Jump to content


Photo

Having also a severe CWS Problem


  • Please log in to reply
9 replies to this topic

#1 Padi

Padi

    Member

  • Full Member
  • Pip
  • 6 posts

Posted 26 June 2004 - 05:13 AM

I have run norton antivirus (and removed 3 detected files), adware and spybot with newest version but the webpage always seems to come back, thanks for the help.
I have tried it in Safe mode and in normal mode.

Here is my HiJackThis Log.

When I remove all R1 and R0 Entries, they appear again after starting up Internet Explorer.

Thank for any help.



Logfile of HijackThis v1.97.7
Scan saved at 12:09:24, on 26.06.2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\mysql\bin\mysqld-nt.exe
C:\Programme\Norton AntiVirus\navapsvc.exe
C:\Programme\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\Programme\sony\vaio media music server\SSSvr.exe
C:\Programme\Gemeinsame Dateien\Sony Shared\vaio media platform\sv_httpd.exe
C:\Programme\Gemeinsame Dateien\Sony Shared\vaio media platform\UPnPFramework.exe
C:\Programme\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\powerpanel\Program\PcfMgr.exe
C:\Programme\Apoint\Apoint.exe
C:\WINDOWS\System32\ezSP_Px.exe
C:\Programme\SigmaTel\C-Major Audio\stacmon.exe
C:\WINDOWS\System32\ICO.EXE
C:\Programme\Sony\HotKey Utility\HKserv.exe
C:\Programme\Sony\HotKey Utility\HKWnd.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe
C:\Programme\Apoint\Apntex.exe
C:\Programme\Messenger\msmsgs.exe
C:\Programme\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Programme\Sony Ericsson\Mobile\audevicemgr.exe
C:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\CONNMN~1.EXE
c:\Programme\Intuwave Ltd\Shared\mRouterRunTime\mRouterRuntime.exe
C:\PROGRA~1\SONYER~1\Mobile\MOBILE~1\EPMWOR~1.EXE
C:\WINDOWS\crey32.exe
C:\WINDOWS\winxv32.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\NMain.exe
C:\PROGRA~1\NORTON~1\navw32.exe
C:\Programme\mozilla.org\Mozilla\mozilla.exe
C:\WINDOWS\system32\notepad.exe
C:\temp_sb\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\axdjk.dll/sp.html#96676
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://axdjk.dll/index.html#96676
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = res://axdjk.dll/index.html#96676
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\axdjk.dll/sp.html#96676
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://axdjk.dll/index.html#96676
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\axdjk.dll/sp.html#96676
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,Shellnext = http://www.club-vaio.sony-europe.com/
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {2D6992CA-4C99-C299-801C-3C741707C462} - C:\WINDOWS\system32\crtf32.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programme\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programme\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [Apoint] C:\Programme\Apoint\Apoint.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [SigmaTel StacMon] C:\Programme\SigmaTel\C-Major Audio\stacmon.exe
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
O4 - HKLM\..\Run: [HKSERV.EXE] C:\Programme\Sony\HotKey Utility\HKserv.exe
O4 - HKLM\..\Run: [Drag'n Drop CD+DVD] C:\Programme\drag'n drop cd+dvd\BinFiles\DragDrop.exe /StartUp
O4 - HKLM\..\Run: [ccApp] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [Ad-aware] "C:\Programme\Lavasoft\Ad-aware 6\Ad-aware.exe" +c
O4 - HKLM\..\Run: [winxv32.exe] C:\WINDOWS\winxv32.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background
O4 - Startup: WinMySQLadmin.lnk = C:\mysql\bin\winmysqladmin.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Programme\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: PowerPanel.lnk = ?
O4 - Global Startup: Telefonverbindungsmonitor.lnk = ?
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra 'Tools' menuitem: Sun Java Konsole (HKLM)
O9 - Extra button: Recherchieren (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O14 - IERESET.INF: START_PAGE_URL=http://www.club-vaio.sony-europe.com/
O15 - Trusted Zone: *.sony-europe.com
O15 - Trusted Zone: *.sonystyle-europe.com
O15 - Trusted Zone: *.vaio-link.com
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - http://office.micros...ontent/opuc.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupd...8140.2614814815
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macr...ash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = i-dom.local
O17 - HKLM\Software\..\Telephony: DomainName = i-dom.local
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = i-dom.local
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = i-dom.local
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = i-dom.local

#2 Padi

Padi

    Member

  • Full Member
  • Pip
  • 6 posts

Posted 19 July 2004 - 07:00 AM

Why is nobody answering my questions? I still have the CWS problems and cant't get rid of it.

