Ok i have a small problem with my Computer, Windows XP Pro, KAV Version 5.0.20

The Microsoft Security Center reports sometimes that the KAV background scanner is not active, but why?

I had this problem in the past, but now i have the same problem again
Sometimes KAV's background scanner workes but sometimes not.

Ok i post a Log here too:

Logfile of HijackThis v1.99.1
Scan saved at 23:55:40, on 02.10.2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
F:\Ewido_NEU\ewido\security suite\ewidoctrl.exe
F:\Ewido_NEU\ewido\security suite\ewidoguard.exe
C:\PROGRA~1\Symantec\NORTON~1\GHOSTS~2.EXE
C:\WINDOWS\Explorer.EXE
G:\Programme\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro 5\kavmm.exe
C:\WINDOWS\Dit.exe
C:\Programme\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe
C:\WINDOWS\system32\sstray.exe
C:\Programme\Java\jre1.5.0_04\bin\jusched.exe

Any solution for my Problems ?

Catweazle

Dear Mr. Weazle....

You did not post the entire log.

Next, you are using an old version of KAV. Current is 5.0.388 You need to upgrade.

We will know more after posting the full log


Phat-san

Sorry what do you menaing ?

I use Kaspersky Antivirus in version 5.0.20 but nothing newer !

How can i upgrade to a newer version of it ?

BTW what about my log ?

Catweazle

Hello, here is a Log from the Protectet Mode from Windows Xp Pro.

Log is:

Logfile of HijackThis v1.99.1
Scan saved at 00:21:53, on 03.10.2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
G:\Programme\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro 5\kavmm.exe
C:\WINDOWS\Explorer.EXE
G:\HighjackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Programme\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Dit] Dit.exe
O4 - HKLM\..\Run: [GhostStartTrayApp] C:\Programme\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe
O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [CloantoSoftwareManager] "C:\Programme\Gemeinsame Dateien\Cloanto\Software Manager\softmngr.exe" /s
O4 - HKLM\..\Run: [THGuard] "F:\Programme\TrojanHunter 4.2\THGuard.exe"
O4 - HKLM\..\Run: [KAV50] "G:\Programme\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro 5\kav.exe" -run -n PersonalPro -v 5.0.0.0 -chkss
O4 - HKLM\..\Run: [twister] "C:\Programme\Filseclab\Twister\twister.exe" -a
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [gcasServ] "G:\Programme\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [Tau Monitor] G:\Programme\Agnitum\Tauscan 1.7\taumon.exe
O4 - HKLM\..\Run: [TrojanScanner] g:\TrojanRemover\Trjscan.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot
O4 - Global Startup: Adobe Reader - Schnellstart.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = G:\Programme\Microsoft Office\Office10\OSA.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O16 - DPF: {3AF4DACE-36ED-42EF-9DFC-ADC34DA30CFF} (PatchInstaller.Installer) - file://E:\content\include\XPPatchInstaller.CAB
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1093199042468
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {8B1BC605-C593-4865-8F5B-05517F0CD0BB} (MSSecurityAdvisorCD Class) - file://E:\Content\include\msSecUcd.cab
O16 - DPF: {8EB3FF4E-86A1-4717-884D-7BA2D38272CB} (F-Secure Online Scanner) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (ASquaredScanForm Element) - http://www.windowsecurity.com/trojanscan/axscan.cab
O23 - Service: ewido security suite control - ewido networks - F:\Ewido_NEU\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - F:\Ewido_NEU\ewido\security suite\ewidoguard.exe
O23 - Service: GhostStartService - Symantec Corporation - C:\PROGRA~1\Symantec\NORTON~1\GHOSTS~2.EXE
O23 - Service: KJUYMM - ??????????????????????????????????? - C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\KJUYMM.exe
O23 - Service: Kaspersky Anti-Virus Service (KLBLMain) - Unknown owner - G:\Programme\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro 5\kavmm.exe" -run bl -n PersonalPro -v 5.0.0.0 -ttsr 10000000 (file missing)
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

Catweazle

PS: I think whith can help, too.


Catweazle

Hello,

here a screenshot for example

This shows my current computer problem.....

Click to view attachment

You are correct, v5.0.20 is the most recent for KAV Personal Pro. WHen you first mentioned it, you said KAV Personal and there was no log. I assumed plain KAV Personal, which is 5.0.388. (that's what I run).

You have a 'bug' we need to remove.

First:
From the Desktop

Start -> Run -> services.msc, then press 'Enter'

That will open the Services management window

On the right pane, scroll down and look for 'KJUYMM' (without quotes)
(It may also show just question marks)

Double Click on it to open the Properties window

Verfiy that the path to the executable is: C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\KJUYMM.exe

Under Service Status, press the 'Stop' button

Under Service Type, use the pulldown to change to 'Disabled'

Press 'OK' then exit to the Desktop

Reboot


Second:
Start HiJackThis

Press 'Config'
Press 'Misc Tools'
Press 'Delete an NT service'
Enter KJUYMM and press 'OK'
Exit to Desktop

Delete the following file:
C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\KJUYMM.exe


Last:
Run HiJackThis again and post a new log in this thread.

Hello, verry strange here, i start my Computer and KAV is still running in the Backround too

Ok i tryt what you wrote, but i can´t not delete the NT services, KJUYMM.exe.

The following error messages came:

And here is my HiJackThis Log:

Logfile of HijackThis v1.99.1
Scan saved at 12:36:54, on 03.10.2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
F:\Ewido_NEU\ewido\security suite\ewidoctrl.exe
F:\Ewido_NEU\ewido\security suite\ewidoguard.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Symantec\NORTON~1\GHOSTS~2.EXE
G:\Programme\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro 5\kavmm.exe
C:\WINDOWS\Dit.exe
C:\Programme\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe
C:\WINDOWS\system32\sstray.exe
C:\Programme\Java\jre1.5.0_04\bin\jusched.exe
C:\Programme\QuickTime\qttask.exe
C:\Programme\Gemeinsame Dateien\Cloanto\Software Manager\softmngr.exe
G:\Programme\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro 5\kav.exe
C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
F:\Programme\mozilla.org\Mozilla\Mozilla.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Programme\Folding@Home\winFAH.exe
C:\Programme\Folding@Home\FahCore_78.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
G:\HighjackThis\HijackThis.exe
C:\WINDOWS\System32\svchost.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R3 - URLSearchHook: Cram Toolbar - {20929603-21DB-477C-BA6F-0B8E70B3C8A0} - G:\Programme\Gish\Gish__X\Cram Toolbar\untitled.dll (file missing)
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Programme\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Dit] Dit.exe
O4 - HKLM\..\Run: [GhostStartTrayApp] C:\Programme\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe
O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [CloantoSoftwareManager] "C:\Programme\Gemeinsame Dateien\Cloanto\Software Manager\softmngr.exe" /s
O4 - HKLM\..\Run: [THGuard] "F:\Programme\TrojanHunter 4.2\THGuard.exe"
O4 - HKLM\..\Run: [KAV50] "G:\Programme\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro 5\kav.exe" -run -n PersonalPro -v 5.0.0.0 -chkss
O4 - HKLM\..\Run: [twister] "C:\Programme\Filseclab\Twister\twister.exe" -a
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [gcasServ] "G:\Programme\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [Tau Monitor] G:\Programme\Agnitum\Tauscan 1.7\taumon.exe
O4 - HKLM\..\Run: [TrojanScanner] g:\TrojanRemover\Trjscan.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [Mozilla Quick Launch] "F:\Programme\mozilla.org\Mozilla\Mozilla.exe" -turbo
O4 - HKCU\..\Run: [iIWiper] G:\Programme\iISystem Wiper\SystemWiper.exe m
O4 - HKCU\..\Run: [eMuleAutoStart] F:\Programme\eMule\emule.exe -AutoStart
O4 - Startup: Folding@home 4.00.lnk = ?
O4 - Global Startup: Adobe Reader - Schnellstart.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = G:\Programme\Microsoft Office\Office10\OSA.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O16 - DPF: {3AF4DACE-36ED-42EF-9DFC-ADC34DA30CFF} (PatchInstaller.Installer) - file://E:\content\include\XPPatchInstaller.CAB
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1093199042468
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {8B1BC605-C593-4865-8F5B-05517F0CD0BB} (MSSecurityAdvisorCD Class) - file://E:\Content\include\msSecUcd.cab
O16 - DPF: {8EB3FF4E-86A1-4717-884D-7BA2D38272CB} (F-Secure Online Scanner) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (ASquaredScanForm Element) - http://www.windowsecurity.com/trojanscan/axscan.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{1F178218-7A77-4A1E-8BF2-764F4B481DC4}: NameServer = 217.237.151.97 217.237.150.33
O23 - Service: ewido security suite control - ewido networks - F:\Ewido_NEU\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - F:\Ewido_NEU\ewido\security suite\ewidoguard.exe
O23 - Service: GhostStartService - Symantec Corporation - C:\PROGRA~1\Symantec\NORTON~1\GHOSTS~2.EXE
O23 - Service: KJUYMM - ??????????????????????????????????? - C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\KJUYMM.exe
O23 - Service: Kaspersky Anti-Virus Service (KLBLMain) - Unknown owner - G:\Programme\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro 5\kavmm.exe" -run bl -n PersonalPro -v 5.0.0.0 -ttsr 10000000 (file missing)
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

Catweazle

It sounds like you were not able to Stop the service and then Disable. That was the first step I posted above.

Try this!

From the Desktop....
Start -> Run -> cmd (press 'Enter')

You should now have a Command Prompt window open

Enter the following commands, each followed by the enter key

sc stop KJUYMM
sc delete KJUYMM
exit


Then run HiJackTHis again and post a new log in this thread.



Note: Correct version of KAV Personal Pro is 5.0.388 (thanks to Udo)

Here is a link to it: http://www.kaspersky.com/de/downloads?chapter=146440656

I have done what you wrote, on error message came:

Mean in you Languages, The Service was not startete.

Is this OK so ?

Screen:

http://img159.imageshack.us/img159/1686/cmdfehler8tu.jpg

Catweazle

BTW here my New Log:

Logfile of HijackThis v1.99.1
Scan saved at 15:57:04, on 04.10.2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
F:\Ewido_NEU\ewido\security suite\ewidoctrl.exe
F:\Ewido_NEU\ewido\security suite\ewidoguard.exe
C:\PROGRA~1\Symantec\NORTON~1\GHOSTS~2.EXE
C:\WINDOWS\Explorer.EXE
G:\Programme\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro 5\kavmm.exe
C:\WINDOWS\Dit.exe
C:\Programme\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe
C:\WINDOWS\system32\sstray.exe
C:\Programme\Java\jre1.5.0_04\bin\jusched.exe
C:\Programme\QuickTime\qttask.exe
C:\Programme\Gemeinsame Dateien\Cloanto\Software Manager\softmngr.exe
G:\Programme\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro 5\kav.exe
C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Programme\Folding@Home\winFAH.exe
C:\Programme\Folding@Home\FahCore_78.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
F:\PROGRA~1\mozilla.org\Mozilla\Mozilla.exe
C:\WINDOWS\System32\svchost.exe
F:\High\hijackthis\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R3 - URLSearchHook: Cram Toolbar - {20929603-21DB-477C-BA6F-0B8E70B3C8A0} - G:\Programme\Gish\Gish\Cram Toolbar\untitled.dll (file missing)
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Programme\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Dit] Dit.exe
O4 - HKLM\..\Run: [GhostStartTrayApp] C:\Programme\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe
O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [CloantoSoftwareManager] "C:\Programme\Gemeinsame Dateien\Cloanto\Software Manager\softmngr.exe" /s
O4 - HKLM\..\Run: [THGuard] "F:\Programme\TrojanHunter 4.2\THGuard.exe"
O4 - HKLM\..\Run: [KAV50] "G:\Programme\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro 5\kav.exe" -run -n PersonalPro -v 5.0.0.0 -chkss
O4 - HKLM\..\Run: [twister] "C:\Programme\Filseclab\Twister\twister.exe" -a
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [gcasServ] "G:\Programme\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [Tau Monitor] G:\Programme\Agnitum\Tauscan 1.7\taumon.exe
O4 - HKLM\..\Run: [TrojanScanner] g:\TrojanRemover\Trjscan.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [Mozilla Quick Launch] "F:\Programme\mozilla.org\Mozilla\Mozilla.exe" -turbo
O4 - HKCU\..\Run: [iIWiper] G:\Programme\iISystem Wiper\SystemWiper.exe m
O4 - HKCU\..\Run: [eMuleAutoStart] F:\Programme\eMule\emule.exe -AutoStart
O4 - Startup: Folding@home 4.00.lnk = ?
O4 - Global Startup: Adobe Reader - Schnellstart.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = G:\Programme\Microsoft Office\Office10\OSA.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O16 - DPF: {3AF4DACE-36ED-42EF-9DFC-ADC34DA30CFF} (PatchInstaller.Installer) - file://E:\content\include\XPPatchInstaller.CAB
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1093199042468
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {8B1BC605-C593-4865-8F5B-05517F0CD0BB} (MSSecurityAdvisorCD Class) - file://E:\Content\include\msSecUcd.cab
O16 - DPF: {8EB3FF4E-86A1-4717-884D-7BA2D38272CB} (F-Secure Online Scanner) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (ASquaredScanForm Element) - http://www.windowsecurity.com/trojanscan/axscan.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{1F178218-7A77-4A1E-8BF2-764F4B481DC4}: NameServer = 217.237.151.97 217.237.150.33
O23 - Service: ewido security suite control - ewido networks - F:\Ewido_NEU\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - F:\Ewido_NEU\ewido\security suite\ewidoguard.exe
O23 - Service: GhostStartService - Symantec Corporation - C:\PROGRA~1\Symantec\NORTON~1\GHOSTS~2.EXE
O23 - Service: Kaspersky Anti-Virus Service (KLBLMain) - Unknown owner - G:\Programme\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro 5\kavmm.exe" -run bl -n PersonalPro -v 5.0.0.0 -ttsr 10000000 (file missing)
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe


Is this now Clean, and we have solved the Problem ?

Catweazle

OK, the unwanted service is gone. Two items to remove in HJT and you will be clean.


Check the following items in HijackThis.
(note: If any R* items do not appear in Safe Mode, re-run HiJackThis in Normal Mode and remove them after you finish removing these items.)
R3 - URLSearchHook: Cram Toolbar - {20929603-21DB-477C-BA6F-0B8E70B3C8A0} - G:\Programme\Gish\Gish\Cram Toolbar\untitled.dll (file missing)

O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u


Close all windows except HijackThis and click Fix checked.

Reboot in normal mode

Run HiJackThis again and post a new log in this thread.

Ok i have found only the 04-HKLM in the Safe Mode, and the other in the Normal Mode.

Here a New Log from the Normal Mode:

Logfile of HijackThis v1.99.1
Scan saved at 10:30:34, on 05.10.2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
F:\Ewido_NEU\ewido\security suite\ewidoctrl.exe
F:\Ewido_NEU\ewido\security suite\ewidoguard.exe
C:\PROGRA~1\Symantec\NORTON~1\GHOSTS~2.EXE
G:\Programme\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro 5\kavmm.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\Dit.exe
C:\Programme\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe
C:\WINDOWS\system32\sstray.exe
C:\Programme\Java\jre1.5.0_04\bin\jusched.exe
C:\Programme\QuickTime\qttask.exe
C:\Programme\Gemeinsame Dateien\Cloanto\Software Manager\softmngr.exe
G:\Programme\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro 5\kav.exe
C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
F:\Programme\mozilla.org\Mozilla\Mozilla.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Programme\Folding@Home\winFAH.exe
C:\Programme\Folding@Home\FahCore_78.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe
G:\HighjackThis\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Programme\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Dit] Dit.exe
O4 - HKLM\..\Run: [GhostStartTrayApp] C:\Programme\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe
O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [CloantoSoftwareManager] "C:\Programme\Gemeinsame Dateien\Cloanto\Software Manager\softmngr.exe" /s
O4 - HKLM\..\Run: [THGuard] "F:\Programme\TrojanHunter 4.2\THGuard.exe"
O4 - HKLM\..\Run: [KAV50] "G:\Programme\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro 5\kav.exe" -run -n PersonalPro -v 5.0.0.0 -chkss
O4 - HKLM\..\Run: [twister] "C:\Programme\Filseclab\Twister\twister.exe" -a
O4 - HKLM\..\Run: [gcasServ] "G:\Programme\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [Tau Monitor] G:\Programme\Agnitum\Tauscan 1.7\taumon.exe
O4 - HKLM\..\Run: [TrojanScanner] g:\TrojanRemover\Trjscan.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [Mozilla Quick Launch] "F:\Programme\mozilla.org\Mozilla\Mozilla.exe" -turbo
O4 - HKCU\..\Run: [iIWiper] G:\Programme\iISystem Wiper\SystemWiper.exe m
O4 - HKCU\..\Run: [eMuleAutoStart] F:\Programme\eMule\emule.exe -AutoStart
O4 - Startup: Folding@home 4.00.lnk = ?
O4 - Global Startup: Adobe Reader - Schnellstart.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = G:\Programme\Microsoft Office\Office10\OSA.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O16 - DPF: {3AF4DACE-36ED-42EF-9DFC-ADC34DA30CFF} (PatchInstaller.Installer) - file://E:\content\include\XPPatchInstaller.CAB
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1093199042468
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {8B1BC605-C593-4865-8F5B-05517F0CD0BB} (MSSecurityAdvisorCD Class) - file://E:\Content\include\msSecUcd.cab
O16 - DPF: {8EB3FF4E-86A1-4717-884D-7BA2D38272CB} (F-Secure Online Scanner) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (ASquaredScanForm Element) - http://www.windowsecurity.com/trojanscan/axscan.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{1F178218-7A77-4A1E-8BF2-764F4B481DC4}: NameServer = 217.237.151.97 217.237.150.33
O23 - Service: ewido security suite control - ewido networks - F:\Ewido_NEU\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - F:\Ewido_NEU\ewido\security suite\ewidoguard.exe
O23 - Service: GhostStartService - Symantec Corporation - C:\PROGRA~1\Symantec\NORTON~1\GHOSTS~2.EXE
O23 - Service: Kaspersky Anti-Virus Service (KLBLMain) - Unknown owner - G:\Programme\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro 5\kavmm.exe" -run bl -n PersonalPro -v 5.0.0.0 -ttsr 10000000 (file missing)
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

Is this now a Clean Log ?

Catweazle

All clean!!

Thank you verry much

Catweazle