Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Winantivirus Pop Ups :( ... Review My Hijackthis Log Plz


  • This topic is locked This topic is locked
3 replies to this topic

#1 klopriz

klopriz

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:06:49 AM

Posted 29 September 2007 - 07:13 AM

Hello :thumbsup:

I have been having LOTS of problems with my computer. The only thing I have been able to id are WinAntiVirus Pop ups, (2006 and 2007), and some drive error or clean drive pop us as well.

I did run hijackthis for an initial log, and then I ran ComboFix, and after that SUPERAntiSpyware (free home edition)...

After all this, i ran hijackthis a second time.

I'm posting the Log Reports of all these processes I ran.

Can someone help me review my hijackthis Log PLEASEEE? I haven't seen the pop ups in the last few hours now.

My internet connection keeps resetting itself every 3 - 5 minutes. I don't know if this is computer related, or it may be a fault on my internet provider service... Can you tell from this information I'm posting? I'd like to know if I should call my provider.

I'll appreciate all the help I can get.

Best Regards to all!

--------------------------------------------

Hijackthis initial log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:04:17 PM, on 9/28/2007
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Archivos de programa\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\ARCHIV~1\Grisoft\AVG7\avgamsvr.exe
C:\ARCHIV~1\Grisoft\AVG7\avgupsvc.exe
C:\ARCHIV~1\Grisoft\AVG7\avgemc.exe
C:\Archivos de programa\Archivos comunes\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\S3tray2.exe
C:\Archivos de programa\Microsoft Hardware\Keyboard\type32.exe
C:\Archivos de programa\Archivos comunes\Real\Update_OB\realsched.exe
C:\Archivos de programa\HP\HP Software Update\HPWuSchd2.exe
C:\Archivos de programa\Java\jre1.5.0_11\bin\jusched.exe
C:\ARCHIV~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Archivos de programa\Spybot - Search & Destroy\TeaTimer.exe
C:\Archivos de programa\HP\Digital Imaging\bin\hpqtra08.exe
C:\Archivos de programa\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\System32\taskmgr.exe
C:\WINDOWS\System32\rundll32.exe
C:\Archivos de programa\MSN Messenger\msnmsgr.exe
C:\ARCHIV~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Archivos de programa\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Archivos de programa\Microsoft Office\Office10\WINWORD.EXE
C:\Archivos de programa\Trend Micro\HijackThis\HijackThis.exe

F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\userinit.exe
O4 - HKLM\..\Run: [S3TRAY2] S3tray2.exe
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [EPSON Stylus CX5400] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2G1.EXE /P19 "EPSON Stylus CX5400" /O6 "USB001" /M "Stylus CX5400"
O4 - HKLM\..\Run: [IntelliType] "C:\Archivos de programa\Microsoft Hardware\Keyboard\type32.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Archivos de programa\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [mysvcig38] mysvcc.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [TkBellExe] "C:\Archivos de programa\Archivos comunes\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Windows Update Firewall System] winmsfws.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Archivos de programa\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Archivos de programa\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [Ink Monitor] C:\Archivos de programa\EPSON\Ink Monitor\InkMonitor.exe
O4 - HKLM\..\Run: [EPSON Stylus CX5400 (Copiar 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2G1.EXE /P30 "EPSON Stylus CX5400 (Copiar 1)" /O5 "LPT1:" /M "Stylus CX5400"
O4 - HKLM\..\Run: [AVG7_CC] C:\ARCHIV~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Archivos de programa\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\RunServices: [Windows Update Firewall System] winmsfws.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Archivos de programa\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Archivos de programa\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICIO LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\ARCHIV~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SERVICIO LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Servicio de red')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Archivos de programa\Archivos comunes\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Archivos de programa\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Archivos de programa\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Archivos de programa\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\ARCHIV~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Archivos de programa\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Archivos de programa\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Archivos de programa\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Archivos de programa\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Consola de Sun Java - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Archivos de programa\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Archivos de programa\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARCHIV~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARCHIV~1\SPYBOT~1\SDHelper.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1144208298995
O17 - HKLM\System\CCS\Services\Tcpip\..\{52D8D69A-62DF-4551-B297-0B8A64532EAE}: NameServer = 205.211.206.130
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Archivos de programa\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Archivos de programa\Ares\chatServer.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\ARCHIV~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\ARCHIV~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\ARCHIV~1\Grisoft\AVG7\avgemc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Archivos de programa\Archivos comunes\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Archivos de programa\iPod\bin\iPodService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Microsoft SSL (ssl) - Unknown owner - C:\WINDOWS\System32\ssl.exe (file missing)
O23 - Service: Windows Tune service - Unknown owner - C:\WINDOWS\tune.exe (file missing)

