1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Solved: Trojan keeps coming back

Discussion in 'Virus & Other Malware Removal' started by Peterx05, Nov 13, 2005.

Thread Status:
Not open for further replies.
Advertisement
  1. Peterx05

    Peterx05 Thread Starter

    Joined:
    Nov 13, 2005
    Messages:
    77
    hi there,

    i'm trying to find out why the heck my taskmanager won't open (even clicking on tskmngr.exe doesn't do anything). found a couple of trojans on my computer when i ran a scan with avast. oops! i think i deleted them, but i can't be sure. hijackthis showed this ridiculous "msupdate", which is said to be dangerous, or is it? i don't know. i think it's best if i post my log file. please help me clean my computer, i'll be eternally grateful for all your help and advice :) thanks

    Logfile of HijackThis v1.99.0
    Scan saved at 21:28:32, on 13.11.2005
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    E:\Programme\Alwil Software\Avast4\aswUpdSv.exe
    E:\Programme\Alwil Software\Avast4\ashServ.exe
    D:\NORTON~2\GHOSTS~2.EXE
    D:\Daemon-Tools\daemon.exe
    C:\WINDOWS\system32\slserv.exe
    C:\WINDOWS\System32\S3hotkey.exe
    C:\WINDOWS\System32\S3tray2.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    D:\QuickTime\2\qttask.exe
    D:\Programme\Zone Labs\ZoneAlarm\zlclient.exe
    C:\Programme\MsUpdate\MsUpdate.exe
    C:\WINDOWS\System32\scvhost.exe
    E:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    D:\Programme\Web\Webshots\webshots.scr
    E:\Programme\Alwil Software\Avast4\ashWebSv.exe
    E:\Programme\Alwil Software\Avast4\ashMaiSv.exe
    C:\WINDOWS\system32\spider.exe
    D:\Opera\opera.exe
    D:\WINZIP\winzip32.exe
    C:\Temp\HijackThis.exe

    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - blank (file missing)
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - blank (file missing)
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O4 - HKLM\..\Run: [DAEMON Tools-1033] "D:\Daemon-Tools\daemon.exe" -lang 1033
    O4 - HKLM\..\Run: [S3hotkey] S3hotkey.exe
    O4 - HKLM\..\Run: [S3TRAY2] S3tray2.exe
    O4 - HKLM\..\Run: [QuickTime Task] "D:\QuickTime\2\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [vmtuner] gglib.exe
    O4 - HKLM\..\Run: [Zone Labs Client] D:\Programme\Zone Labs\ZoneAlarm\zlclient.exe
    O4 - HKLM\..\Run: [avast!] E:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [ms-update] scvhost.exe
    O4 - HKLM\..\RunServices: [ms-update] scvhost.exe
    O4 - Startup: Webshots.lnk = D:\Programme\Web\Webshots\Launcher.exe
    O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://D:\MICROS~1\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
    O23 - Service: Adobe LM Service - Unknown - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: avast! iAVS4 Control Service - Unknown - E:\Programme\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - Unknown - E:\Programme\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - E:\Programme\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - E:\Programme\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: GhostStartService - Symantec Corporation - D:\NORTON~2\GHOSTS~2.EXE
    O23 - Service: Norton AntiVirus Auto-Protect-Dienst - Unknown - D:\Norton AntiVirus\navapsvc.exe (file missing)
    O23 - Service: SAVScan - Unknown - D:\Norton AntiVirus\SAVScan.exe (file missing)
    O23 - Service: SmartLinkService - Unknown - slserv.exe (file missing)
    O23 - Service: TrueVector Internet Monitor - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
     
  2. Cheeseball81

    Cheeseball81 Retired Moderator

    Joined:
    Mar 3, 2004
    Messages:
    84,315
    Welcome to TSG :)

    I have split your post off into your own thread. In the future if you have a Question/Problem please start a "New Thread". It gets too confusing trying to address two different people's problem in the same thread and you may get overlooked.

    Please continue in this thread.
     
  3. Cheeseball81

    Cheeseball81 Retired Moderator

    Joined:
    Mar 3, 2004
    Messages:
    84,315
    Click here to download the trial version of Ewido Security Suite:
    http://www.ewido.net/en/download/

    · Install Ewido.
    · During the installation, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu".
    · Launch ewido.
    · It will prompt you to update click the OK button and it will go to the main screen.
    · On the left side of the main screen click update.
    · Click on Start and let it update.
    · DO NOT run a scan yet.

    Restart your computer into Safe Mode now.
    (Start tapping the F8 key at Startup, before the Windows logo screen).
    Perform the following steps in Safe Mode:

    * Run Ewido:
    Click on scanner
    Click Complete System Scan and the scan will begin.
    During the scan it will prompt you to clean files, click OK.
    When the scan is finished, look at the bottom of the screen and click the Save report button.
    Save the report to your desktop.

    Reboot.

    Post a new Hijack This log and the results of the Ewido scan.
     
  4. Peterx05

    Peterx05 Thread Starter

    Joined:
    Nov 13, 2005
    Messages:
    77
    i'm sorry about the "add-on" on the wrong thread, i'll start a new one next time. i did as you said and ran the scans right away. here are the results:

    --------------------------------------------------------
    ewido security suite - Scan Report
    ---------------------------------------------------------

    + Erstellt am: 23:16:26, 13.11.2005
    + Report-Checksumme: 1EBE4CDC

    + Scanergebnis:

    HKLM\SOFTWARE\Classes\CLSID\{9F95F736-0F62-4214-A4B4-CAA6738D4C07} -> Spyware.SaveNow : Gesäubert mit Backup
    HKLM\SOFTWARE\Classes\Interface\{C285D18D-43A2-4AEF-83FB-BF280E660A97} -> Spyware.SaveNow : Gesäubert mit Backup
    HKLM\SOFTWARE\Classes\RunMSC.Loader\CLSID\\ -> Spyware.SaveNow : Gesäubert mit Backup
    HKLM\SOFTWARE\Classes\RunMSC.Loader.1\CLSID\\ -> Spyware.SaveNow : Gesäubert mit Backup
    HKLM\SOFTWARE\Classes\WUSN.1 -> Spyware.SaveNow : Gesäubert mit Backup
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\\{c95fe080-8f5d-11d2-a20b-00aa003c157a} -> Spyware.Alexa : Gesäubert mit Backup
    HKU\S-1-5-21-1229272821-152049171-1060284298-1003\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\\{c95fe080-8f5d-11d2-a20b-00aa003c157a} -> Spyware.Alexa : Gesäubert mit Backup
    HKU\S-1-5-18\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\\{c95fe080-8f5d-11d2-a20b-00aa003c157a} -> Spyware.Alexa : Fehler beim Säubern
    C:\Temp\VVSNInst.exe -> Adware.SaveNow : Gesäubert mit Backup
    E:\Programme\LimeWire\Shared\Judging Amy .zip/Movie.exe -> Worm.Wupeer.a : Gesäubert mit Backup


    ::Report Ende

    und

    Logfile of HijackThis v1.99.0
    Scan saved at 23:17:39, on 13.11.2005
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    E:\Programme\Alwil Software\Avast4\aswUpdSv.exe
    E:\Programme\Alwil Software\Avast4\ashServ.exe
    E:\Programme\ewido\security suite\ewidoctrl.exe
    D:\NORTON~2\GHOSTS~2.EXE
    C:\WINDOWS\system32\slserv.exe
    D:\Daemon-Tools\daemon.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\WINDOWS\System32\S3hotkey.exe
    C:\WINDOWS\System32\S3tray2.exe
    D:\QuickTime\2\qttask.exe
    D:\Programme\Zone Labs\ZoneAlarm\zlclient.exe
    E:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    D:\Programme\Web\Webshots\webshots.scr
    E:\Programme\Alwil Software\Avast4\ashMaiSv.exe
    E:\Programme\Alwil Software\Avast4\ashWebSv.exe
    E:\Programme\ewido\security suite\SecuritySuite.exe
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\Temp\HijackThis.exe

