Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Trojan-downloader.exe again(( [RESOLVED]

Started by juanitaya99 , Apr 14 2008 01:32 PM

  • This topic is locked This topic is locked

#1
juanitaya99
Posted 14 April 2008 - 01:32 PM

juanitaya99

    New Member

  • Member
  • Pip
  • 4 posts
Hello,

My computer also had yellow triangle and offered me to buy antispyware. And the system also says that it cannot find file C/windows/system32/winupdate.exe
I followed your instructions and scaned my computer with Malwarebyte's Anti-malware and SUPERAntiSpyware.
When i tried to do the full scan with Panda ActiveScan, my computer says that FireFox has an error and has to be closed.
Can you please help me to fix my computer?

Thank you beforehand.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:59:33, on 14.04.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
C:\Programme\Cisco Systems\VPN Client\cvpnd.exe
C:\Programme\Dell Network Assistant\hnm_svc.exe
C:\Programme\Gemeinsame Dateien\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\programme\gemeinsame dateien\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\GEMEIN~1\mcafee\mcproxy\mcproxy.exe
c:\PROGRA~1\GEMEIN~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Programme\Java\jre1.6.0_05\bin\jusched.exe
C:\Programme\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\stsystra.exe
C:\PROGRA~1\McAfee\MPS\mps.exe
C:\Programme\McAfee\MSK\MskSrver.exe
C:\Programme\ATI Technologies\ATI.ACE\CLI.EXE
C:\Programme\Synaptics\SynTP\SynTPEnh.exe
C:\Programme\Dell\QuickSet\quickset.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Programme\Dell\QuickSet\NICCONFIGSVC.exe
C:\Programme\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe
C:\Programme\SiteAdvisor\6253\SAService.exe
C:\Programme\Dell Support Center\bin\sprtsvc.exe
C:\Programme\Google\Google Desktop Search\GoogleDesktop.exe
C:\Programme\McAfee\MSK\MskAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Programme\SiteAdvisor\6253\SiteAdv.exe
C:\Programme\Corel\Corel Snapfire Plus\Corel Photo Downloader.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Programme\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Programme\McAfee\MPS\mpsevh.exe
C:\Programme\bhv\Bewerbungs Trainer\Reminder.exe
C:\Programme\ABBYY Lingvo 12\Lvagent.exe
C:\Programme\Google\Google Desktop Search\GoogleDesktopDisplay.exe
C:\Programme\WinZip E-Mail Companion\loadwzco.exe
C:\Programme\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Dell Support\DSAgnt.exe
C:\Programme\Dell Support Center\bin\sprtcmd.exe
C:\Programme\PAPAlert\PAPAlert.exe
C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\SSScsiSV.exe
C:\Programme\ABBYY Lingvo 12\Tutor.exe
C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Programme\Dell Network Assistant\ezi_hnm2.exe
C:\Programme\Digital Line Detect\DLG.exe
C:\Programme\WinZip\WZQKPICK.EXE
C:\Programme\ATI Technologies\ATI.ACE\cli.exe
C:\Programme\Mozilla Firefox\firefox.exe
C:\Programme\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.de/ig/dell?hl=de&client=dell-row&channel=de&ibd=0070112
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sparkpeop...other_goals.asp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.c...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.de/ig/dell?hl=de&client=dell-row&channel=de&ibd=0070112
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.c...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn0\yt.dll
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
R3 - URLSearchHook: Yuwie Toolbar - {3514492a-13ee-4da6-922e-5a4e407189ee} - C:\Programme\Yuwie\tbYuwi.dll
F3 - REG:win.ini: run="C:\WINDOWS\system32\winupdate.exe"
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programme\google\googletoolbar3.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Programme\SiteAdvisor\6253\SiteAdv.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O3 - Toolbar: Yuwie Toolbar - {3514492a-13ee-4da6-922e-5a4e407189ee} - C:\Programme\Yuwie\tbYuwi.dll
O3 - Toolbar: MYPOINTS - {A057A204-BACC-4D26-CEC4-75A487FD6484} - C:\Programme\mypoints\mypoints.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Programme\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [SynTPEnh] C:\Programme\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Programme\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Programme\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\GEMEIN~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Programme\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [MskAgentexe] C:\Programme\McAfee\MSK\MskAgent.exe
O4 - HKLM\..\Run: [SiteAdvisor] C:\Programme\SiteAdvisor\6253\SiteAdv.exe
O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Programme\Corel\Corel Snapfire Plus\Corel Photo Downloader.exe
O4 - HKLM\..\Run: [ICQ Lite] "C:\Programme\ICQLite\ICQLite.exe" -minimize
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Programme\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\Programme\Winamp\winampa.exe
O4 - HKLM\..\Run: [Bewerbungs Organizer] C:\Programme\bhv\Bewerbungs Trainer\Reminder.exe
O4 - HKLM\..\Run: [dscactivate] "C:\Programme\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [Lingvo Launcher] "C:\Programme\ABBYY Lingvo 12\Lvagent.exe" /STARTUP
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [WinZip E-Mail Companion OEAPI] "C:\Programme\WinZip E-Mail Companion\loadwzco.exe"
O4 - HKLM\..\Run: [ctfmona] C:\WINDOWS\system32\ctfmona.exe
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Programme\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ModemOnHold] C:\Programme\NetWaiting\netwaiting.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Programme\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [Skype] "C:\Programme\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Programme\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [PAPAlert] C:\Programme\PAPAlert\PAPAlert.exe
O4 - HKCU\..\Run: [AdobeUpdater] C:\Programme\Gemeinsame Dateien\Adobe\Updater5\AdobeUpdater.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [Tutor.exe] "C:\Programme\ABBYY Lingvo 12\Tutor.exe" /AS
O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Programme\ICQLite\ICQLite.exe -trayboot
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: MySurvey Messenger.lnk = C:\Programme\MySurvey Messenger\MySurveyMessenger.exe
O4 - Global Startup: Dell Network Assistant.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: VPN Client.lnk = ?
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Programme\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Search - http://edits.mywebse...?p=ZNxmk142YYDE
O8 - Extra context menu item: ???????? ? ???????????? PDF - res://C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: ????????????? ????????? ?????? ? Adobe PDF - res://C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Suche - res://C:\Programme\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Add to StyleFeeder - {54cac42e-a33b-44c0-b43f-df5949b436f4} - C:\Programme\StyleFeeder\IE\stylefeeder_script.js
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O9 - Extra button: ?????????? ????????? - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra button: StyleFeeder - {C1F0024B-8278-4999-B7E6-2718426D9FE6} - C:\Programme\StyleFeeder\IE\StyleFeeder.dll (HKCU)
O9 - Extra 'Tools' menuitem: StyleFeeder - {C1F0024B-8278-4999-B7E6-2718426D9FE6} - C:\Programme\StyleFeeder\IE\StyleFeeder.dll (HKCU)
O16 - DPF: {1A1F56AA-3401-46F9-B277-D57F3421F821} (FunGamesLoader Object) - http://mypoints.worl...GamesLoader.cab
O16 - DPF: {5E92F538-B50B-46C5-9C5F-C6EECED3F6C6} - http://www.infospace...pointsSetup.exe
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://vkontakte.ru/...geUploader4.cab
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinn...ed/wwlaunch.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Programme\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Programme\Bonjour\mDNSResponder.exe
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Programme\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\GEMEIN~1\McAfee\EmProxy\emproxy.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Advanced Networking Service (hnmsvc) - SingleClick Systems - C:\Programme\Dell Network Assistant\hnm_svc.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Programme\Gemeinsame Dateien\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\programme\gemeinsame dateien\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\GEMEIN~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\GEMEIN~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Programme\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee Inc. - C:\Programme\McAfee\MSK\MskSrver.exe
O23 - Service: MD Simple Burner Service (NetMDSB) - Sony Corporation - C:\Programme\Sony\MD Simple Burner\NetMDSB.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Programme\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: SiteAdvisor-Dienst (SiteAdvisor Service) - Unknown owner - C:\Programme\SiteAdvisor\6253\SAService.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Programme\Dell Support Center\bin\sprtsvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 16107 bytes

******************************




Malwarebytes' Anti-Malware 1.11
Database version: 623

Scan type: Quick Scan
Objects scanned: 32112
Time elapsed: 16 minute(s), 21 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


********************************


SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 04/14/2008 at 09:02 PM

Application Version : 4.0.1154

Core Rules Database Version : 3437
Trace Rules Database Version: 1429

Scan type : Complete Scan
Total Scan Time : 02:28:01

Memory items scanned : 822
Memory threats detected : 0
Registry items scanned : 6406
Registry threats detected : 5
File items scanned : 154639
File threats detected : 61

Trojan.Media-Codec/V3
HKLM\Software\Classes\CLSID\{E26CEADA-67B0-4543-BE8B-307F00265118}
HKCR\CLSID\{E26CEADA-67B0-4543-BE8B-307F00265118}
HKCR\CLSID\{E26CEADA-67B0-4543-BE8B-307F00265118}#xxx
HKCR\CLSID\{E26CEADA-67B0-4543-BE8B-307F00265118}\InprocServer32
HKCR\CLSID\{E26CEADA-67B0-4543-BE8B-307F00265118}\InprocServer32#ThreadingModel
C:\PROGRAMME\VIDEO ACTIVEX ACCESS\IESPLG.DLL

Rogue.Unclassified/Loader
C:\DECKARD\SYSTEM SCANNER\BACKUP\DOKUME~1\EUGENIA\LOKALE~1\TEMP\.TT4A0.TMP

Adware.Tracking Cookie
C:\Deckard\System Scanner\backup\WINDOWS\temp\Cookies\eugenia@mywebsearch[2].txt

Trojan.Fake-Drop/Gen
C:\DECKARD\SYSTEM SCANNER\BACKUP\WINDOWS\TEMP\SALM.EXE
C:\PROGRAM FILES\180SEARCH ASSISTANT\180SA.EXE
C:\PROGRAM FILES\180SEARCH ASSISTANT\SAU.EXE
C:\PROGRAM FILES\180SEARCHASSISTANT\SAAP.EXE
C:\PROGRAM FILES\180SEARCHASSISTANT\SAC.EXE
C:\PROGRAM FILES\180SOLUTIONS\SAIS.EXE
C:\PROGRAM FILES\SEEKMO\SEEKMOHOOK.DLL
C:\PROGRAM FILES\STC\CSV5P070.EXE
C:\PROGRAM FILES\SYSMNT\SSMGR.EXE
C:\PROGRAM FILES\ZANGO\ZANGO.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{08A5F15B-D5F0-4D17-893D-8B358608DCF6}\RP194\A0060033.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{08A5F15B-D5F0-4D17-893D-8B358608DCF6}\RP194\A0060035.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{08A5F15B-D5F0-4D17-893D-8B358608DCF6}\RP194\A0060036.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{08A5F15B-D5F0-4D17-893D-8B358608DCF6}\RP194\A0060037.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{08A5F15B-D5F0-4D17-893D-8B358608DCF6}\RP194\A0060038.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{08A5F15B-D5F0-4D17-893D-8B358608DCF6}\RP194\A0060039.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{08A5F15B-D5F0-4D17-893D-8B358608DCF6}\RP194\A0060040.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{08A5F15B-D5F0-4D17-893D-8B358608DCF6}\RP194\A0060041.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{08A5F15B-D5F0-4D17-893D-8B358608DCF6}\RP194\A0060042.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{08A5F15B-D5F0-4D17-893D-8B358608DCF6}\RP194\A0060044.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{08A5F15B-D5F0-4D17-893D-8B358608DCF6}\RP194\A0060045.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{08A5F15B-D5F0-4D17-893D-8B358608DCF6}\RP194\A0060046.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{08A5F15B-D5F0-4D17-893D-8B358608DCF6}\RP194\A0060048.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{08A5F15B-D5F0-4D17-893D-8B358608DCF6}\RP194\A0060049.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{08A5F15B-D5F0-4D17-893D-8B358608DCF6}\RP194\A0060050.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{08A5F15B-D5F0-4D17-893D-8B358608DCF6}\RP194\A0060051.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{08A5F15B-D5F0-4D17-893D-8B358608DCF6}\RP194\A0060052.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{08A5F15B-D5F0-4D17-893D-8B358608DCF6}\RP194\A0060053.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{08A5F15B-D5F0-4D17-893D-8B358608DCF6}\RP194\A0060054.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{08A5F15B-D5F0-4D17-893D-8B358608DCF6}\RP194\A0060055.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{08A5F15B-D5F0-4D17-893D-8B358608DCF6}\RP194\A0060056.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{08A5F15B-D5F0-4D17-893D-8B358608DCF6}\RP194\A0060057.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{08A5F15B-D5F0-4D17-893D-8B358608DCF6}\RP194\A0060058.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{08A5F15B-D5F0-4D17-893D-8B358608DCF6}\RP194\A0060059.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{08A5F15B-D5F0-4D17-893D-8B358608DCF6}\RP194\A0060060.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{08A5F15B-D5F0-4D17-893D-8B358608DCF6}\RP194\A0060061.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{08A5F15B-D5F0-4D17-893D-8B358608DCF6}\RP194\A0060062.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{08A5F15B-D5F0-4D17-893D-8B358608DCF6}\RP194\A0060063.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{08A5F15B-D5F0-4D17-893D-8B358608DCF6}\RP194\A0060064.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{08A5F15B-D5F0-4D17-893D-8B358608DCF6}\RP194\A0060065.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{08A5F15B-D5F0-4D17-893D-8B358608DCF6}\RP194\A0060066.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{08A5F15B-D5F0-4D17-893D-8B358608DCF6}\RP194\A0060067.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{08A5F15B-D5F0-4D17-893D-8B358608DCF6}\RP194\A0060068.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{08A5F15B-D5F0-4D17-893D-8B358608DCF6}\RP194\A0060069.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{08A5F15B-D5F0-4D17-893D-8B358608DCF6}\RP194\A0060070.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{08A5F15B-D5F0-4D17-893D-8B358608DCF6}\RP194\A0060071.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{08A5F15B-D5F0-4D17-893D-8B358608DCF6}\RP194\A0060072.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{08A5F15B-D5F0-4D17-893D-8B358608DCF6}\RP194\A0060073.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{08A5F15B-D5F0-4D17-893D-8B358608DCF6}\RP194\A0060074.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{08A5F15B-D5F0-4D17-893D-8B358608DCF6}\RP194\A0060075.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{08A5F15B-D5F0-4D17-893D-8B358608DCF6}\RP194\A0060076.DLL

Trojan.Unclassified/FMSXWQS
C:\SYSTEM VOLUME INFORMATION\_RESTORE{08A5F15B-D5F0-4D17-893D-8B358608DCF6}\RP172\A0039547.EXE

Trojan.Net-MSV/VPS-Variant
C:\SYSTEM VOLUME INFORMATION\_RESTORE{08A5F15B-D5F0-4D17-893D-8B358608DCF6}\RP187\A0056008.DLL

Trojan.Unknown Origin
C:\SYSTEM VOLUME INFORMATION\_RESTORE{08A5F15B-D5F0-4D17-893D-8B358608DCF6}\RP194\A0060030.ICO
C:\SYSTEM VOLUME INFORMATION\_RESTORE{08A5F15B-D5F0-4D17-893D-8B358608DCF6}\RP194\A0060031.ICO

Rogue.LiveSecurityCenter-Trace
C:\WINDOWS\DEFAULT.HTM

Trace.Known Threat Sources
C:\Deckard\System Scanner\backup\WINDOWS\temp\Temporary Internet Files\Content.IE5\2VLR46TC\favicon[2].ico
C:\Deckard\System Scanner\backup\WINDOWS\temp\Temporary Internet Files\Content.IE5\5JG4O5W4\stat[1].htm

Edited by juanitaya99, 14 April 2008 - 02:05 PM.

  • 0

Advertisements

#2
greyknight17
Posted 16 April 2008 - 08:54 AM

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
Welcome to GTG.

Download ATF Cleaner at http://www.atribune..../click.php?id=1
Double-click ATF-Cleaner.exe to run the program. Under Main choose Select All
Click the Empty Selected button.

If you use the Firefox browser click Firefox at the top and choose Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use the Opera browser click 'Opera' at the top and choose 'Select All'
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main menu to close the program.

Go to http://www.bleepingc...to-use-combofix and follow the instructions on how to install the Recovery Console and run ComboFix. Go through all the steps until posting the log part. Post the combofix log here.
  • 0

#3
juanitaya99
Posted 17 April 2008 - 02:45 AM

juanitaya99

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
Thank you for your help!
Here's the ComboFix log:

ComboFix 08-04-16.5 - Eugenia 2008-04-17 10:15:56.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1031.18.408 [GMT 2:00]
ausgeführt von:: C:\Dokumente und Einstellungen\Eugenia\Desktop\ComboFix.exe
* Neuer Wiederherstellungspunkt wurde erstellt
* Resident AV is active

.

(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Dokumente und Einstellungen\Eugenia\Anwendungsdaten\FunWebProducts
C:\WINDOWS\system32\config\systemprofile\Anwendungsdaten\Anti-Virus-Pro.com
C:\WINDOWS\system32\config\systemprofile\Anwendungsdaten\Microsoft\Internet Explorer\Quick Launch\Anti Virus Pro spyware remover.lnk

.
((((((((((((((((((((((( Dateien erstellt von 2008-03-17 bis 2008-04-17 ))))))))))))))))))))))))))))))
.

2008-04-14 21:59 . 2008-04-14 21:59 <DIR> d-------- C:\Programme\Trend Micro
2008-04-14 21:16 . 2008-04-14 21:16 <DIR> d-------- C:\Programme\Panda Security
2008-04-14 10:54 . 2008-04-14 17:47 <DIR> d-------- C:\Programme\SUPERAntiSpyware
2008-04-14 10:54 . 2008-04-14 10:54 <DIR> d-------- C:\Dokumente und Einstellungen\Eugenia\Anwendungsdaten\SUPERAntiSpyware.com
2008-04-14 10:54 . 2008-04-14 10:54 <DIR> d-------- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SUPERAntiSpyware.com
2008-04-14 10:53 . 2008-04-14 10:53 <DIR> d-------- C:\Programme\Gemeinsame Dateien\Wise Installation Wizard
2008-04-14 09:58 . 2008-04-14 09:58 <DIR> d-------- C:\Programme\Malwarebytes' Anti-Malware
2008-04-14 09:58 . 2008-04-14 09:58 <DIR> d-------- C:\Dokumente und Einstellungen\Eugenia\Anwendungsdaten\Malwarebytes
2008-04-14 09:58 . 2008-04-14 09:58 <DIR> d-------- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
2008-04-14 09:26 . 2008-04-14 09:26 <DIR> d-------- C:\Deckard
2008-04-12 00:56 . 2008-04-12 00:56 <DIR> d-------- C:\Programme\SendBlaster
2008-04-10 16:03 . 2008-04-10 16:03 184 --a------ C:\WINDOWS\wcx_ftp.ini
2008-04-09 00:13 . 2008-04-09 00:13 <DIR> d-------- C:\Dokumente und Einstellungen\Eugenia\Anwendungsdaten\Ewen Chia's My Free Website Builder
2008-04-09 00:12 . 2008-04-09 00:12 <DIR> d-------- C:\Programme\My Free Web Site Builder
2008-04-07 21:10 . 2008-04-07 21:10 <DIR> d-------- C:\Dokumente und Einstellungen\Eugenia\Anwendungsdaten\Thinstall
2008-04-07 19:09 . 2008-04-07 19:21 <DIR> d-------- C:\Programme\AdobePhotoshop10ru_RU
2008-04-07 16:40 . 2008-04-07 18:29 <DIR> d-------- C:\Programme\AdobeInDesign5CE
2008-04-06 02:16 . 2008-04-06 02:16 <DIR> d-------- C:\Dokumente und Einstellungen\Eugenia\Anwendungsdaten\Adobe Fireworks CS3
2008-04-06 02:14 . 2008-04-06 02:14 <DIR> d-------- C:\Programme\Bonjour
2008-04-06 01:01 . 2008-04-08 21:18 <DIR> d-------- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\FLEXnet
2008-04-05 23:47 . 2008-04-06 00:09 <DIR> d-------- C:\Programme\Adobe Acrobat 8 Professional
2008-04-04 21:02 . 2008-04-04 21:03 <DIR> d-------- C:\totalcmd
2008-04-04 21:02 . 2008-04-10 16:07 1,653 --a------ C:\WINDOWS\wincmd.ini
2008-04-04 21:02 . 2007-09-14 07:02 545 --a------ C:\WINDOWS\UC.PIF
2008-04-04 21:02 . 2007-09-14 07:02 545 --a------ C:\WINDOWS\RAR.PIF
2008-04-04 21:02 . 2007-09-14 07:02 545 --a------ C:\WINDOWS\PKZIP.PIF
2008-04-04 21:02 . 2007-09-14 07:02 545 --a------ C:\WINDOWS\PKUNZIP.PIF
2008-04-04 21:02 . 2007-09-14 07:02 545 --a------ C:\WINDOWS\NOCLOSE.PIF
2008-04-04 21:02 . 2007-09-14 07:02 545 --a------ C:\WINDOWS\LHA.PIF
2008-04-04 21:02 . 2007-09-14 07:02 545 --a------ C:\WINDOWS\ARJ.PIF
2008-03-30 15:27 . 2008-03-30 15:27 <DIR> d-------- C:\WINDOWS\Internet Logs
2008-03-30 15:27 . 2007-01-31 13:45 127,376 --a------ C:\WINDOWS\system32\drivers\dne2000.sys
2008-03-30 15:27 . 2007-01-31 13:45 101,904 --a------ C:\WINDOWS\system32\dneinobj.dll
2008-03-30 15:26 . 2008-03-30 15:26 <DIR> d-------- C:\Programme\Gemeinsame Dateien\Deterministic Networks
2008-03-30 15:26 . 2008-03-30 15:27 1,594 --a------ C:\WINDOWS\VPNInstall.MIF
2008-03-30 15:25 . 2008-03-30 15:25 <DIR> d-------- C:\Programme\Cisco Systems
2008-03-28 19:50 . 2008-03-28 19:50 <DIR> d-------- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\GRETECH
2008-03-28 19:49 . 2008-03-28 19:49 <DIR> d-------- C:\Dokumente und Einstellungen\Eugenia\Anwendungsdaten\GRETECH
2008-03-28 19:44 . 2008-03-28 19:44 <DIR> d-------- C:\Dokumente und Einstellungen\Eugenia\Anwendungsdaten\Media Player Classic
2008-03-22 20:34 . 2008-03-22 20:34 <DIR> d-------- C:\Programme\Gemeinsame Dateien\Macrovision Shared
2008-03-19 09:31 . 2008-03-29 16:30 <DIR> d-------- C:\Dokumente und Einstellungen\Eugenia\index.files
2008-03-17 10:23 . 2008-03-17 10:23 <DIR> d-------- C:\WINDOWS\system32\config\systemprofile\Anwendungsdaten\SiteAdvisor
2008-03-17 10:23 . 2008-03-17 10:24 <DIR> d-------- C:\WINDOWS\system32\config\systemprofile\Anwendungsdaten\MYPOINTS
2008-03-17 10:22 . 2008-03-17 10:22 <DIR> d-------- C:\WINDOWS\system32\config\systemprofile\Anwendungsdaten\Yahoo!

.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-17 08:13 --------- d---a-w C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP
2008-04-17 07:48 --------- d-----w C:\Dokumente und Einstellungen\Eugenia\Anwendungsdaten\Skype
2008-04-16 20:32 --------- d-----w C:\Programme\McAfee
2008-04-11 21:01 --------- d-----w C:\Programme\Gemeinsame Dateien\Adobe
2008-04-05 22:23 5,642 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
2008-04-04 10:42 --------- d-----w C:\Programme\Java
2008-03-20 08:03 1,845,376 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-20 08:03 1,845,376 ------w C:\WINDOWS\system32\dllcache\win32k.sys
2008-03-14 17:09 --------- d-----w C:\Dokumente und Einstellungen\Eugenia\Anwendungsdaten\Corel
2008-03-13 12:49 --------- d-----w C:\Programme\Microsoft.NET
2008-03-13 11:24 --------- d-----w C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\WinZip
2008-03-13 10:23 --------- d-----w C:\Programme\WinZip E-Mail Companion
2008-03-12 14:55 --------- d-----w C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Dell
2008-03-11 08:07 --------- d-----w C:\Programme\EmailMarketingDirector
2008-03-01 16:24 3,591,680 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
2008-03-01 12:54 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-03-01 12:54 826,368 ----a-w C:\WINDOWS\system32\dllcache\wininet.dll
2008-03-01 12:54 671,232 ----a-w C:\WINDOWS\system32\dllcache\mstime.dll
2008-03-01 12:54 478,208 ----a-w C:\WINDOWS\system32\dllcache\mshtmled.dll
2008-03-01 12:54 44,544 ----a-w C:\WINDOWS\system32\dllcache\pngfilt.dll
2008-03-01 12:54 233,472 ------w C:\WINDOWS\system32\dllcache\webcheck.dll
2008-03-01 12:54 193,024 ----a-w C:\WINDOWS\system32\dllcache\msrating.dll
2008-03-01 12:54 105,984 ------w C:\WINDOWS\system32\dllcache\url.dll
2008-03-01 12:54 102,912 ------w C:\WINDOWS\system32\dllcache\occache.dll
2008-03-01 12:54 1,159,680 ----a-w C:\WINDOWS\system32\dllcache\urlmon.dll
2008-02-29 08:55 625,664 ------w C:\WINDOWS\system32\dllcache\iexplore.exe
2008-02-29 08:54 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2008-02-22 10:00 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-02-20 06:50 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 06:50 282,624 ------w C:\WINDOWS\system32\dllcache\gdi32.dll
2008-02-20 05:33 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
2008-02-20 05:33 45,568 ------w C:\WINDOWS\system32\dllcache\dnsrslvr.dll
2008-02-20 05:33 148,992 ------w C:\WINDOWS\system32\dllcache\dnsapi.dll
2008-02-15 05:44 161,792 ------w C:\WINDOWS\system32\dllcache\ieakui.dll
2008-01-27 00:09 737,280 ----a-w C:\WINDOWS\iun6002.exe
2008-01-21 12:16 41,232 ----a-w C:\Dokumente und Einstellungen\Eugenia\Anwendungsdaten\GDIPFONTCACHEV1.DAT
2007-05-19 18:46 92,064 ----a-w C:\Dokumente und Einstellungen\Eugenia\mqdmmdm.sys
2007-05-19 18:46 9,232 ----a-w C:\Dokumente und Einstellungen\Eugenia\mqdmmdfl.sys
2007-05-19 18:46 79,328 ----a-w C:\Dokumente und Einstellungen\Eugenia\mqdmserd.sys
2007-05-19 18:46 66,656 ----a-w C:\Dokumente und Einstellungen\Eugenia\mqdmbus.sys
2007-05-19 18:46 6,208 ----a-w C:\Dokumente und Einstellungen\Eugenia\mqdmcmnt.sys
2007-05-19 18:46 5,936 ----a-w C:\Dokumente und Einstellungen\Eugenia\mqdmwhnt.sys
2007-05-19 18:46 4,048 ----a-w C:\Dokumente und Einstellungen\Eugenia\mqdmcr.sys
2007-05-19 18:46 25,600 ----a-w C:\Dokumente und Einstellungen\Eugenia\usbsermptxp.sys
2007-05-19 18:46 22,768 ----a-w C:\Dokumente und Einstellungen\Eugenia\usbsermpt.sys
.

(((((((((((((((((((((((((((( Autostart Punkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Hinweis* leere Eintrage & legitime Standardeintrage werden nicht angezeigt.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3514492A-13EE-4DA6-922E-5A4E407189EE}"= "C:\Programme\Yuwie\tbYuwi.dll" [2008-01-28 14:47 1555480]
"{A057A204-BACC-4D26-CEC4-75A487FD6484}"= "C:\Programme\mypoints\mypoints.dll" [2007-10-02 22:31 1909248]

[HKEY_CLASSES_ROOT\clsid\{3514492a-13ee-4da6-922e-5a4e407189ee}]

[HKEY_CLASSES_ROOT\clsid\{a057a204-bacc-4d26-cec4-75a487fd6484}]
[HKEY_CLASSES_ROOT\mypoints.MYPOINTS]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{A057A204-BACC-4D26-CEC4-75A487FD6484}"= C:\Programme\mypoints\mypoints.dll [2007-10-02 22:31 1909248]
"{3514492A-13EE-4DA6-922E-5A4E407189EE}"= C:\Programme\Yuwie\tbYuwi.dll [2008-01-28 14:47 1555480]

[HKEY_CLASSES_ROOT\clsid\{a057a204-bacc-4d26-cec4-75a487fd6484}]
[HKEY_CLASSES_ROOT\mypoints.MYPOINTS]

[HKEY_CLASSES_ROOT\clsid\{3514492a-13ee-4da6-922e-5a4e407189ee}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 16:00 15360]
"ModemOnHold"="C:\Programme\NetWaiting\netwaiting.exe" [2003-09-10 04:24 20480]
"DellSupport"="C:\Programme\Dell Support\DSAgnt.exe" [2006-08-28 23:57 395776]
"Skype"="C:\Programme\Skype\Phone\Skype.exe" [2007-01-29 16:36 25370152]
"MSMSGS"="C:\Programme\Messenger\msmsgs.exe" [2004-10-13 18:24 1694208]
"DellSupportCenter"="C:\Programme\Dell Support Center\bin\sprtcmd.exe" [2007-11-15 10:23 202544]
"PAPAlert"="C:\Programme\PAPAlert\PAPAlert.exe" [2007-06-16 11:52 172032]
"SUPERAntiSpyware"="C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-04-14 17:47 1481968]
"Tutor.exe"="C:\Programme\ABBYY Lingvo 12\Tutor.exe" [2007-07-05 22:15 992544]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Programme\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"SigmatelSysTrayApp"="stsystra.exe" [2006-09-22 13:06 282624 C:\WINDOWS\stsystra.exe]
"ATICCC"="C:\Programme\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-05-10 13:12 90112]
"SynTPEnh"="C:\Programme\Synaptics\SynTP\SynTPEnh.exe" [2006-09-22 13:47 761947]
"Dell QuickSet"="C:\Programme\Dell\QuickSet\quickset.exe" [2006-08-23 18:14 1032192]
"Broadcom Wireless Manager UI"="C:\WINDOWS\system32\WLTRAY.exe" [2006-11-01 06:48 1392640]
"DVDLauncher"="C:\Programme\CyberLink\PowerDVD\DVDLauncher.exe" [2005-12-09 22:29 49152]
"DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [2005-09-08 07:20 122940]
"ISUSPM Startup"="C:\PROGRA~1\GEMEIN~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 18:50 221184]
"ISUSScheduler"="C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe" [2004-07-27 18:50 81920]
"Google Desktop Search"="C:\Programme\Google\Google Desktop Search\GoogleDesktop.exe" [2007-01-12 13:15 169984]
"MskAgentexe"="C:\Programme\McAfee\MSK\MskAgent.exe" [2007-01-17 18:30 152144]
"SiteAdvisor"="C:\Programme\SiteAdvisor\6253\SiteAdv.exe" [2007-02-09 19:18 36904]
"Corel Photo Downloader"="C:\Programme\Corel\Corel Snapfire Plus\Corel Photo Downloader.exe" [2006-08-14 16:20 462336]
"ICQ Lite"="C:\Programme\ICQLite\ICQLite.exe" [2006-07-11 12:15 3144800]
"SsAAD.exe"="C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe" [2005-01-24 19:58 81920]
"Adobe Photo Downloader"="C:\Programme\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-16 11:45 63712]
"WinampAgent"="C:\Programme\Winamp\winampa.exe" [2007-05-15 00:22 35328]
"@"="" []
"Bewerbungs Organizer"="C:\Programme\bhv\Bewerbungs Trainer\Reminder.exe" [2005-05-28 15:40 1247232]
"dscactivate"="C:\Programme\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 10:24 16384]
"Lingvo Launcher"="C:\Programme\ABBYY Lingvo 12\Lvagent.exe" [2007-07-06 02:10 193824]
"Adobe Reader Speed Launcher"="C:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"WinZip E-Mail Companion OEAPI"="C:\Programme\WinZip E-Mail Companion\loadwzco.exe" [2007-11-19 03:00 75136]
"ctfmona"="C:\WINDOWS\system32\ctfmona.exe" [ ]
"Acrobat Assistant 8.0"="C:\Programme\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2008-01-11 19:54 623992]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 16:00 15360]

C:\Dokumente und Einstellungen\Eugenia\Startmen\Programme\Autostart\
MySurvey Messenger.lnk - C:\Programme\MySurvey Messenger\MySurveyMessenger.exe [2007-07-02 15:46:10 651264]

C:\Dokumente und Einstellungen\All Users\Startmen\Programme\Autostart\
Dell Network Assistant.lnk - C:\WINDOWS\Installer\{0240BDFB-2995-4A3F-8C96-18D41282B716}\Icon0240BDFB3.exe [2007-01-12 13:09:55 7168]
Digital Line Detect.lnk - C:\Programme\Digital Line Detect\DLG.exe [2007-01-12 13:03:45 24576]
VPN Client.lnk - C:\WINDOWS\Installer\{CCBAA1F7-E5E1-48B2-9ED9-A79C6A37CE78}\Icon3E5562ED7.ico [2008-03-30 15:27:45 6144]
WinZip Quick Pick.lnk - C:\Programme\WinZip\WZQKPICK.EXE [2007-12-03 12:10:00 394856]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Programme\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Programme\SUPERAntiSpyware\SASWINLO.DLL 2008-04-14 17:47 294912 C:\Programme\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Programme\\Gemeinsame Dateien\\McAfee\\MNA\\McNASvc.exe"=
"C:\\Programme\\ICQLite\\ICQLite.exe"=
"C:\\Programme\\SmartFTP Client\\SmartFTP.exe"=
"C:\\Programme\\Microsoft Office\\OFFICE11\\FRONTPG.EXE"=
"C:\\Programme\\Bonjour\\mDNSResponder.exe"=
"C:\\Programme\\Skype\\Phone\\Skype.exe"=
"C:\\Programme\\Dell Network Assistant\\ezi_hnm2.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"10421:UDP"= 10421:UDP:SingleClick Discovery Protocol
"10426:UDP"= 10426:UDP:SingleClick ICC

R2 sprtsvc_dellsupportcenter;SupportSoft Sprocket Service (dellsupportcenter);C:\Programme\Dell Support Center\bin\sprtsvc.exe [2007-11-15 10:23]
S3 C-Dilla;C-Dilla;C:\WINDOWS\system32\drivers\CDANT.SYS [2001-09-10 20:09]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9522e4e2-ce80-11dc-a5df-0019b94e2c66}]
\Shell\AutoRun\command - sxs.exe
\Shell\explore\Command - sxs.exe
\Shell\open\Command - sxs.exe

*Newly Created Service* - CATCHME
.
Inhalt des "geplante Tasks" Ordners
"2008-04-15 00:00:04 C:\WINDOWS\Tasks\McDefragTask.job"
- c:\programme\mcafee\mqc\QcConsol.exe'
"2008-03-31 23:00:18 C:\WINDOWS\Tasks\McQcTask.job"
- c:\programme\mcafee\mqc\QcConsol.exe
"2008-04-17 07:02:49 C:\WINDOWS\Tasks\User_Feed_Synchronization-{03889B89-62D6-4B76-AC1F-967260DF0865}.job"
- C:\WINDOWS\system32\msfeedssync.exe
.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-17 10:20:14
Windows 5.1.2600 Service Pack 2 NTFS

Scanne versteckte Prozesse...

Scanne versteckte Autostart Einträge...

Scanne versteckte Dateien...

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************
.
Zeit der Fertigstellung: 2008-04-17 10:21:52
ComboFix-quarantined-files.txt 2008-04-17 08:21:29

17 Verzeichnis(se), 18,714,566,656 Bytes frei
22 Verzeichnis(se), 18,726,912,000 Bytes frei
.
2008-04-11 09:18:27 --- E O F ---
  • 0

#4
greyknight17
Posted 17 April 2008 - 07:28 PM

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
Do you use the Yuwie toolbar or MyPoints? If not, or unsure what they are, let me know and also uninstall them via the Add/Remove Programs panel.

Download the Flash Disinfector at http://www.techsuppo...Disinfector.exe and save it to your desktop. Double-click on it to run it and follow the on-screen instructions.

Run a scan in HijackThis. Check each of the following if they still exist and hit 'Fix Checked' after you checked the last one:

F3 - REG:win.ini: run="C:\WINDOWS\system32\winupdate.exe"
O8 - Extra context menu item: &Search - http://edits.mywebse...?p=ZNxmk142YYDE

Open up your Notepad editor (Start->Run, type in notepad and click OK). Copy and paste the text into the quotebox below:

File::
C:\WINDOWS\system32\ctfmona.exe

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmona"=-
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"=0

Save this as CFScript.txt in the same location as the ComboFix.exe tool.
Drag the CFScript.txt into ComboFix.exe
Follow the prompts. When finished, it shall produce a log for you. Post that log in your next reply.

Note: Do not click on combofix's window while it's running. That may cause it to stall.

How is the computer running so far?
  • 0

#5
juanitaya99
Posted 18 April 2008 - 04:38 PM

juanitaya99

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
Hello
and thank you again for your help.
I've uninstalled both toolbars and here's the ComboFix log.
Computer is working better, I got rid of that annoing yellow triangle and there's no more notification that winupdate file was not find.
Thank you for your support again.
Evgenia


ComboFix 08-04-16.5 - Eugenia 2008-04-19 0:20:57.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1031.18.273 [GMT 2:00]
ausgeführt von:: C:\Dokumente und Einstellungen\Eugenia\Desktop\ComboFix.exe
* Resident AV is active

.

((((((((((((((((((((((( Dateien erstellt von 2008-03-18 bis 2008-04-18 ))))))))))))))))))))))))))))))
.

2008-04-14 21:59 . 2008-04-14 21:59 <DIR> d-------- C:\Programme\Trend Micro
2008-04-14 21:16 . 2008-04-14 21:16 <DIR> d-------- C:\Programme\Panda Security
2008-04-14 10:54 . 2008-04-14 17:47 <DIR> d-------- C:\Programme\SUPERAntiSpyware
2008-04-14 10:54 . 2008-04-14 10:54 <DIR> d-------- C:\Dokumente und Einstellungen\Eugenia\Anwendungsdaten\SUPERAntiSpyware.com
2008-04-14 10:54 . 2008-04-14 10:54 <DIR> d-------- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SUPERAntiSpyware.com
2008-04-14 10:53 . 2008-04-14 10:53 <DIR> d-------- C:\Programme\Gemeinsame Dateien\Wise Installation Wizard
2008-04-14 09:58 . 2008-04-14 09:58 <DIR> d-------- C:\Programme\Malwarebytes' Anti-Malware
2008-04-14 09:58 . 2008-04-14 09:58 <DIR> d-------- C:\Dokumente und Einstellungen\Eugenia\Anwendungsdaten\Malwarebytes
2008-04-14 09:58 . 2008-04-14 09:58 <DIR> d-------- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
2008-04-14 09:26 . 2008-04-14 09:26 <DIR> d-------- C:\Deckard
2008-04-12 00:56 . 2008-04-12 00:56 <DIR> d-------- C:\Programme\SendBlaster
2008-04-10 16:03 . 2008-04-10 16:03 184 --a------ C:\WINDOWS\wcx_ftp.ini
2008-04-09 00:13 . 2008-04-09 00:13 <DIR> d-------- C:\Dokumente und Einstellungen\Eugenia\Anwendungsdaten\Ewen Chia's My Free Website Builder
2008-04-09 00:12 . 2008-04-09 00:12 <DIR> d-------- C:\Programme\My Free Web Site Builder
2008-04-07 21:10 . 2008-04-07 21:10 <DIR> d-------- C:\Dokumente und Einstellungen\Eugenia\Anwendungsdaten\Thinstall
2008-04-07 19:09 . 2008-04-07 19:21 <DIR> d-------- C:\Programme\AdobePhotoshop10ru_RU
2008-04-07 16:40 . 2008-04-07 18:29 <DIR> d-------- C:\Programme\AdobeInDesign5CE
2008-04-06 02:16 . 2008-04-06 02:16 <DIR> d-------- C:\Dokumente und Einstellungen\Eugenia\Anwendungsdaten\Adobe Fireworks CS3
2008-04-06 02:14 . 2008-04-06 02:14 <DIR> d-------- C:\Programme\Bonjour
2008-04-06 01:01 . 2008-04-08 21:18 <DIR> d-------- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\FLEXnet
2008-04-05 23:47 . 2008-04-06 00:09 <DIR> d-------- C:\Programme\Adobe Acrobat 8 Professional
2008-04-04 21:02 . 2008-04-04 21:03 <DIR> d-------- C:\totalcmd
2008-04-04 21:02 . 2008-04-10 16:07 1,653 --a------ C:\WINDOWS\wincmd.ini
2008-04-04 21:02 . 2007-09-14 07:02 545 --a------ C:\WINDOWS\UC.PIF
2008-04-04 21:02 . 2007-09-14 07:02 545 --a------ C:\WINDOWS\RAR.PIF
2008-04-04 21:02 . 2007-09-14 07:02 545 --a------ C:\WINDOWS\PKZIP.PIF
2008-04-04 21:02 . 2007-09-14 07:02 545 --a------ C:\WINDOWS\PKUNZIP.PIF
2008-04-04 21:02 . 2007-09-14 07:02 545 --a------ C:\WINDOWS\NOCLOSE.PIF
2008-04-04 21:02 . 2007-09-14 07:02 545 --a------ C:\WINDOWS\LHA.PIF
2008-04-04 21:02 . 2007-09-14 07:02 545 --a------ C:\WINDOWS\ARJ.PIF
2008-03-30 15:27 . 2008-03-30 15:27 <DIR> d-------- C:\WINDOWS\Internet Logs
2008-03-30 15:27 . 2007-01-31 13:45 127,376 --a------ C:\WINDOWS\system32\drivers\dne2000.sys
2008-03-30 15:27 . 2007-01-31 13:45 101,904 --a------ C:\WINDOWS\system32\dneinobj.dll
2008-03-30 15:26 . 2008-03-30 15:26 <DIR> d-------- C:\Programme\Gemeinsame Dateien\Deterministic Networks
2008-03-30 15:26 . 2008-03-30 15:27 1,594 --a------ C:\WINDOWS\VPNInstall.MIF
2008-03-30 15:25 . 2008-03-30 15:25 <DIR> d-------- C:\Programme\Cisco Systems
2008-03-28 19:50 . 2008-03-28 19:50 <DIR> d-------- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\GRETECH
2008-03-28 19:49 . 2008-03-28 19:49 <DIR> d-------- C:\Dokumente und Einstellungen\Eugenia\Anwendungsdaten\GRETECH
2008-03-28 19:44 . 2008-03-28 19:44 <DIR> d-------- C:\Dokumente und Einstellungen\Eugenia\Anwendungsdaten\Media Player Classic
2008-03-22 20:34 . 2008-03-22 20:34 <DIR> d-------- C:\Programme\Gemeinsame Dateien\Macrovision Shared
2008-03-19 09:31 . 2008-03-29 16:30 <DIR> d-------- C:\Dokumente und Einstellungen\Eugenia\index.files

.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-18 21:41 --------- d-----w C:\Dokumente und Einstellungen\Eugenia\Anwendungsdaten\Skype
2008-04-18 21:37 --------- d---a-w C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP
2008-04-18 19:00 --------- d-----w C:\Programme\mypoints
2008-04-18 18:38 --------- d-----w C:\Programme\McAfee
2008-04-11 21:01 --------- d-----w C:\Programme\Gemeinsame Dateien\Adobe
2008-04-05 22:23 5,642 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
2008-04-04 10:42 --------- d-----w C:\Programme\Java
2008-03-20 08:03 1,845,376 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-20 08:03 1,845,376 ------w C:\WINDOWS\system32\dllcache\win32k.sys
2008-03-17 08:24 --------- d-----w C:\WINDOWS\system32\config\systemprofile\Anwendungsdaten\MYPOINTS
2008-03-17 08:23 --------- d-----w C:\WINDOWS\system32\config\systemprofile\Anwendungsdaten\SiteAdvisor
2008-03-17 08:22 --------- d-----w C:\WINDOWS\system32\config\systemprofile\Anwendungsdaten\Yahoo!
2008-03-14 17:09 --------- d-----w C:\Dokumente und Einstellungen\Eugenia\Anwendungsdaten\Corel
2008-03-13 12:49 --------- d-----w C:\Programme\Microsoft.NET
2008-03-13 11:24 --------- d-----w C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\WinZip
2008-03-13 10:23 --------- d-----w C:\Programme\WinZip E-Mail Companion
2008-03-12 14:55 --------- d-----w C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Dell
2008-03-11 08:07 --------- d-----w C:\Programme\EmailMarketingDirector
2008-03-01 16:24 3,591,680 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
2008-03-01 12:54 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-03-01 12:54 826,368 ----a-w C:\WINDOWS\system32\dllcache\wininet.dll
2008-03-01 12:54 671,232 ----a-w C:\WINDOWS\system32\dllcache\mstime.dll
2008-03-01 12:54 478,208 ----a-w C:\WINDOWS\system32\dllcache\mshtmled.dll
2008-03-01 12:54 44,544 ----a-w C:\WINDOWS\system32\dllcache\pngfilt.dll
2008-03-01 12:54 233,472 ------w C:\WINDOWS\system32\dllcache\webcheck.dll
2008-03-01 12:54 193,024 ----a-w C:\WINDOWS\system32\dllcache\msrating.dll
2008-03-01 12:54 105,984 ------w C:\WINDOWS\system32\dllcache\url.dll
2008-03-01 12:54 102,912 ------w C:\WINDOWS\system32\dllcache\occache.dll
2008-03-01 12:54 1,159,680 ----a-w C:\WINDOWS\system32\dllcache\urlmon.dll
2008-02-29 08:55 625,664 ------w C:\WINDOWS\system32\dllcache\iexplore.exe
2008-02-29 08:54 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2008-02-22 10:00 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-02-20 06:50 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 06:50 282,624 ------w C:\WINDOWS\system32\dllcache\gdi32.dll
2008-02-20 05:33 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
2008-02-20 05:33 45,568 ------w C:\WINDOWS\system32\dllcache\dnsrslvr.dll
2008-02-20 05:33 148,992 ------w C:\WINDOWS\system32\dllcache\dnsapi.dll
2008-02-15 05:44 161,792 ------w C:\WINDOWS\system32\dllcache\ieakui.dll
2008-01-27 00:09 737,280 ----a-w C:\WINDOWS\iun6002.exe
2008-01-21 12:16 41,232 ----a-w C:\Dokumente und Einstellungen\Eugenia\Anwendungsdaten\GDIPFONTCACHEV1.DAT
2007-05-19 18:46 92,064 ----a-w C:\Dokumente und Einstellungen\Eugenia\mqdmmdm.sys
2007-05-19 18:46 9,232 ----a-w C:\Dokumente und Einstellungen\Eugenia\mqdmmdfl.sys
2007-05-19 18:46 79,328 ----a-w C:\Dokumente und Einstellungen\Eugenia\mqdmserd.sys
2007-05-19 18:46 66,656 ----a-w C:\Dokumente und Einstellungen\Eugenia\mqdmbus.sys
2007-05-19 18:46 6,208 ----a-w C:\Dokumente und Einstellungen\Eugenia\mqdmcmnt.sys
2007-05-19 18:46 5,936 ----a-w C:\Dokumente und Einstellungen\Eugenia\mqdmwhnt.sys
2007-05-19 18:46 4,048 ----a-w C:\Dokumente und Einstellungen\Eugenia\mqdmcr.sys
2007-05-19 18:46 25,600 ----a-w C:\Dokumente und Einstellungen\Eugenia\usbsermptxp.sys
2007-05-19 18:46 22,768 ----a-w C:\Dokumente und Einstellungen\Eugenia\usbsermpt.sys
.

((((((((((((((((((((((((((((( snapshot@2008-04-17_10.21.14,82 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-04-17 07:40:00 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-04-18 21:34:36 2,048 --s-a-w C:\WINDOWS\bootstat.dat
.
(((((((((((((((((((((((((((( Autostart Punkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Hinweis* leere Eintrage & legitime Standardeintrage werden nicht angezeigt.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 16:00 15360]
"ModemOnHold"="C:\Programme\NetWaiting\netwaiting.exe" [2003-09-10 04:24 20480]
"DellSupport"="C:\Programme\Dell Support\DSAgnt.exe" [2006-08-28 23:57 395776]
"Skype"="C:\Programme\Skype\Phone\Skype.exe" [2007-01-29 16:36 25370152]
"MSMSGS"="C:\Programme\Messenger\msmsgs.exe" [2004-10-13 18:24 1694208]
"DellSupportCenter"="C:\Programme\Dell Support Center\bin\sprtcmd.exe" [2007-11-15 10:23 202544]
"PAPAlert"="C:\Programme\PAPAlert\PAPAlert.exe" [2007-06-16 11:52 172032]
"SUPERAntiSpyware"="C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-04-14 17:47 1481968]
"Tutor.exe"="C:\Programme\ABBYY Lingvo 12\Tutor.exe" [2007-07-05 22:15 992544]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Programme\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"SigmatelSysTrayApp"="stsystra.exe" [2006-09-22 13:06 282624 C:\WINDOWS\stsystra.exe]
"ATICCC"="C:\Programme\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-05-10 13:12 90112]
"SynTPEnh"="C:\Programme\Synaptics\SynTP\SynTPEnh.exe" [2006-09-22 13:47 761947]
"Dell QuickSet"="C:\Programme\Dell\QuickSet\quickset.exe" [2006-08-23 18:14 1032192]
"Broadcom Wireless Manager UI"="C:\WINDOWS\system32\WLTRAY.exe" [2006-11-01 06:48 1392640]
"DVDLauncher"="C:\Programme\CyberLink\PowerDVD\DVDLauncher.exe" [2005-12-09 22:29 49152]
"DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [2005-09-08 07:20 122940]
"ISUSPM Startup"="C:\PROGRA~1\GEMEIN~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 18:50 221184]
"ISUSScheduler"="C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe" [2004-07-27 18:50 81920]
"Google Desktop Search"="C:\Programme\Google\Google Desktop Search\GoogleDesktop.exe" [2007-01-12 13:15 169984]
"MskAgentexe"="C:\Programme\McAfee\MSK\MskAgent.exe" [2007-01-17 18:30 152144]
"SiteAdvisor"="C:\Programme\SiteAdvisor\6253\SiteAdv.exe" [2007-02-09 19:18 36904]
"Corel Photo Downloader"="C:\Programme\Corel\Corel Snapfire Plus\Corel Photo Downloader.exe" [2006-08-14 16:20 462336]
"ICQ Lite"="C:\Programme\ICQLite\ICQLite.exe" [2006-07-11 12:15 3144800]
"SsAAD.exe"="C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe" [2005-01-24 19:58 81920]
"Adobe Photo Downloader"="C:\Programme\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-16 11:45 63712]
"WinampAgent"="C:\Programme\Winamp\winampa.exe" [2007-05-15 00:22 35328]
"Bewerbungs Organizer"="C:\Programme\bhv\Bewerbungs Trainer\Reminder.exe" [2005-05-28 15:40 1247232]
"dscactivate"="C:\Programme\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 10:24 16384]
"Lingvo Launcher"="C:\Programme\ABBYY Lingvo 12\Lvagent.exe" [2007-07-06 02:10 193824]
"Adobe Reader Speed Launcher"="C:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"WinZip E-Mail Companion OEAPI"="C:\Programme\WinZip E-Mail Companion\loadwzco.exe" [2007-11-19 03:00 75136]
"Acrobat Assistant 8.0"="C:\Programme\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2008-01-11 19:54 623992]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 16:00 15360]

C:\Dokumente und Einstellungen\Eugenia\Startmen\Programme\Autostart\
MySurvey Messenger.lnk - C:\Programme\MySurvey Messenger\MySurveyMessenger.exe [2007-07-02 15:46:10 651264]

C:\Dokumente und Einstellungen\All Users\Startmen\Programme\Autostart\
Dell Network Assistant.lnk - C:\WINDOWS\Installer\{0240BDFB-2995-4A3F-8C96-18D41282B716}\Icon0240BDFB3.exe [2007-01-12 13:09:55 7168]
Digital Line Detect.lnk - C:\Programme\Digital Line Detect\DLG.exe [2007-01-12 13:03:45 24576]
VPN Client.lnk - C:\WINDOWS\Installer\{CCBAA1F7-E5E1-48B2-9ED9-A79C6A37CE78}\Icon3E5562ED7.ico [2008-03-30 15:27:45 6144]
WinZip Quick Pick.lnk - C:\Programme\WinZip\WZQKPICK.EXE [2007-12-03 12:10:00 394856]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Programme\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Programme\SUPERAntiSpyware\SASWINLO.DLL 2008-04-14 17:47 294912 C:\Programme\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Programme\\Gemeinsame Dateien\\McAfee\\MNA\\McNASvc.exe"=
"C:\\Programme\\ICQLite\\ICQLite.exe"=
"C:\\Programme\\SmartFTP Client\\SmartFTP.exe"=
"C:\\Programme\\Microsoft Office\\OFFICE11\\FRONTPG.EXE"=
"C:\\Programme\\Bonjour\\mDNSResponder.exe"=
"C:\\Programme\\Skype\\Phone\\Skype.exe"=
"C:\\Programme\\Dell Network Assistant\\ezi_hnm2.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"10421:UDP"= 10421:UDP:SingleClick Discovery Protocol
"10426:UDP"= 10426:UDP:SingleClick ICC

R2 sprtsvc_dellsupportcenter;SupportSoft Sprocket Service (dellsupportcenter);C:\Programme\Dell Support Center\bin\sprtsvc.exe [2007-11-15 10:23]
S3 C-Dilla;C-Dilla;C:\WINDOWS\system32\drivers\CDANT.SYS [2001-09-10 20:09]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9522e4e2-ce80-11dc-a5df-0019b94e2c66}]
\Shell\AutoRun\command - sxs.exe
\Shell\explore\Command - sxs.exe
\Shell\open\Command - sxs.exe

.
Inhalt des "geplante Tasks" Ordners
"2008-04-15 00:00:04 C:\WINDOWS\Tasks\McDefragTask.job"
- c:\programme\mcafee\mqc\QcConsol.exe'
"2008-03-31 23:00:18 C:\WINDOWS\Tasks\McQcTask.job"
- c:\programme\mcafee\mqc\QcConsol.exe
"2008-04-18 07:53:55 C:\WINDOWS\Tasks\User_Feed_Synchronization-{03889B89-62D6-4B76-AC1F-967260DF0865}.job"
- C:\WINDOWS\system32\msfeedssync.exe
.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-19 00:24:56
Windows 5.1.2600 Service Pack 2 NTFS

Scanne versteckte Prozesse...

Scanne versteckte Autostart Einträge...

Scanne versteckte Dateien...

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\explorer.exe
-> C:\Programme\SiteAdvisor\6253\saHook.dll
-> C:\PROGRA~1\Google\GOOGLE~1\GOA66E~1.DLL
.
Zeit der Fertigstellung: 2008-04-19 0:27:08
ComboFix-quarantined-files.txt 2008-04-18 22:26:37
ComboFix2.txt 2008-04-18 22:09:10
ComboFix3.txt 2008-04-17 08:21:53

17 Verzeichnis(se), 18,621,378,560 Bytes frei
23 Verzeichnis(se), 18,610,024,448 Bytes frei
.
2008-04-11 09:18:27 --- E O F ---
  • 0

#6
greyknight17
Posted 18 April 2008 - 07:04 PM

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
Did you run the Flash Disinfector yet? It looks like one of your USB flash drives might be infected...

Delete these two folders:

C:\Programme\mypoints
C:\WINDOWS\system32\config\systemprofile\Anwendungsdaten\MYPOINTS

Good job. Besides the flash drive infection (please run the tool now if you haven't done so already and plug in your USB drive), your log is clean.

To help prevent future spyware infections, read the Anti-Spyware Tutorial and use the tools provided.

Are there any problems now? If none, go to Start->Run and type Combofix /u and hit OK to remove Combofix. You should be set to go.
  • 0

#7
greyknight17
Posted 24 April 2008 - 08:26 AM

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP