance Monitor;"C:\WINDOWS\system32\msnbm32.exe" []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480

.
Inhalt des "geplante Tasks" Ordners
"2008-03-22 13:29:59 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Programme\Apple Software Update\SoftwareUpdate.exe
"2008-05-09 18:32:01 C:\WINDOWS\Tasks\Symantec NetDetect.job"
- C:\Programme\Symantec\LiveUpdate\NDetect.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-09 20:28:55
Windows 5.1.2600 Service Pack 2 NTFS

Scanne versteckte Prozesse...

Scanne versteckte Autostart Eintr„ge...

Scanne versteckte Dateien...

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\byXqrOhf.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Programme\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Programme\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programme\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Programme\Palm\Hotsync.exe
C:\Programme\HP\Digital Imaging\bin\hpqtra08.exe
C:\Programme\Cablecom Assistant\bin\mpbtn.exe
C:\WINDOWS\system32\wscntfy.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2008-05-09 20:33:35 - machine was rebooted
ComboFix-quarantined-files.txt 2008-05-09 18:33:26

10 Verzeichnis(se), 63,697,383,424 Bytes frei
18 Verzeichnis(se), 63,623,598,080 Bytes frei

293 --- E O F --- 2008-04-15 22:29:45


Hjackthis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:44:30, on 09.05.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Programme\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programme\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Programme\Messenger\msmsgs.exe
C:\Programme\Palm\Hotsync.exe
C:\Programme\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programme\Cablecom Assistant\bin\mpbtn.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Programme\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.h...a...&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bluewin.ch/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.h...a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;<local>;*.local
O3 - Toolbar: HP-Ansicht - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Programme\HP\Digital Imaging\bin\HPDTLK02.dll
O4 - HKLM\..\Run: [avgnt] "C:\Programme\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [2ea39f02] rundll32.exe "C:\WINDOWS\system32\nakelrrx.dll",b
O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background
O4 - Startup: Palm Registration.lnk = C:\Programme\Palm\register.exe
O4 - Global Startup: cablecom assistant.lnk = C:\Programme\Cablecom Assistant\bin\matcli.exe
O4 - Global Startup: HOTSYNCSHORTCUTNAME.lnk = C:\Programme\Palm\Hotsync.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programme\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra button: Hilfe zu Verbindungen - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Hilfe zu Verbindungen - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra button: Hilfe zu Verbindungen - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)
O9 - Extra 'Tools' menuitem: Hilfe zu Verbindungen - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1208293195187
O21 - SSODL: HQELlvz - {2EA39FAE-8409-3504-B76C-58BC60E7D2A9} - C:\WINDOWS\system32\vrhe.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Programme\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Planer (AntiVirScheduler) - Avira GmbH - C:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Programme\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour-Dienst (Bonjour Service) - Apple Inc. - C:\Programme\Bonjour\mDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Programme\iPod\bin\iPodService.exe
O23 - Service: MS Windows Mouse (ms windows mouse) - Unknown owner - C:\WINDOWS\system32\MSmouse.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - c:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe
O23 - Service: Windows NetBalance Monitor (windows netbalance monitor) - Unknown owner - C:\WINDOWS\system32\msnbm32.exe (file missing)

--
End of file - 5962 bytes


Thanks for help in advance, and I'm sorry for my english.

Greetings from Switzerland
Radon

    Advertisements

Register to Remove

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users