Tech Support Forum banner
Cancel
Create thread New Forums
Status
Not open for further replies.

Avira Warning-Marathon: TR/Vundo.gen

Jump to Latest
2.4K views 2 replies 1 participant last post by  TeeTee78  
T
#1 · (Edited)
Sirs (and ladies),
I ran into a problem and wonder if you could help me. Avira Antivir Personal Edition found and keeps finding (never ending warn-popups) "TR/Vundo.gen", given a location C:\WINDOWS\system32\mlljk.dll.
I already ran Vundofix, SpyBot, AVG Anti-Spyware and Spy-Sweeper. All mentioned programs found the problem, none of them was able to delete it.
My computer is running on WindowsXP Pro, SP2; the system restore is turned off.

I also should mention, that the knowledge I have about the technical computer issues, equals zero. Just found out how to boot in safe mode, that's about it.

Thank you in advance for ANY kind of help, since I am very close to break-down..

Panda Scan
*****************
Incident Status Location

Potentially unwanted tool:Application/Pskill.E Not disinfected C:\WINDOWS\SYSTEM32\PSKILL.EXE
Potentially unwanted tool:Application/CloseApp Not disinfected C:\WINDOWS\SYSTEM32\CLOSEAPP.EXE
Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\SYSTEM32\TPVCNVRF.EXE
Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\SYSTEM32\AUEVDKGQ.DLL
Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\SYSTEM32\wuefiiai.dll.vir
Potentially unwanted tool:Application/Processor Not disinfected C:\Dokumente und Einstellungen\Administrator.CHEFIN\Lokale Einstellungen\Temp\nsl5A.tmp
Potentially unwanted tool:Application/Processor Not disinfected C:\Dokumente und Einstellungen\Administrator.CHEFIN\Desktop\VirtumundoBeGone.exe
Virus:W32/Nimda.htm Disinfected C:\Dokumente und Einstellungen\Administrator.CHEFIN\Anwendungsdaten\Thunderbird\Profiles\8xodaa8w.default\Mail\pop.gmx.net\Inbox[~0000672.~]
Spyware:Spyware/Virtumonde Not disinfected C:\VundoFix Backups\uobwhkwm.dll.bad
Potentially unwanted tool:Application/Processor Not disinfected D:\MyMy\DOWNOADS\- Programs\VirtumondoBeGone\VirtumundoBeGone.exe

Deckard's System Scanner v20071014.68
Run by Administrator on 2007-11-29 23:49:36
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 2 Restore Point(s) --
2: 2007-11-29 22:49:40 UTC - RP2 - Deckard's System Scanner Restore Point
1: 2007-11-29 22:39:51 UTC - RP1 - SystemprĂĽfpunkt


Backed up registry hives.
Performed disk cleanup.

Total Physical Memory: 511 MiB (512 MiB recommended).