Please help!!

#3 TonyKlein

TonyKlein

    Forum Deity

  • Expert
  • PipPipPipPipPip
  • 1,841 posts

Posted 19 July 2004 - 07:07 AM

Well, this IS a very busy site...

Download About:Buster from here

http://www.downloads...AboutBuster.zip

Now start your computer in Safe Mode , and have Hijack This fix all of the following:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\axdjk.dll/sp.html#96676
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://axdjk.dll/index.html#96676
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = res://axdjk.dll/index.html#96676
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\axdjk.dll/sp.html#96676
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://axdjk.dll/index.html#96676
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\axdjk.dll/sp.html#96676

O2 - BHO: (no name) - {2D6992CA-4C99-C299-801C-3C741707C462} - C:\WINDOWS\system32\crtf32.dll

O4 - HKLM\..\Run: [winxv32.exe] C:\WINDOWS\winxv32.exe



Unzip About:Buster to your desktop. Double click it and hit Ok, then Start, then Ok to start the scan. The scan should take a few seconds. Once it is done save the report.

Reboot normally, post the report and a new Hijack this log here.

#4 Padi

Padi

    Member

  • Full Member
  • Pip
  • 6 posts

Posted 20 July 2004 - 01:25 PM

Thank you for your reply.

I started in safe mode and found some of your mentioned entries in Hijack this.

After that I run About:Buster, but at the end I had no Windows Explorer any more, so I had to shut down the PC. So I have only the Hijack This Log:


Logfile of HijackThis v1.98.0
Scan saved at 20:18:20, on 20.07.2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\mysql\bin\mysqld-nt.exe
C:\Programme\Norton AntiVirus\navapsvc.exe
C:\Programme\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\Programme\sony\vaio media music server\SSSvr.exe
C:\Programme\Gemeinsame Dateien\Sony Shared\vaio media platform\sv_httpd.exe
C:\Programme\Gemeinsame Dateien\Sony Shared\vaio media platform\UPnPFramework.exe
C:\Programme\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\powerpanel\Program\PcfMgr.exe
C:\Programme\Apoint\Apoint.exe
C:\WINDOWS\System32\ezSP_Px.exe
C:\Programme\SigmaTel\C-Major Audio\stacmon.exe
C:\WINDOWS\System32\ICO.EXE
C:\Programme\Sony\HotKey Utility\HKserv.exe
C:\Programme\drag'n drop cd+dvd\BinFiles\DragDrop.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe
C:\Programme\Sony\HotKey Utility\HKWnd.exe
C:\Programme\Apoint\Apntex.exe
C:\Programme\Messenger\msmsgs.exe
C:\Programme\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Programme\C-Channel\MyPen\MyPen.exe
C:\Programme\Sony Ericsson\Mobile\audevicemgr.exe
C:\mysql\bin\winmysqladmin.exe
C:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\CONNMN~1.EXE
C:\WINDOWS\system32\userinit.exe
c:\Programme\Intuwave Ltd\Shared\mRouterRunTime\mRouterRuntime.exe
C:\PROGRA~1\SONYER~1\Mobile\MOBILE~1\EPMWOR~1.EXE
D:\HiJacker-Removals\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {25903401-34FF-4325-9FC8-A203667F2551} - C:\WINDOWS\System32\hmolba.dll (file missing)
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programme\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programme\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [Apoint] C:\Programme\Apoint\Apoint.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [SigmaTel StacMon] C:\Programme\SigmaTel\C-Major Audio\stacmon.exe
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
O4 - HKLM\..\Run: [HKSERV.EXE] C:\Programme\Sony\HotKey Utility\HKserv.exe
O4 - HKLM\..\Run: [Drag'n Drop CD+DVD] C:\Programme\drag'n drop cd+dvd\BinFiles\DragDrop.exe /StartUp
O4 - HKLM\..\Run: [ccApp] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background
O4 - Startup: WinMySQLadmin.lnk = C:\mysql\bin\winmysqladmin.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Programme\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: MyPen.lnk = ?
O4 - Global Startup: PowerPanel.lnk = ?
O4 - Global Startup: Telefonverbindungsmonitor.lnk = C:\Programme\Sony Ericsson\Mobile\audevicemgr.exe
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\MSMSGS.EXE
O14 - IERESET.INF: START_PAGE_URL=http://www.club-vaio.sony-europe.com/
O15 - Trusted Zone: *.sony-europe.com
O15 - Trusted Zone: *.sonystyle-europe.com
O15 - Trusted Zone: *.vaio-link.com
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = i-dom.local
O17 - HKLM\Software\..\Telephony: DomainName = i-dom.local
O17 - HKLM\System\CCS\Services\Tcpip\..\{B26AF942-1076-49BC-AF40-CEF83681BC1C}: NameServer = 212.55.211.3,212.55.215.149
O17 - HKLM\System\CCS\Services\Tcpip\..\{ECE57371-0BDF-43A5-8C58-9DE5BA753600}: NameServer = 212.55.211.3,212.55.215.149
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = i-dom.local
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = i-dom.local
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = i-dom.local
O18 - Filter: text/html - {C9E5E652-B2A5-40A5-80F8-DC4DBB5E68FB} - C:\WINDOWS\System32\hmolba.dll
O18 - Filter: text/plain - {C9E5E652-B2A5-40A5-80F8-DC4DBB5E68FB} - C:\WINDOWS\System32\hmolba.dll



Do you think, it is now safe to start the Internet Explorer?

Thanks

#5 TonyKlein

TonyKlein

    Forum Deity

  • Expert
  • PipPipPipPipPip
  • 1,841 posts

Posted 20 July 2004 - 01:28 PM

Would you please check, and have Hijack This fix the following items, then reboot, and post a fresh log:

O2 - BHO: (no name) - {25903401-34FF-4325-9FC8-A203667F2551} - C:\WINDOWS\System32\hmolba.dll (file missing)

O18 - Filter: text/html - {C9E5E652-B2A5-40A5-80F8-DC4DBB5E68FB} - C:\WINDOWS\System32\hmolba.dll
O18 - Filter: text/plain - {C9E5E652-B2A5-40A5-80F8-DC4DBB5E68FB} - C:\WINDOWS\System32\hmolba.dll


#6 Padi

Padi

    Member

  • Full Member
  • Pip
  • 6 posts

Posted 20 July 2004 - 01:51 PM

OK, the 3 entries are fixed. Here is the new log:


