1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

Elite??? - Toolbar

Discussion in 'Malware and Virus Removal Archive' started by caupano, 2005/02/25.

Thread Status:
Not open for further replies.
  1. 2005/02/25
    caupano

    caupano Inactive Thread Starter

    Joined:
    2005/02/25
    Messages:
    2
    Likes Received:
    0
    Hi!

    I don't get the System of a friend clean :confused: , perhaps you can help me to get rid of all the spyware I couldn't handle, HijackThis-Log is included.

    Thanks a lot,
    Caupano

    --- Start of Log ---

    Logfile of HijackThis v1.99.1
    Scan saved at 21:22:09, on 25.02.2005
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe
    C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe
    C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCSvc.exe
    C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\System32\brsvc01a.exe
    C:\WINDOWS\System32\brss01a.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Programme\Norton AntiVirus\navapsvc.exe
    C:\Programme\Norton AntiVirus\IWP\NPFMntor.exe
    C:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\WINDOWS\wanmpsvc.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\soundman.exe
    C:\WINDOWS\system32\sistray.EXE
    C:\WINDOWS\SOINTGR.EXE
    C:\Programme\Microsoft AntiSpyware\gcasServ.exe
    C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe
    C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe
    C:\Programme\T-Online\T-Online_Software_5\Basis-Software\Basis1\ToADiMon.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Programme\Microsoft AntiSpyware\gcasDtServ.exe
    C:\Programme\Microsoft Office\Office\FINDFAST.EXE
    C:\Programme\Microsoft Office\Office\OSA.EXE
    C:\Programme\Outlook Express\msimn.exe
    C:\Programme\Mozilla Firefox\firefox.exe
    C:\Programme\T-Online\T-Online_Software_5\Basis-Software\Basis2\kernel.exe
    C:\Programme\T-Online\T-Online_Software_5\Basis-Software\Basis2\sc_watch.exe
    C:\PROGRA~1\T-Online\T-ONLI~1\BASIS-~1\Basis2\PROFIL~1.EXE
    C:\Programme\Microsoft Office\Office\Winword.exe
    C:\PROGRA~1\WINZIP\winzip32.exe
    C:\Programme\Messenger\msmsgs.exe
    C:\Dokumente und Einstellungen\<username>\Lokale Einstellungen\Temp\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.arcor.de
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.arcor.de
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.arcor.de
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.arcor.de
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.de
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    O4 - HKLM\..\Run: [soundmanager] soundman.exe
    O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [SiS Tray] C:\WINDOWS\system32\sistray.EXE
    O4 - HKLM\..\Run: [SO5 Integrator Pass Two] C:\WINDOWS\SOINTGR.EXE
    O4 - HKLM\..\Run: [gcasServ] "C:\Programme\Microsoft AntiSpyware\gcasServ.exe "
    O4 - HKLM\..\Run: [ccApp] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe "
    O4 - HKLM\..\Run: [Zone Labs Client] "C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe "
    O4 - HKLM\..\Run: [ToADiMon.exe] C:\Programme\T-Online\T-Online_Software_5\Basis-Software\Basis1\ToADiMon.exe -TOnlineAutodialStart
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.5.0_01\bin\jusched.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - Global Startup: Microsoft-Indexerstellung.lnk = C:\Programme\Microsoft Office\Office\FINDFAST.EXE
    O4 - Global Startup: Office-Start.lnk = C:\Programme\Microsoft Office\Office\OSA.EXE
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_01\bin\npjpi150_01.dll
    O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_01\bin\npjpi150_01.dll
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
    O9 - Extra button: MedionShop - {811DDDB7-933B-4717-8A6B-4F86A67E0F9F} - http://www.medionshop.de/ (file missing) (HKCU)
    O14 - IERESET.INF: START_PAGE_URL=http://www.aol.de
    O15 - Trusted Zone: http://*.windowsupdate.com
    O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\System32\brsvc01a.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe
    O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Programme\Norton AntiVirus\navapsvc.exe
    O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Programme\Norton AntiVirus\IWP\NPFMntor.exe
    O23 - Service: SAVScan - Symantec Corporation - C:\Programme\Norton AntiVirus\SAVScan.exe
    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\GEMEIN~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

    --- End of Log ---
     
  2. 2005/02/25
    noahdfear

    noahdfear Inactive

    Joined:
    2003/04/06
    Messages:
    12,178
    Likes Received:
    15
    Welcome to WindowsBBS Caupano :)

    Log looks clean. What sort of problems are you having?
     

  3. to hide this advert.

  4. 2005/02/26
    caupano

    caupano Inactive Thread Starter

    Joined:
    2005/02/25
    Messages:
    2
    Likes Received:
    0
    Hi, Noahdfear,

    thanks for your answer it had been two problems and I hoped the second would be because of the first:

    (1) The former heavy infected computer had after some cleaning some Elite???-Sidebar left which I could not remove - this is solved because of the uninstaller which I found in this forum later...

    (2) I have Problems with the Modem/Internet connection. It's a Creatix V.9X DSP Data Fax Modem and every time I connect to the Internet the connection stays stable for about 20 or 30 seconds, then it is cut of, and this problem shows by using T-Online as well as using Arcor as provider.

    I thought it might have been because of forgotton Malware which tried to connect to the web itself or so, but if you say the HJT-Log is clean I still don't know.
    I postet the Modem Self-Test and the las connection-log, perhaps you have some idea on this...

    --- Log ---
    02-25-2005 19:57:10.578 - Datei: C:\WINDOWS\system32\tapisrv.dll, Version 5.1.2600
    02-25-2005 19:57:10.578 - Datei: C:\WINDOWS\system32\unimdm.tsp, Version 5.1.2600
    02-25-2005 19:57:10.578 - Datei: C:\WINDOWS\system32\unimdmat.dll, Version 5.1.2600
    02-25-2005 19:57:10.593 - Datei: C:\WINDOWS\system32\uniplat.dll, Version 5.1.2600
    02-25-2005 19:57:10.609 - Datei: C:\WINDOWS\system32\drivers\modem.sys, Version 5.1.2600
    02-25-2005 19:57:10.609 - Datei: C:\WINDOWS\system32\modemui.dll, Version 5.1.2600
    02-25-2005 19:57:10.609 - Datei: C:\WINDOWS\system32\mdminst.dll, Version 5.1.2600
    02-25-2005 19:57:10.609 - Modemtyp: Creatix V.9X DSP Data Fax Modem
    02-25-2005 19:57:10.609 - Pfad für Modeminformationsdatei: oem13.inf
    02-25-2005 19:57:10.609 - Abschnitt in Modeminformationsdatei: Intels51
    02-25-2005 19:57:10.609 - Übereinstimmende Hardwarekennung: pci\ven_8086&dev_1040&subsys_104016be&rev_00
    02-25-2005 19:57:10.875 - 115200,8,N,1, ctsfl=1, rtsctl=2
    02-25-2005 19:57:10.875 - Modem initialisieren
    02-25-2005 19:57:10.875 - Senden: AT<cr>
    02-25-2005 19:57:10.890 - Empfangen: AT<cr>
    02-25-2005 19:57:10.890 - Befehlsanzeige
    02-25-2005 19:57:11.015 - Empfangen: <cr><lf>OK<cr><lf>
    02-25-2005 19:57:11.015 - Interpretierte Antwort: OK
    02-25-2005 19:57:11.031 - Senden: AT&F E0 Q0 X4 S0=0 &D2 &C1 &S0 V1 W4<cr>
    02-25-2005 19:57:11.046 - Empfangen: AT&F E0 Q0 X4 S0=0 &D2 &C1 &S0 V1 W4<cr>
    02-25-2005 19:57:11.046 - Befehlsanzeige
    02-25-2005 19:57:11.218 - Empfangen: <cr><lf>OK<cr><lf>
    02-25-2005 19:57:11.218 - Interpretierte Antwort: OK
    02-25-2005 19:57:11.234 - Senden: ATS7=60S30=0L0M1+ES=3,0,2;%C1+DS=3,0;+DS44=3,0;&K3X3<cr>
    02-25-2005 19:57:11.421 - Empfangen: <cr><lf>OK<cr><lf>
    02-25-2005 19:57:11.421 - Interpretierte Antwort: OK
    02-25-2005 19:57:11.421 - Auf Anruf warten
    02-25-2005 19:57:11.453 - Senden: ATS0=0<cr>
    02-25-2005 19:57:11.609 - Empfangen: <cr><lf>OK<cr><lf>
    02-25-2005 19:57:11.609 - Interpretierte Antwort: OK
    02-25-2005 19:57:11.609 - 115200,8,N,1, ctsfl=1, rtsctl=2
    02-25-2005 19:57:11.609 - Modem initialisieren
    02-25-2005 19:57:11.625 - Senden: AT<cr>
    02-25-2005 19:57:11.781 - Empfangen: <cr><lf>OK<cr><lf>
    02-25-2005 19:57:11.781 - Interpretierte Antwort: OK
    02-25-2005 19:57:11.796 - Senden: AT&F E0 Q0 X4 S0=0 &D2 &C1 &S0 V1 W4<cr>
    02-25-2005 19:57:11.968 - Empfangen: <cr><lf>OK<cr><lf>
    02-25-2005 19:57:11.968 - Interpretierte Antwort: OK
    02-25-2005 19:57:11.984 - Senden: ATS7=60S30=0L0M1+ES=3,0,2;%C1+DS=3,0;+DS44=3,0;&K3X3<cr>
    02-25-2005 19:57:12.171 - Empfangen: <cr><lf>OK<cr><lf>
    02-25-2005 19:57:12.171 - Interpretierte Antwort: OK
    02-25-2005 19:57:12.171 - Wählen
    02-25-2005 19:57:12.187 - Senden: ATDT#,,#######<cr>
    02-25-2005 19:57:46.218 - Empfangen: <cr><lf>+MCR: V90<cr><lf>
    02-25-2005 19:57:46.218 - Interpretierte Antwort: Informativ
    02-25-2005 19:57:46.218 - Empfangen: <cr><lf>+MRR: 28800<cr><lf>
    02-25-2005 19:57:46.218 - Interpretierte Antwort: Informativ
    02-25-2005 19:57:46.218 - Empfangen: <cr><lf>+ER: LAPM<cr><lf>
    02-25-2005 19:57:46.218 - Interpretierte Antwort: Informativ
    02-25-2005 19:57:46.218 - Empfangen: <cr><lf>+DR: V42B<cr><lf>
    02-25-2005 19:57:46.218 - Interpretierte Antwort: Informativ
    02-25-2005 19:57:46.218 - Empfangen: <cr><lf>CONNECT 49333<cr><lf>
    02-25-2005 19:57:46.218 - Interpretierte Antwort: Verbinden
    02-25-2005 19:57:46.218 - Verbindung hergestellt mit 49333 Bit/s
    02-25-2005 19:57:46.218 - Fehlerkontrolle an
    02-25-2005 19:57:46.218 - Datenkomprimierung an
    02-25-2005 19:57:53.640 - CD-Signal wurde getrennt--Remotemodem hat aufgelegt. ModemStatus=00000030
    02-25-2005 19:57:53.703 - Modem aufhängen
    02-25-2005 19:57:53.703 - Empfangen: <cr><lf>NO CARRIER<cr><lf>
    02-25-2005 19:57:53.703 - Interpretierte Antwort: Kein Trägersignal
    02-25-2005 19:57:53.703 - Senden: ATH<cr>
    02-25-2005 19:57:53.953 - Empfangen: <cr><lf>OK<cr><lf>
    02-25-2005 19:57:53.953 - Interpretierte Antwort: OK
    02-25-2005 19:57:53.953 - 115200,8,N,1, ctsfl=1, rtsctl=2
    02-25-2005 19:57:53.953 - Modem initialisieren
    02-25-2005 19:57:53.953 - Senden: AT<cr>
    02-25-2005 19:57:54.093 - Empfangen: <cr><lf>OK<cr><lf>
    02-25-2005 19:57:54.093 - Interpretierte Antwort: OK
    02-25-2005 19:57:54.093 - Senden: AT&F E0 Q0 X4 S0=0 &D2 &C1 &S0 V1 W4<cr>
    02-25-2005 19:57:54.281 - Empfangen: <cr><lf>OK<cr><lf>
    02-25-2005 19:57:54.281 - Interpretierte Antwort: OK
    02-25-2005 19:57:54.296 - Senden: ATS7=60S30=0L0M1+ES=3,0,2;%C1+DS=3,0;+DS44=3,0;&K3X3<cr>
    02-25-2005 19:57:54.640 - Empfangen: <cr><lf>OK<cr><lf>
    02-25-2005 19:57:54.640 - Interpretierte Antwort: OK
    02-25-2005 19:57:54.640 - Auf Anruf warten
    02-25-2005 19:57:54.656 - Senden: ATS0=0<cr>
    02-25-2005 19:57:54.781 - Empfangen: <cr><lf>OK<cr><lf>
    02-25-2005 19:57:54.781 - Interpretierte Antwort: OK
    02-25-2005 19:57:55.046 - Sitzungsstatistik:
    02-25-2005 19:57:55.046 - Gelesen: 24 Bytes
    02-25-2005 19:57:55.046 - Geschrieben: 100 Bytes
    --- End of Log ---

    --- Modem diagnosis ---
    ATQ0V1E0 Erfolgreich
    AT+GMM Creatix V.9X DSP Data Fax Modem
    AT+FLCLASS=? 0,1,2,2.0,8
    AT#CLS=? Befehl wird nichr unterstützt
    ATI1 Creatic V.9X DSP Data Fax Modem
    ATI2 Creatix Polymedia GmbH
    ATI3 536EP
    ATI4 586EP Release 4.67 - Dec 8 2003 - 10:56:21
    ATI5 V.92 Capable Modem
    Host I/F: PCI
    ATI6 DSP Patch Level:09.77
    ATI7 Erfolgreich
    --- End of diagnosis ---

    Thanks
    Caupano

    PS: Because of the system being used in Germany the system-messages are German, sorry about this, but I may translate some if it is needed.
     
  5. 2005/02/27
    noahdfear

    noahdfear Inactive

    Joined:
    2003/04/06
    Messages:
    12,178
    Likes Received:
    15
    I don't think the problem is malware related. Have you tried uninstalling the modem through device manager, rebooting and letting it re-install? Check for driver updates?
     
Thread Status:
Not open for further replies.

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.