please have a look at tis Hijackthis-Logfile. It´s a bit messy as this was created after quite a few threats were removed by different Anti-Malware-Programmes (named: McAfee Stinger, F-Prot Antivirus, Bitdefender Antivirus and Spybot) and manual removal action. Non of the above programmes finds anything after my cleanup attempts, but the computer is unable to access any drives from now on.
If I start the windows explorer (W2K) it goes to my documents by default which is working OK. If I switch to "My Computer" now, the torch comes up and never leaves my screen untill I kill explorer.exe using the task manager. When I open the command prompt and try to access any drive from there, the same problem comes up.
Many thanks for your time.
Logfile of HijackThis v1.99.1
Scan saved at 01:39:56, on 09.08.2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\svchost.exe
C:\Programme\FSI\F-Prot\fpavupdm.exe
C:\Programme\Ahead\InCD\InCDsrv.exe
C:\WINNT\System32\IomegaAccess.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\ZipToA.exe
C:\WINNT\System32\svchost.exe
C:\Programme\Iomega\Common\ImgStart.exe
C:\Programme\Iomega\DriveIcons\ImgIcon.exe
C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLDial.exe
C:\Programme\QuickTime\qttask.exe
C:\Programme\Ahead\InCD\InCD.exe
C:\WINNT\Dit.exe
C:\WINNT\system32\spool\drivers\w32x86\3\hpztsb01.exe
C:\PROGRA~1\Softwin\BITDEF~1\bdnagent.exe
C:\Programme\Softwin\BitDefender8\bdoesrv.exe
C:\Programme\FreePDF_XP\fpassist.exe
C:\Programme\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Programme\FSI\F-Prot\F-Sched.exe
C:\Programme\FSI\F-Prot\F-StopW.EXE
C:\WINNT\system32\internat.exe
C:\Programme\Adobe\Acrobat 7.0\Distillr\AcroDist.exe
C:\Programme\AOL 9.0a\aoltray.exe
C:\Programme\OLYMPUS\DeviceDetector\DevDtct2.exe
C:\Programme\FRITZ!\IWatch.exe
C:\Programme\Pinnacle\Shared Files\Programs\Scheduler\PCLEScheduler.exe
C:\Programme\WinZip\WZQKPICK.EXE
C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLacsd.exe
C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\Adobelm_Cleanup.0001
C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe
C:\WINNT\explorer.exe
C:\Programme\AOL 9.0a\waol.exe
C:\Programme\AOL 9.0a\shellmon.exe
C:\Programme\Gemeinsame Dateien\Aol\aoltpspd.exe
C:\PROGRA~1\WINZIP\winzip32.exe
C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Temp\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.aol.de/e60/suche/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.aol.de/e60/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer bereitgestellt von AOL
R3 - URLSearchHook: (no name) - _{02EE5B04-F144-47BB-83FB-A60BD91B74A9} - (no file)
R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - C:\Programme\SurfSideKick 3\SskBho.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1C89F04E-DD54-6379-5946-C0128C08785D} - C:\WINNT\system32\gultsjjw.dll (file missing)
O2 - BHO: (no name) - {1F6ED871-4AA3-BC4A-ED5A-AE4E8DC29E55} - C:\WINNT\system32\lzxpjkzk.dll (file missing)
O2 - BHO: (no name) - {26CFFBE7-DA91-E534-8FFA-84F7DFC7C4C6} - C:\WINNT\system32\fmczibaa.dll (file missing)
O2 - BHO: (no name) - {27853198-1DA5-B67D-9536-BD4D500572FB} - C:\WINNT\system32\ydmhjihe.dll (file missing)
O2 - BHO: (no name) - {2A6CD7EC-2DAA-0422-BCF0-60604DFD11ED} - C:\WINNT\system32\xtpgnrzb.dll (file missing)
O2 - BHO: (no name) - {63367627-1F3F-A644-A28D-FB8BC344E7EA} - C:\WINNT\system32\lfpfmczl.dll (file missing)
O2 - BHO: (no name) - {6DD54D7D-68BC-30C1-CC1B-0F568C97CB61} - C:\WINNT\system32\mjkglpwn.dll (file missing)
O2 - BHO: (no name) - {85EACF3C-6C7C-2CEF-8AA1-A87076AD56B0} - C:\WINNT\system32\cusfgucr.dll (file missing)
O2 - BHO: (no name) - {87E1F2E7-2699-6822-5089-DBDB6F4CB26D} - C:\WINNT\system32\xhsafhqv.dll (file missing)
O2 - BHO: (no name) - {A64B9625-1290-58C8-389B-B0E52ABD7AD2} - C:\WINNT\system32\yvyomurp.dll (file missing)
O2 - BHO: (no name) - {C2918473-5D06-FD1C-DC06-DA6CBC575DA1} - C:\WINNT\system32\mvvdhcqp.dll (file missing)
O2 - BHO: (no name) - {C85CA7F3-089B-85E7-E427-01E69E403CA7} - C:\WINNT\system32\nyzghcss.dll (file missing)
O2 - BHO: (no name) - {D30BFDCF-43C0-B6E2-6F29-E13098E62CBE} - C:\WINNT\system32\ppssfjux.dll (file missing)
O2 - BHO: (no name) - {D3BF3FB7-59C6-FEB6-7F58-691888923925} - C:\WINNT\system32\rtyttboj.dll (file missing)
O2 - BHO: (no name) - {D5B5E402-2ED3-05D9-7889-FE9B9F4DFAE2} - C:\WINNT\system32\mjombrqn.dll (file missing)
O2 - BHO: (no name) - {DF53B3CE-3F0C-DFBD-46FA-1569E0D11EA2} - C:\WINNT\system32\itpzjfdx.dll (file missing)
O2 - BHO: (no name) - {E92D2125-6251-5654-ED5C-312928DB38CE} - C:\WINNT\system32\azbjlivx.dll (file missing)
O2 - BHO: (no name) - {E9A7FFAD-7E43-50D2-48C2-969BECE5CE96} - C:\WINNT\system32\cbgewyuq.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [Iomega Startup Options] C:\Programme\Iomega\Common\ImgStart.exe
O4 - HKLM\..\Run: [Iomega Drive Icons] C:\Programme\Iomega\DriveIcons\ImgIcon.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [InCD] C:\Programme\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [Dit] Dit.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINNT\system32\spool\drivers\w32x86\3\hpztsb01.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [BDNewsAgent] "C:\PROGRA~1\Softwin\BITDEF~1\bdnagent.exe"
O4 - HKLM\..\Run: [BDOESRV] C:\Programme\Softwin\BitDefender8\\bdoesrv.exe
O4 - HKLM\..\Run: [BDMCon] C:\PROGRA~1\Softwin\BITDEF~1\bdmcon.exe
O4 - HKLM\..\Run: [FreePDF Assistant] C:\Programme\FreePDF_XP\fpassist.exe
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Programme\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [SurfSideKick 3] C:\Programme\SurfSideKick 3\Ssk.exe
O4 - HKLM\..\Run: [FRISK FP-Scheduler] C:\Programme\FSI\F-Prot\F-Sched.exe STARTUP
O4 - HKLM\..\Run: [F-StopW] C:\Programme\FSI\F-Prot\F-StopW.EXE
O4 - HKLM\..\RunServices: [Microsofts Security Manager] khsi.exe
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKCU\..\Run: [NBJ] "C:\Programme\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [SurfSideKick 3] C:\Programme\SurfSideKick 3\Ssk.exe
O4 - HKCU\..\RunServices: [Microsofts Security Manager] khsi.exe
O4 - Startup: PowerReg SchedulerV2.exe
O4 - Startup: Registration-PCTV.lnk = C:\Programme\Pinnacle\Pinnacle PCTV\ERegister\RegTool.exe
O4 - Global Startup: Adobe Acrobat - Schnellstart.lnk = C:\Programme\Adobe\Acrobat 7.0\Acrobat\acrobat_sl.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader - Schnellstart.lnk = C:\Programme\Acrobat Reader\Reader\reader_sl.exe
O4 - Global Startup: AOL 9.0 Tray-Symbol.lnk = C:\Programme\AOL 9.0a\aoltray.exe
O4 - Global Startup: Device Detector 2.lnk = C:\Programme\OLYMPUS\DeviceDetector\DevDtct2.exe
O4 - Global Startup: ISDNWatch.lnk = C:\Programme\FRITZ!\IWatch.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Pinnacle Scheduler.lnk = C:\Programme\Pinnacle\Shared Files\Programs\Scheduler\PCLEScheduler.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Programme\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Auswahl in Adobe PDF konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Auswahl in vorhandene PDF-Datei konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: In Adobe PDF konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: In vorhandene PDF-Datei konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540000} - http://www.spywarestormer.com/files2/Install.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.de/computercheckup/qdiagcc.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{25FB1915-B8C5-48E9-905A-DBA7C1479A71}: NameServer = 192.168.120.252,192.168.120.253
O17 - HKLM\System\CCS\Services\Tcpip\..\{8114349B-88A0-4F46-B082-2D5CD7587E6E}: NameServer = 205.188.146.145
O17 - HKLM\System\CS1\Services\Tcpip\..\{25FB1915-B8C5-48E9-905A-DBA7C1479A71}: NameServer = 192.168.120.252,192.168.120.253
O17 - HKLM\System\CS2\Services\Tcpip\..\{25FB1915-B8C5-48E9-905A-DBA7C1479A71}: NameServer = 192.168.120.252,192.168.120.253
O18 - Protocol: haufereader - {39198710-62F7-42CD-9458-069843FA5D32} - k:\Buchfuehrung\HRInstmon.dll
O20 - Winlogon Notify: PCANotify - C:\WINNT\SYSTEM32\PCANotify.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINNT\system32\ati2sgag.exe
O23 - Service: pcAnywhere Host Service (awhost32) - Symantec Corporation - C:\Programme\Symantec\pcAnywhere\awhost32.exe
O23 - Service: AVM FRITZ!web Routing Service (de_serv) - AVM Berlin - C:\PROGRAMME\FRITZ!\de_serv.exe
O23 - Service: Verwaltungsdienst für die Verwaltung logischer Datenträger (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: F-Prot Antivirus Update Monitor - FRISK Software - C:\Programme\FSI\F-Prot\fpavupdm.exe
O23 - Service: InCD File System Service (InCDsrv) - Unknown owner - C:\Programme\Ahead\InCD\InCDsrv.exe
O23 - Service: IomegaAccess - Iomega Corporation - C:\WINNT\System32\IomegaAccess.exe
O23 - Service: ZipToA - Iomega Corporation - C:\WINNT\System32\ZipToA.exe