Alexx

alex

By alex,
in Malware Removal

 Share Followers 0

Recommended Posts

alex

alex

Posted
Posted

Logfile of HijackThis v1.99.0

Scan saved at 23:52:43, on 30.12.2004

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2800.1106)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\SYSTEM32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\LEXBCES.EXE

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\LEXPPS.EXE

G:\PROGRA~1\TEST\CACHEM~1\CachemanXP.exe

G:\Programme\Diskeeper\DkService.exe

G:\Programme\TVgenial\TVgenial.exe

G:\Programme\Internet\Schutz\Super Ad Blocker\SAdBlock.exe

C:\WINDOWS\system32\netdde.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\oodag.exe

C:\WINDOWS\system32\ZONELABS\vsmon.exe

G:\Programme\Internet\Schutz\Super Ad Blocker\SABSVC.EXE

G:\Programme\Internet\FRITZ!\FRITZ!DSL\FritzDSL.exe

G:\Programme\Winamp\Winamp 5.01 prf\winamp.exe

G:\Programme\Internet\Schutz\ZoneAlarm\zlclient.exe

C:\Programme\Internet Explorer\IEXPLORE.EXE

C:\Programme\Internet Explorer\IEXPLORE.EXE

C:\WINDOWS\system32\WISPTIS.EXE

G:\Programme\Internet\chat\mIRC\mirc.exe

G:\Programme\proton32de\proton.exe

G:\PROGRA~1\MOZILL~1\FIREFOX.EXE

C:\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

O2 - BHO: SuperAdBlockerBHO Class - {00000000-6C30-11D8-9363-000AE6309654} - G:\Programme\Internet\Schutz\Super Ad Blocker\SABBHO.dll

O2 - BHO: bho2gr Class - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - G:\Programme\Internet\Beschleunigung\GetRight\xx2gr.dll

O2 - BHO: Zero Popup Pro - {EB23F789-F17F-4bcc-988B-6B70A3A67E9C} - G:\PROGRA~1\Internet\Schutz\ZEROPO~1\ZERO-P~1.DLL

O3 - Toolbar: Copernic Agent - {F2E259E8-0FC8-438C-A6E0-342DD80FA53E} - G:\PROGRA~1\Internet\Suche\COPERN~1\COPERN~1.DLL

O3 - Toolbar: Ãœbersetzer - {FF284F5C-7CF9-4682-8701-D467C1DBB99F} - G:\Programme\Schule\Englisch\Ãœbersetzen\PRMT6\PRMTIE\prmtie.dll

O3 - Toolbar: Super Ad Blocker Toolbar - {B4B3001E-0F56-4E51-8250-BDE11547EC55} - G:\Programme\Internet\Schutz\Super Ad Blocker\sabtb.dll

O8 - Extra context menu item: Download with GetRight - G:\Programme\Internet\Beschleunigung\GetRight\GRdownload.htm

O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://G:\PROGRA~1\Office\OFFICE~2\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Open with GetRight Browser - G:\Programme\Internet\Beschleunigung\GetRight\GRbrowse.htm

O8 - Extra context menu item: Suchen mit Copernic Agent - G:\Programme\Internet\Suche\Copernic Agent\Web\SearchExt.htm

O8 - Extra context menu item: Summarize Using Copernic Summarizer - G:\Programme\Copernic Summarizer\Web\SummarizePage.htm

O8 - Extra context menu item: Zur Filterliste hinzufügen (WebWasher) - http://-Web.Washer-/ie_add

O9 - Extra button: (no name) - {0BCBCDD8-E5D9-417D-A752-C2DA929A21BF} - G:\PROGRA~1\Internet\Suche\COPERN~1\COPERN~1.DLL

O9 - Extra 'Tools' menuitem: Seite mit Copernic Agent nachverfolgen - {0BCBCDD8-E5D9-417D-A752-C2DA929A21BF} - G:\PROGRA~1\Internet\Suche\COPERN~1\COPERN~1.DLL

O9 - Extra button: Summarize - {0F2D17A0-E7DF-4847-995B-6F3ABF5BF187} - G:\PROGRA~1\COPERN~1\COPERN~2.DLL

O9 - Extra button: (no name) - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - G:\PROGRA~1\INTERNET\SUCHE\COPERN~1\COPERN~1.EXE

O9 - Extra 'Tools' menuitem: Starten von Copernic Agent - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - G:\PROGRA~1\INTERNET\SUCHE\COPERN~1\COPERN~1.EXE

O9 - Extra button: LiveSummarizer - {6170AB22-F1E5-4D4F-8F6C-826C73838581} - G:\Programme\Copernic Summarizer\CopernicSummarizerApp.dll

O9 - Extra button: Copernic Agent - {688DC797-DC11-46A7-9F1B-445F4F58CE6E} - G:\PROGRA~1\INTERNET\SUCHE\COPERN~1\COPERN~1.EXE

O9 - Extra button: (no name) - {7A2EFD41-E6B3-11D2-89E3-00E0292EE574} - G:\Programme\Schule\Englisch\Ãœbersetzen\PRMT6\PRMTIE\prmtie5.htm

O9 - Extra 'Tools' menuitem: Ãœbersetzen - {7A2EFD41-E6B3-11D2-89E3-00E0292EE574} - G:\Programme\Schule\Englisch\Ãœbersetzen\PRMT6\PRMTIE\prmtie5.htm

O9 - Extra button: (no name) - {7A2EFD41-E6B3-11D2-89E3-00E0292EE575} - G:\Programme\Schule\Englisch\Ãœbersetzen\PRMT6\PRMTIE\options.htm

O9 - Extra 'Tools' menuitem: Ãœbersetzungsoptionen anpassen - {7A2EFD41-E6B3-11D2-89E3-00E0292EE575} - G:\Programme\Schule\Englisch\Ãœbersetzen\PRMT6\PRMTIE\options.htm

O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - G:\PROGRA~1\Office\OFFICE~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: iFinger - {936E5D60-596C-11D3-BB96-00600816DF55} - C:\WINDOWS\system32\SHDOCVW.DLL

O9 - Extra button: Recherche-Assistent - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Encarta Researcher\EROPROJ.DLL

O9 - Extra button: (no name) - {B533C4C2-3FE2-4728-8661-AC93DF5D35A2} - G:\PROGRA~1\COPERN~1\COPERN~2.DLL

O9 - Extra 'Tools' menuitem: Summarize Using Copernic Summarizer - {B533C4C2-3FE2-4728-8661-AC93DF5D35A2} - G:\PROGRA~1\COPERN~1\COPERN~2.DLL

O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - G:\Programme\Internet\chat\ICQLite\ICQLite.exe

O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - G:\Programme\Internet\chat\ICQLite\ICQLite.exe

O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - G:\PROGRA~1\INTERNET\chat\YAHOO!\MESSEN~1\YPAGER.EXE

O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - G:\PROGRA~1\INTERNET\chat\YAHOO!\MESSEN~1\YPAGER.EXE

O15 - Trusted Zone: http://office.microsoft.com

O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1089285514234

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.3.1_09) -

O17 - HKLM\System\CCS\Services\Tcpip\..\{91B2F872-7CFC-4FCF-8FA1-E926AC0CB0C9}: NameServer = 192.168.122.252,192.168.122.253

O23 - Service: CachemanXP - OuterTechnologies - G:\PROGRA~1\TEST\CACHEM~1\CachemanXP.exe

O23 - Service: iPod Service - Apple Computer, Inc. - G:\Programme\iPod\bin\iPodService.exe

O23 - Service: kavsvc - Kaspersky Labs - G:\Programme\Internet\Schutz\Kaspersky Anti-Virus Personal\kavsvc.exe

O23 - Service: NVIDIA Display Driver Service - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe

O23 - Service: Super Ad Blocker Service - SuperAdBlocker.com - G:\Programme\Internet\Schutz\Super Ad Blocker\SABSVC.EXE

O23 - Service: TrueVector Internet Monitor - Zone Labs Inc. - C:\WINDOWS\system32\ZONELABS\vsmon.exe

Link to post
Share on other sites
therock247uk

therock247uk

Posted
Posted

1. Open Hijackthis and click scan. Then tick and fix the following in Hijackthis with all windows closed except Hijackthis.

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

O2 - BHO: Zero Popup Pro - {EB23F789-F17F-4bcc-988B-6B70A3A67E9C} - G:\PROGRA~1\Internet\Schutz\ZEROPO~1\ZERO-P~1.DLL

2. Reboot and delete the folder.

G:\Program Files\Internet\Schutz\ZEROPO~1 < Folder starts with ZEROPO

3. Then post a new Hijackthis log here in a reply.

Link to post
Share on other sites
alex

alex

Posted
  • Author
Posted

Logfile of HijackThis v1.99.0

Scan saved at 00:29:31, on 31.12.2004

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2800.1106)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\SYSTEM32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

G:\PROGRA~1\TEST\CACHEM~1\CachemanXP.exe

C:\WINDOWS\system32\netdde.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\oodag.exe

C:\WINDOWS\system32\ZONELABS\vsmon.exe

C:\Programme\Internet Explorer\IEXPLORE.EXE

G:\Programme\Internet\FRITZ!\FRITZ!DSL\FritzDSL.exe

G:\Programme\Internet\Schutz\ZoneAlarm\zlclient.exe

G:\Programme\proton32de\proton.exe

C:\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/

O2 - BHO: SuperAdBlockerBHO Class - {00000000-6C30-11D8-9363-000AE6309654} - G:\Programme\Internet\Schutz\Super Ad Blocker\SABBHO.dll

O2 - BHO: bho2gr Class - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - G:\Programme\Internet\Beschleunigung\GetRight\xx2gr.dll

O3 - Toolbar: Copernic Agent - {F2E259E8-0FC8-438C-A6E0-342DD80FA53E} - G:\PROGRA~1\Internet\Suche\COPERN~1\COPERN~1.DLL

O3 - Toolbar: Ãœbersetzer - {FF284F5C-7CF9-4682-8701-D467C1DBB99F} - G:\Programme\Schule\Englisch\Ãœbersetzen\PRMT6\PRMTIE\prmtie.dll

O3 - Toolbar: Super Ad Blocker Toolbar - {B4B3001E-0F56-4E51-8250-BDE11547EC55} - G:\Programme\Internet\Schutz\Super Ad Blocker\sabtb.dll

O8 - Extra context menu item: Download with GetRight - G:\Programme\Internet\Beschleunigung\GetRight\GRdownload.htm

O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://G:\PROGRA~1\Office\OFFICE~2\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Open with GetRight Browser - G:\Programme\Internet\Beschleunigung\GetRight\GRbrowse.htm

O8 - Extra context menu item: Suchen mit Copernic Agent - G:\Programme\Internet\Suche\Copernic Agent\Web\SearchExt.htm

O8 - Extra context menu item: Summarize Using Copernic Summarizer - G:\Programme\Copernic Summarizer\Web\SummarizePage.htm

O8 - Extra context menu item: Zur Filterliste hinzufügen (WebWasher) - http://-Web.Washer-/ie_add

O9 - Extra button: (no name) - {0BCBCDD8-E5D9-417D-A752-C2DA929A21BF} - G:\PROGRA~1\Internet\Suche\COPERN~1\COPERN~1.DLL

O9 - Extra 'Tools' menuitem: Seite mit Copernic Agent nachverfolgen - {0BCBCDD8-E5D9-417D-A752-C2DA929A21BF} - G:\PROGRA~1\Internet\Suche\COPERN~1\COPERN~1.DLL

O9 - Extra button: Summarize - {0F2D17A0-E7DF-4847-995B-6F3ABF5BF187} - G:\PROGRA~1\COPERN~1\COPERN~2.DLL

O9 - Extra button: (no name) - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - G:\PROGRA~1\INTERNET\SUCHE\COPERN~1\COPERN~1.EXE

O9 - Extra 'Tools' menuitem: Starten von Copernic Agent - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - G:\PROGRA~1\INTERNET\SUCHE\COPERN~1\COPERN~1.EXE

O9 - Extra button: LiveSummarizer - {6170AB22-F1E5-4D4F-8F6C-826C73838581} - G:\Programme\Copernic Summarizer\CopernicSummarizerApp.dll

O9 - Extra button: Copernic Agent - {688DC797-DC11-46A7-9F1B-445F4F58CE6E} - G:\PROGRA~1\INTERNET\SUCHE\COPERN~1\COPERN~1.EXE

O9 - Extra button: (no name) - {7A2EFD41-E6B3-11D2-89E3-00E0292EE574} - G:\Programme\Schule\Englisch\Ãœbersetzen\PRMT6\PRMTIE\prmtie5.htm

O9 - Extra 'Tools' menuitem: Ãœbersetzen - {7A2EFD41-E6B3-11D2-89E3-00E0292EE574} - G:\Programme\Schule\Englisch\Ãœbersetzen\PRMT6\PRMTIE\prmtie5.htm

O9 - Extra button: (no name) - {7A2EFD41-E6B3-11D2-89E3-00E0292EE575} - G:\Programme\Schule\Englisch\Ãœbersetzen\PRMT6\PRMTIE\options.htm

O9 - Extra 'Tools' menuitem: Ãœbersetzungsoptionen anpassen - {7A2EFD41-E6B3-11D2-89E3-00E0292EE575} - G:\Programme\Schule\Englisch\Ãœbersetzen\PRMT6\PRMTIE\options.htm

O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - G:\PROGRA~1\Office\OFFICE~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: iFinger - {936E5D60-596C-11D3-BB96-00600816DF55} - C:\WINDOWS\system32\SHDOCVW.DLL

O9 - Extra button: Recherche-Assistent - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Encarta Researcher\EROPROJ.DLL

O9 - Extra button: (no name) - {B533C4C2-3FE2-4728-8661-AC93DF5D35A2} - G:\PROGRA~1\COPERN~1\COPERN~2.DLL

O9 - Extra 'Tools' menuitem: Summarize Using Copernic Summarizer - {B533C4C2-3FE2-4728-8661-AC93DF5D35A2} - G:\PROGRA~1\COPERN~1\COPERN~2.DLL

O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - G:\Programme\Internet\chat\ICQLite\ICQLite.exe

O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - G:\Programme\Internet\chat\ICQLite\ICQLite.exe

O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - G:\PROGRA~1\INTERNET\chat\YAHOO!\MESSEN~1\YPAGER.EXE

O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - G:\PROGRA~1\INTERNET\chat\YAHOO!\MESSEN~1\YPAGER.EXE

O15 - Trusted Zone: http://office.microsoft.com

O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1089285514234

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.3.1_09) -

O17 - HKLM\System\CCS\Services\Tcpip\..\{91B2F872-7CFC-4FCF-8FA1-E926AC0CB0C9}: NameServer = 192.168.122.252,192.168.122.253

O23 - Service: CachemanXP - OuterTechnologies - G:\PROGRA~1\TEST\CACHEM~1\CachemanXP.exe

O23 - Service: iPod Service - Apple Computer, Inc. - G:\Programme\iPod\bin\iPodService.exe

O23 - Service: kavsvc - Kaspersky Labs - G:\Programme\Internet\Schutz\Kaspersky Anti-Virus Personal\kavsvc.exe

O23 - Service: NVIDIA Display Driver Service - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe

O23 - Service: Super Ad Blocker Service - SuperAdBlocker.com - G:\Programme\Internet\Schutz\Super Ad Blocker\SABSVC.EXE

O23 - Service: TrueVector Internet Monitor - Zone Labs Inc. - C:\WINDOWS\system32\ZONELABS\vsmon.exe

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Followers 0
Go to topic listing