gzegzefezfddqsf.exe problem - Geeks to Go Forums

Jump to content

Log in Register Register Malware removal guide How it works

gzegzefezfddqsf.exe problem

#1 hanen87

  • Group: Member
  • Posts: 3
  • Joined: 01-June 09

  Posted 01 June 2009 - 10:23 AM

Hi,

I'm having the above said problem for quite a while. I googled the filename and found this thread --> http://www.geekstogo.com/forum/gzegzefezfd...xe-t238656.html

But then ComboFix doesn't fix it either. I hope someone can help me out, it's really annoying when the CPU usage burst up to ~50%

Here's my ComboFix log...

ComboFix 09-05-31.06 - 090308 06/01/2009 23:57.1 - NTFSx86
Running from: c:\documents and settings\090308\Desktop\ComboFix.exe
* Resident AV is active

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

E:\desktop.ini
F:\copy.exe
F:\host.exe
H:\copy.exe
H:\host.exe

.
((((((((((((((((((((((((( Files Created from 2009-05-01 to 2009-06-01 )))))))))))))))))))))))))))))))
.

2009-06-01 11:54 . 2009-06-01 11:54 -------- d-----w- C:\feqszfzegze
2009-05-31 14:22 . 2009-05-31 14:22 390664 ----a-w- c:\documents and settings\090308\Application Data\Real\RealPlayer\Update\RealPlayer11.exe
2009-05-16 14:33 . 2009-05-16 14:33 95744 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\SpeedBit\DAP\Updates\Condition.dll
2009-05-13 02:12 . 2007-12-26 09:30 679936 ----a-w- c:\windows\system32\D3DX81ab.dll
2009-05-13 02:12 . 2007-12-26 09:30 1970176 ----a-w- c:\windows\system32\d3dx9.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-01 15:36 . 2008-03-09 11:21 -------- d-----w- c:\documents and settings\090308\Application Data\uTorrent
2009-06-01 14:21 . 2009-02-16 10:21 -------- d-----w- c:\program files\GetValid
2009-06-01 10:20 . 2008-03-08 18:00 24944 ----a-w- c:\windows\system32\drivers\GVTDrv.sys
2009-05-18 03:04 . 2008-03-08 17:42 52080 ----a-w- c:\documents and settings\090308\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-05-16 14:33 . 2008-12-13 16:46 -------- d---a-w- c:\documents and settings\All Users.WINDOWS\Application Data\TEMP
2009-05-02 00:51 . 2009-02-08 09:53 -------- d-----w- c:\program files\SpeedFan
2009-04-06 23:45 . 2008-12-14 00:18 83456 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\SpeedBit\DAP\SDCondition.dll
2009-03-12 13:18 . 2009-03-12 13:18 75048 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Apple Computer\Installer Cache\iTunes 8.1.0.52\SetupAdmin.exe
2008-03-26 15:29 . 2008-03-26 15:25 24 -csh--w- c:\windows\S1222DD61.tmp
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-03 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 152872]
"AnyDVD"="c:\program files\SlySoft\AnyDVD\AnyDVDtray.exe" [2009-01-11 2489280]
"fgzegzergrehcwxcwxc"="c:\feqszfzegze\gzegzefezfddqsf.exe" [2009-06-01 462848]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EasyTuneVPro"="c:\program files\Gigabyte\ET5Pro\ETcall.exe" [2007-07-26 20480]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2007-09-20 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-03 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-03 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-03 455168]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"SecurDisc"="d:\program files\Nero 7\InCD\NBHGui.exe" [2007-06-25 1629480]
"InCD"="d:\program files\Nero 7\InCD\InCD.exe" [2007-06-25 1057064]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-03-27 185896]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-10-24 1451264]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-05 413696]
"iTunesHelper"="d:\program files\iTunes\iTunesHelper.exe" [2009-03-12 342312]
"feqszfzerghrezherthgfsdfsdcf"="c:\feqszfzegze\gzegzefezfddqsf.exe" [2009-06-01 462848]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2007-09-19 16844800]
"SkyTel"="SkyTel.EXE" - c:\windows\SkyTel.exe [2007-08-03 1826816]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"ShowDeskFix"="shell32" [X]

c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\
OpenVPN GUI.lnk - c:\program files\OpenVPN\bin\openvpn-gui-1.0.3.exe [2008-10-8 104696]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"d:\\Program Files\\mIRC\\mirc.exe"=
"d:\\Program Files\\bitcomet\\BitComet.exe"=
"e:\\emule stullemule\\emule.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"d:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1721:TCP"= 1721:TCP:BitComet 1721 TCP
"1721:UDP"= 1721:UDP:BitComet 1721 UDP
"51562:TCP"= 51562:TCP:BitComet 51562 TCP
"51562:UDP"= 51562:UDP:BitComet 51562 UDP
"56327:UDP"= 56327:UDP:eMule

R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [10/24/2008 8:53 PM 34824]
R2 ekrn;Eset Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [10/24/2008 8:51 PM 468224]
R3 GVTDrv;GVTDrv;c:\windows\system32\drivers\GVTDrv.sys [3/9/2008 2:00 AM 24944]
R3 MarkFun_NT;MarkFun_NT;c:\program files\Gigabyte\ET5Pro\MARKFUN.W32 [3/9/2008 1:58 AM 17912]
R3 tap0901;TAP-Win32 Adapter V9;c:\windows\system32\drivers\tap0901.sys [1/30/2008 8:41 AM 25216]
R4 atidgllk;atidgllk;c:\program files\Gigabyte\ET5Pro\atidgllk.sys [3/9/2008 1:58 AM 12048]
S2 NOD32FiXTemDono;Eset Nod32 Boot;c:\windows\system32\regedt32.exe [8/23/2001 8:00 PM 3584]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - MARKFUN_NT

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{05470JDW-08D3-P07W-R6FR-D3JX24Q27U83}]
c:\feqszfzegze\gzegzefezfddqsf.exe Restart
.
- - - - ORPHANS REMOVED - - - -

SafeBoot-procexp90.Sys


.
------- Supplementary Scan -------
.
uStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
IE: &Clean Traces - c:\program files\DAP\Privacy Package\dapcleanerie.htm
IE: &Download with &DAP - c:\program files\DAP\dapextie.htm
IE: &UʹÓÃÄÉÃ×»úÆ÷ÈËÏÂÔز¢ÊÕ²Ø - c:\program files\NamiRobot\Data\du.html
IE: &U???????????? - c:\program files\NamiRobot\Data\du.html
IE: Download &all with DAP - c:\program files\DAP\dapextie2.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\090308\Application Data\Mozilla\Firefox\Profiles\e26pwuqs.default\
FF - prefs.js: browser.startup.homepage - hxxp://192.168.1.1/
FF - component: c:\program files\DAP\DAPFireFox\components\DAPFireFox.dll
FF - component: d:\program files\Mozilla Firefox\components\xpinstal.dll
FF - component: d:\program files\Mozilla Firefox\extensions\talkback@mozilla.org\components\qfaservices.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-01 23:59
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\MarkFun_NT]
"ImagePath"="\??\c:\program files\Gigabyte\ET5Pro\markfun.w32"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(892)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2009-06-01 0:00
ComboFix-quarantined-files.txt 2009-06-01 16:00

Pre-Run: 433,393,664 bytes free
Post-Run: 510,754,816 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

140

#2 hanen87

  • Group: Member
  • Posts: 3
  • Joined: 01-June 09

Posted 03 June 2009 - 05:14 AM

Bump! Anyone?

#3 hanen87

  • Group: Member
  • Posts: 3
  • Joined: 01-June 09

Posted 09 June 2009 - 07:24 AM

Bump again...

Share this topic:


Page 1 of 1