--
End of file - 7146 bytes




-------------------------------------
-------------------------------------

ComboFix Log:

ComboFix 07-09-21.2 - "Ceci" 2007-09-28 20:08:55.1 - FAT32x86
Microsoft Windows XP Professional 5.1.2600.0.1252.34.3082.18.77 [GMT -6:00]
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Archivos de programa\icroso~1
C:\check_LSA7.txt
C:\DOCUME~1\CECI\DATOSD~1\ASEMBL~1
C:\DOCUME~1\CECI\DATOSD~1\CROSOF~1
C:\DOCUME~1\CECI\DATOSD~1\CURITY~1
C:\DOCUME~1\CECI\DATOSD~1\DOBE~1
C:\DOCUME~1\CECI\DATOSD~1\ECURIT~1
C:\DOCUME~1\CECI\DATOSD~1\MANTEC~1
C:\DOCUME~1\CECI\DATOSD~1\RACLE~1
C:\DOCUME~1\CECI\DATOSD~1\SMANTE~1
C:\DOCUME~1\CECI\DATOSD~1\STEM32~1
C:\DOCUME~1\CECI\MISDOC~1\ASEMBL~1
C:\DOCUME~1\CECI\MISDOC~1\SCURIT~1
C:\DOCUME~1\CECI\MISDOC~1\SEMBLY~1
C:\DOCUME~1\CECI\MISDOC~1\SKS~1
C:\DOCUME~1\CECI\MISDOC~1\SMBOLS~1
C:\WINDOWS\asembl~1
C:\WINDOWS\asks~1
C:\WINDOWS\cookies.ini
C:\WINDOWS\system32\appatc~1
C:\WINDOWS\system32\crosof~1
C:\WINDOWS\system32\dobe~1
C:\WINDOWS\system32\hxfwsybb.ini
C:\WINDOWS\system32\hxfwsybb.ini2
C:\WINDOWS\system32\hxfwsybb.tmp
C:\WINDOWS\system32\illlm.bak1
C:\WINDOWS\system32\illlm.bak2
C:\WINDOWS\system32\illlm.ini
C:\WINDOWS\system32\illlm.ini2
C:\WINDOWS\system32\illlm.tmp
C:\WINDOWS\system32\khfecyy.dll
C:\WINDOWS\system32\onnnn.bak1
C:\WINDOWS\system32\onnnn.bak2
C:\WINDOWS\system32\onnnn.ini
C:\WINDOWS\system32\packet.dll
C:\WINDOWS\system32\pqstv.bak1
C:\WINDOWS\system32\pqstv.ini
C:\WINDOWS\system32\qhfgkvxl.ini
C:\WINDOWS\system32\qhfgkvxl.ini2
C:\WINDOWS\system32\rfllkllh.ini
C:\WINDOWS\system32\rfllkllh.ini2
C:\WINDOWS\system32\sstem3~1
C:\WINDOWS\system32\txtchwaq.ini
C:\WINDOWS\system32\txtchwaq.ini2
C:\WINDOWS\system32\txtchwaq.tmp
C:\WINDOWS\system32\vuwvw.bak1
C:\WINDOWS\system32\vuwvw.bak2
C:\WINDOWS\system32\vuwvw.ini
C:\WINDOWS\system32\wnsxs~1
C:\WINDOWS\system32\yaccf.bak1
C:\WINDOWS\system32\yaccf.bak2
C:\WINDOWS\system32\yaccf.ini
C:\WINDOWS\wnsxs~1

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))


-------\LEGACY_M_HOOK
-------\nm


((((((((((((((((((((((((( Files Created from 2007-08-28 to 2007-09-29 )))))))))))))))))))))))))))))))
.

2007-09-28 20:06 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-09-28 20:03 <DIR> d-------- C:\Archivos de programa\Trend Micro
2007-09-28 18:22 6,448 ---hs---- C:\WINDOWS\system32\wwvyb.bak1
2007-09-28 18:22 311,392 --a------ C:\WINDOWS\system32\byvww.dll
2007-09-28 07:48 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DATOSD~1\Lavasoft
2007-09-28 07:48 <DIR> d-------- C:\Archivos de programa\Lavasoft
2007-09-27 23:50 4,456 --a------ C:\WINDOWS\system32\tmp.reg
2007-09-27 22:55 <DIR> d-------- C:\Archivos de programa\Archivos comunes\Wise Installation Wizard
2007-09-27 17:54 13,584 --a------ C:\WINDOWS\system32\tlist.exe
2007-09-27 16:48 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DATOSD~1\Spybot - Search & Destroy
2007-09-25 15:29 <DIR> d-------- C:\Archivos de programa\TightVNC
2007-09-21 11:33 <DIR> d--hs---- C:\FOUND.002
2007-09-20 16:02 <DIR> d--hs---- C:\FOUND.001
2007-09-20 14:57 <DIR> d--hs---- C:\FOUND.000
2007-09-08 16:39 <DIR> d-------- C:\WINDOWS\Content.IE5
2007-09-06 18:14 <DIR> d-------- C:\Archivos de programa\Alwil Software
2007-09-06 17:56 <DIR> d-------- C:\Archivos de programa\Archivos comunes\Cisco Systems
2007-09-06 17:54 <DIR> d-------- C:\Archivos de programa\Index.dat Analyzer
2007-09-05 16:05 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DATOSD~1\AOL Downloads

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-08-07 13:58 8320 --a------ C:\WINDOWS\system32\drivers\AWRTRD.sys
2007-08-07 13:56 9344 --a------ C:\WINDOWS\system32\drivers\NSDriver.sys
2007-08-02 22:13 121344 --ahs---- C:\Archivos de programa\Thumbs.db
2005-02-05 13:48 707182 ---hs---- C:\WINDOWS\Cursors\ipatcbdo.bak2
2005-02-03 22:54 707313 --ahs---- C:\WINDOWS\inf\tnofgmi.bak1
2005-01-09 14:13 721650 ---hs---- C:\WINDOWS\Tasks\avajbv.bak2
2005-01-09 01:41 702948 ---hs---- C:\WINDOWS\Fonts\tacc.bak2
2005-01-07 11:39 721578 ---hs---- C:\WINDOWS\inf\kabva.bak2
2005-01-05 10:25 711264 ---hs---- C:\WINDOWS\Fonts\sabbew.bak2
2005-01-02 11:23 672402 ---hs---- C:\WINDOWS\Fonts\bilcvs.bak2
2004-12-30 00:48 651408 ---hs---- C:\WINDOWS\Tasks\dmcsys.bak2
2004-12-28 17:31 628490 ---hs---- C:\WINDOWS\Fonts\bdbew.bak2
2004-12-26 11:04 602049 ---hs---- C:\WINDOWS\Cursors\wcvsm.bak2
2004-12-24 01:02 606257 ---hs---- C:\WINDOWS\Fonts\drahbac.bak2
2004-12-22 23:03 606041 ---hs---- C:\WINDOWS\Fonts\bewpct.bak2
2004-12-22 19:41 606134 ---hs---- C:\WINDOWS\Fonts\yalplmx.bak2
2005-05-13 23:12:00 217,073 --sha-r C:\WINDOWS\meta4.exe
2005-10-24 17:13:58 66,560 --sha-r C:\WINDOWS\MOTA113.exe
2005-10-14 03:27:00 422,400 --sha-r C:\WINDOWS\x2.64.exe
2005-06-26 21:32:28 616,448 --sha-r C:\WINDOWS\system32\cygwin1.dll
2005-06-22 04:37:42 45,568 --sha-r C:\WINDOWS\system32\cygz.dll
2005-10-08 01:14:52 308,224 --sha-r C:\WINDOWS\system32\avisynth.dll
2004-01-25 06:00:00 70,656 --sha-r C:\WINDOWS\system32\i420vfw.dll
2004-01-25 06:00:00 70,656 --sha-r C:\WINDOWS\system32\yv12vfw.dll
2005-02-28 19:16:22 240,128 --sha-r C:\WINDOWS\system32\x.264.exe
2005-07-14 18:31:20 27,648 --sha-r C:\WINDOWS\system32\AVSredirect.dll
2006-04-27 16:24:24 2,945,024 --sha-r C:\WINDOWS\system32\Smab.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{023750C4-4E96-4DCC-9B92-11B9D1891088}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{249EA11B-546F-4AB6-AF8A-6ABE67571201}]
2007-09-28 18:22 311392 --a------ C:\WINDOWS\System32\byvww.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2D2BFD2B-8785-4FF9-92B7-47FD96FA3776}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4910D428-A542-4759-AAE4-5F4650162F7F}]
C:\WINDOWS\System32\vtsqp.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D0DA871-E67E-40B1-B1E8-81A744543EDB}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{932AF90E-6CCC-4435-BFCF-46B6A89628C9}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"@"="" []
"S3TRAY2"="S3tray2.exe" [2001-10-11 23:32 C:\WINDOWS\system32\S3tray2.exe]
"PCTVOICE"="pctspk.exe" [2001-08-22 22:15 C:\WINDOWS\system32\pctspk.exe]
"EPSON Stylus CX5400"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2G1.exe" [2003-05-26 14:00]
"IntelliType"="C:\Archivos de programa\Microsoft Hardware\Keyboard\type32.exe" [2001-06-12 02:20]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50]
"QuickTime Task"="C:\Archivos de programa\QuickTime\qttask.exe" [2006-05-21 11:46]
"TkBellExe"="C:\Archivos de programa\Archivos comunes\Real\Update_OB\realsched.exe" [2007-03-27 18:36]
"Windows Update Firewall System"="winmsfws.exe" []
"HP Software Update"="C:\Archivos de programa\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 02:41]
"SunJavaUpdateSched"="C:\Archivos de programa\Java\jre1.5.0_11\bin\jusched.exe" [2006-12-15 03:23]
"Ink Monitor"="C:\Archivos de programa\EPSON\Ink Monitor\InkMonitor.exe" [2003-04-24 18:41]
"EPSON Stylus CX5400 (Copiar 1)"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2G1.exe" [2003-05-26 14:00]
"AVG7_CC"="C:\ARCHIV~1\Grisoft\AVG7\avgcc.exe" [2007-09-25 18:25]
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="C:\Archivos de programa\Google\Gmail Notifier\gnotify.exe" [2005-07-15 15:48]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\ctfmon.exe" [2001-08-24 15:00]
"Yahoo! Pager"="C:\Archivos de programa\Yahoo!\Messenger\YahooMessenger.exe" [2006-11-30 21:49]
"SpybotSD TeaTimer"="C:\Archivos de programa\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices]
"Windows Update Firewall System"=winmsfws.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dllacc]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\fontrun]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sglfb.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\tga.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menú Inicio^Programas^Inicio^Iomega Icons.lnk]
backup=C:\WINDOWS\pss\Iomega Icons.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menú Inicio^Programas^Inicio^Iomega QuikSync.lnk]
backup=C:\WINDOWS\pss\Iomega QuikSync.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menú Inicio^Programas^Inicio^Iomega Startup Options.lnk]
backup=C:\WINDOWS\pss\Iomega Startup Options.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menú Inicio^Programas^Inicio^IomegaWare.lnk]
backup=C:\WINDOWS\pss\IomegaWare.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\areslite]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NCLaunch]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Explorer Key]

R1 hpcd2k;hpcd2k;C:\WINDOWS\System32\drivers\hpcd2k.sys
R1 ShldDrv;ShldDrv;C:\WINDOWS\System32\drivers\ShldDrv.sys
R1 VIAPFD;VIAPFD;C:\WINDOWS\System32\Drivers\VIAPFD.SYS
R2 SetupNT;SetupNT;C:\WINDOWS\System32\SetupNT.sys
S2 ssl;Microsoft SSL;C:\WINDOWS\System32\ssl.exe
S2 Windows Tune service;Windows Tune service;"C:\WINDOWS\tune.exe"
S4 AvFlt;Antivirus Filter Driver;C:\WINDOWS\System32\drivers\av5flt.sys
S4 ppa;Controlador de filtro de puerto paralelo Iomega Parallel;C:\WINDOWS\System32\DRIVERS\ppa.sys

.
**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-09-28 20:14:53
Windows 5.1.2600 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-09-28 20:16:37 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-09-28 20:16
.
--- E O F ---



-----------------------------------------
-----------------------------------------

SUPERAntiSpyware Scan Log

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 09/28/2007 at 09:36 PM

Application Version : 3.9.1008

Core Rules Database Version : 3316
Trace Rules Database Version: 1317

Scan type : Complete Scan
Total Scan Time : 01:12:03

Memory items scanned : 412
Memory threats detected : 1
Registry items scanned : 5790
Registry threats detected : 9
File items scanned : 41270
File threats detected : 57

Unclassified.Unknown Origin/System
C:\WINDOWS\SYSTEM32\BYVWW.DLL
C:\WINDOWS\SYSTEM32\BYVWW.DLL
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E2C637C0-FD93-4286-8AB9-9FEF426D3EA7}
HKCR\CLSID\{E2C637C0-FD93-4286-8AB9-9FEF426D3EA7}
HKCR\CLSID\{E2C637C0-FD93-4286-8AB9-9FEF426D3EA7}\InprocServer32
HKCR\CLSID\{E2C637C0-FD93-4286-8AB9-9FEF426D3EA7}\InprocServer32#ThreadingModel

Adware.Vundo Variant
HKLM\Software\Classes\CLSID\{4910D428-A542-4759-AAE4-5F4650162F7F}
HKCR\CLSID\{4910D428-A542-4759-AAE4-5F4650162F7F}
HKCR\CLSID\{4910D428-A542-4759-AAE4-5F4650162F7F}\InprocServer32
HKCR\CLSID\{4910D428-A542-4759-AAE4-5F4650162F7F}\InprocServer32#ThreadingModel
C:\WINDOWS\SYSTEM32\VTSQP.DLL
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4910D428-A542-4759-AAE4-5F4650162F7F}

Adware.Tracking Cookie
C:\Documents and Settings\Ceci\Cookies\ceci@bluestreak[2].txt
C:\Documents and Settings\Ceci\Cookies\ceci@atdmt[2].txt
C:\Documents and Settings\Ceci\Cookies\ceci@doubleclick[1].txt
C:\Documents and Settings\Ceci\Cookies\ceci@adinterax[1].txt
C:\Documents and Settings\Ceci\Cookies\ceci@mediaplex[2].txt

Trojan.Security Toolbar
C:\Documents and Settings\All Users\Menú Inicio\Online Security Guide.url
C:\Documents and Settings\All Users\Menú Inicio\Security Troubleshooting.url

Adware.eZula
C:\SYSTEM VOLUME INFORMATION\_RESTORE{02301728-C9ED-436C-A46F-D4F751DBDF00}\RP122\A0052682.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{02301728-C9ED-436C-A46F-D4F751DBDF00}\RP141\A0065087.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{02301728-C9ED-436C-A46F-D4F751DBDF00}\RP141\A0065132.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{02301728-C9ED-436C-A46F-D4F751DBDF00}\RP141\A0065133.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{02301728-C9ED-436C-A46F-D4F751DBDF00}\RP141\A0065134.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{02301728-C9ED-436C-A46F-D4F751DBDF00}\RP141\A0065135.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{02301728-C9ED-436C-A46F-D4F751DBDF00}\RP141\A0065136.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{02301728-C9ED-436C-A46F-D4F751DBDF00}\RP141\A0065137.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{02301728-C9ED-436C-A46F-D4F751DBDF00}\RP141\A0065138.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{02301728-C9ED-436C-A46F-D4F751DBDF00}\RP141\A0065139.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{02301728-C9ED-436C-A46F-D4F751DBDF00}\RP141\A0065140.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{02301728-C9ED-436C-A46F-D4F751DBDF00}\RP141\A0065143.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{02301728-C9ED-436C-A46F-D4F751DBDF00}\RP141\A0065146.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{02301728-C9ED-436C-A46F-D4F751DBDF00}\RP141\A0065147.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{02301728-C9ED-436C-A46F-D4F751DBDF00}\RP141\A0065149.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{02301728-C9ED-436C-A46F-D4F751DBDF00}\RP141\A0065150.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{02301728-C9ED-436C-A46F-D4F751DBDF00}\RP141\A0065151.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{02301728-C9ED-436C-A46F-D4F751DBDF00}\RP141\A0065154.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{02301728-C9ED-436C-A46F-D4F751DBDF00}\RP141\A0065155.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{02301728-C9ED-436C-A46F-D4F751DBDF00}\RP141\A0065157.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{02301728-C9ED-436C-A46F-D4F751DBDF00}\RP141\A0065158.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{02301728-C9ED-436C-A46F-D4F751DBDF00}\RP141\A0065159.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{02301728-C9ED-436C-A46F-D4F751DBDF00}\RP141\A0065160.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{02301728-C9ED-436C-A46F-D4F751DBDF00}\RP141\A0065161.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{02301728-C9ED-436C-A46F-D4F751DBDF00}\RP141\A0065162.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{02301728-C9ED-436C-A46F-D4F751DBDF00}\RP141\A0065163.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{02301728-C9ED-436C-A46F-D4F751DBDF00}\RP141\A0065164.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{02301728-C9ED-436C-A46F-D4F751DBDF00}\RP141\A0065165.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{02301728-C9ED-436C-A46F-D4F751DBDF00}\RP141\A0065166.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{02301728-C9ED-436C-A46F-D4F751DBDF00}\RP141\A0065167.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{02301728-C9ED-436C-A46F-D4F751DBDF00}\RP141\A0065168.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{02301728-C9ED-436C-A46F-D4F751DBDF00}\RP141\A0065170.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{02301728-C9ED-436C-A46F-D4F751DBDF00}\RP141\A0065171.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{02301728-C9ED-436C-A46F-D4F751DBDF00}\RP141\A0065172.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{02301728-C9ED-436C-A46F-D4F751DBDF00}\RP141\A0065173.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{02301728-C9ED-436C-A46F-D4F751DBDF00}\RP141\A0065174.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{02301728-C9ED-436C-A46F-D4F751DBDF00}\RP141\A0065175.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{02301728-C9ED-436C-A46F-D4F751DBDF00}\RP141\A0065176.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{02301728-C9ED-436C-A46F-D4F751DBDF00}\RP141\A0065177.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{02301728-C9ED-436C-A46F-D4F751DBDF00}\RP141\A0065178.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{02301728-C9ED-436C-A46F-D4F751DBDF00}\RP141\A0065179.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{02301728-C9ED-436C-A46F-D4F751DBDF00}\RP141\A0065180.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{02301728-C9ED-436C-A46F-D4F751DBDF00}\RP141\A0065181.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{02301728-C9ED-436C-A46F-D4F751DBDF00}\RP141\A0065182.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{02301728-C9ED-436C-A46F-D4F751DBDF00}\RP141\A0065250.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{02301728-C9ED-436C-A46F-D4F751DBDF00}\RP142\A0065277.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{02301728-C9ED-436C-A46F-D4F751DBDF00}\RP142\A0065296.EXE

Trojan.Downloader-Gen/HitItQuitIt
C:\SYSTEM VOLUME INFORMATION\_RESTORE{02301728-C9ED-436C-A46F-D4F751DBDF00}\RP143\A0065424.DLL

BC AdBot (Login to Remove)

 


#2 klopriz

klopriz
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:06:49 AM

Posted 29 September 2007 - 07:14 AM

This is my current Hijackthis Log:


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:44:00 PM, on 9/28/2007
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Archivos de programa\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\ARCHIV~1\Grisoft\AVG7\avgamsvr.exe
C:\ARCHIV~1\Grisoft\AVG7\avgupsvc.exe
C:\ARCHIV~1\Grisoft\AVG7\avgemc.exe
C:\Archivos de programa\Archivos comunes\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\S3tray2.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2G1.EXE
C:\Archivos de programa\Microsoft Hardware\Keyboard\type32.exe
C:\Archivos de programa\Archivos comunes\Real\Update_OB\realsched.exe
C:\Archivos de programa\HP\HP Software Update\HPWuSchd2.exe
C:\Archivos de programa\Java\jre1.5.0_11\bin\jusched.exe
C:\ARCHIV~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Archivos de programa\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Archivos de programa\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Archivos de programa\HP\Digital Imaging\bin\hpqtra08.exe
C:\Archivos de programa\Yahoo!\Messenger\ymsgr_tray.exe
C:\Archivos de programa\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Archivos de programa\Microsoft Office\Office10\WINWORD.EXE
C:\Archivos de programa\Trend Micro\HijackThis\HijackThis.exe

F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\userinit.exe
O2 - BHO: (no name) - {023750C4-4E96-4DCC-9B92-11B9D1891088} - (no file)
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Archivos de programa\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {249EA11B-546F-4AB6-AF8A-6ABE67571201} - (no file)
O2 - BHO: (no name) - {2D2BFD2B-8785-4FF9-92B7-47FD96FA3776} - (no file)
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - (no file)
O2 - BHO: (no name) - {4910D428-A542-4759-AAE4-5F4650162F7F} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARCHIV~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Archivos de programa\Yahoo!\Common\yiesrvc.dll
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O2 - BHO: (no name) - {6D0DA871-E67E-40B1-B1E8-81A744543EDB} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Archivos de programa\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Archivos de programa\Archivos comunes\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {932AF90E-6CCC-4435-BFCF-46B6A89628C9} - (no file)
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Archivos de programa\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: (no name) - {A21F084D-312C-4962-9AD6-AB70E38EC418} - C:\WINDOWS\System32\byvww.dll (file missing)
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Archivos de programa\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\es\msntb.dll
O4 - HKLM\..\Run: [S3TRAY2] S3tray2.exe
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [EPSON Stylus CX5400] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2G1.EXE /P19 "EPSON Stylus CX5400" /O6 "USB001" /M "Stylus CX5400"
O4 - HKLM\..\Run: [IntelliType] "C:\Archivos de programa\Microsoft Hardware\Keyboard\type32.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Archivos de programa\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Archivos de programa\Archivos comunes\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Windows Update Firewall System] winmsfws.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Archivos de programa\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Archivos de programa\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [Ink Monitor] C:\Archivos de programa\EPSON\Ink Monitor\InkMonitor.exe
O4 - HKLM\..\Run: [EPSON Stylus CX5400 (Copiar 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2G1.EXE /P30 "EPSON Stylus CX5400 (Copiar 1)" /O5 "LPT1:" /M "Stylus CX5400"
O4 - HKLM\..\Run: [AVG7_CC] C:\ARCHIV~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Archivos de programa\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [mysvcig38] mysvcc.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\RunServices: [Windows Update Firewall System] winmsfws.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Archivos de programa\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Archivos de programa\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICIO LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\ARCHIV~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SERVICIO LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Servicio de red')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Archivos de programa\Archivos comunes\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Archivos de programa\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Archivos de programa\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Archivos de programa\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\ARCHIV~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Archivos de programa\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Archivos de programa\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Archivos de programa\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Archivos de programa\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Consola de Sun Java - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Archivos de programa\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Archivos de programa\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARCHIV~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARCHIV~1\SPYBOT~1\SDHelper.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1144208298995
O17 - HKLM\System\CCS\Services\Tcpip\..\{52D8D69A-62DF-4551-B297-0B8A64532EAE}: NameServer = 205.211.206.130
O20 - Winlogon Notify: !SASWinLogon - C:\Archivos de programa\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: dllacc - C:\WINDOWS\
O20 - Winlogon Notify: fontrun - C:\WINDOWS\
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Archivos de programa\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Archivos de programa\Ares\chatServer.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\ARCHIV~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\ARCHIV~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\ARCHIV~1\Grisoft\AVG7\avgemc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Archivos de programa\Archivos comunes\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Archivos de programa\iPod\bin\iPodService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Microsoft SSL (ssl) - Unknown owner - C:\WINDOWS\System32\ssl.exe (file missing)
O23 - Service: Windows Tune service - Unknown owner - C:\WINDOWS\tune.exe (file missing)

--
End of file - 9168 bytes

#3 Shaba

Shaba

    Koutsi


  • Members
  • 7,872 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:12:49 PM

Posted 04 October 2007 - 09:54 AM

Hi klopriz

One or more of the identified infections is a backdoor trojan.

This allows hackers to remotely control your computer, steal critical system information and Download and Execute files

I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the Trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of Trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

When Should I Format, How Should I Reinstall

We can attempt to clean this machine but i can't guarantee that it will be 100% secure afterwards.

Should you have any questions, please feel free to ask.

Please let us know what you have decided to do in your next post.
Microsoft MVP Consumer Security
Posted Image

Posted Image

#4 Shaba

Shaba

    Koutsi


  • Members
  • 7,872 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:12:49 PM

Posted 13 October 2007 - 06:45 AM

Due to the lack of feedback this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team
a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
Microsoft MVP Consumer Security
Posted Image

Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users