Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

For RODAV: Strange Internet Behaviour

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Strange Internet behaviour

Unread postby fierce81 » July 27th, 2008, 1:33 pm

Dear all,
I am posting this from a friends PC as mine is not working properly.
Maybe you can help me.
I have tried quite a few Anit-Virus runs (AVG Anti-Virus) already and I am open for new suggestions.

Symptoms:
- Windows XP SP2 is starting normal
- Connection to the internet "Cable" established
- May open "google.com" but I cannot "send" any information (but ping google.com worked fine)
- Also had some problems with this site here ... I could log on but I could not access the forums
- After some time a IE7 window tries to open the page: 89.188.16.28/?ver=89&cmp=profiling4&uid=2E213A0C5B3511DD83B3201674CFFFFF&guid=7634579611

AVG Anti-virus found several Trojan horses: BHO.O, Generic11.FT, Vundo.O, NaviPromo.N, Downloader.Agent.AIQF, BHO.DYK, Downloader.Generic7.IGX and Generic2.JFQ
- but it seems, that the problem still persists ...

Here is my log from HijackThis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:01:20, on 27.07.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
D:\Programme\Lavasoft\Ad-Aware\aawservice.exe
C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Programme\Apoint2K\Apoint.exe
C:\Programme\Apoint2K\Apntex.exe
D:\Programme\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
D:\Programme\CyberLink\PowerDVD\PDVDServ.exe
C:\Programme\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programme\QuickTime\QTTask.exe
D:\Programme\iTunes\iTunesHelper.exe
D:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\Rundll32.exe
D:\PROGRA~1\MICROS~2\wcescomm.exe
C:\Programme\Gemeinsame Dateien\AAV\aavus.exe
C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\ctfmon.exe
D:\PROGRA~1\MICROS~2\rapimgr.exe
D:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Programme\Bonjour\mDNSResponder.exe
D:\Programme\DLink\Bluetooth Software\bin\btwdins.exe
C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Programme\Google\Google Updater\GoogleUpdater.exe
C:\WINDOWS\System32\svchost.exe
D:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Programme\Canon\CAL\CALMAIN.exe
C:\Programme\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
D:\PROGRA~1\MICROS~1\OFFICE11\OUTLOOK.EXE
D:\Programme\Microsoft Office\OFFICE11\WINWORD.EXE
C:\WINDOWS\explorer.exe
D:\Programme\Microsoft Office\OFFICE11\POWERPNT.EXE
C:\Programme\Internet Explorer\IEXPLORE.EXE
D:\Programme\Mozilla Firefox\firefox.exe
D:\Programme\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.1.1
R3 - URLSearchHook: Yahoo! Toolbar mit Pop-Up-Blocker - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1D0B1B2F-4D44-48DC-AE5A-F4BBBAE2A83F} - (no file)
O2 - BHO: {80c66369-410b-7aa9-c0b4-443026b3e0e6} - {6e0e3b62-0344-4b0c-9aa7-b01496366c08} - C:\WINDOWS\system32\qpqdqo.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {8FE9CF5A-23E6-42D9-99E1-200093528D72} - (no file)
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - D:\Programme\AVG\AVG8\avgtoolbar.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - D:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - D:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Yahoo! Toolbar mit Pop-Up-Blocker - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &TerraTec Home Cinema - {AD6E6555-FB2C-47D4-8339-3E2965509877} - D:\PROGRA~1\TerraTec\TERRAT~1\THCDES~1.DLL
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - D:\Programme\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - D:\Programme\AVG\AVG8\avgtoolbar.dll
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Apoint] C:\Programme\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "D:\Programme\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [RemoteControl] D:\Programme\CyberLink\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "D:\Programme\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] D:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [3065e468] rundll32.exe "C:\WINDOWS\system32\rehhroiq.dll",b
O4 - HKLM\..\Run: [BM3356d7f4] Rundll32.exe "C:\WINDOWS\system32\okqhjjwy.dll",s
O4 - HKCU\..\Run: [H/PC Connection Agent] "D:\PROGRA~1\MICROS~2\wcescomm.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Google Updater.lnk = C:\Programme\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: Convert link target to Adobe PDF - res://D:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://D:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://D:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://D:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://D:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://D:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://D:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://D:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://D:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Senden an &Bluetooth - D:\Programme\DLink\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - D:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - D:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra 'Tools' menuitem: Mobilen Favoriten erstellen... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - D:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - D:\Programme\DLink\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - D:\Programme\DLink\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Programme\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftup ... 4981720713
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 4981695197
O17 - HKLM\System\CCS\Services\Tcpip\..\{C861D032-3F4F-485E-8CCC-32B33C0B0569}: NameServer = 192.168.0.1
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - D:\Programme\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL,avgrsstx.dll
O20 - Winlogon Notify: mlJYqRIx - mlJYqRIx.dll (file missing)
O23 - Service: AAV UpdateService - Unknown owner - C:\Programme\Gemeinsame Dateien\AAV\aavus.exe
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - D:\Programme\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - D:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour-Dienst (Bonjour Service) - Apple Inc. - C:\Programme\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - D:\Programme\DLink\Bluetooth Software\bin\btwdins.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Programme\Canon\CAL\CALMAIN.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Programme\iPod\bin\iPodService.exe

--
End of file - 11651 bytes


I would be very happy if you could help me!!!

Thanks from Frankfurt / Germany.

fierce81
fierce81
Active Member
 
Posts: 8
Joined: July 27th, 2008, 1:04 pm
Advertisement
Register to Remove

Re: Strange Internet behaviour

Unread postby Rodav » July 28th, 2008, 2:36 pm

Hello! :hello2: and welcome to the Malware Removal forums.
I would be glad to take a look at your log and help you with solving any malware problems. HijackThis logs can take a while to research so please be patient while I work on your log and I will post back here with any recommendations.

  • I will be working on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The fixes are specific to your problem and should only be used for this issue on this machine.
  • Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
  • It's often worth reading through these instructions and printing them for ease of reference.
  • If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
  • Please reply to this thread. Do not start a new topic.
User avatar
Rodav
MRU Master Emeritus
 
Posts: 1480
Joined: April 19th, 2007, 6:44 am
Location: Here, there and yonder.

Re: Strange Internet behaviour

Unread postby Rodav » July 28th, 2008, 2:40 pm

Step 1:
Please download Malwarebytes' Anti-Malware to your desktop.

  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform full scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Please save it to a convenient location.
  • The log can also be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
  • Post that log back here.


Step 2:
Download Deckard's System Scanner (DSS) to your Desktop. Note: You must be logged onto an account with administrator privileges.
  1. Close all applications and windows.
  2. Double-click on dss.exe to run it, and follow the prompts.
  3. When the scan is complete, two text files will open - main.txt <- this one will be maximized and extra.txt<-this one will be minimized
  4. Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of main.txt and the extra.txt in your reply.


Logs to Post:
Please copy and paste the following into your next reply:
  • The Malwarebytes report
  • main.txt and extra.txt from the DSS scan
User avatar
Rodav
MRU Master Emeritus
 
Posts: 1480
Joined: April 19th, 2007, 6:44 am
Location: Here, there and yonder.

Re: Strange Internet behaviour

Unread postby fierce81 » July 29th, 2008, 3:28 am

Hi Rodav,

thanks for your help.
I will post the logs end of this week as I will be on a business trip from today on.

Cheers firece81
fierce81
Active Member
 
Posts: 8
Joined: July 27th, 2008, 1:04 pm

Re: Strange Internet behaviour

Unread postby Rodav » July 29th, 2008, 5:30 am

Thanks for letting me know.
User avatar
Rodav
MRU Master Emeritus
 
Posts: 1480
Joined: April 19th, 2007, 6:44 am
Location: Here, there and yonder.

Re: Strange Internet behaviour

Unread postby fierce81 » August 2nd, 2008, 5:36 am

Hi Rodav,

finally I managed to run all your suggested scans.

Here are the results:

Malwarebytes:

alwarebytes' Anti-Malware 1.24
Database version: 1015
Windows 5.1.2600 Service Pack 2

11:22:35 02.08.2008
mbam-log-8-2-2008 (11-22-35).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 91114
Time elapsed: 2 hour(s), 58 minute(s), 35 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 11
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 5

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\Interface\{04a38f6b-006f-4247-ba4c-02a139d5531c} (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\minibugtransporter.minibugtransporterx (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\dslcnnct (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\IProxyProvider (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{1d0b1b2f-4d44-48dc-ae5a-f4bbbae2a83f} (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\cookies.ini (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\pskt.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\BM3356d7f4.xml (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\BM3356d7f4.txt (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xnxtgwkg.dll (Trojan.vundo) -> Quarantined and deleted successfully.

Main.txt
Deckard's System Scanner v20071014.68
Run by Xaver on 2008-08-02 11:24:49
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

System Restore is disabled; attempting to re-enable...success.


-- Last 1 Restore Point(s) --
1: 2008-08-02 09:24:53 UTC - RP1 - Systemprüfpunkt


Backed up registry hives.
Performed disk cleanup.

System Drive C: has 1.11 GiB (less than 15%) free.


-- HijackThis (run as Xaver.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:26:40, on 02.08.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
D:\Programme\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Gemeinsame Dateien\AAV\aavus.exe
C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
D:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
D:\Programme\DLink\Bluetooth Software\bin\btwdins.exe
C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Programme\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Canon\CAL\CALMAIN.exe
D:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Programme\Apoint2K\Apoint.exe
D:\Programme\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
D:\Programme\CyberLink\PowerDVD\PDVDServ.exe
C:\Programme\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programme\Apoint2K\Apntex.exe
C:\Programme\QuickTime\QTTask.exe
D:\Programme\iTunes\iTunesHelper.exe
D:\PROGRA~1\AVG\AVG8\avgtray.exe
D:\PROGRA~1\MICROS~2\wcescomm.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\iPod\bin\iPodService.exe
D:\PROGRA~1\MICROS~2\rapimgr.exe
D:\Programme\DLink\Bluetooth Software\BTTray.exe
C:\Programme\Google\Google Updater\GoogleUpdater.exe
D:\Programme\Mozilla Firefox\firefox.exe
D:\downloads\dss.exe
D:\PROGRA~1\TRENDM~1\HIJACK~1\Xaver.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.1.1
R3 - URLSearchHook: Yahoo! Toolbar mit Pop-Up-Blocker - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - D:\Programme\AVG\AVG8\avgtoolbar.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - D:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - D:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &TerraTec Home Cinema - {AD6E6555-FB2C-47D4-8339-3E2965509877} - D:\PROGRA~1\TerraTec\TERRAT~1\THCDES~1.DLL
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - D:\Programme\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - D:\Programme\AVG\AVG8\avgtoolbar.dll
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Apoint] C:\Programme\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "D:\Programme\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [RemoteControl] D:\Programme\CyberLink\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "D:\Programme\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] D:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [3065e468] rundll32.exe "C:\WINDOWS\system32\rehhroiq.dll",b
O4 - HKCU\..\Run: [H/PC Connection Agent] "D:\PROGRA~1\MICROS~2\wcescomm.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Google Updater.lnk = C:\Programme\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: Convert link target to Adobe PDF - res://D:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://D:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://D:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://D:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://D:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://D:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://D:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://D:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://D:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Senden an &Bluetooth - D:\Programme\DLink\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - D:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - D:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra 'Tools' menuitem: Mobilen Favoriten erstellen... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - D:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - D:\Programme\DLink\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - D:\Programme\DLink\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Programme\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftup ... 4981720713
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 4981695197
O17 - HKLM\System\CCS\Services\Tcpip\..\{006B45DC-376D-406B-9925-BEAA53343844}: NameServer = 213.191.74.11 213.191.92.82
O17 - HKLM\System\CCS\Services\Tcpip\..\{7D2BD5D1-459A-40E2-8D60-3D6889585E2B}: NameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{C861D032-3F4F-485E-8CCC-32B33C0B0569}: NameServer = 192.168.0.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{006B45DC-376D-406B-9925-BEAA53343844}: NameServer = 213.191.74.11 213.191.92.82
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - D:\Programme\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL,avgrsstx.dll,
O20 - Winlogon Notify: mlJYqRIx - mlJYqRIx.dll (file missing)
O23 - Service: AAV UpdateService - Unknown owner - C:\Programme\Gemeinsame Dateien\AAV\aavus.exe
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - D:\Programme\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - D:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - D:\Programme\DLink\Bluetooth Software\bin\btwdins.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Programme\Canon\CAL\CALMAIN.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Programme\iPod\bin\iPodService.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Programme\Spyware Terminator\sp_rsser.exe

--
End of file - 11141 bytes

-- File Associations -----------------------------------------------------------

.reg - regfile - shell\open\command - regedit.exe "%1" %*
.scr - scrfile - shell\open\command - "%1" %*


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 ENECBPTH (ENE Cardbus Patch Driver) - c:\windows\system32\drivers\enecbpth.sys <Not Verified; EnE Technology Inc.; EnE Cardbus Patch Driver for Windows (R) 2000/XP>
R0 PDDSLHND - c:\windows\system32\drivers\pddslhnd.sys <Not Verified; ProDyne; ProDyne DSL Handler>
R1 StarOpen - c:\windows\system32\drivers\staropen.sys
R2 BTSERIAL (Bluetooth Serial Driver) - c:\windows\system32\drivers\btserial.sys
R2 BTSLBCSP (Bluetooth Port Client Driver) - c:\windows\system32\drivers\btslbcsp.sys <Not Verified; WIDCOMM, Inc.; Bluetooth Software 1.4.2 Build 10>
R3 PDDSLADP (ProDyne DSL Adapter) - c:\windows\system32\drivers\pddsladp.sys <Not Verified; ProDyne; ProDyne DSL Adapter>

