Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

hijackthis logfile to analyze. thanks so much!

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

hijackthis logfile to analyze. thanks so much!

Unread postby Natalie Breitschmid » April 14th, 2008, 6:08 am

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:44:48, on 14.04.2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Windows\System32\wpcumi.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Infineon\Security Platform Software\PSDrt.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Infineon\Security Platform Software\SpTna.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\system32\hpu4prop.bin
C:\Windows\system32\rundll32.exe
C:\PROGRA~2\MICROS~2\Office12\OUTLOOK.EXE
C:\Program Files\Microsoft Office\Office12\POWERPNT.EXE
C:\Windows\WindowsMobile\WmdHost.exe
C:\Program Files\Microsoft Office\Office12\WINWORD.EXE
C:\Windows\system32\Macromed\Flash\FlashUtil9e.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.nzz.ch/index.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [IFXSPMGT] C:\Windows\system32\IFXSPMGT.exe /NotifyLogon
O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
O4 - HKLM\..\Run: [pdfFactory Dispatcher v3] "C:\Windows\system32\spool\DRIVERS\W32X86\3\fppdis3a.exe" /source=HKLM
O4 - HKLM\..\Run: [FinePrint Dispatcher v5] "C:\Windows\system32\spool\DRIVERS\W32X86\3\fpdisp5a.exe" /source=HKLM
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [WPCUMI] C:\Windows\system32\WpcUmi.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-21-2403461216-219542230-1499049882-1002\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun (User 'Guest')
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O13 - Gopher Prefix:
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net ... plugin.cab
O16 - DPF: {02CF1781-EA91-4FA5-A200-646E8241987C} (VaioInfo.CMClass) - http://esupport.sony.com/VaioInfo.CAB
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://freetrial-de.webex.com/client/T ... atgpc1.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour-Dienst (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ccEvtMgr - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: ccSetMgr - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Security Platform Management Service (IFXSpMgtSrv) - Infineon Technologies AG - C:\Windows\system32\IFXSPMGT.exe
O23 - Service: Trusted Platform Core Service (IFXTCS) - Infineon Technologies AG - C:\Windows\system32\IFXTCS.exe
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~2\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Personal Secure Drive-Dienst (PersonalSecureDriveService) - Infineon Technologies AG - C:\Windows\system32\IfxPsdSv.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

--
Natalie Breitschmid
Active Member
 
Posts: 5
Joined: April 14th, 2008, 6:03 am
Advertisement
Register to Remove

Re: hijackthis logfile to analyze. thanks so much!

Unread postby Scotty » April 14th, 2008, 6:42 am

Hi! Welcome to the MWR forums.
My name is Scotty. I would be glad to take a look at your log and help you with solving any malware problems. HijackThis logs can take a while to research.

Please be patient as my posts to you have to be checked before I reply, so they make take longer.

Please make a uninstall list using HijackThis
To access the Uninstall Manager you would do the following:

1. Start HijackThis
2. Click on the Config button
3. Click on the Misc Tools button
4. Click on the Open Uninstall Manager button.
5. Click on the Save list... button and specify where you would like to save this file. When you press Save button a notepad will open with the contents of that file. Simply copy and paste the contents of that notepad here in a reply.

And please describe what problems you are having.
User avatar
Scotty
Retired Graduate
 
Posts: 4138
Joined: August 4th, 2006, 5:31 am
Location: Haggistown, Kiltland

Re: hijackthis logfile to analyze. thanks so much!

Unread postby Natalie Breitschmid » April 14th, 2008, 8:29 am

My google adwords campaign is down because (set as inactive through google itself) they suspect some malware treated/brought in the mentioned campaign management account. I haven't deteced some problems on my computer myself.
Natalie Breitschmid
Active Member
 
Posts: 5
Joined: April 14th, 2008, 6:03 am

Re: hijackthis logfile to analyze. thanks so much!

Unread postby Scotty » April 15th, 2008, 3:33 am

Hi

Just to clarify, Google has blocked your account because it thinks your computer is infected, yes?

Still waiting on the Uninstall List. ;)
User avatar
Scotty
Retired Graduate
 
Posts: 4138
Joined: August 4th, 2006, 5:31 am
Location: Haggistown, Kiltland

Re: hijackthis logfile to analyze. thanks so much!

Unread postby Natalie Breitschmid » April 15th, 2008, 5:20 am

hi there, yes it is. and here's also the uninstall liste, i'm sorry about

2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
Adobe Flash Player 9 ActiveX
Adobe Flash Player ActiveX
Adobe Reader 8.1.2
Adobe Shockwave Player
AppCore
Apple Mobile Device Support
Apple Software Update
AV
Bonjour
ccCommon
eMusic - 50 Free MP3 offer
FinePrint
GearDrvs
Google Toolbar for Internet Explorer
Google Toolbar for Internet Explorer
HijackThis 2.0.2
Infineon TPM Professional Package
Intel(R) Graphics Media Accelerator Driver
IntelliSafe® Vault Desktop for Microsoft® Office
iTunes
Janosch Vorschule
Korean Fonts Support For Adobe Reader 8
LiveUpdate 3.2 (Symantec Corporation)
LiveUpdate Notice (Symantec Corporation)
Lollipop Deutsch 1
Microsoft Office Excel MUI (German) 2007
Microsoft Office Outlook MUI (German) 2007
Microsoft Office PowerPoint MUI (German) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (German) 2007
Microsoft Office Proof (Italian) 2007
Microsoft Office Proofing (German) 2007
Microsoft Office Shared MUI (German) 2007
Microsoft Office Standard 2007
Microsoft Office Standard 2007
Microsoft Office Word MUI (German) 2007
Norton 360
Norton 360
Norton 360
Norton 360
Norton 360 (Symantec Corporation)
Norton 360 Help
Norton Confidential Browser Component
Norton Confidential Web Authentification Component
Norton Confidential Web Protection Component
Norton Security Scan
pdfFactory
QuickTime
RealPlayer
Realtek High Definition Audio Driver
RS-232 Monitor
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Excel 2007 (KB946974)
Security Update for Office 2007 (KB947801)
Security Update for Visio 2007 (KB947590)
Skype™ 3.5
Sony Snymsico for Vista
SPBBC 32bit
SuppSoft
Symantec Technical Support Controls
SymNet
TAIL
TouchChip USB Driver 2.6
Update for Office 2007 (KB946691)
Update for Outlook 2007 Junk Email Filter (kb949037)
WebEx
Winamp (remove only)
Windows Mobile-Gerätecenter
Windows Mobile-Gerätecenter: Treiberupdate
WinZip 11.1
Natalie Breitschmid
Active Member
 
Posts: 5
Joined: April 14th, 2008, 6:03 am

Re: hijackthis logfile to analyze. thanks so much!

Unread postby Scotty » April 15th, 2008, 11:17 am

Hi

Remove programs from Add/Remove Programs List
Please go to:
  • Start
  • Control Panel
  • Add/Remove Programs
Find and remove these programs (if they are present)

  • eMusic - 50 Free MP3 offer





Lets run an F-Secure online scan it will scan for Viruses, Spyware and RootKits:
  • Click HERE
  • Scroll to the bottom of the page and click the Start Scanning button. A window will pop up.
  • Allow the Active X control to be installed on your computer, then click the Accept button
  • Click Full System Scan and allow the components to download and the scan to complete.
  • If malware is found, check Submit samples to F-Secure then select Automatic cleaning
  • When cleaning has finished, click Show report (this will open an Internet Explorer window containing the report)
    Highlight and Copy (CTRL + C) the complete report, and Paste (CTRL + V) in a new reply to this post
If Automatic cleaning with Submit samples hangs, click Cancel, then New Scan
  • When the cleaning option is presented, Uncheck Submit samples to F-Secure
  • Click Automatic cleaning
  • When cleaning has finished, click Show report (this will open an Internet Explorer window containing the report)
  • Highlight and Copy (CTRL + C) the complete report, and Paste (CTRL + V) in a new reply to this post

Note: This scan will only work with Internet Explorer.
You must be logged on a administrator rights to run this scan.
The scan may take a few hours.
User avatar
Scotty
Retired Graduate
 
Posts: 4138
Joined: August 4th, 2006, 5:31 am
Location: Haggistown, Kiltland

Re: hijackthis logfile to analyze. thanks so much!

Unread postby Natalie Breitschmid » April 16th, 2008, 5:40 am

Hi again, this is my report:
greets, Natalie


Scanning Report
Wednesday, April 16, 2008 08:19:04 - 11:38:26
Computer name: SONY-NB
Scanning type: Scan system for malware, rootkits
Target: C:\ D:\


--------------------------------------------------------------------------------

Result: 1 malware found
Tracking Cookie (spyware)
System

--------------------------------------------------------------------------------

Statistics
Scanned:
Files: 46089
System: 3798
Not scanned: 28
Actions:
Disinfected: 0
Renamed: 0
Deleted: 0
None: 1
Submitted: 0
Files not scanned:
C:\HIBERFIL.SYS
C:\PAGEFILE.SYS
C:\WINDOWS\SYSTEM32\CONFIG\COMPONENTS
C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT
C:\WINDOWS\SYSTEM32\CONFIG\SAM
C:\WINDOWS\SYSTEM32\CONFIG\SECURITY
C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM
C:\WINDOWS\SYSTEM32\CONFIG\REGBACK\COMPONENTS
C:\WINDOWS\SYSTEM32\CONFIG\REGBACK\DEFAULT
C:\WINDOWS\SYSTEM32\CONFIG\REGBACK\SAM
C:\WINDOWS\SYSTEM32\CONFIG\REGBACK\SECURITY
C:\WINDOWS\SYSTEM32\CONFIG\REGBACK\SOFTWARE
C:\WINDOWS\SYSTEM32\CONFIG\REGBACK\SYSTEM
C:\WINDOWS\SYSTEM32\CATROOT2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\CATDB
C:\WINDOWS\SYSTEM32\CATROOT2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\CATDB
C:\WINDOWS\SOFTWAREDISTRIBUTION\EVENTCACHE\{4C12DD72-3D30-4032-B7E6-427128967DDA}.BIN
C:\USERS\GOVITA\APPDATA\LOCAL\MICROSOFT\WINDOWS DEFENDER\FILETRACKER\{5518FECC-3054-42B1-AAB1-5F38E9471A2A}
C:\USERS\GOVITA\APPDATA\LOCAL\MICROSOFT\OUTLOOK\ARCHIVE.PST
C:\USERS\GOVITA\APPDATA\LOCAL\MICROSOFT\OUTLOOK\ARCHIVE.PST
C:\USERS\GOVITA\APPDATA\LOCAL\MICROSOFT\OUTLOOK\OUTLOOK.PST
C:\USERS\GOVITA\APPDATA\LOCAL\MICROSOFT\OUTLOOK\OUTLOOK.PST
C:\USERS\GOVITA\APPDATA\LOCAL\INTELLISAFEVAULTDESKTOP\5.0\CACHE_1\_INTELLISAFE_CACHE_
C:\USERS\ALL USERS\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\1FDEB43B19BE2AA866EFDA035C9374D4_31FD968A-D74B-4475-9394-C55E510431F2
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\1FDEB43B19BE2AA866EFDA035C9374D4_31FD968A-D74B-4475-9394-C55E510431F2
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCPD-LC\SYMLCRST.DLL
C:\DOKUMENTE UND EINSTELLUNGEN\M\NTUSER.INI
C:\DOKUMENTE UND EINSTELLUNGEN\M\ANWENDUNGSDATEN\DESKTOP.INI

--------------------------------------------------------------------------------

Options
Scanning engines:
F-Secure USS: 2.30.0
F-Secure Hydra: 2.8.8110, 2008-04-15
F-Secure AVP: 7.0.171, 2008-04-16
F-Secure Pegasus: 1.20.0, 2008-02-28
Scanning options:
Scan defined files: COM EXE SYS OV? BIN SCR DLL SHS HTM HTML HTT VBS JS INF VXD DO? XL? RTF CPL WIZ HTA PP? PWZ P?T MSO PIF . ACM ASP AX CNV CSC DRV INI MDB MPD MPP MPT OBD OBT OCX PCI TLB TSP WBK WBT WPC WSH VWP WML BOO HLP TD0 TT6 MSG ASD JSE VBE WSC CHM EML PRC SHB LNK WSF {* PDF ZL? XML ZIP XXX ANI AVB BAT CMD JPG LSP MAP MHT MIF PHP POT SWF WMF NWS TAR
Use Advanced heuristics

--------------------------------------------------------------------------------
Natalie Breitschmid
Active Member
 
Posts: 5
Joined: April 14th, 2008, 6:03 am

Re: hijackthis logfile to analyze. thanks so much!

Unread postby Scotty » April 16th, 2008, 7:08 am

Hi Natalie

There appears to be no sign of any malicious software. I would get back in touch with whoever deals with the Google AdCampaign, and let them know your computer has been checked here and you were found to be clean.

You can now remove the F-secure scanner from your computer through Add or Remove Programs.

Here are some other recommendations.

Malwarebytes Anti-Malware is a good program to keep. If you wish to keep it, use it to do a quick scan once a week and keep it updated.
Remember, only the paid for version offers real-time protection

Install WinPatrol
Download it from here
Here you can find information about how WinPatrol works here


Make sure your Windows is ALWAYS up to date!

An unpatched Windows is vulnerable and even with the "best" Antivirus and Firewall installed, malware will find its way through.
So visit http://windowsupdate.microsoft.com/ to download and install the latest updates.


Update your Antivirus programs and other security products regularly to avoid new threats that could infect your system.

Here is some great information from experts in this field that will help you stay clean and safe online.
http://forum.malwareremoval.com/viewtopic.php?t=14

Follow this list and your potential for being infected will reduce dramatically.

I'd be grateful if you could reply to this post so that I know you have read it and, if you've no other questions, the thread can be closed.
User avatar
Scotty
Retired Graduate
 
Posts: 4138
Joined: August 4th, 2006, 5:31 am
Location: Haggistown, Kiltland

Re: hijackthis logfile to analyze. thanks so much!

Unread postby Natalie Breitschmid » April 16th, 2008, 8:38 am

thanks a lot! bye
Natalie Breitschmid
Active Member
 
Posts: 5
Joined: April 14th, 2008, 6:03 am

Re: hijackthis logfile to analyze. thanks so much!

Unread postby silver » April 16th, 2008, 9:03 am

This topic is now closed
We are pleased to have been of assistance in getting you clean.

If you have been helped and wish to donate with the costs of this volunteer site, you can do so using this link
Donations For Malware Removal
User avatar
silver
Regular Member
 
Posts: 9219
Joined: August 7th, 2006, 9:40 pm
Location: GMT+7
Advertisement
Register to Remove


Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 299 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware