Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Is this a worm, spyware or what?

Status
Not open for further replies.
chriswies

chriswies

Programmer
Jan 11, 2004
1
DE
This page here is no problem for my IE6 on XP Pro.
Also not the german They work fine.
But or are making trouble. Some images do not appear. IE needs one!! second to get a typed characters on the screen.
Nothing happens. It also seems that php-Links are not working properly cause the browser to stop repsonding. Sometimes I have to kill the task.

I have Norton AntiVirus Pro (latest virusdef).
I run spybot, ad-aware, hijackthis. Yes, they found stuff, but nothing changed.
I run cwshredder1491.exe. Nothing found.
I also checked for accessability-Options in the IE general settings.
I reinstalled IE6.
I run BeClean registry tool.
And I have all security related patches installed.
No ZoneAlarm.
Google-Toolbar installed.

Does anybody out there have some hints for me?
Thanks
Chris




now, the HijackThis log. It's a lot in there. But I was even more before and worked fine.
Logfile of HijackThis v1.97.7
Scan saved at 23:43:06, on 20.02.2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe
C:\Programme\Norton AntiVirus\navapsvc.exe
C:\Programme\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\WINDOWS\System32\svchost.exe
C:\Programme\VMware\VMware Workstation\vmware-authd.exe
C:\WINDOWS\System32\vmnat.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\System32\vmnetdhcp.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\carpserv.exe
C:\Programme\Synaptics\SynTP\SynTPLpr.exe
C:\Programme\Synaptics\SynTP\SynTPEnh.exe
C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe
C:\WINDOWS\StartupMonitor.exe
C:\WINDOWS\System32\pupxpman.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\2\RPDFLch r.exe
C:\Programme\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Programme\T-Online\T-Online_Software_5\Basis-Software\Basis1\ToADiMon.exe
C:\PROGRA~1\TOOLS\STARDO~1\stardown.exe
C:\Programme\Microsoft ActiveSync\WCESCOMM.EXE
C:\Programme\Tools\WinKey\WinKey.exe
C:\Programme\TheBrain\PersonalBrain 3.0\Brain.exe
C:\Programme\Internet Explorer\IEXPLORE.EXE
D:\cabs\Security\HijackThis\HijackThis.exe
C:\Programme\Internet Explorer\IEXPLORE.EXE
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = proxy.hfp.de:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = 192.168.2.1;192.168.1.1;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Tools\Spybot\SDHelper.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programme\google\googletoolbar1.dll
O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programme\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {FFFFFEF0-5B30-21D4-945D-000000000000} - C:\PROGRA~1\TOOLS\STARDO~1\SDIEInt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programme\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programme\google\googletoolbar1.dll
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Programme\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programme\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ccApp] &quot;C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe&quot;
O4 - HKLM\..\Run: [ccRegVfy] &quot;C:\Programme\Gemeinsame Dateien\Symantec Shared\ccRegVfy.exe&quot;
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [Run StartupMonitor] StartupMonitor.exe
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [mspwr] C:\WINDOWS\System32\pupxpman.exe
O4 - HKLM\..\Run: [PwrUpTweakMe] C:\WINDOWS\System32\PUPXPTWK.EXE /TWEAK
O4 - HKLM\..\Run: [RoboPDF] C:\WINDOWS\System32\spool\DRIVERS\W32X86\2\RPDFLch r.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] &quot;C:\Programme\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe&quot;
O4 - HKLM\..\Run: [ToADiMon.exe] C:\Programme\T-Online\T-Online_Software_5\Basis-Software\Basis1\ToADiMon.exe -TOnlineAutodialStart
O4 - HKCU\..\Run: [Star Downloader] C:\PROGRA~1\TOOLS\STARDO~1\stardown.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] &quot;C:\Programme\Microsoft ActiveSync\WCESCOMM.EXE&quot;
O4 - Global Startup: WinKey.lnk = C:\Programme\Tools\WinKey\WinKey.exe
O4 - Global Startup: PersonalBrain 2.0.lnk = C:\Programme\TheBrain\PersonalBrain 3.0\Brain.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Google Search - res://C:\Programme\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://C:\Programme\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Programme\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Download with Star Downloader - C:\PROGRA~1\TOOLS\STARDO~1\sdie.htm
O8 - Extra context menu item: Edit with &XML Spy - C:\Programme\Altova\XMLSPY2004\spy.htm
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Si&milar Pages - res://C:\Programme\Google\GoogleToolbar1.dll/cmsimilar.html
O9 - Extra button: Mobilen Favoriten erstellen (HKLM)
O9 - Extra 'Tools' menuitem: Mobilen Favoriten erstellen... (HKLM)
O9 - Extra button: Recherchieren (HKLM)
O9 - Extra button: Edit with XML Spy (HKCU)
O9 - Extra 'Tools' menuitem: Edit with XML Spy (HKCU)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} (Microsoft Office Template and Media Control) - O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - O16 - DPF: {103DFAE7-50CC-41FC-9D57-1A4BCA0DFD87} (Upload Control) - O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - O16 - DPF: {4BEE3896-4820-48D1-85EA-5A9A9ECD3D95} (OPUCatalog Class) - O16 - DPF: {597C45C2-2D39-11D5-8D53-0050048383FE} (OPUCatalog Class) - O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - O16 - DPF: {90A29DA5-D020-4B18-8660-6689520C7CD7} (DmiReader Class) - O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - O16 - DPF: {DE22A7AB-A739-4C58-AD52-21F9CD6306B7} (CTAdjust Class) - O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} (EPSImageControl Class) -
 
Sort by date Sort by votes
Does the problem persist if you exclude as many programs as possible from the startup process ?
Any information from the Task Manager on the use of resources ?
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

SamBones
  • Locked
  • Question
Chrome Issue with Third Party App
Replies
0
Views
202
SamBones
SamBones
Soisoi23
  • Locked
  • Question
Where to find a secure proxy?
Replies
4
Views
155
Mike Lewis
Mike Lewis
Sebastian42
  • Locked
  • Question
Firefox library is blank and just an icon
Replies
2
Views
146
Sebastian42
Sebastian42
moveit
  • Locked
  • Question
Firefox will not let me sign in to my Tesco account
Replies
4
Views
383
teknance
teknance
Deniall
  • Locked
  • Question
Problem accessing Eng-Tips website 1
Replies
7
Views
808
Deniall
Deniall

Part and Inventory Search

Sponsor

Back
Top