Logfile of HijackThis v1.98.0
Scan saved at 20:50:56, on 20.07.2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\mysql\bin\mysqld-nt.exe
C:\Programme\Norton AntiVirus\navapsvc.exe
C:\Programme\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\Programme\sony\vaio media music server\SSSvr.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\powerpanel\Program\PcfMgr.exe
C:\Programme\Gemeinsame Dateien\Sony Shared\vaio media platform\sv_httpd.exe
C:\Programme\Gemeinsame Dateien\Sony Shared\vaio media platform\UPnPFramework.exe
C:\Programme\Norton AntiVirus\SAVScan.exe
C:\Programme\Apoint\Apoint.exe
C:\WINDOWS\System32\ezSP_Px.exe
C:\Programme\SigmaTel\C-Major Audio\stacmon.exe
C:\WINDOWS\System32\ICO.EXE
C:\Programme\mozilla.org\Mozilla\mozilla.exe
C:\Programme\Sony\HotKey Utility\HKserv.exe
C:\Programme\Apoint\Apntex.exe
C:\Programme\drag'n drop cd+dvd\BinFiles\DragDrop.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe
C:\Programme\Sony\HotKey Utility\HKWnd.exe
C:\Programme\Messenger\msmsgs.exe
C:\Programme\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Programme\C-Channel\MyPen\MyPen.exe
C:\Programme\Sony Ericsson\Mobile\audevicemgr.exe
C:\mysql\bin\winmysqladmin.exe
C:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\CONNMN~1.EXE
c:\Programme\Intuwave Ltd\Shared\mRouterRunTime\mRouterRuntime.exe
C:\PROGRA~1\SONYER~1\Mobile\MOBILE~1\EPMWOR~1.EXE
D:\HiJacker-Removals\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programme\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programme\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [Apoint] C:\Programme\Apoint\Apoint.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [SigmaTel StacMon] C:\Programme\SigmaTel\C-Major Audio\stacmon.exe
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
O4 - HKLM\..\Run: [HKSERV.EXE] C:\Programme\Sony\HotKey Utility\HKserv.exe
O4 - HKLM\..\Run: [Drag'n Drop CD+DVD] C:\Programme\drag'n drop cd+dvd\BinFiles\DragDrop.exe /StartUp
O4 - HKLM\..\Run: [ccApp] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background
O4 - Startup: WinMySQLadmin.lnk = C:\mysql\bin\winmysqladmin.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Programme\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: MyPen.lnk = ?
O4 - Global Startup: PowerPanel.lnk = ?
O4 - Global Startup: Telefonverbindungsmonitor.lnk = C:\Programme\Sony Ericsson\Mobile\audevicemgr.exe
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\MSMSGS.EXE
O14 - IERESET.INF: START_PAGE_URL=http://www.club-vaio.sony-europe.com/
O15 - Trusted Zone: *.sony-europe.com
O15 - Trusted Zone: *.sonystyle-europe.com
O15 - Trusted Zone: *.vaio-link.com
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = i-dom.local
O17 - HKLM\Software\..\Telephony: DomainName = i-dom.local
O17 - HKLM\System\CCS\Services\Tcpip\..\{B26AF942-1076-49BC-AF40-CEF83681BC1C}: NameServer = 212.55.211.3,212.55.215.149
O17 - HKLM\System\CCS\Services\Tcpip\..\{ECE57371-0BDF-43A5-8C58-9DE5BA753600}: NameServer = 212.55.211.3,212.55.215.149
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = i-dom.local
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = i-dom.local
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = i-dom.local


What do you think?

#7 Padi

Padi

    Member

  • Full Member
  • Pip
  • 6 posts

Posted 28 July 2004 - 06:02 AM

Do you think is is now safe to launch Internet Explorer?

#8 TonyKlein

TonyKlein

    Forum Deity

  • Expert
  • PipPipPipPipPip
  • 1,841 posts

Posted 28 July 2004 - 06:30 AM

Yup, it certainly is! :)
However, here's some reading on prevention you may find useful:

So how did I get infected in the first place?

#9 Padi

Padi

    Member

  • Full Member
  • Pip
  • 6 posts

Posted 28 July 2004 - 08:32 AM

Thanks a lot for your help.

Hopefully the infection is now gone (I will try tonight), but what's really strange about the infection, is the fact, that at the beginning I have made all windows updates after installing a brand new win xp, and updated norton antivirus with the latest patches. And the same day when I have made a couple of other updates of software packages, I received the CWS from one of those pages.
So what really worries me is that Internet Explorer got infected with the newest Windows patches intalled. From now on I will not use IE again (besides for Windows Updates), but instead Mozilla which makes a really good and fast impression to me.

#10 TonyKlein

TonyKlein

    Forum Deity

  • Expert
  • PipPipPipPipPip
  • 1,841 posts

Posted 28 July 2004 - 09:24 AM

Well, IE is unfortunately still full of 'holes'. I hear very good things about Mozilla Firefox:

http://www.mozilla.o...oducts/firefox/




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button