    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - blank (file missing)
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - blank (file missing)
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O4 - HKLM\..\Run: [DAEMON Tools-1033] "D:\Daemon-Tools\daemon.exe" -lang 1033
    O4 - HKLM\..\Run: [S3hotkey] S3hotkey.exe
    O4 - HKLM\..\Run: [S3TRAY2] S3tray2.exe
    O4 - HKLM\..\Run: [QuickTime Task] "D:\QuickTime\2\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [vmtuner] gglib.exe
    O4 - HKLM\..\Run: [Zone Labs Client] D:\Programme\Zone Labs\ZoneAlarm\zlclient.exe
    O4 - HKLM\..\Run: [avast!] E:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [ms-update] scvhost.exe
    O4 - HKLM\..\RunServices: [ms-update] scvhost.exe
    O4 - Startup: Webshots.lnk = D:\Programme\Web\Webshots\Launcher.exe
    O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://D:\MICROS~1\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
    O23 - Service: Adobe LM Service - Unknown - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: avast! iAVS4 Control Service - Unknown - E:\Programme\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - Unknown - E:\Programme\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - E:\Programme\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - E:\Programme\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: ewido security suite control - ewido networks - E:\Programme\ewido\security suite\ewidoctrl.exe
    O23 - Service: GhostStartService - Symantec Corporation - D:\NORTON~2\GHOSTS~2.EXE
    O23 - Service: Norton AntiVirus Auto-Protect-Dienst - Unknown - D:\Norton AntiVirus\navapsvc.exe (file missing)
    O23 - Service: SAVScan - Unknown - D:\Norton AntiVirus\SAVScan.exe (file missing)
    O23 - Service: SmartLinkService - Unknown - slserv.exe (file missing)
    O23 - Service: TrueVector Internet Monitor - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

    i hope this tells you something and that there's nothing terribly wrong with my computer. i was shocked to read that the taskmanager not working is serious ... aahh
     
  5. Peterx05

    Peterx05 Thread Starter

    Joined:
    Nov 13, 2005
    Messages:
    77
    also, my desktop is flickering and i don't like that, it's giving me the creeps, cause i think my computer is gonna crash within the next few seconds. it doesn't though, thank god. (i thought this additional info might help??)
     
  6. Cheeseball81

    Cheeseball81 Retired Moderator

    Joined:
    Mar 3, 2004
    Messages:
    84,315
    You have an outdated version of Hijack This. It's also running from the Temp folder.

    It needs to be in a permanent folder on the hard drive.
    It will not function properly from there and it cannot create and restore backups from there.

    Get the latest version here: http://thespykiller.co.uk/files/hijackthis_sfx.exe

    Let it extract to C:\Program Files
    Rerun it from there and post a new log please.
     
  7. Peterx05

    Peterx05 Thread Starter

    Joined:
    Nov 13, 2005
    Messages:
    77
    ok then, i ran two scans with highjackthis! the first one in the safe mode and the second one is normal, sotospeak :) i wish i could see what you see ...

    Logfile of HijackThis v1.99.1
    Scan saved at 14:06:25, on 14.11.2005
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    E:\Programme\Alwil Software\Avast4\aswUpdSv.exe
    E:\Programme\Alwil Software\Avast4\ashServ.exe
    E:\Programme\ewido\security suite\ewidoctrl.exe
    D:\NORTON~2\GHOSTS~2.EXE
    C:\WINDOWS\system32\slserv.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    E:\Programme\Alwil Software\Avast4\ashWebSv.exe
    E:\Programme\Alwil Software\Avast4\ashMaiSv.exe
    C:\WINDOWS\Explorer.EXE
    D:\Daemon-Tools\daemon.exe
    C:\WINDOWS\System32\S3hotkey.exe
    C:\WINDOWS\System32\S3tray2.exe
    D:\QuickTime\2\qttask.exe
    D:\Programme\Zone Labs\ZoneAlarm\zlclient.exe
    E:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    D:\Programme\Web\Webshots\webshots.scr
    C:\Program Files\HijackThis\HijackThis.exe

    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - blank (file missing)
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - blank (file missing)
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O4 - HKLM\..\Run: [DAEMON Tools-1033] "D:\Daemon-Tools\daemon.exe" -lang 1033
    O4 - HKLM\..\Run: [S3hotkey] S3hotkey.exe
    O4 - HKLM\..\Run: [S3TRAY2] S3tray2.exe
    O4 - HKLM\..\Run: [QuickTime Task] "D:\QuickTime\2\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [vmtuner] gglib.exe
    O4 - HKLM\..\Run: [Zone Labs Client] D:\Programme\Zone Labs\ZoneAlarm\zlclient.exe
    O4 - HKLM\..\Run: [avast!] E:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [ms-update] scvhost.exe
    O4 - HKLM\..\RunServices: [ms-update] scvhost.exe
    O4 - Startup: Webshots.lnk = D:\Programme\Web\Webshots\Launcher.exe
    O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://D:\MICROS~1\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
    O23 - Service: Adobe LM Service - Unknown owner - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - E:\Programme\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - Unknown owner - E:\Programme\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - Unknown owner - E:\Programme\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
    O23 - Service: avast! Web Scanner - Unknown owner - E:\Programme\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
    O23 - Service: ewido security suite control - ewido networks - E:\Programme\ewido\security suite\ewidoctrl.exe
    O23 - Service: GhostStartService - Symantec Corporation - D:\NORTON~2\GHOSTS~2.EXE
    O23 - Service: Norton AntiVirus Auto-Protect-Dienst (navapsvc) - Unknown owner - D:\Norton AntiVirus\navapsvc.exe (file missing)
    O23 - Service: SAVScan - Unknown owner - D:\Norton AntiVirus\SAVScan.exe (file missing)
    O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

    -----------------------

    Logfile of HijackThis v1.99.1
    Scan saved at 13:54:50, on 14.11.2005
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    E:\Programme\Alwil Software\Avast4\aswUpdSv.exe
    E:\Programme\Alwil Software\Avast4\ashServ.exe
    E:\Programme\ewido\security suite\ewidoctrl.exe
    D:\NORTON~2\GHOSTS~2.EXE
    C:\WINDOWS\system32\slserv.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    E:\Programme\Alwil Software\Avast4\ashWebSv.exe
    E:\Programme\Alwil Software\Avast4\ashMaiSv.exe
    C:\WINDOWS\Explorer.EXE
    D:\Daemon-Tools\daemon.exe
    C:\WINDOWS\System32\S3hotkey.exe
    C:\WINDOWS\System32\S3tray2.exe
    D:\QuickTime\2\qttask.exe
    D:\Programme\Zone Labs\ZoneAlarm\zlclient.exe
    E:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    D:\Programme\Web\Webshots\webshots.scr
    C:\Program Files\HijackThis\HijackThis.exe

    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - blank (file missing)
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - blank (file missing)
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O4 - HKLM\..\Run: [DAEMON Tools-1033] "D:\Daemon-Tools\daemon.exe" -lang 1033
    O4 - HKLM\..\Run: [S3hotkey] S3hotkey.exe
    O4 - HKLM\..\Run: [S3TRAY2] S3tray2.exe
    O4 - HKLM\..\Run: [QuickTime Task] "D:\QuickTime\2\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [vmtuner] gglib.exe
    O4 - HKLM\..\Run: [Zone Labs Client] D:\Programme\Zone Labs\ZoneAlarm\zlclient.exe
    O4 - HKLM\..\Run: [avast!] E:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [ms-update] scvhost.exe
    O4 - HKLM\..\RunServices: [ms-update] scvhost.exe
    O4 - Startup: Webshots.lnk = D:\Programme\Web\Webshots\Launcher.exe
    O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://D:\MICROS~1\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
    O23 - Service: Adobe LM Service - Unknown owner - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - E:\Programme\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - Unknown owner - E:\Programme\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - Unknown owner - E:\Programme\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
    O23 - Service: avast! Web Scanner - Unknown owner - E:\Programme\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
    O23 - Service: ewido security suite control - ewido networks - E:\Programme\ewido\security suite\ewidoctrl.exe
    O23 - Service: GhostStartService - Symantec Corporation - D:\NORTON~2\GHOSTS~2.EXE
    O23 - Service: Norton AntiVirus Auto-Protect-Dienst (navapsvc) - Unknown owner - D:\Norton AntiVirus\navapsvc.exe (file missing)
    O23 - Service: SAVScan - Unknown owner - D:\Norton AntiVirus\SAVScan.exe (file missing)
    O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

    :)
     
  8. Cheeseball81

    Cheeseball81 Retired Moderator

    Joined:
    Mar 3, 2004
    Messages:
    84,315
    Download KillBox here: http://www.downloads.subratam.org/KillBox.zip
    Save it to your desktop.
    DO NOT run it yet.

    Rescan with Hijack This.
    Close all browser windows except Hijack This,
    Put a check mark beside these entries and click "Fix Checked".

    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - blank (file missing)

    O4 - HKLM\..\Run: [vmtuner] gglib.exe

    O4 - HKLM\..\Run: [ms-update] scvhost.exe

    O4 - HKLM\..\RunServices: [ms-update] scvhost.exe


    Boot into Safe Mode.

    Double-click on Killbox.exe to run it.
    Now put a tick by Standard File Kill.
    In the "Full Path of File to Delete" box, copy and paste each of the following lines one at a time then click on the button that has the red circle with the X in the middle after you enter each file.
    It will ask for confimation to delete the file.
    Click Yes.
    Continue with that same procedure until you have copied and pasted all of these in the "Paste Full Path of File to Delete" box.

    C:\WINDOWS\System32\gglib.exe

    C:\WINDOWS\System32\scvhost.exe


    Note: It is possible that Killbox will tell you that one or more files do not exist.
    If that happens, just continue on with all the files. Be sure you don't miss any.

    Exit the KillBox.

    Also in Safe Mode navigate to the C:\Windows\Temp folder.
    Open the Temp folder and go to Edit > Select All then Edit > Delete to delete the entire contents of the Temp folder.

    Go to Start > Run and type %temp% in the Run box.
    The Temp folder will open. Click Edit > Select All then Edit > Delete to delete the entire contents of the Temp folder.

    Finally go to Control Panel > Internet Options.
    On the General tab under "Temporary Internet Files" Click "Delete Files".
    Put a check by "Delete Offline Content" and click OK.
    Click on the Programs tab then click the "Reset Web Settings" button.
    Click Apply then OK.

    Empty the Recycle Bin.

    Reboot, post a new log.
     
  9. Peterx05

    Peterx05 Thread Starter

    Joined:
    Nov 13, 2005
    Messages:
    77
    quite some work you had me doing there and i think i was successful due to your valuable help :) there were 4 files, which could not be deleted in the
    C:\Windows\Temp folder: folder:

    _avast4_
    JETB781.tmp
    JETB82B.tmp
    ZLTO235b.TMP

    i kept getting the same message that i should try deleting the files later, but "later" was an hour later and i still couldn't delete the files. so i decided to continue by plan and here's the new log:

    Logfile of HijackThis v1.99.1
    Scan saved at 11:29:36, on 15.11.2005
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    E:\Programme\Alwil Software\Avast4\aswUpdSv.exe
    E:\Programme\Alwil Software\Avast4\ashServ.exe
    E:\Programme\ewido\security suite\ewidoctrl.exe
    D:\NORTON~2\GHOSTS~2.EXE
    C:\WINDOWS\system32\slserv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    D:\Daemon-Tools\daemon.exe
    C:\WINDOWS\System32\S3hotkey.exe
    C:\WINDOWS\System32\S3tray2.exe
    D:\QuickTime\2\qttask.exe
    D:\Programme\Zone Labs\ZoneAlarm\zlclient.exe
    E:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    D:\Programme\Web\Webshots\webshots.scr
    E:\Programme\Alwil Software\Avast4\ashMaiSv.exe
    E:\Programme\Alwil Software\Avast4\ashWebSv.exe
    C:\Program Files\HijackThis\HijackThis.exe