-- HijackThis (run as Administrator.exe) ---------------------------------------

Unable to find log (file not found); running clone.
-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2007-11-29 23:51:32
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programme\Intel\Wireless\Bin\EvtEng.exe
C:\Programme\Intel\Wireless\Bin\S24EvMon.exe
C:\Programme\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Gemeinsame Dateien\Logitech\LVMVFM\LVPrcSrv.exe
C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\AntiVir PersonalEdition Classic\sched.exe
C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programme\AVG Anti-Spyware 7.5\guard.exe
C:\Acer\Empowering Technology\admServ.exe
C:\Programme\Bonjour\mDNSResponder.exe
C:\Programme\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Programme\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Programme\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Programme\Launch Manager\LManager.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\WINDOWS\system32\ATWTUSB.EXE
C:\Acer\Empowering Technology\admtray.exe
C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe
C:\Programme\LClock\LClock.exe
C:\Programme\Rainlendar\Rainlendar.exe
C:\Programme\Yahoo!\Widgets\YahooWidgetEngine.exe
C:\Programme\stickies\stickies.exe
C:\Programme\Yahoo!\Widgets\YahooWidgetEngine.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Programme\Yahoo!\Widgets\YahooWidgetEngine.exe
C:\Programme\Yahoo!\Widgets\YahooWidgetEngine.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programme\Yahoo!\Widgets\YahooWidgetEngine.exe
C:\Dokumente und Einstellungen\Administrator.CHEFIN\Desktop\dss.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.icq.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R3 - URLSearchHook: Yahoo! Toolbar mit Pop-Up-Blocker - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
R3 - URLSearchHook: (no name) - {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Programme\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
O2 - BHO: Ask Search Assistant BHO - {0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Programme\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Programme\FlashGet\jccatch.dll
O2 - BHO: {ba8f3603-48e7-91fb-fbc4-8aa38aeeb653} - {356beea8-3aa8-4cbf-bf19-7e843063f8ab} - C:\WINDOWS\system32\wckusoxh.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {DDE7E8A4-70B4-46E6-BAF3-52BFBC0FFF37} - C:\WINDOWS\system32\mlljk.dll
O2 - BHO: Ask Toolbar BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Programme\AskSBar\bar\1.bin\ASKSBAR.DLL
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Programme\FlashGet\getflash.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll
O3 - Toolbar: Copernic Desktop Search 2 - {968631B6-4729-440D-9BF4-251F5593EC9A} - C:\Programme\Copernic Desktop Search 2\DesktopSearchBand202000032.dll
O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Programme\AskSBar\bar\1.bin\ASKSBAR.DLL
O3 - Toolbar: (no name) - {11A69AE4-FBED-4832-A2BF-45AF82825583} - (no file)
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\System32\LVCOMSX.EXE
O4 - HKLM\..\Run: [ePower_DMC] "C:\Acer\Empowering Technology\ePower\ePower_DMC.exe"
O4 - HKLM\..\Run: [Acer ePower Management] "C:\Acer\Empowering Technology\ePower\Acer ePower Management.exe" boot
O4 - HKLM\..\Run: [atwtusb] "atwtusb.exe" beta
O4 - HKLM\..\Run: [ADMTray.exe] "C:\Acer\Empowering Technology\admtray.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [320d18a1] "rundll32.exe" "C:\WINDOWS\system32\tugusbuf.dll",b
O4 - HKLM\..\Run: [KernelFaultCheck] C:\WINDOWS\system32\dumprep 0 -k
O4 - HKCU\..\Run: [LClock] C:\Programme\LClock\lclock.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Programme\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Stardock ObjectDock.lnk = C:\Programme\Stardock\ObjectDock\ObjectDock.exe
O4 - Startup: PopTray.lnk = C:\Programme\PopTray\PopTray.exe
O4 - Startup: Rainlendar.lnk = ?
O4 - Startup: Yahoo! Widget Engine.lnk = C:\Programme\Yahoo!\Widgets\YahooWidgetEngine.exe
O4 - Startup: Stickies.lnk = C:\Programme\stickies\stickies.exe
O8 - Extra context menu item: &Alles mit FlashGet laden - C:\PROGRA~1\FlashGet\jc_all.htm
O8 - Extra context menu item: &Mit FlashGet laden - C:\PROGRA~1\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Senden an &Bluetooth-Gerät... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
O9 - Extra button: (no name) - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Programme\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Programme\FlashGet\flashget.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Programme\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/win...soft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1195996406250
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab Class) - http://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} () - http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\MSN Messenger\msgrapp.8.1.0178.00.dll
O18 - Protocol: ms-help - {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll
O18 - Protocol: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\MSITSS.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\MSN Messenger\msgrapp.8.1.0178.00.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll
O18 - Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL
O20 - AppInit_DLLs: C:\WINDOWS\system32\__c002BC19.dat
O20 - Winlogon Notify: khfcyyx - C:\WINDOWS\system32\khfcyyx.dll (file missing)
O21 - SSODL: 0aMCPClient - {F5DF91F9-15E9-416B-A7C3-7519B11ECBFC} - C:\Programme\Gemeinsame Dateien\Stardock\MCPCore.dll
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Programme\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Unknown owner - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Programme\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AdminWorks Agent X6 (AWService) - Avocent Inc. - C:\Acer\Empowering Technology\admServ.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Programme\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Programme\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: DomainService - Unknown owner - C:\WINDOWS\system32\tpvcnvrf.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Programme\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Programme\iPod\bin\iPodService.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech - C:\Programme\Gemeinsame Dateien\Logitech\LVMVFM\LVPrcSrv.exe
O23 - Service: Nero BackItUp Scheduler 3 - Unknown owner - C:\Programme\Nero\Nero8\Nero
O23 - Service: NMIndexingService - Nero AG - C:\Programme\Gemeinsame Dateien\Nero\Lib\NMIndexingService.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Programme\CDBurnerXP\NMSAccessU.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Programme\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Programme\WinPCap\rpcapd.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Programme\Intel\Wireless\Bin\S24EvMon.exe


--
End of file - 13303 bytes
 

Attachments

T
#2 ·
-- File Associations -----------------------------------------------------------

.bat - batfile - DefaultIcon - C:\WINDOWS\system32\shell32.dll,71
.inf - inffile - DefaultIcon - C:\WINDOWS\system32\shell32.dll,69
.ini - inifile - DefaultIcon - C:\WINDOWS\system32\shell32.dll,69
.txt - txtfile - DefaultIcon - C:\WINDOWS\system32\shell32.dll,70


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 OsaFsLoc - c:\windows\system32\drivers\osafsloc.sys <Not Verified; OSA Technologies; >
R1 SCDEmu - c:\windows\system32\drivers\scdemu.sys <Not Verified; PowerISO Computing, Inc.; scdemu>
R2 AegisP (AEGIS Protocol (IEEE 802.1x) v3.4.9.0) - c:\windows\system32\drivers\aegisp.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 3.4.9.0>
R2 BTSERIAL (Bluetooth Serial Driver) - c:\windows\system32\drivers\btserial.sys <Not Verified; Broadcom Corporation.; Bluetooth Software 5.0.1.1500>
R2 EpmPsd (Acer EPM Power Scheme Driver) - c:\windows\system32\drivers\epm-psd.sys <Not Verified; Acer Value Labs, USA; Acer EPM Power Scheme Driver>
R2 EpmShd (Acer EPM System Hardware Driver) - c:\windows\system32\drivers\epm-shd.sys <Not Verified; Acer Value Labs, USA; Acer EPM System Hardware Driver>
R2 osaio - c:\windows\system32\drivers\osaio.sys <Not Verified; OSA Technologies, An Avocent Company; Windows (R) 2000 DDK driver>
R2 osanbm - c:\windows\system32\drivers\osanbm.sys <Not Verified; Windows (R) 2000 DDK provider; OSA int15 Driver>
R2 s24trans (WLAN-Transport) - c:\windows\system32\drivers\s24trans.sys <Not Verified; Intel Corporation; Intel Wireless LAN Packet Driver>
R3 LVPrcMon (Logitech LVPrcMon Driver) - c:\windows\system32\drivers\lvprcmon.sys
R3 NdisFilt (OSA NdisFilter Protocol) - c:\windows\system32\drivers\ndisfilt.sys <Not Verified; OSA Technologies; >

S3 Ad-Watch Connect Filter (Ad-Watch Connect Kernel Filter) - c:\windows\system32\drivers\nsdriver.sys <Not Verified; Lavasoft AB; Ad-Watch Connections>
S3 Ad-Watch Real-Time Scanner (AW Real-Time Scanner) - c:\windows\system32\drivers\awrtpd.sys <Not Verified; Lavasoft AB; Ad-Watch Beta>
S3 Ad-Watch Registry Filter (Ad-Watch Registry Kernel Filter) - c:\windows\system32\drivers\awrtrd.sys <Not Verified; Lavasoft AB; Ad-Watch Registry Protection>
S3 NETMNT (Acer NetMonitor Protocol) - c:\windows\system32\drivers\netmnt.sys
S3 NPF (NetGroup Packet Filter Driver) - c:\windows\system32\drivers\npf.sys <Not Verified; CACE Technologies; WinPcap Netgroup Packet Filter Driver>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 AntiVirScheduler (AntiVir PersonalEdition Classic Planer) - "c:\programme\antivir personaledition classic\sched.exe" <Not Verified; Avira GmbH; Scheduler>
R2 Apple Mobile Device - "c:\programme\gemeinsame dateien\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 AWService (AdminWorks Agent X6) - c:\acer\empowering technology\admserv.exe <Not Verified; Avocent Inc.; Acer Empowering framework>
R2 Bonjour Service (##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##) - c:\programme\bonjour\mdnsresponder.exe <Not Verified; Apple Computer, Inc.; Bonjour>
R2 Nero BackItUp Scheduler 3 - c:\programme\nero\nero8\nero backitup\nbservice.exe
R2 RegSrvc (Intel(R) PROSet/Wireless Registry Service) - c:\programme\intel\wireless\bin\regsrvc.exe <Not Verified; Intel Corporation; Intel(R) PROSet/Wireless Registry Service>

S2 DomainService - c:\windows\system32\tpvcnvrf.exe /service <Not Verified; ; DDC>
S3 FLEXnet Licensing Service - "c:\programme\gemeinsame dateien\macrovision shared\flexnet publisher\fnplicensingservice.exe" <Not Verified; Macrovision Europe Ltd.; FLEXnet Publisher (32 bit)>


-- Device Manager: Disabled ----------------------------------------------------

Class GUID:
Description: Modem Device on High Definition Audio Bus
Device ID: HDAUDIO\FUNC_02&VEN_14F1&DEV_2BFA&SUBSYS_1025007F&REV_0900\4&5CA37AC&0&0102
Manufacturer:
Name: Modem Device on High Definition Audio Bus
PNP Device ID: HDAUDIO\FUNC_02&VEN_14F1&DEV_2BFA&SUBSYS_1025007F&REV_0900\4&5CA37AC&0&0102
Service:

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: Ethernet-Controller
Device ID: PCI\VEN_14E4&DEV_170C&SUBSYS_00901025&REV_02\4&6B16D5B&0&08F0
Manufacturer:
Name: Ethernet-Controller
PNP Device ID: PCI\VEN_14E4&DEV_170C&SUBSYS_00901025&REV_02\4&6B16D5B&0&08F0
Service:


-- Scheduled Tasks -------------------------------------------------------------

2007-11-04 14:30:18 398 --a------ C:\WINDOWS\Tasks\1-Click Maintenance.job


-- Files created between 2007-10-29 and 2007-11-29 -----------------------------

2007-11-29 20:03:59 0 d-------- C:\WINDOWS\system32\ActiveScan
2007-11-29 19:17:30 0 d-------- C:\VundoFix Backups
2007-11-29 19:15:03 0 d-------- C:\HJT
2007-11-29 13:24:25 0 d-------- C:\Programme\AVG Anti-Spyware 7.5
2007-11-29 13:04:07 71232 --a------ C:\WINDOWS\system32\tpvcnvrf.exe <Not Verified; ; DDC>
2007-11-29 01:53:02 0 d--hs---- C:\FOUND.005
2007-11-29 01:24:29 0 d--hs---- C:\Dokumente und Einstellungen\Administrator.CHEFIN\Recent
2007-11-28 18:52:02 0 d--hs---- C:\FOUND.004
2007-11-28 18:03:09 85056 --a------ C:\WINDOWS\system32\auevdkgq.dll
2007-11-28 18:01:08 81984 --a------ C:\WINDOWS\system32\svrbwjux.dll
2007-11-28 01:15:58 0 d-------- C:\Programme\AskSBar
2007-11-28 00:54:02 164 --a------ C:\install.dat
2007-11-27 18:49:47 0 d-------- C:\Programme\Bonjour
2007-11-27 18:35:14 0 d-------- C:\Programme\Gemeinsame Dateien\Macrovision Shared
2007-11-27 18:07:16 8 --a------ C:\WINDOWS\system32\320d0a2f
2007-11-27 17:54:48 182566 --ahs---- C:\WINDOWS\system32\kjllm.ini2
2007-11-27 17:54:38 333408 -----n--- C:\WINDOWS\system32\mlljk.dll
2007-11-27 17:49:40 0 d-------- C:\Programme\MagicISO
2007-11-27 16:32:57 0 d-------- C:\Programme\AdobeCS3 Extended
2007-11-27 14:37:03 0 d-------- C:\Programme\WB6
2007-11-27 12:57:57 0 d-------- C:\Programme\Gemeinsame Dateien\ACD Systems
2007-11-27 12:52:00 0 d-------- C:\Programme\ACDSee Pro 2.0.219
2007-11-26 21:52:30 0 d--hs---- C:\FOUND.003
2007-11-26 14:23:15 0 d-------- C:\Programme\aTube Catcher 1.0 rc2
2007-11-26 00:21:21 204152 --a------ C:\WINDOWS\system32\GDIPFONTCACHEV1.DAT
2007-11-25 14:54:16 0 d-------- C:\Programme\Copernic Desktop Search 2
2007-11-21 21:04:44 2279936 --a------ C:\WINDOWS\system32\TUKernel.exe <Not Verified; Microsoft Corporation; Betriebssystem Microsoft® Windows®>
2007-11-21 13:59:54 0 d-------- C:\Programme\WinXP Manager
2007-11-14 17:49:16 0 d-------- C:\Programme\Datahjaelp
2007-11-14 16:37:13 83968 --a------ C:\WINDOWS\UnGins.exe
2007-11-13 18:59:54 0 d-------- C:\Programme\Nero
2007-11-13 18:59:54 0 d-------- C:\Programme\Gemeinsame Dateien\Nero
2007-11-09 16:59:46 0 d--hs---- C:\FOUND.002
2007-11-09 13:39:16 0 d-------- C:\Programme\Lavasoft
2007-11-07 21:39:54 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2007-11-06 20:50:29 0 d-------- C:\Programme\Microsoft Expression
2007-11-06 14:48:01 0 d-------- C:\Programme\Microsoft Works
2007-11-06 14:46:55 0 d-------- C:\Programme\Microsoft.NET
2007-11-06 14:43:08 0 d-------- C:\Programme\Microsoft Visual Studio 8
2007-11-06 14:41:04 0 dr-h----- C:\MSOCache
2007-11-06 14:39:29 0 d-------- C:\Programme\MicrosoftOffice2007
2007-11-06 14:05:26 0 d-------- C:\Programme\PowerISO
2007-11-05 22:35:42 0 d-------- C:\Programme\SystemRequirementsLab
2007-11-05 14:54:07 0 d-------- C:\Programme\phonostar
2007-11-04 17:53:32 0 d-------- C:\Programme\CDBurnerXP
2007-11-04 10:19:29 0 d-------- C:\Programme\TuneUp Utilities 2007
2007-10-29 20:32:24 0 d-------- C:\Programme\Wise Registry Cleaner


-- Find3M Report ---------------------------------------------------------------

2007-11-29 13:24:56 0 d-------- C:\Dokumente und Einstellungen\Administrator.CHEFIN\Anwendungsdaten\Grisoft
2007-11-27 14:28:34 2560 --a------ C:\WINDOWS\_MSRSTRT.EXE
2007-11-27 12:59:22 0 d-------- C:\Dokumente und Einstellungen\Administrator.CHEFIN\Anwendungsdaten\ACD Systems
2007-11-17 10:16:22 0 d-------- C:\Dokumente und Einstellungen\Administrator.CHEFIN\Anwendungsdaten\Uniblue
2007-11-13 19:02:12 0 d-------- C:\Dokumente und Einstellungen\Administrator.CHEFIN\Anwendungsdaten\Nero
2007-11-05 14:54:10 0 d-------- C:\Dokumente und Einstellungen\Administrator.CHEFIN\Anwendungsdaten\phonostar-Player
2007-11-04 10:19:30 0 d-------- C:\Dokumente und Einstellungen\Administrator.CHEFIN\Anwendungsdaten\TuneUp Software
2007-11-02 23:16:36 5772800 --a------ C:\WINDOWS\system32\logonuiX.exe <Not Verified; Microsoft Corporation; Betriebssystem Microsoft® Windows®>
2007-10-29 20:06:08 0 d-------- C:\Dokumente und Einstellungen\Administrator.CHEFIN\Anwendungsdaten\RegClean
2007-10-28 18:50:54 0 d-------- C:\Programme\TopStylePro 3.5
2007-10-20 11:25:40 0 d-------- C:\Dokumente und Einstellungen\Administrator.CHEFIN\Anwendungsdaten\Miranda
2007-10-20 11:25:02 0 d-------- C:\Programme\Miranda
2007-10-12 21:04:22 0 d-------- C:\Dokumente und Einstellungen\Administrator.CHEFIN\Anwendungsdaten\ICQ Toolbar
2007-10-12 16:43:12 0 d-------- C:\Programme\ICQToolbar
2007-10-12 16:42:42 0 d-------- C:\Programme\ICQ6
2007-10-12 12:27:34 0 d-------- C:\Dokumente und Einstellungen\Administrator.CHEFIN\Anwendungsdaten\InstallShield
2007-10-11 16:22:48 0 d-------- C:\Programme\Recuva
2007-10-11 09:55:10 88576 --a------ C:\WINDOWS\system32\infocardapi.dll <Not Verified; Microsoft Corporation; Microsoft® .NET Framework>
2007-10-09 15:06:16 0 d-------- C:\Programme\NT Registry Optimizer
2007-10-09 12:58:20 16896 --a------ C:\WINDOWS\system32\tswpfwrp.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-10-06 23:32:38 0 d-------- C:\Dokumente und Einstellungen\Administrator.CHEFIN\Anwendungsdaten\ICQ
2007-10-06 13:16:04 0 d-------- C:\Programme\Pegasus
2007-10-05 15:23:32 0 d-------- C:\Programme\OpenOffice.org 2.3
2007-10-05 15:20:06 0 d-------- C:\Programme\OpenOffice2.3
2007-09-16 20:58:16 2205 --a------ C:\Dokumente und Einstellungen\Administrator.CHEFIN\Anwendungsdaten\HPSU_48BitScanUpdate.log
2007-09-16 20:56:36 375 --a------ C:\Dokumente und Einstellungen\Administrator.CHEFIN\Anwendungsdaten\HelpFilesUpdatePatch_PRINTHELPWRAPPER.log
2007-09-16 20:56:32 0 --a------ C:\Dokumente und Einstellungen\Administrator.CHEFIN\Anwendungsdaten\HelpFilesUpdatePatch_HELPFILEREPLACE.log
2007-09-16 20:55:08 3301 --a------ C:\Dokumente und Einstellungen\Administrator.CHEFIN\Anwendungsdaten\PatchUpdate_InstantShareJPG.log
2007-09-16 20:54:36 4164 --a------ C:\Dokumente und Einstellungen\Administrator.CHEFIN\Anwendungsdaten\PatchUpdate_IZClosingDiscError.log
2007-09-16 20:53:04 33362 --a------ C:\Dokumente und Einstellungen\Administrator.CHEFIN\Anwendungsdaten\Update_HP_RedboxHprblog_HPSU.log
2007-09-16 20:37:28 139264 --a------ C:\WINDOWS\system32\hpzjrd01.dll <Not Verified; Hewlett Packard; Hewlett Packard Rediscovery Library>
2007-09-16 16:34:28 414 --a------ C:\Dokumente und Einstellungen\Administrator.CHEFIN\Anwendungsdaten\Hewlett-PackardHP Officejet 5600 series1189684373_UI.log
2007-09-16 16:34:28 469 --a------ C:\Dokumente und Einstellungen\Administrator.CHEFIN\Anwendungsdaten\Hewlett-PackardHP Officejet 5600 series1189684373_PROTOCOL.log
2007-09-16 16:34:14 0 --a------ C:\Dokumente und Einstellungen\Administrator.CHEFIN\Anwendungsdaten\Hewlett-PackardHP Officejet 5600 series1189684373_API.log
2007-09-13 12:40:16 418 --a------ C:\Dokumente und Einstellungen\Administrator.CHEFIN\Anwendungsdaten\Hewlett-PackardHP Officejet 5600 series1187802797_UI.log
2007-09-13 12:40:16 471 --a------ C:\Dokumente und Einstellungen\Administrator.CHEFIN\Anwendungsdaten\Hewlett-PackardHP Officejet 5600 series1187802797_PROTOCOL.log
2007-09-13 12:39:46 0 --a------ C:\Dokumente und Einstellungen\Administrator.CHEFIN\Anwendungsdaten\Hewlett-PackardHP Officejet 5600 series1187802797_API.log


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2}]
28.11.2007 01:16 66912 --a------ C:\Programme\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{356beea8-3aa8-4cbf-bf19-7e843063f8ab}]
C:\WINDOWS\system32\wckusoxh.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{DDE7E8A4-70B4-46E6-BAF3-52BFBC0FFF37}]
27.11.2007 17:54 333408 --------- C:\WINDOWS\system32\mlljk.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA}]
28.11.2007 01:16 267592 --a------ C:\Programme\AskSBar\bar\1.bin\ASKSBAR.DLL

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}"= C:\Programme\AskSBar\bar\1.bin\ASKSBAR.DLL [28.11.2007 01:16 267592]

[-HKEY_CLASSES_ROOT\CLSID\{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="RUNDLL32.exe" [04.08.2004 00:58 C:\WINDOWS\system32\rundll32.exe]
"LManager"="C:\PROGRA~1\LAUNCH~1\LManager.exe" [20.07.2006 22:15]
"LVCOMSX"="C:\WINDOWS\System32\LVCOMSX.EXE" [23.06.2006 10:39]
"ePower_DMC"="C:\Acer\Empowering Technology\ePower\ePower_DMC.exe" [14.04.2006 17:42]
"Acer ePower Management"="C:\Acer\Empowering Technology\ePower\Acer ePower Management.exe" [20.01.2006 15:56]
"atwtusb"="atwtusb.exe" [21.09.2005 18:08 C:\WINDOWS\system32\ATWTUSB.EXE]
"ADMTray.exe"="C:\Acer\Empowering Technology\admtray.exe" [24.10.2005 16:45]
"avgnt"="C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" [29.11.2007 12:53]
"320d18a1"="rundll32.exe" [04.08.2004 00:58 C:\WINDOWS\system32\rundll32.exe]
"KernelFaultCheck"="C:\WINDOWS\system32\dumprep 0 -k" []

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LClock"="C:\Programme\LClock\lclock.exe" [19.09.2004 20:27]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [04.08.2004 00:57]
"Yahoo! Pager"="C:\Programme\Yahoo!\Messenger\YahooMessenger.exe" [30.08.2007 17:43]

C:\Dokumente und Einstellungen\Administrator.CHEFIN\Startmenďż˝\Programme\Autostart\
Stardock ObjectDock.lnk - C:\Programme\Stardock\ObjectDock\ObjectDock.exe [09.08.2007 20:43:42]
PopTray.lnk - C:\Programme\PopTray\PopTray.exe [16.09.2006 15:01:16]
Rainlendar.lnk - C:\Programme\Rainlendar\Rainlendar.exe [21.01.2006 14:31:46]
Yahoo! Widget Engine.lnk - C:\Programme\Yahoo!\Widgets\YahooWidgetEngine.exe [20.07.2007 19:57:16]
Stickies.lnk - C:\Programme\stickies\stickies.exe [09.03.2007 00:28:20]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoInstrumentation"=1 (0x1)
"MaxRecentDocs"=15 (0xf)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\khfcyyx]
khfcyyx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]
C:\Programme\WB6\WindowBlinds\wbsrv.dll 27.11.2007 14:41 229376 C:\Programme\WB6\WindowBlinds\WbSrv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=C:\WINDOWS\system32\__c002BC19.dat

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\mlljk.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"MSMSGS"="C:\Programme\Messenger\msmsgs.exe" /background
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Programme\Gemeinsame Dateien\Nero\Lib\NMBgMonitor.exe"
"CursorXP"=C:\Programme\CursorXP\CursorXP.exe
"Copernic Desktop Search 2"="C:\Programme\Copernic Desktop Search 2\DesktopSearchService.exe" /tray
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
"SpybotSD TeaTimer"=C:\Programme\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"nwiz"=nwiz.exe /install
"NvMediaCenter"=RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
"NBKeyScan"="C:\Programme\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
"NeroFilterCheck"=C:\Programme\Gemeinsame Dateien\Nero\Lib\NeroCheck.exe
"eDataSecurity Loader"=C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
"Flashget"=C:\Programme\FlashGet\FlashGet.exe /min
"QuickTime Task"="C:\Programme\QuickTime\qttask.exe" -atboottime
"LogonStudio"="C:\Programme\WinCustomize\LogonStudio\logonstudio.exe" /RANDOM

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp




-- Hosts -----------------------------------------------------------------------

127.0.0.1 007guard.com
127.0.0.1 www.007guard.com
127.0.0.1 008i.com
127.0.0.1 008k.com
127.0.0.1 www.008k.com
127.0.0.1 00hq.com
127.0.0.1 www.00hq.com
127.0.0.1 010402.com
127.0.0.1 032439.com
127.0.0.1 www.032439.com

7429 more entries in hosts file.


-- End of Deckard's System Scanner: finished at 2007-11-29 23:52:20 ------------
 
Status
Not open for further replies.
You have insufficient privileges to reply here.
Tech Support Forum
posts
4.8M
members
966K
Since
2002
A forum community dedicated to tech experts and enthusiasts. Come join the discussion about articles, computer security, Mac, Microsoft, Linux, hardware, networking, gaming, reviews, accessories, and more!
Full Forum Listing
Explore Our Forums
Windows 7 , Windows Vista Support Motherboards, Bios|UEFI & CPU Networking Support Hard Drive & SSD Support PC Gaming Support