trojan? virus? malware !

I have to be quick. My computer keeps switching off. There is no signal suddenly to the screen. it appears dead, but the computer itself still has a light on at the front. And, if I press the start, nothing happens. I have to turn the whole machine off first and then I can turn it on.
Normally it switches off in the middle of a spybot or rededit or grisoft run, but just now it switched off when I was typing this post !!!
Here is a hijack log... can anyone help.... thank you very very much in advance !!

 

Hi baschetti!
Welcome to Major Geeks!
Please check for overheating before you continue looking for malware. Ask in the hardware or software forums if there is a way to do this when your computer is switching off so quickly.

If possible please try to do the following:
I'm going to post two sets of instructions below. Each will be enclosed in separate Quote boxes. Make sure to complete the first one 100% before moving on to the second one.

IMPORTANT: Do NOT run any other options until you are asked to do so!
ATTACH THE FIRST LOG NOW BEFORE CONTINUING OR YOU WILL OVERWRITE IT!!!! And then immediately continue on to the below steps.

A reboot may be needed to finish the cleaning process, if you computer does not restart automatically please do it yourself manually. BUT Reboot in Safe Mode.

The tool will create a log named rapport.txt in the root of your drive, eg: Local Disk C: or partition where your operating system is installed.

Now reboot into normal mode and attach this new rapport.txt log here.
Now attach new logs from:

* GetRunKey
* ShowNew
* HJT ---> Properly downloaded and renamed as per the Read and Run First sticky

How are things working now?

abri

 

thanks for the quick reply. I have here the first log:

SmitFraudFix v2.231

Scan done at 19:08:12,48, 27.09.2007
Run from D:\Dokumente und Einstellungen\aa\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is FAT32
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» Process

D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\ATKKBService.exe
D:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
D:\WINDOWS\system32\ctfmon.exe
D:\Programme\Microsoft ActiveSync\wcescomm.exe
D:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
D:\PROGRA~1\Grisoft\AVG7\avgemc.exe
D:\WINDOWS\system32\CTsvcCDA.EXE
D:\PROGRA~1\MICROS~3\rapimgr.exe
D:\Programme\Icecast2 Win32\icecastService.exe
D:\WINDOWS\system32\nvsvc32.exe
D:\WINDOWS\system32\wscntfy.exe
D:\Programme\Grisoft\AVG7\avgcc.exe
D:\Programme\Mozilla Firefox\firefox.exe
D:\WINDOWS\system32\cmd.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts

»»»»»»»»»»»»»»»»»»»»»»»» D:\

»»»»»»»»»»»»»»»»»»»»»»»» D:\WINDOWS

»»»»»»»»»»»»»»»»»»»»»»»» D:\WINDOWS\system

»»»»»»»»»»»»»»»»»»»»»»»» D:\WINDOWS\Web

»»»»»»»»»»»»»»»»»»»»»»»» D:\WINDOWS\system32

»»»»»»»»»»»»»»»»»»»»»»»» D:\WINDOWS\system32\LogFiles

»»»»»»»»»»»»»»»»»»»»»»»» D:\Dokumente und Einstellungen\aa

»»»»»»»»»»»»»»»»»»»»»»»» D:\Dokumente und Einstellungen\aa\Application Data

»»»»»»»»»»»»»»»»»»»»»»»» Start Menu

»»»»»»»»»»»»»»»»»»»»»»»» D:\DOKUME~1\aa\FAVORI~1

»»»»»»»»»»»»»»»»»»»»»»»» Desktop

»»»»»»»»»»»»»»»»»»»»»»»» D:\Programme

»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys

»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Die derzeitige Homepage"

»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""

»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""
»»»»»»»»»»»»»»»»»»»»»»»» Rustock

»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: Realtek RTL8139-Familie-PCI-Fast Ethernet-NIC - Paketplaner-Miniport
DNS Server Search Order: 192.168.2.1

HKLM\SYSTEM\CCS\Services\Tcpip\..\{B3DF0834-4E14-4C1C-9EF6-FABD20108B79}: DhcpNameServer=192.168.2.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{B3DF0834-4E14-4C1C-9EF6-FABD20108B79}: DhcpNameServer=192.168.2.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.2.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.2.1

»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection

»»»»»»»»»»»»»»»»»»»»»»»» End

 

I opened smitfraudfix and selected option two.
The first time I did it, as soon as I hit the "y" the computer switched off. I thn turned it completely off, went back in, in safe mode, run the program again and it worked.
Here is the NEW rapport log :
SmitFraudFix v2.231

Scan done at 19:22:57,28, 27.09.2007
Run from D:\Dokumente und Einstellungen\aa\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is FAT32
Fix run in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Killing process

»»»»»»»»»»»»»»»»»»»»»»»» hosts

»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri

»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

»»»»»»»»»»»»»»»»»»»»»»»» DNS

»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files

»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""

»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» End

Im not sure what the last part of your post means "*get run key and *shownew etc... what is that?

 

After posting, I switched the computer off, turned it on again in normal mode, run "spybot" and the computer "switched off". When I say switched off, I mean that everything sounds as if it goes dead. There is no more signal to the screen, but, the computer itself is still "on" as the light in the front indicates. I cant open the drive, can turn it on or off, so I have to turn it of with the switch at the back.

 

Thanks again very much for the help.

I assume when you say it is the power supply you think my logs look clean.

I dont have another to build in, but I will check the connections, and tomorrow I will try to find one to test

thanks again !

 

I was dubious about it being just a hardware problem because it shut down 90% of the time when running spybot or grisoft or regedit... but, I hoovered my computer! And I mean inside ! It was full of dust. I cleaned the cooler and then run grisoft again, and it ran the whole way through ! So I guess you were right.
If it shutsdown again, the next stpe is the alternative power source.

Thanks a million.
I think the people who work these boards deserve a medal. You do so much tireless work for others, who are mostly computer illiterate. I think your very patient, and very helpful, and the world is a better place because of it !
Keep up the good work !