    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Acrobat

    6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - blank (file missing)
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O4 - HKLM\..\Run: [DAEMON Tools-1033] "D:\Daemon-Tools\daemon.exe" -lang 1033
    O4 - HKLM\..\Run: [S3hotkey] S3hotkey.exe
    O4 - HKLM\..\Run: [S3TRAY2] S3tray2.exe
    O4 - HKLM\..\Run: [QuickTime Task] "D:\QuickTime\2\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [Zone Labs Client] D:\Programme\Zone Labs\ZoneAlarm\zlclient.exe
    O4 - HKLM\..\Run: [avast!] E:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - Startup: Webshots.lnk = D:\Programme\Web\Webshots\Launcher.exe
    O8 - Extra context menu item: Nach Microsoft &Excel exportieren -

    res://D:\MICROS~1\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -

    C:\WINDOWS\System32\msjava.dll
    O23 - Service: Adobe LM Service - Unknown owner - C:\Programme\Gemeinsame Dateien\Adobe Systems

    Shared\Service\Adobelmsvc.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - E:\Programme\Alwil

    Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - Unknown owner - E:\Programme\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - Unknown owner - E:\Programme\Alwil Software\Avast4\ashMaiSv.exe"

    /service (file missing)
    O23 - Service: avast! Web Scanner - Unknown owner - E:\Programme\Alwil Software\Avast4\ashWebSv.exe"

    /service (file missing)
    O23 - Service: ewido security suite control - ewido networks - E:\Programme\ewido\security

    suite\ewidoctrl.exe
    O23 - Service: GhostStartService - Symantec Corporation - D:\NORTON~2\GHOSTS~2.EXE
    O23 - Service: Norton AntiVirus Auto-Protect-Dienst (navapsvc) - Unknown owner - D:\Norton

    AntiVirus\navapsvc.exe (file missing)
    O23 - Service: SAVScan - Unknown owner - D:\Norton AntiVirus\SAVScan.exe (file missing)
    O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC -

    C:\WINDOWS\system32\ZoneLabs\vsmon.exe


    best wishes, peterx05
     
  10. Cheeseball81

    Cheeseball81 Retired Moderator

    Joined:
    Mar 3, 2004
    Messages:
    84,315
    Clean (y) How are things now?
     
  11. Peterx05

    Peterx05 Thread Starter

    Joined:
    Nov 13, 2005
    Messages:
    77
    it feels clean, too! i can open the taskmanager again and i'm very happy to have gotten rid of that stuff :) your help was really detailed and i didn't have the feeling that it was too much to ask. that's really something! i've been to other forums before and it seemed like every question was too much.so, thank you for the effort and time you gave to my problem. i might get back to you in the future, if i may? i'd like to anyway.
    all the best,

    annett ;)
     
  12. Cheeseball81

    Cheeseball81 Retired Moderator

    Joined:
    Mar 3, 2004
    Messages:
    84,315
    You're welcome. :) Of course you may!

    Glad to help!

    Now turn off System Restore:

    On the Desktop, right-click My Computer.
    Click Properties.
    Click the System Restore tab.
    Check Turn off System Restore.
    Click Apply, and then click OK.

    Restart your computer, turn System Restore back on and create a restore point.

    To create a restore point:

    Single-click Start and point to All Programs.
    Mouse over Accessories, then System Tools, and select System Restore.
    In the System Restore wizard, select the box next the text labeled "Create a restore point" and click the Next button.
    Type a description for your new restore point. Something like "After trojan/spyware cleanup". Click Create and you're done.

    You can mark your thread "Solved" from the Thread Tools drop down menu.
     
  13. Peterx05

    Peterx05 Thread Starter

    Joined:
    Nov 13, 2005
    Messages:
    77
    my os is windows xp pro but i can't find the System Restore Wizard.

    Accesories --> System Tools --> System Restore --> "would you like to uncheck Turn Off System Restore? Are you sure?" but no wizard to create a restor point :( what can i do?
     
  14. Cheeseball81

    Cheeseball81 Retired Moderator

    Joined:
    Mar 3, 2004
    Messages:
    84,315
  15. Peterx05

    Peterx05 Thread Starter

    Joined:
    Nov 13, 2005
    Messages:
    77
    yes, thank you :) it did
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/416468

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice