Don't know how to get rid of virus - Free Antivirus Forum

Don't know how to get rid of virus

BullGuard Antivirus Forum > Virus Removal > Removal Help > Don't know how to get rid of virus

Forum Quick Jump

[ << Previous Thread | Next Thread >> ]

paradigm
New Member

Date Joined Sep 2007
Total Posts : 5

Posted 9-26-2007 8:45 (GMT +1)

Dear helper,

My laptop was recently infested with some worm that i think i got rid of. I didn't have proper antivirus protection and through trying to get one as fast as possible I "accidentally" downloaded WinAntiVirusPro 2007, which didn't take care of anything. My computer is running slow, i get popups left and right and my keyboard seems to have taken a hit as well; doesn't matter how fast or slow/hard or soft i type, sometimes the letters just don't appear. I read some threads with this gebawvw.dll file thing, but am scared to accidentally delete something important. Running my antivirus program three threats always appear which are exactly those: gebawvw.dll, and some other .dll files all within the system 32 cache. I don't know much about computers, except that this winantivirus program didn't solve anything and i ended up paying 60 bucks for nothing really. In case you could help me, please let me know....i posted my HJT log below so you can see for yourself. I also downloaded several free programs, which in the end kicked out my Winantivirus, all for the better i hope, which i got from the thread i referred to ("Trojan Dialer, Downloader,+ Others"). Please help me, I'd really appreciate it!!!!

Logfile of HijackThis v1.99.1
Scan saved at 09:30:27, on 26.09.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Intel\Wireless\Bin\EvtEng.exe
C:\Programme\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
C:\Programme\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\bgsvcgen.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Programme\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Programme\Sony\VAIO Event Service\VESMgr.exe
C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\Programme\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\msiexec.exe
C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Dokumente und Einstellungen\Christian\Desktop\alternativ.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Malicious Scripts Scanner - {55EA1964-F5E4-4D6A-B9B2-125B37655FCB} - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Prevx\pxbho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\PROGRA~1\GOOGLE~1\BAE.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SearchIndexer] rundll32.exe "C:\WINDOWS\system32\kqxxltwr.dll",sitypnow
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Programme\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: RSS-Support-Site zu VAIO Information FLOW hinzufügen - C:\Programme\Sony\VAIO Information FLOW\aiesc.html
O8 - Extra context menu item: Übertragen mit Image Converter 2 Plus - C:\Programme\Sony\Image Converter 2\menu.htm
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://www.club-vaio.com/de/
O15 - Trusted Zone: *.sony-europe.com
O15 - Trusted Zone: *.sonystyle-europe.com
O15 - Trusted Zone: *.vaio-link.com
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.mail.live.com/mail/w1/resources/MSNPUpld.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Programme\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: VESWinlogon - C:\WINDOWS\SYSTEM32\VESWinlogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe Active File Monitor V4 (AdobeActiveFileMonitor4.0) - Unknown owner - C:\Programme\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Programme\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Programme\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Image Converter video recording monitor for VAIO Entertainment - Sony Corporation - C:\Programme\Sony\Image Converter 2\IcVzMon.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Programme\iPod\bin\iPodService.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: PREVXAgent - Unknown owner - C:\Programme\Prevx2\PXAgent.exe (file missing)
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Programme\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Programme\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Programme\Gemeinsame Dateien\Sony Shared\Avlib\SSScsiSV.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Programme\Sony\VAIO Event Service\VESMgr.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Programme\Sony\VAIO Media Integrated Server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Unknown owner - C:\Programme\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-IntegratedServer-HTTP /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="Applications\IntegratedServer\HTTP (file missing)
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Programme\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Unknown owner - C:\Programme\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe" /Service=VAIOMediaPlatform-Mobile-Gateway /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Addons\Packages\Mobile\Gateway" /DisplayName="VAIO Media Gateway Server (file missing)
O23 - Service: VAIO Cooporated Initialisation (VCI) - Sony Corporation - C:\Programme\Sony\VAIO Cooperated Initialisation\VCI_SVC.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe

Touch
Forum Moderator

Date Joined Jun 2004
Total Posts : 13812

Posted 9-26-2007 9:18 (GMT +1)

Hi paradigm scool

Click here - ->> Before posting a log

After You have run the scan tools -

Reboot normally

Post Hijackthis log along with AVG Anti-Spyware log, C: Rootlog TXT, C: combofix txt in this topic

Do NOT post your problem in someone elses thread.

Member of - Alliance of Security Analysis Professionals

paradigm
New Member

Date Joined Sep 2007
Total Posts : 5

Posted 9-26-2007 4:11 (GMT +1)

Ok....I did as u said and all the logs and scan results are here:

first HJT:

Logfile of HijackThis v1.99.1
Scan saved at 17:07:00, on 26.09.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Intel\Wireless\Bin\EvtEng.exe
C:\Programme\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
C:\Programme\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\bgsvcgen.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Programme\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Programme\Sony\VAIO Event Service\VESMgr.exe
C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
C:\WINDOWS\system32\dllhost.exe
C:\Programme\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Dokumente und Einstellungen\Christian\Desktop\alternativ.exe

-AVG Log-

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 16:44:22 26.09.2007

+ Scan result:

C:\System Volume Information\_restore{5231D8A2-AF31-4B4F-BBBD-46BBABA4FE17}\RP230\A0041637.dll -> Adware.Companion : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5231D8A2-AF31-4B4F-BBBD-46BBABA4FE17}\RP230\A0041635.dll -> Adware.ErrorSafe : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5231D8A2-AF31-4B4F-BBBD-46BBABA4FE17}\RP230\A0041638.exe -> Adware.SystemDoctor : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5231D8A2-AF31-4B4F-BBBD-46BBABA4FE17}\RP230\A0041636.exe -> Adware.WinFixer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5231D8A2-AF31-4B4F-BBBD-46BBABA4FE17}\RP230\A0041633.exe -> Backdoor.SdBot.bxr : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5231D8A2-AF31-4B4F-BBBD-46BBABA4FE17}\RP230\A0041631.exe -> Downloader.Agent.alr : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5231D8A2-AF31-4B4F-BBBD-46BBABA4FE17}\RP230\A0041632.exe -> Downloader.Agent.alr : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5231D8A2-AF31-4B4F-BBBD-46BBABA4FE17}\RP230\A0041634.exe -> Downloader.Tiny.id : Cleaned with backup (quarantined).
C:\Dokumente und Einstellungen\Christian\Cookies\christian@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned.

::Report end

-Rootlog TXT-

********************************* ROOTCHK-(21-09-07)-LOG, by ejvindh
26.09.2007 17:01:07,02

The rootkits that are detected by this tool were not found.

********************************* ROOTCHK-LOG-end

catchme 0.3.1160 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-09-26 17:01:08
Windows 5.1.2600 Service Pack 2
scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

scanning hidden files ...

hidden processes: 0
hidden services: 0
hidden files: 0

-Combofix-

ComboFix 07-09-21.2 - "Christian" 2007-09-26 17:02:36.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.49.1031.18.701 [GMT 2:00]
.

(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\cookies.ini

.
((((((((((((((((((((((( Dateien erstellt von 2007-08-26 bis 2007-09-26 ))))))))))))))))))))))))))))))
.

2007-09-26 09:20 <DIR> d-------- C:\Programme\SUPERAntiSpyware
2007-09-26 09:20 <DIR> d-------- C:\DOKUME~1\CHRIST~1\ANWEND~1\SUPERAntiSpyware.com
2007-09-26 09:20 <DIR> d-------- C:\DOKUME~1\ALLUSE~1\ANWEND~1\SUPERAntiSpyware.com
2007-09-26 09:17 <DIR> d-------- C:\Programme\Gemeinsame Dateien\Wise Installation Wizard
2007-09-25 20:50 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-09-25 18:51 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-09-25 18:35 <DIR> d-------- C:\Programme\CCleaner
2007-09-25 08:49 84,032 --a------ C:\WINDOWS\system32\kqxxltwr.dll
2007-09-24 18:15 <DIR> d-------- C:\Birthday Tossa
2007-09-21 12:22 87,616 --a------ C:\WINDOWS\system32\tctwdgfr.dll
2007-09-17 15:24 1,716 --a------ C:\WINDOWS\system32\tmp.reg
2007-09-17 15:09 53,248 --a------ C:\WINDOWS\system32\Process.exe
2007-09-17 15:09 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2007-09-17 15:09 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2007-09-17 15:00 9,216 --a------ C:\WINDOWS\system32\drivers\tdird.sys
2007-09-17 01:51 <DIR> d-------- C:\WINDOWS\pss
2007-09-16 01:13 6,144 --a------ C:\WINDOWS\system32\daila.exe
2007-09-16 01:13 <DIR> d-------- C:\Programme\Gemeinsame Dateien\DriveCleaner
2007-09-16 01:13 <DIR> d-------- C:\Programme\DriveCleaner
2007-09-15 15:44 <DIR> d-------- C:\WINDOWS\B7A7E6C29D3743AAA4CBD8563D686C83.TMP
2007-09-15 14:11 <DIR> d-------- C:\DOKUME~1\CHRIST~1\ANWEND~1\Prevx
2007-09-15 14:09 <DIR> d-------- C:\DOKUME~1\ALLUSE~1\ANWEND~1\Prevx
2007-09-14 23:39 99,865 --a--c--- C:\WINDOWS\system32\dllcache\xlog.exe
2007-09-14 23:39 4,608 --a--c--- C:\WINDOWS\system32\dllcache\xrxflnch.exe
2007-09-14 23:39 27,648 --a--c--- C:\WINDOWS\system32\dllcache\xrxftplt.exe
2007-09-14 23:39 23,040 --a--c--- C:\WINDOWS\system32\dllcache\xrxwbtmp.dll
2007-09-14 23:39 19,455 --a--c--- C:\WINDOWS\system32\dllcache\wvchntxx.sys
2007-09-14 23:39 17,920 --a--c--- C:\WINDOWS\system32\dllcache\xrxscnui.dll
2007-09-14 23:39 16,970 --a--c--- C:\WINDOWS\system32\dllcache\xem336n5.sys
2007-09-14 23:39 116,736 --a--c--- C:\WINDOWS\system32\dllcache\xrxwiadr.dll
2007-09-14 21:35 <DIR> d-------- C:\WINDOWS\SxsCaPendDel
2007-09-14 12:34 8,704 --a------ C:\WINDOWS\system32\SpOrder.dll
2007-09-14 12:34 24,064 --a------ C:\WINDOWS\system32\msxml3a.dll
2007-09-11 21:03 <DIR> d-------- C:\DOKUME~1\CHRIST~1\ANWEND~1\SecondLife

.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-09-20 23:01 --------- d-------- C:\DOKUME~1\CHRIST~1\ANWEND~1\Sony Corporation
2007-09-14 16:44 --------- d-------- C:\Programme\FinePixViewer
2007-09-14 12:25 --------- d-------- C:\Programme\Symantec
2007-09-14 12:25 --------- d-------- C:\Programme\Gemeinsame Dateien\Symantec Shared
2007-09-14 12:25 --------- d-------- C:\DOKUME~1\CHRIST~1\ANWEND~1\Symantec
2007-09-14 12:25 --------- d-------- C:\DOKUME~1\ALLUSE~1\ANWEND~1\Symantec
2007-09-11 19:02 --------- d-------- C:\Programme\LowRateVoip
2007-09-08 22:40 --------- d-------- C:\DOKUME~1\CHRIST~1\ANWEND~1\AdobeUM
2007-09-06 10:00 --------- d-------- C:\Programme\iTunes
2007-09-06 09:59 --------- d-------- C:\Programme\Google BAE
2007-09-06 09:54 --------- d-------- C:\Programme\Apoint
2007-08-29 11:41 --------- d-------- C:\Programme\Gemeinsame Dateien\Real
2007-08-29 11:41 --------- d-------- C:\DOKUME~1\CHRIST~1\ANWEND~1\Real
2007-08-22 21:21 --------- d-------- C:\DOKUME~1\CHRIST~1\ANWEND~1\LowRateVoip
2007-08-15 10:53 --------- d-------- C:\Programme\MSXML 6.0
2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\cdm.dll
2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\wuapi.dll
2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\wuauclt.exe
2007-07-30 19:19 43352 --a------ C:\WINDOWS\system32\wups2.dll
2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\wucltui.dll
2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\wuweb.dll
2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\wuaueng.dll
2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\wups.dll
2007-06-26 08:08 1104896 --a------ C:\WINDOWS\system32\msxml3.dll
2007-04-10 14:58 1253616 --a------ C:\Programme\WindowsXP-KB893357-v2-x86-DEU.exe
.

(((((((((((((((((((((((((((((   snapshot_2007-09-26_ 91151.64   )))))))))))))))))))))))))))))))))))))))))
.
----a-r            29,696 2007-09-26 07:20:05 C:\WINDOWS\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF11.exe
----a-r            18,944 2007-09-26 07:20:05 C:\WINDOWS\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF13.exe
----a-r            65,024 2007-09-26 07:20:05 C:\WINDOWS\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF15.exe
.
.
((((((((((((((((((((((((((((   Autostart Punkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.

*Hinweis* leere Eintrage & legitime Standardeintrage werden nicht angezeigt.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="C:\Programme\QuickTime\qttask.exe" [2006-10-25 19:58]
"SearchIndexer"="C:\WINDOWS\system32\kqxxltwr.dll" [2007-09-25 08:49]
"!AVG Anti-Spyware"="C:\Programme\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 11:25]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 14:00]
"SUPERAntiSpyware"="C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Programme\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Programme\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Programme\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
VESWinlogon.dll 2006-06-20 16:11 73728 C:\WINDOWS\system32\VESWinlogon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Adobe Reader - Schnellstart.lnk]
path=C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Adobe Reader - Schnellstart.lnk
backup=C:\WINDOWS\pss\Adobe Reader - Schnellstart.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Exif Launcher 2.lnk]
path=C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Exif Launcher 2.lnk
backup=C:\WINDOWS\pss\Exif Launcher 2.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^TrayMin210.exe.lnk]
path=C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\TrayMin210.exe.lnk
backup=C:\WINDOWS\pss\TrayMin210.exe.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AAWTray]
C:\Programme\Lavasoft\Ad-Aware 2007\AAWTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 7.0]
"C:\Programme\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
ALCMTR.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint]
C:\Programme\Apoint\Apoint.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AzMixerSel]
C:\Programme\Realtek\InstallShield\AzMixerSel.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BigDogPath]
C:\WINDOWS\VM_STI.EXE Philips SPC210NC Webcam

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DC6cw]
"C:\Programme\Gemeinsame Dateien\DriveCleaner\DC6cw.exe" -c

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DriveCleaner]
"C:\Programme\DriveCleaner\DC.exe" /min

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
C:\WINDOWS\ehome\ehtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]
C:\WINDOWS\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]
C:\WINDOWS\system32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]
C:\WINDOWS\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISBMgr.exe]
C:\Programme\Sony\ISB Utility\ISBMgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Programme\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Mouse Suite 98 Daemon]
ICO.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PrevxOne]
"C:\Programme\Prevx2\PXConsole.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Programme\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\REGSHAVE]
C:\Programme\REGSHAVE\REGSHAVE.EXE /AUTORUN

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]
SkyTel.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SonyPowerCfg]
"C:\Programme\Sony\VAIO Power Management\SPMgr.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Switcher.exe]
C:\Programme\Sony\Wireless Switch Setting Utility\Switcher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SystemOptimizer]
rundll32.exe "C:\WINDOWS\system32\mathjmjo.dll",forkonce

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
"C:\Programme\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VAIO Update 2]
"C:\Programme\Sony\VAIO Update 2\VAIOUpdt.exe" /Stationary

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WA6PU_Check]
"C:\Programme\Gemeinsame Dateien\DriveCleaner Free\udcwap.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\wa7pcw]
"C:\Programme\Gemeinsame Dateien\WinAntiVirus Pro 2007\wa7pcw.exe" -c

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinAntiVirus Pro 2007]
C:\Programme\WinAntiVirus Pro 2007\WinAv.exe /min

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Lsass Services]
C:\WINDOWS\system\lsass.exe

R0 PrevxDriver;PREVX Kernel Mode Agent;C:\WINDOWS\system32\DRIVERS\pxfsf.sys
R1 PREVXTdi;PREVX TDI filter;C:\WINDOWS\system32\DRIVERS\pxtdi.sys
R1 PXRDDriver;PREVX Rootkitscan driver;C:\WINDOWS\system32\DRIVERS\pxrd.sys
R1 tdird.sys;tdird.sys;\??\C:\WINDOWS\system32\drivers\tdird.sys
R3 NETw3x32;Intel(R) PRO/Wireless 3945ABG Adaptertreiber für Windows XP 32 Bit;C:\WINDOWS\system32\DRIVERS\NETw3x32.sys
R3 ti21sony;ti21sony;C:\WINDOWS\system32\drivers\ti21sony.sys
S3 ASPI;Advanced SCSI Programming Interface Driver;\??\C:\WINDOWS\System32\DRIVERS\ASPI32.sys
S3 DMSKSSRh;DMSKSSRh;\??\C:\DOKUME~1\CHRIST~1\LOKALE~1\Temp\DMSKSSRh.sys
S3 Image Converter video recording monitor for VAIO Entertainment;Image Converter video recording monitor for VAIO Entertainment;C:\Programme\Sony\Image Converter 2\IcVzMon.exe
S3 PREVXEmulator;PREVX Emulator driver;C:\WINDOWS\system32\DRIVERS\PxEmu.sys

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e4010ca1-56ef-11dc-92ef-0018de9fe629}]
AutoRun\command- G:\Autorun.exe /run
Shell00\Command- G:\Autorun.exe /run
Shell01\Command- G:\Autorun.exe /action
Shell02\Command- G:\Autorun.exe /uninstall

.
**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-09-26 17:04:20
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

C:\ComboFix\sed.cfexe [712] 0x84BC15B0

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-09-26 17:05:08
C:\ComboFix-quarantined-files.txt ... 2007-09-26 17:05
C:\ComboFix2.txt ... 2007-09-26 09:12
.
--- E O F ---

I hope this helps.....I really appreciate your help with this! It's good to finally know I'm talking to someone that knows what he/she is doing.

Cheers

Forum Information

Currently it is Wednesday, December 03, 2008 7:16 AM (GMT +1)
There are a total of 64.512 posts in 15.910 threads.
In the last 3 days there were 19 new threads and 75 reply posts. View Active Threads