Elite??? - Toolbar

caupano · 2005/02/25

Hi!

I don't get the System of a friend clean , perhaps you can help me to get rid of all the spyware I couldn't handle, HijackThis-Log is included.

Thanks a lot,
Caupano

--- Start of Log ---

Logfile of HijackThis v1.99.1
Scan saved at 21:22:09, on 25.02.2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\System32\brsvc01a.exe
C:\WINDOWS\System32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Norton AntiVirus\navapsvc.exe
C:\Programme\Norton AntiVirus\IWP\NPFMntor.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\soundman.exe
C:\WINDOWS\system32\sistray.EXE
C:\WINDOWS\SOINTGR.EXE
C:\Programme\Microsoft AntiSpyware\gcasServ.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe
C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe
C:\Programme\T-Online\T-Online_Software_5\Basis-Software\Basis1\ToADiMon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Microsoft AntiSpyware\gcasDtServ.exe
C:\Programme\Microsoft Office\Office\FINDFAST.EXE
C:\Programme\Microsoft Office\Office\OSA.EXE
C:\Programme\Outlook Express\msimn.exe
C:\Programme\Mozilla Firefox\firefox.exe
C:\Programme\T-Online\T-Online_Software_5\Basis-Software\Basis2\kernel.exe
C:\Programme\T-Online\T-Online_Software_5\Basis-Software\Basis2\sc_watch.exe
C:\PROGRA~1\T-Online\T-ONLI~1\BASIS-~1\Basis2\PROFIL~1.EXE
C:\Programme\Microsoft Office\Office\Winword.exe
C:\PROGRA~1\WINZIP\winzip32.exe
C:\Programme\Messenger\msmsgs.exe
C:\Dokumente und Einstellungen\<username>\Lokale Einstellungen\Temp\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.arcor.de
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.arcor.de
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.arcor.de
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.arcor.de
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.de
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O4 - HKLM\..\Run: [soundmanager] soundman.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SiS Tray] C:\WINDOWS\system32\sistray.EXE
O4 - HKLM\..\Run: [SO5 Integrator Pass Two] C:\WINDOWS\SOINTGR.EXE
O4 - HKLM\..\Run: [gcasServ] "C:\Programme\Microsoft AntiSpyware\gcasServ.exe "
O4 - HKLM\..\Run: [ccApp] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe "
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe "
O4 - HKLM\..\Run: [ToADiMon.exe] C:\Programme\T-Online\T-Online_Software_5\Basis-Software\Basis1\ToADiMon.exe -TOnlineAutodialStart
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.5.0_01\bin\jusched.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Microsoft-Indexerstellung.lnk = C:\Programme\Microsoft Office\Office\FINDFAST.EXE
O4 - Global Startup: Office-Start.lnk = C:\Programme\Microsoft Office\Office\OSA.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra button: MedionShop - {811DDDB7-933B-4717-8A6B-4F86A67E0F9F} - http://www.medionshop.de/ (file missing) (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://www.aol.de
O15 - Trusted Zone: http://*.windowsupdate.com
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\System32\brsvc01a.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Programme\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Programme\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Programme\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\GEMEIN~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

--- End of Log ---

noahdfear · 2005/02/25

Welcome to WindowsBBS Caupano

Log looks clean. What sort of problems are you having?

caupano · 2005/02/26

Hi, Noahdfear,

thanks for your answer it had been two problems and I hoped the second would be because of the first:

(1) The former heavy infected computer had after some cleaning some Elite???-Sidebar left which I could not remove - this is solved because of the uninstaller which I found in this forum later...

(2) I have Problems with the Modem/Internet connection. It's a Creatix V.9X DSP Data Fax Modem and every time I connect to the Internet the connection stays stable for about 20 or 30 seconds, then it is cut of, and this problem shows by using T-Online as well as using Arcor as provider.

I thought it might have been because of forgotton Malware which tried to connect to the web itself or so, but if you say the HJT-Log is clean I still don't know.
I postet the Modem Self-Test and the las connection-log, perhaps you have some idea on this...

--- Log ---
02-25-2005 19:57:10.578 - Datei: C:\WINDOWS\system32\tapisrv.dll, Version 5.1.2600
02-25-2005 19:57:10.578 - Datei: C:\WINDOWS\system32\unimdm.tsp, Version 5.1.2600
02-25-2005 19:57:10.578 - Datei: C:\WINDOWS\system32\unimdmat.dll, Version 5.1.2600
02-25-2005 19:57:10.593 - Datei: C:\WINDOWS\system32\uniplat.dll, Version 5.1.2600
02-25-2005 19:57:10.609 - Datei: C:\WINDOWS\system32\drivers\modem.sys, Version 5.1.2600
02-25-2005 19:57:10.609 - Datei: C:\WINDOWS\system32\modemui.dll, Version 5.1.2600
02-25-2005 19:57:10.609 - Datei: C:\WINDOWS\system32\mdminst.dll, Version 5.1.2600
02-25-2005 19:57:10.609 - Modemtyp: Creatix V.9X DSP Data Fax Modem
02-25-2005 19:57:10.609 - Pfad fÃ¼r Modeminformationsdatei: oem13.inf
02-25-2005 19:57:10.609 - Abschnitt in Modeminformationsdatei: Intels51
02-25-2005 19:57:10.609 - Ãœbereinstimmende Hardwarekennung: pci\ven_8086&dev_1040&subsys_104016be&rev_00
02-25-2005 19:57:10.875 - 115200,8,N,1, ctsfl=1, rtsctl=2
02-25-2005 19:57:10.875 - Modem initialisieren
02-25-2005 19:57:10.875 - Senden: AT<cr>
02-25-2005 19:57:10.890 - Empfangen: AT<cr>
02-25-2005 19:57:10.890 - Befehlsanzeige
02-25-2005 19:57:11.015 - Empfangen: <cr><lf>OK<cr><lf>
02-25-2005 19:57:11.015 - Interpretierte Antwort: OK
02-25-2005 19:57:11.031 - Senden: AT&F E0 Q0 X4 S0=0 &D2 &C1 &S0 V1 W4<cr>
02-25-2005 19:57:11.046 - Empfangen: AT&F E0 Q0 X4 S0=0 &D2 &C1 &S0 V1 W4<cr>
02-25-2005 19:57:11.046 - Befehlsanzeige
02-25-2005 19:57:11.218 - Empfangen: <cr><lf>OK<cr><lf>
02-25-2005 19:57:11.218 - Interpretierte Antwort: OK
02-25-2005 19:57:11.234 - Senden: ATS7=60S30=0L0M1+ES=3,0,2;%C1+DS=3,0;+DS44=3,0;&K3X3<cr>
02-25-2005 19:57:11.421 - Empfangen: <cr><lf>OK<cr><lf>
02-25-2005 19:57:11.421 - Interpretierte Antwort: OK
02-25-2005 19:57:11.421 - Auf Anruf warten
02-25-2005 19:57:11.453 - Senden: ATS0=0<cr>
02-25-2005 19:57:11.609 - Empfangen: <cr><lf>OK<cr><lf>
02-25-2005 19:57:11.609 - Interpretierte Antwort: OK
02-25-2005 19:57:11.609 - 115200,8,N,1, ctsfl=1, rtsctl=2
02-25-2005 19:57:11.609 - Modem initialisieren
02-25-2005 19:57:11.625 - Senden: AT<cr>
02-25-2005 19:57:11.781 - Empfangen: <cr><lf>OK<cr><lf>
02-25-2005 19:57:11.781 - Interpretierte Antwort: OK
02-25-2005 19:57:11.796 - Senden: AT&F E0 Q0 X4 S0=0 &D2 &C1 &S0 V1 W4<cr>
02-25-2005 19:57:11.968 - Empfangen: <cr><lf>OK<cr><lf>
02-25-2005 19:57:11.968 - Interpretierte Antwort: OK
02-25-2005 19:57:11.984 - Senden: ATS7=60S30=0L0M1+ES=3,0,2;%C1+DS=3,0;+DS44=3,0;&K3X3<cr>
02-25-2005 19:57:12.171 - Empfangen: <cr><lf>OK<cr><lf>
02-25-2005 19:57:12.171 - Interpretierte Antwort: OK
02-25-2005 19:57:12.171 - WÃ¤hlen
02-25-2005 19:57:12.187 - Senden: ATDT#,,#######<cr>
02-25-2005 19:57:46.218 - Empfangen: <cr><lf>+MCR: V90<cr><lf>
02-25-2005 19:57:46.218 - Interpretierte Antwort: Informativ
02-25-2005 19:57:46.218 - Empfangen: <cr><lf>+MRR: 28800<cr><lf>
02-25-2005 19:57:46.218 - Interpretierte Antwort: Informativ
02-25-2005 19:57:46.218 - Empfangen: <cr><lf>+ER: LAPM<cr><lf>
02-25-2005 19:57:46.218 - Interpretierte Antwort: Informativ
02-25-2005 19:57:46.218 - Empfangen: <cr><lf>+DR: V42B<cr><lf>
02-25-2005 19:57:46.218 - Interpretierte Antwort: Informativ
02-25-2005 19:57:46.218 - Empfangen: <cr><lf>CONNECT 49333<cr><lf>
02-25-2005 19:57:46.218 - Interpretierte Antwort: Verbinden
02-25-2005 19:57:46.218 - Verbindung hergestellt mit 49333 Bit/s
02-25-2005 19:57:46.218 - Fehlerkontrolle an
02-25-2005 19:57:46.218 - Datenkomprimierung an
02-25-2005 19:57:53.640 - CD-Signal wurde getrennt--Remotemodem hat aufgelegt. ModemStatus=00000030
02-25-2005 19:57:53.703 - Modem aufhÃ¤ngen
02-25-2005 19:57:53.703 - Empfangen: <cr><lf>NO CARRIER<cr><lf>
02-25-2005 19:57:53.703 - Interpretierte Antwort: Kein TrÃ¤gersignal
02-25-2005 19:57:53.703 - Senden: ATH<cr>
02-25-2005 19:57:53.953 - Empfangen: <cr><lf>OK<cr><lf>
02-25-2005 19:57:53.953 - Interpretierte Antwort: OK
02-25-2005 19:57:53.953 - 115200,8,N,1, ctsfl=1, rtsctl=2
02-25-2005 19:57:53.953 - Modem initialisieren
02-25-2005 19:57:53.953 - Senden: AT<cr>
02-25-2005 19:57:54.093 - Empfangen: <cr><lf>OK<cr><lf>
02-25-2005 19:57:54.093 - Interpretierte Antwort: OK
02-25-2005 19:57:54.093 - Senden: AT&F E0 Q0 X4 S0=0 &D2 &C1 &S0 V1 W4<cr>
02-25-2005 19:57:54.281 - Empfangen: <cr><lf>OK<cr><lf>
02-25-2005 19:57:54.281 - Interpretierte Antwort: OK
02-25-2005 19:57:54.296 - Senden: ATS7=60S30=0L0M1+ES=3,0,2;%C1+DS=3,0;+DS44=3,0;&K3X3<cr>
02-25-2005 19:57:54.640 - Empfangen: <cr><lf>OK<cr><lf>
02-25-2005 19:57:54.640 - Interpretierte Antwort: OK
02-25-2005 19:57:54.640 - Auf Anruf warten
02-25-2005 19:57:54.656 - Senden: ATS0=0<cr>
02-25-2005 19:57:54.781 - Empfangen: <cr><lf>OK<cr><lf>
02-25-2005 19:57:54.781 - Interpretierte Antwort: OK
02-25-2005 19:57:55.046 - Sitzungsstatistik:
02-25-2005 19:57:55.046 - Gelesen: 24 Bytes
02-25-2005 19:57:55.046 - Geschrieben: 100 Bytes
--- End of Log ---

--- Modem diagnosis ---
ATQ0V1E0 Erfolgreich
AT+GMM Creatix V.9X DSP Data Fax Modem
AT+FLCLASS=? 0,1,2,2.0,8
AT#CLS=? Befehl wird nichr unterstÃ¼tzt
ATI1 Creatic V.9X DSP Data Fax Modem
ATI2 Creatix Polymedia GmbH
ATI3 536EP
ATI4 586EP Release 4.67 - Dec 8 2003 - 10:56:21
ATI5 V.92 Capable Modem
Host I/F: PCI
ATI6 DSP Patch Level:09.77
ATI7 Erfolgreich
--- End of diagnosis ---

Thanks
Caupano

PS: Because of the system being used in Germany the system-messages are German, sorry about this, but I may translate some if it is needed.

noahdfear · 2005/02/27

I don't think the problem is malware related. Have you tried uninstalling the modem through device manager, rebooting and letting it re-install? Check for driver updates?

Log in or Sign up

Elite??? - Toolbar

caupano Inactive Thread Starter

noahdfear Inactive

caupano Inactive Thread Starter

noahdfear Inactive

Share This Page

Log in or Sign up

Elite??? - Toolbar

caupano Inactive Thread Starter

noahdfear Inactive

caupano Inactive Thread Starter

noahdfear Inactive

Share This Page

Useful Searches