S2 ousbehci (NEC PCI to USB Enhanced Host Controller) - c:\windows\system32\drivers\ousbehci.sys <Not Verified; OrangeWare Corporation; USB 2.0 Enhanced Host Controller Driver>
S3 AF05BDA (Cinergy T USB XE service) - c:\windows\system32\drivers\af05bda.sys <Not Verified; AfaTech; AF9005 BDA Driver for USB Device>
S3 CBTNDIS5 (CBTNDIS5 NDIS Protocol Driver) - c:\windows\system32\cbtndis5.sys <Not Verified; Printing Communications Assoc., Inc. (PCAUSA); PCAUSA Rawether for Windows>
S3 ousb2hub (OrangeWare USB 2.0 Root Hub Support) - c:\windows\system32\drivers\ousb2hub.sys <Not Verified; OrangeWare Corporation; USB 2.0 Hub Driver>
S3 PDNETCTL (ProDyne MicroPPPoE) - c:\windows\system32\drivers\pdnetctl.sys <Not Verified; ProDyne; ProDyne DSL Driver>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 AAV UpdateService - c:\programme\gemeinsame dateien\aav\aavus.exe <Not Verified; ; AAV - Online Update Dienst>
R2 CCALib8 (Canon Camera Access Library 8) - c:\programme\canon\cal\calmain.exe <Not Verified; Canon Inc.; >
R2 sp_rssrv (Spyware Terminator Realtime Shield Service) - "c:\programme\spyware terminator\sp_rsser.exe" <Not Verified; Crawler.com; Crawler Spyware Terminator>


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Bluetooth LAN Access Server Driver
Device ID: ROOT\NET\0000
Manufacturer: D-Link
Name: Bluetooth LAN Access Server Driver
PNP Device ID: ROOT\NET\0000
Service: BTWDNDIS


-- Scheduled Tasks -------------------------------------------------------------

2008-07-12 13:45:50 276 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job


-- Files created between 2008-07-02 and 2008-08-02 -----------------------------

2008-08-02 08:00:36 0 dr-h----- C:\Dokumente und Einstellungen\Xaver\Recent
2008-08-02 07:53:56 0 d-------- C:\WINDOWS\CSC
2008-07-28 09:00:46 141312 --a------ C:\WINDOWS\system32\drivers\sp_rsdrv2.sys
2008-07-28 09:00:36 0 d-------- C:\Programme\Spyware Terminator
2008-07-27 09:44:48 0 d--h----- C:\$AVG8.VAULT$
2008-07-27 09:42:54 0 d-------- C:\WINDOWS\system32\drivers\Avg
2008-07-27 09:42:22 0 d-------- C:\Programme\AVG
2008-07-27 08:38:36 0 d-------- C:\Programme\Gemeinsame Dateien\Wise Installation Wizard
2008-07-26 21:17:14 0 d-------- C:\Programme\ESET(2)
2008-07-26 19:09:42 4718592 --a------ C:\Dokumente und Einstellungen\Xaver\ntuser.dat
2008-07-26 19:09:24 459934 --ahs---- C:\WINDOWS\system32\wHNXayay.ini2
2008-07-12 14:11:21 0 d-------- C:\Programme\iPod
2008-07-12 14:02:56 0 d-------- C:\Programme\QuickTime


-- Find3M Report ---------------------------------------------------------------

2008-08-02 08:22:11 0 d-------- C:\Dokumente und Einstellungen\Xaver\Anwendungsdaten\Malwarebytes
2008-08-02 07:56:21 0 d-------- C:\Dokumente und Einstellungen\Xaver\Anwendungsdaten\Spyware Terminator
2008-07-29 00:06:51 0 d-------- C:\Programme\Plaxo
2008-07-28 11:09:02 0 d-------- C:\Dokumente und Einstellungen\Xaver\Anwendungsdaten\Adobe
2008-07-28 09:15:06 0 d-------- C:\Programme\Yahoo!
2008-07-27 13:27:59 0 d-------- C:\Dokumente und Einstellungen\Xaver\Anwendungsdaten\AVGTOOLBAR
2008-07-27 08:38:36 0 d-------- C:\Programme\Gemeinsame Dateien
2008-07-18 09:05:14 0 d-------- C:\Programme\Gemeinsame Dateien\TerraTec
2008-07-12 14:33:22 2018 --a----c- C:\WINDOWS\mozver.dat
2008-07-12 13:50:58 0 d-------- C:\Programme\Apple Software Update
2008-06-29 20:44:50 2932 --a------ C:\WINDOWS\system32\d3d9caps.dat
2008-06-11 02:07:20 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2008-06-11 02:03:26 196608 --a------ C:\WINDOWS\system32\dtu100.dll <Not Verified; DivX, Inc.; DivX, Inc. dtu100>
2008-06-11 02:03:26 81920 --a------ C:\WINDOWS\system32\dpl100.dll <Not Verified; DivX, Inc.; DivX, Inc. dpl100>
2008-06-11 02:03:20 802816 --a------ C:\WINDOWS\system32\divx_xx11.dll <Not Verified; DivX, Inc.; DivX?>
2008-06-11 02:03:20 823296 --a------ C:\WINDOWS\system32\divx_xx0c.dll <Not Verified; DivX, Inc.; DivX®>
2008-06-11 02:03:20 815104 --a------ C:\WINDOWS\system32\divx_xx0a.dll <Not Verified; DivX, Inc.; DivX®>
2008-06-11 02:03:20 823296 --a------ C:\WINDOWS\system32\divx_xx07.dll <Not Verified; DivX, Inc.; DivX®>
2008-06-11 02:03:18 683520 --a------ C:\WINDOWS\system32\DivX.dll <Not Verified; DivX, Inc.; DivX®>
2008-06-08 16:38:54 0 d-------- C:\Dokumente und Einstellungen\Xaver\Anwendungsdaten\gtk-2.0
2008-06-07 18:17:30 463344 --a------ C:\WINDOWS\system32\perfh007.dat
2008-06-07 18:17:30 86100 --a------ C:\WINDOWS\system32\perfc007.dat
2008-05-23 00:18:54 12288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}]
27.07.2008 09:42 2055960 --a------ D:\Programme\AVG\AVG8\avgtoolbar.dll

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{A057A204-BACC-4D26-9990-79A187E2698E}"= D:\Programme\AVG\AVG8\avgtoolbar.dll [27.07.2008 09:42 2055960]

[-HKEY_CLASSES_ROOT\CLSID\{A057A204-BACC-4D26-9990-79A187E2698E}]
[HKEY_CLASSES_ROOT\avgtoolbar.AVGTOOLBAR]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIModeChange"="Ati2mdxx.exe" [04.09.2001 18:24 C:\WINDOWS\system32\Ati2mdxx.exe]
"ATIPTA"="C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe" [20.01.2004 22:10]
"AGRSMMSG"="AGRSMMSG.exe" [21.06.2002 11:47 C:\WINDOWS\AGRSMMSG.exe]
"Apoint"="C:\Programme\Apoint2K\Apoint.exe" [06.08.2002 08:48]
"Acrobat Assistant 7.0"="D:\Programme\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [14.12.2004 03:12]
"RemoteControl"="D:\Programme\CyberLink\PowerDVD\PDVDServ.exe" [02.11.2004 21:24]
"SunJavaUpdateSched"="C:\Programme\Java\jre1.6.0_03\bin\jusched.exe" [25.09.2007 01:11]
"KernelFaultCheck"="C:\WINDOWS\system32\dumprep 0 -k" []
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [03.08.2004 23:32]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [03.08.2004 23:31]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [03.08.2004 23:32]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [03.08.2004 23:32]
"BluetoothAuthenticationAgent"="bthprops.cpl" [04.08.2004 01:58 C:\WINDOWS\system32\bthprops.cpl]
"AppleSyncNotifier"="C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [10.07.2008 09:47]
"QuickTime Task"="C:\Programme\QuickTime\QTTask.exe" [27.05.2008 10:50]
"iTunesHelper"="D:\Programme\iTunes\iTunesHelper.exe" [10.07.2008 10:51]
"AVG8_TRAY"="D:\PROGRA~1\AVG\AVG8\avgtray.exe" [27.07.2008 09:42]
"3065e468"="C:\WINDOWS\system32\rehhroiq.dll" []

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"H/PC Connection Agent"="D:\PROGRA~1\MICROS~2\wcescomm.exe" [26.06.2006 21:09]
"@"="" []
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [04.08.2004 01:57]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Picasa Media Detector"=C:\Programme\Picasa2\PicasaMediaDetector.exe

C:\Dokumente und Einstellungen\All Users\Startmen\Programme\Autostart\
Adobe Acrobat Speed Launcher.lnk - C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe [10.02.2007 12:20:59]
BTTray.lnk - D:\Programme\DLink\Bluetooth Software\BTTray.exe [29.10.2003 19:41:58]
Google Updater.lnk - C:\Programme\Google\Google Updater\GoogleUpdater.exe [03.03.2007 16:06:25]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"ClearRecentDocsOnExit"=1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\mlJYqRIx]
mlJYqRIx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL,avgrsstx.dll,

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\yayaXNHw

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs BthServ




-- End of Deckard's System Scanner: finished at 2008-08-02 11:27:43 ------------

extra.txt

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: German

CPU 0: mobile AMD Athlon (tm) 1800+
Percentage of Memory in Use: 62%
Physical Memory (total/avail): 734.48 MiB / 276.04 MiB
Pagefile Memory (total/avail): 1797.72 MiB / 1401.27 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1925.63 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 9.81 GiB total, 1.11 GiB free.
D: is Fixed (NTFS) - 18.14 GiB total, 0.96 GiB free.
E: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - IC25N030ATCS04-0 - 27.95 GiB - 2 partitions
\PARTITION0 (bootable) - Installierbares Dateisystem - 9.81 GiB - C:
\PARTITION1 - Erweitert mit Int 13 (erweitert) - 18.14 GiB - D:



-- Security Center -------------------------------------------------------------

AUOptions is disabled.
Windows Internal Firewall is enabled.

AntiVirusDisableNotify is set.
FirewallDisableNotify is set.

AV: AVG Anti-Virus Free v8.0 (AVG Technologies)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"D:\\Programme\\Microsoft ActiveSync\\rapimgr.exe"="D:\\Programme\\Microsoft ActiveSync\\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"D:\\Programme\\Microsoft ActiveSync\\wcescomm.exe"="D:\\Programme\\Microsoft ActiveSync\\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"D:\\Programme\\Microsoft ActiveSync\\WCESMgr.exe"="D:\\Programme\\Microsoft ActiveSync\\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"D:\\Programme\\BearShare\\BearShare.exe"="D:\\Programme\\BearShare\\BearShare.exe:*:Enabled:BearShare"
"D:\\Programme\\mIRC\\mirc.exe"="D:\\Programme\\mIRC\\mirc.exe:*:Enabled:mIRC"
"D:\\Programme\\Winamp\\winamp.exe"="D:\\Programme\\Winamp\\winamp.exe:*:Enabled:Winamp"
"D:\\Programme\\TerraTec\\TerraTec Home Cinema\\CinergyDvr.exe"="D:\\Programme\\TerraTec\\TerraTec Home Cinema\\CinergyDvr.exe:*:Enabled:TerraTec Home Cinema"
"D:\\Programme\\TerraTec\\TerraTec Home Cinema\\CinergyDvrUpdate\\CinergyDvrUp_date.exe"="D:\\Programme\\TerraTec\\TerraTec Home Cinema\\CinergyDvrUpdate\\CinergyDvrUp_date.exe:*:Enabled:TerraTec Auto Update"
"C:\\Programme\\Joost\\xulrunner\\tvprunner.exe"="C:\\Programme\\Joost\\xulrunner\\tvprunner.exe:*:Enabled:tvprunner"
"D:\\Programme\\LimeWire\\LimeWire.exe"="D:\\Programme\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"D:\\Programme\\BearFlix\\bearflix.exe"="D:\\Programme\\BearFlix\\bearflix.exe:*:Enabled:BearFlix"
"D:\\Programme\\Veoh Networks\\Veoh\\VeohClient.exe"="D:\\Programme\\Veoh Networks\\Veoh\\VeohClient.exe:*:Enabled:Veoh Client"
"D:\\Programme\\Microsoft ActiveSync\\rapimgr.exe"="D:\\Programme\\Microsoft ActiveSync\\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"D:\\Programme\\Microsoft ActiveSync\\wcescomm.exe"="D:\\Programme\\Microsoft ActiveSync\\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"D:\\Programme\\Microsoft ActiveSync\\WCESMgr.exe"="D:\\Programme\\Microsoft ActiveSync\\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"
"F:\\Programme\\Microsoft Games\\Flight Simulator 9\\fs9.exe"="F:\\Programme\\Microsoft Games\\Flight Simulator 9\\fs9.exe:*:Enabled:Microsoft Flight Simulator"
"C:\\WINDOWS\\system32\\dpnsvr.exe"="C:\\WINDOWS\\system32\\dpnsvr.exe:*:Enabled:Microsoft DirectPlay8 Server"
"C:\\Programme\\Skype\\Phone\\Skype.exe"="C:\\Programme\\Skype\\Phone\\Skype.exe:*:Enabled:Skype. Take a deep breath "
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"D:\\Programme\\iTunes\\iTunes.exe"="D:\\Programme\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"D:\\Programme\\TerraTec\\TerraTec Home Cinema\\CinergyDvrHelper.exe"="D:\\Programme\\TerraTec\\TerraTec Home Cinema\\CinergyDvrHelper.exe:*:Enabled:TerraTec Home Cinema (Setup)"
"C:\\Programme\\uTorrent\\uTorrent.exe"="C:\\Programme\\uTorrent\\uTorrent.exe:*:Enabled:µTorrent"
"D:\\Programme\\AVG\\AVG8\\avgupd.exe"="D:\\Programme\\AVG\\AVG8\\avgupd.exe:*:Enabled:avgupd.exe"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Dokumente und Einstellungen\All Users
APPDATA=C:\Dokumente und Einstellungen\Xaver\Anwendungsdaten
CLASSPATH=.;C:\Programme\Java\jre1.6.0_03\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Programme\Gemeinsame Dateien
COMPUTERNAME=XAVER-M1
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Dokumente und Einstellungen\Xaver
LOGONSERVER=\\XAVER-M1
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=D:\Programme\Mozilla Firefox;D:\Programme\Mozilla Firefox;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Programme\ATI Technologies\ATI Control Panel;D:\Programme\Samsung\Samsung PC Studio 3;C:\Programme\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 8 Stepping 0, AuthenticAMD
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0800
ProgramFiles=C:\Programme
PROMPT=$P$G
QTJAVA=C:\Programme\Java\jre1.6.0_03\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOKUME~1\Xaver\LOKALE~1\Temp
TMP=C:\DOKUME~1\Xaver\LOKALE~1\Temp
USERDOMAIN=XAVER-M1
USERNAME=Xaver
USERPROFILE=C:\Dokumente und Einstellungen\Xaver
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Xaver (admin)
Administrator (new local, admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\Programme\Gemeinsame Dateien\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> D:\Programme\DivX\DivXConverterUninstall.exe /CONVERTER
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Ad-Aware --> MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Acrobat 7.0 Professional --> msiexec /I {AC76BA86-1033-0000-7760-000000000002}
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Agere Systems AC'97 Modem --> agrsmdel
Ahnenblatt --> C:\WINDOWS\system32\GKSUI20.EXE D:\Programme\Ahnenblatt\UninstallF462.DAT
Airplanes Installer --> F:\Programme\Airplanes Installer\Uninstal.exe
Alice-Installationsdateien entfernen --> C:\Programme\Gemeinsame Dateien\Alice\uninst.exe
Apple Mobile Device Support --> MsiExec.exe /I{35B91753-5789-4517-9CF1-2CCE3A8CF4F1}
Apple Software Update --> MsiExec.exe /I{02DFF6B1-1654-411C-8D7B-FD6052EF016F}
ATI - Dienstprogramm zur Deinstallation der Software --> C:\Programme\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI Control Panel --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe"
ATI Display Driver --> rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
AVG Free 8.0 --> D:\Programme\AVG\AVG8\setup.exe /UNINSTALL
BearFlix --> D:\PROGRA~1\BearFlix\UNWISE.EXE D:\PROGRA~1\BearFlix\INSTALL.LOG
BearShare --> D:\PROGRA~1\BEARSH~1\UNWISE.EXE D:\PROGRA~1\BEARSH~1\INSTALL.LOG
Bild-Steuer 2008 --> MsiExec.exe /I{7074F830-A21E-4E14-A461-C4278F806465}
Canon Camera Access Library --> "C:\Programme\Gemeinsame Dateien\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Programme\Canon\CAL\Uninst.ini"
Canon Camera Support Core Library --> "C:\Programme\Gemeinsame Dateien\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Programme\Canon\CSCLIB\Uninst.ini"
Canon Camera Window DC_DV 5 for ZoomBrowser EX --> "C:\Programme\Gemeinsame Dateien\Canon\UIW\1.0.0.0\Uninst.exe" "D:\Programme\Canon\CameraWindow\CameraWindowDVC\Uninst.ini"
Canon Camera Window DC_DV 6 for ZoomBrowser EX --> "C:\Programme\Gemeinsame Dateien\Canon\UIW\1.0.0.0\Uninst.exe" "D:\Programme\Canon\CameraWindow\CameraWindowDVC6\Uninst.ini"
Canon Camera Window MC 6 for ZoomBrowser EX --> "C:\Programme\Gemeinsame Dateien\Canon\UIW\1.0.0.0\Uninst.exe" "D:\Programme\Canon\CameraWindow\CameraWindowMC\Uninst.ini"
Canon G.726 WMP-Decoder --> "C:\Programme\Gemeinsame Dateien\Canon\UIW\1.0.0.0\Uninst.exe" "D:\Programme\Canon\G726Decoder\G726DecUnInstall.ini"
CANON iMAGE GATEWAY Task --> "C:\Programme\Gemeinsame Dateien\Canon\UIW\1.0.0.0\Uninst.exe" "D:\Programme\Canon\ZoomBrowser EX\Program\CRWUnInstall.ini"
Canon Internet Library for ZoomBrowser EX --> "C:\Programme\Gemeinsame Dateien\Canon\UIW\1.0.0.0\Uninst.exe" "D:\Programme\Canon\ZoomBrowser EX\Program\CIGUnInstall.ini"
Canon MovieEdit Task for ZoomBrowser EX --> "C:\Programme\Gemeinsame Dateien\Canon\UIW\1.0.0.0\Uninst.exe" "D:\Programme\Canon\ZoomBrowser EX\Program\MVWUninst.ini"
Canon RAW Image Task for ZoomBrowser EX --> "C:\Programme\Gemeinsame Dateien\Canon\UIW\1.0.0.0\Uninst.exe" "D:\Programme\Canon\RAW Image Task\Uninst.ini"
Canon RemoteCapture Task for ZoomBrowser EX --> "C:\Programme\Gemeinsame Dateien\Canon\UIW\1.0.0.0\Uninst.exe" "D:\Programme\Canon\CameraWindow\RemoteCaptureTask DC\Uninst.ini"
Canon Utilities EOS Utility --> "C:\Programme\Gemeinsame Dateien\Canon\UIW\1.0.0.0\Uninst.exe" "D:\Programme\Canon\EOS Utility\Uninst.ini"
Canon Utilities PhotoStitch --> "C:\Programme\Gemeinsame Dateien\Canon\UIW\1.0.0.0\Uninst.exe" "D:\Programme\Canon\PhotoStitch\Uninst.ini"
CCleaner (remove only) --> "D:\Programme\CCleaner\uninst.exe"
D-Link Bluetooth Software --> MsiExec.exe /X{FE90E9E7-A158-4687-8853-DF677A939A61}
DivX Converter --> D:\Programme\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player --> D:\Programme\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player --> D:\Programme\DivX\DivXWebPlayerUninstall.exe /PLUGIN
EditVoicepack --> MsiExec.exe /I{1EC65D1D-3911-4F7D-8B6A-63C69EDBFC6E}
EVEREST Home Edition v2.20 --> "D:\Programme\Lavalys\EVEREST Home Edition\unins000.exe"
FLIQLO Screen Saver --> C:\WINDOWS\system32\FLIQLO.scr /u
GIMP 2.4.4 --> "D:\Programme\GIMP-2.0\setup\unins000.exe"
Google Desktop --> C:\Programme\Google\Google Desktop Search\GoogleDesktopSetup.exe -uninstall
Google Updater --> "C:\Programme\Google\Google Updater\GoogleUpdater.exe" -uninstall
HijackThis 2.0.2 --> "D:\Programme\Trend Micro\HijackThis\HijackThis.exe" /uninstall
iTunes --> MsiExec.exe /I{EF6C4600-306D-4F6A-A119-C2A877D25B4A}
J2SE Runtime Environment 5.0 Update 11 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150110}
Java(TM) 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java(TM) SE Runtime Environment 6 Update 1 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
KVS Availability Tool [3.1.2] --> "D:\Programme\KVS Availability Tool\UNWISE32.EXE"
Malwarebytes' Anti-Malware --> "D:\Programme\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft ActiveSync 4.0 --> MsiExec.exe /I{B208806F-A231-4FA0-AB3F-5C1B8979223E}
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Flight Simulator 2004 A Century of Flight --> "F:\Programme\Microsoft Games\Flight Simulator 9\UNINSTAL.EXE" /runtemp /addremove
Microsoft Office Professional Edition 2003 --> MsiExec.exe /I{90110407-6000-11D3-8CFE-0150048383C9}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
mIRC --> "D:\Programme\mIRC\mirc.exe" -uninstall
Mozilla Firefox (2.0.0.16) --> D:\Programme\Mozilla Firefox\uninstall\helper.exe
MSXML 6.0 Parser (KB933579) --> MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
NOD32 FiX --> "D:\Programme\Eset\unins000.exe"
Picasa 2 --> "C:\Programme\Picasa2\Uninstall.exe"
Plaxo Toolbar for Outlook and Outlook Express --> C:\Programme\Plaxo\2.13.1.3\uninstall.exe
PowerDVD --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe" -uninstall
QuickTime --> MsiExec.exe /I{08CA9554-B5FE-4313-938F-D4A417B81175}
RealPlayer --> C:\Programme\Gemeinsame Dateien\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
SAMSUNG CDMA Modem Driver Set --> C:\WINDOWS\system32\Samsung_USB_Drivers\3\SSCDUninstall.exe
Samsung Mobile phone USB driver Software --> C:\WINDOWS\system32\Samsung_USB_Drivers\5\SSSDUninstall.exe
SAMSUNG Mobile USB Modem 1.0 Software --> C:\WINDOWS\system32\Samsung_USB_Drivers\1\SS_Uninstall.exe
SAMSUNG Mobile USB Modem Software --> C:\WINDOWS\system32\Samsung_USB_Drivers\2\SSM_Uninstall.exe
Samsung PC Studio --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{C4A4722E-79F9-417C-BD72-8D359A090C97}\setup.exe" -l0x7 -removeonly
Sicherheitsupdate für Windows XP (KB923789) --> C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf
Skype 3.1 --> "C:\Programme\Skype\Phone\unins000.exe"
Skype Plugin Manager --> MsiExec.exe /I{3D5E5C0A-5B36-4F98-99A7-287F7DBDCE03}
Spyware Terminator --> "C:\Programme\Spyware Terminator\unins000.exe"
StreamPlug Player --> d:/Programme/Cedelia/StreamPlug\StreamPlug Player.exe --uninstall
TerraTec Home Cinema --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{63B9BAB5-F36A-4A3B-9E5C-68A7F212BFB9}\setup.exe" -l0x7
VeohTV BETA --> C:\Programme\InstallShield Installation Information\{0405E51E-9582-4207-8F38-AC44201D3808}\setup.exe -runfromtemp -l0x0409
VideoLAN VLC media player 0.8.6h --> D:\Programme\VideoLAN\VLC\uninstall.exe
Winamp --> "D:\Programme\Winamp\UninstWA.exe"
Windows Imaging Component --> "C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
WinRAR archiver --> D:\Programme\WinRAR\uninstall.exe
XML Paper Specification Shared Components Language Pack 1.0 --> "C:\WINDOWS\$NtUninstallXPSEPSCLP$\spuninst\spuninst.exe"
XML Paper Specification Shared Components Pack 1.0 -->


-- Application Event Log -------------------------------------------------------

Event Record #/Type2698 / Error
Event Submitted/Written: 07/26/2008 11:27:21 PM
Event ID/Source: 0 / Spybot - Search & Destroy
Event Description:
Version: 1.6.0
Build: 20080707
Exception: Access violation at address 0051E40C in module 'SpybotSD.exe'. Write of address C995CD5D

Event Record #/Type2696 / Error
Event Submitted/Written: 07/26/2008 10:16:02 PM
Event ID/Source: 11704 / MsiInstaller
Event Description:
Produkt: Ad-Aware -- Fehler 1704. Die Installation von ESET NOD32 Antivirus ist derzeit vorübergehend gesperrt. Sie müssen die von dieser Installation vorgenommenen Änderungen widerrufen, um fortzufahren. Möchten Sie diese Änderungen widerrufen?

Event Record #/Type2678 / Error
Event Submitted/Written: 07/26/2008 09:18:56 PM
Event ID/Source: 10005 / MsiInstaller
Event Description:
Produkt: ESET NOD32 Antivirus -- Fehler 5001. Nach dem Deinstallieren von Programmkomponenten wurde der Computer bisher nicht neu gestartet. Bitte starten Sie den Computer neu, und starten Sie anschließend das Installationsprogramm erneut.

Event Record #/Type2664 / Error
Event Submitted/Written: 07/26/2008 06:04:29 PM
Event ID/Source: 11 / crypt32
Event Description:
Die Extrahierung der Drittanbieterstammlisten aus der automatischen Aktualisierungs-CAB-Datei bei <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> ist fehlgeschlagen mit dem Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.

Event Record #/Type2663 / Error
Event Submitted/Written: 07/26/2008 06:04:29 PM
Event ID/Source: 11 / crypt32
Event Description:
Die Extrahierung der Drittanbieterstammlisten aus der automatischen Aktualisierungs-CAB-Datei bei <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> ist fehlgeschlagen mit dem Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type14425 / Error
Event Submitted/Written: 08/02/2008 08:08:38 AM
Event ID/Source: 7000 / Service Control Manager
Event Description:
Der Dienst "NEC PCI to USB Enhanced Host Controller" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1058

Event Record #/Type14403 / Error
Event Submitted/Written: 08/02/2008 08:02:05 AM
Event ID/Source: 7000 / Service Control Manager
Event Description:
Der Dienst "NEC PCI to USB Enhanced Host Controller" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1058

Event Record #/Type14398 / Error
Event Submitted/Written: 08/02/2008 08:00:37 AM
Event ID/Source: 10005 / DCOM
Event Description:
Bei DCOM ist der Fehler "%%1084" aufgetreten, als der Dienst "EventSystem" mit den Argumenten ""
gestartet wurde, um den folgenden Server zu verwenden:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

Event Record #/Type14395 / Error
Event Submitted/Written: 08/02/2008 07:55:26 AM
Event ID/Source: 7026 / Service Control Manager
Event Description:
Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
AmdK7
AvgLdx86
AvgMfx86
Fips
StarOpen

Event Record #/Type14394 / Error
Event Submitted/Written: 08/02/2008 07:54:28 AM
Event ID/Source: 10005 / DCOM
Event Description:
Bei DCOM ist der Fehler "%%1084" aufgetreten, als der Dienst "EventSystem" mit den Argumenten ""
gestartet wurde, um den folgenden Server zu verwenden:
{1BE1F766-5536-11D1-B726-00C04FB926AF}



-- End of Deckard's System Scanner: finished at 2008-08-02 11:27:43 ------------
fierce81
Active Member
 
Posts: 8
Joined: July 27th, 2008, 1:04 pm

Re: Strange Internet behaviour

Unread postby Rodav » August 2nd, 2008, 3:08 pm

Remove File Sharing Programs
IMPORTANT I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.

BearShare
LimeWire
BearFlix
uTorrent


Please read the Guidelines for P2P Programs where we explain why it's not a good idea to have them.

Note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares.

Go to Control Panel > Add/Remove Programs and uninstall the programs listed above (in red) NOW.


There are signs of illegal programs in your logs. Most keygens and cracks as well as being illegal are malware themselves, even visiting websites where they are found is enough to get you infected. Remove NOD32 FiX via Add/Remove Programs also.




You desperately need to free up some space on your hard drive. If you have an external hard drive or something similar transfer any documents, movies, music, pictures...etc. onto it. I would also suggest you remove any unnecessary programs via Add/Remove Programs.


Step 1:
I am presuming you still have DSS.exe in D:\downloads folder since you ran it from there originally, please make sure it is still there or the next step will not work, then proceed with the following:
  • Click Start > Run then copy and paste the following into it:

    D:\downloads\dss.exe /config

  • click OK
  • This will bring up a pop up box. Click Check All.
  • Hit the Scan button.
  • When the scan is complete, two text files will open - main.txt <- this one will be maximized and extra.txt<-this one will be minimized
  • Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of main.txt and the extra.txt in your reply.


Logs to Post:
main.txt and the extra.txt from DSS (Deckard System Scanner).
User avatar
Rodav
MRU Master Emeritus
 
Posts: 1480
Joined: April 19th, 2007, 6:44 am
Location: Here, there and yonder.

Re: Strange Internet behaviour

Unread postby fierce81 » August 3rd, 2008, 8:10 am

Hi Rodav,

thanks for your suggestions.
I will look into my personal files and try to clear some space.

Concerning the P2P programs:
- Limewire
- uTorrent
- NOD32 Fix

they have been deinstalled already - they do not show in my Add/Remove Programs list.
So I am not sure why they still appear in your list?! :?

Here are the new logs from DSS:

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: German

CPU 0: mobile AMD Athlon (tm) 1800+
Percentage of Memory in Use: 61%
Physical Memory (total/avail): 734.48 MiB / 279.11 MiB
Pagefile Memory (total/avail): 1797.66 MiB / 1277.28 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1900.41 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 9.81 GiB total, 1.07 GiB free.
D: is Fixed (NTFS) - 18.14 GiB total, 0.96 GiB free.
E: is CDROM (UDF)

\\.\PHYSICALDRIVE0 - IC25N030ATCS04-0 - 27.95 GiB - 2 partitions
\PARTITION0 (bootable) - Installierbares Dateisystem - 9.81 GiB - C:
\PARTITION1 - Erweitert mit Int 13 (erweitert) - 18.14 GiB - D:



-- Security Center -------------------------------------------------------------

AUOptions is disabled.
Windows Internal Firewall is enabled.

AntiVirusDisableNotify is set.
FirewallDisableNotify is set.

AV: AVG Anti-Virus Free v8.0 (AVG Technologies)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"D:\\Programme\\Microsoft ActiveSync\\rapimgr.exe"="D:\\Programme\\Microsoft ActiveSync\\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"D:\\Programme\\Microsoft ActiveSync\\wcescomm.exe"="D:\\Programme\\Microsoft ActiveSync\\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"D:\\Programme\\Microsoft ActiveSync\\WCESMgr.exe"="D:\\Programme\\Microsoft ActiveSync\\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"D:\\Programme\\BearShare\\BearShare.exe"="D:\\Programme\\BearShare\\BearShare.exe:*:Enabled:BearShare"
"D:\\Programme\\mIRC\\mirc.exe"="D:\\Programme\\mIRC\\mirc.exe:*:Enabled:mIRC"
"D:\\Programme\\Winamp\\winamp.exe"="D:\\Programme\\Winamp\\winamp.exe:*:Enabled:Winamp"
"D:\\Programme\\TerraTec\\TerraTec Home Cinema\\CinergyDvr.exe"="D:\\Programme\\TerraTec\\TerraTec Home Cinema\\CinergyDvr.exe:*:Enabled:TerraTec Home Cinema"
"D:\\Programme\\TerraTec\\TerraTec Home Cinema\\CinergyDvrUpdate\\CinergyDvrUp_date.exe"="D:\\Programme\\TerraTec\\TerraTec Home Cinema\\CinergyDvrUpdate\\CinergyDvrUp_date.exe:*:Enabled:TerraTec Auto Update"
"C:\\Programme\\Joost\\xulrunner\\tvprunner.exe"="C:\\Programme\\Joost\\xulrunner\\tvprunner.exe:*:Enabled:tvprunner"
"D:\\Programme\\LimeWire\\LimeWire.exe"="D:\\Programme\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"D:\\Programme\\BearFlix\\bearflix.exe"="D:\\Programme\\BearFlix\\bearflix.exe:*:Enabled:BearFlix"
"D:\\Programme\\Veoh Networks\\Veoh\\VeohClient.exe"="D:\\Programme\\Veoh Networks\\Veoh\\VeohClient.exe:*:Enabled:Veoh Client"
"D:\\Programme\\Microsoft ActiveSync\\rapimgr.exe"="D:\\Programme\\Microsoft ActiveSync\\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"D:\\Programme\\Microsoft ActiveSync\\wcescomm.exe"="D:\\Programme\\Microsoft ActiveSync\\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"D:\\Programme\\Microsoft ActiveSync\\WCESMgr.exe"="D:\\Programme\\Microsoft ActiveSync\\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"
"F:\\Programme\\Microsoft Games\\Flight Simulator 9\\fs9.exe"="F:\\Programme\\Microsoft Games\\Flight Simulator 9\\fs9.exe:*:Enabled:Microsoft Flight Simulator"
"C:\\WINDOWS\\system32\\dpnsvr.exe"="C:\\WINDOWS\\system32\\dpnsvr.exe:*:Enabled:Microsoft DirectPlay8 Server"
"C:\\Programme\\Skype\\Phone\\Skype.exe"="C:\\Programme\\Skype\\Phone\\Skype.exe:*:Enabled:Skype. Take a deep breath "
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"D:\\Programme\\iTunes\\iTunes.exe"="D:\\Programme\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"D:\\Programme\\TerraTec\\TerraTec Home Cinema\\CinergyDvrHelper.exe"="D:\\Programme\\TerraTec\\TerraTec Home Cinema\\CinergyDvrHelper.exe:*:Enabled:TerraTec Home Cinema (Setup)"
"C:\\Programme\\uTorrent\\uTorrent.exe"="C:\\Programme\\uTorrent\\uTorrent.exe:*:Enabled:µTorrent"
"D:\\Programme\\AVG\\AVG8\\avgupd.exe"="D:\\Programme\\AVG\\AVG8\\avgupd.exe:*:Enabled:avgupd.exe"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Dokumente und Einstellungen\All Users
APPDATA=C:\Dokumente und Einstellungen\Xaver\Anwendungsdaten
CLASSPATH=.;C:\Programme\Java\jre1.6.0_03\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Programme\Gemeinsame Dateien
COMPUTERNAME=XAVER-M1
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Dokumente und Einstellungen\Xaver
LOGONSERVER=\\XAVER-M1
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Programme\ATI Technologies\ATI Control Panel;D:\Programme\Samsung\Samsung PC Studio 3;C:\Programme\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 8 Stepping 0, AuthenticAMD
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0800
ProgramFiles=C:\Programme
PROMPT=$P$G
QTJAVA=C:\Programme\Java\jre1.6.0_03\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOKUME~1\Xaver\LOKALE~1\Temp
TMP=C:\DOKUME~1\Xaver\LOKALE~1\Temp
USERDOMAIN=XAVER-M1
USERNAME=Xaver
USERPROFILE=C:\Dokumente und Einstellungen\Xaver
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Xaver (admin)
Administrator (new local, admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\Programme\Gemeinsame Dateien\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> D:\Programme\DivX\DivXConverterUninstall.exe /CONVERTER
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Ad-Aware --> MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Acrobat 7.0 Professional --> msiexec /I {AC76BA86-1033-0000-7760-000000000002}
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Agere Systems AC'97 Modem --> agrsmdel
Ahnenblatt --> C:\WINDOWS\system32\GKSUI20.EXE D:\Programme\Ahnenblatt\UninstallF462.DAT
Airplanes Installer --> F:\Programme\Airplanes Installer\Uninstal.exe
Alice-Installationsdateien entfernen --> C:\Programme\Gemeinsame Dateien\Alice\uninst.exe
Apple Mobile Device Support --> MsiExec.exe /I{35B91753-5789-4517-9CF1-2CCE3A8CF4F1}
Apple Software Update --> MsiExec.exe /I{02DFF6B1-1654-411C-8D7B-FD6052EF016F}
ATI - Dienstprogramm zur Deinstallation der Software --> C:\Programme\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI Control Panel --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe"
ATI Display Driver --> rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
AVG Free 8.0 --> D:\Programme\AVG\AVG8\setup.exe /UNINSTALL
BearFlix --> D:\PROGRA~1\BearFlix\UNWISE.EXE D:\PROGRA~1\BearFlix\INSTALL.LOG
BearShare --> D:\PROGRA~1\BEARSH~1\UNWISE.EXE D:\PROGRA~1\BEARSH~1\INSTALL.LOG
Bild-Steuer 2008 --> MsiExec.exe /I{7074F830-A21E-4E14-A461-C4278F806465}
Canon Camera Access Library --> "C:\Programme\Gemeinsame Dateien\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Programme\Canon\CAL\Uninst.ini"
Canon Camera Support Core Library --> "C:\Programme\Gemeinsame Dateien\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Programme\Canon\CSCLIB\Uninst.ini"
Canon Camera Window DC_DV 5 for ZoomBrowser EX --> "C:\Programme\Gemeinsame Dateien\Canon\UIW\1.0.0.0\Uninst.exe" "D:\Programme\Canon\CameraWindow\CameraWindowDVC\Uninst.ini"
Canon Camera Window DC_DV 6 for ZoomBrowser EX --> "C:\Programme\Gemeinsame Dateien\Canon\UIW\1.0.0.0\Uninst.exe" "D:\Programme\Canon\CameraWindow\CameraWindowDVC6\Uninst.ini"
Canon Camera Window MC 6 for ZoomBrowser EX --> "C:\Programme\Gemeinsame Dateien\Canon\UIW\1.0.0.0\Uninst.exe" "D:\Programme\Canon\CameraWindow\CameraWindowMC\Uninst.ini"
Canon G.726 WMP-Decoder --> "C:\Programme\Gemeinsame Dateien\Canon\UIW\1.0.0.0\Uninst.exe" "D:\Programme\Canon\G726Decoder\G726DecUnInstall.ini"
CANON iMAGE GATEWAY Task --> "C:\Programme\Gemeinsame Dateien\Canon\UIW\1.0.0.0\Uninst.exe" "D:\Programme\Canon\ZoomBrowser EX\Program\CRWUnInstall.ini"
Canon Internet Library for ZoomBrowser EX --> "C:\Programme\Gemeinsame Dateien\Canon\UIW\1.0.0.0\Uninst.exe" "D:\Programme\Canon\ZoomBrowser EX\Program\CIGUnInstall.ini"
Canon MovieEdit Task for ZoomBrowser EX --> "C:\Programme\Gemeinsame Dateien\Canon\UIW\1.0.0.0\Uninst.exe" "D:\Programme\Canon\ZoomBrowser EX\Program\MVWUninst.ini"
Canon RAW Image Task for ZoomBrowser EX --> "C:\Programme\Gemeinsame Dateien\Canon\UIW\1.0.0.0\Uninst.exe" "D:\Programme\Canon\RAW Image Task\Uninst.ini"
Canon RemoteCapture Task for ZoomBrowser EX --> "C:\Programme\Gemeinsame Dateien\Canon\UIW\1.0.0.0\Uninst.exe" "D:\Programme\Canon\CameraWindow\RemoteCaptureTask DC\Uninst.ini"
Canon Utilities EOS Utility --> "C:\Programme\Gemeinsame Dateien\Canon\UIW\1.0.0.0\Uninst.exe" "D:\Programme\Canon\EOS Utility\Uninst.ini"
Canon Utilities PhotoStitch --> "C:\Programme\Gemeinsame Dateien\Canon\UIW\1.0.0.0\Uninst.exe" "D:\Programme\Canon\PhotoStitch\Uninst.ini"
CCleaner (remove only) --> "D:\Programme\CCleaner\uninst.exe"
D-Link Bluetooth Software --> MsiExec.exe /X{FE90E9E7-A158-4687-8853-DF677A939A61}
DivX Converter --> D:\Programme\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player --> D:\Programme\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player --> D:\Programme\DivX\DivXWebPlayerUninstall.exe /PLUGIN
EditVoicepack --> MsiExec.exe /I{1EC65D1D-3911-4F7D-8B6A-63C69EDBFC6E}
EVEREST Home Edition v2.20 --> "D:\Programme\Lavalys\EVEREST Home Edition\unins000.exe"
FLIQLO Screen Saver --> C:\WINDOWS\system32\FLIQLO.scr /u
GIMP 2.4.4 --> "D:\Programme\GIMP-2.0\setup\unins000.exe"
Google Desktop --> C:\Programme\Google\Google Desktop Search\GoogleDesktopSetup.exe -uninstall
Google Updater --> "C:\Programme\Google\Google Updater\GoogleUpdater.exe" -uninstall
HijackThis 2.0.2 --> "D:\Programme\Trend Micro\HijackThis\HijackThis.exe" /uninstall
iTunes --> MsiExec.exe /I{EF6C4600-306D-4F6A-A119-C2A877D25B4A}
J2SE Runtime Environment 5.0 Update 11 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150110}
Java(TM) 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java(TM) SE Runtime Environment 6 Update 1 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
KVS Availability Tool [3.1.2] --> "D:\Programme\KVS Availability Tool\UNWISE32.EXE"
Malwarebytes' Anti-Malware --> "D:\Programme\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft ActiveSync 4.0 --> MsiExec.exe /I{B208806F-A231-4FA0-AB3F-5C1B8979223E}
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Flight Simulator 2004 A Century of Flight --> "F:\Programme\Microsoft Games\Flight Simulator 9\UNINSTAL.EXE" /runtemp /addremove
Microsoft Office Professional Edition 2003 --> MsiExec.exe /I{90110407-6000-11D3-8CFE-0150048383C9}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
mIRC --> "D:\Programme\mIRC\mirc.exe" -uninstall
Mozilla Firefox (2.0.0.16) --> D:\Programme\Mozilla Firefox\uninstall\helper.exe
MSXML 6.0 Parser (KB933579) --> MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
NOD32 FiX --> "D:\Programme\Eset\unins000.exe"
Picasa 2 --> "C:\Programme\Picasa2\Uninstall.exe"
Plaxo Toolbar for Outlook and Outlook Express --> C:\Programme\Plaxo\2.13.1.3\uninstall.exe
PowerDVD --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe" -uninstall
QuickTime --> MsiExec.exe /I{08CA9554-B5FE-4313-938F-D4A417B81175}
RealPlayer --> C:\Programme\Gemeinsame Dateien\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
SAMSUNG CDMA Modem Driver Set --> C:\WINDOWS\system32\Samsung_USB_Drivers\3\SSCDUninstall.exe
Samsung Mobile phone USB driver Software --> C:\WINDOWS\system32\Samsung_USB_Drivers\5\SSSDUninstall.exe
SAMSUNG Mobile USB Modem 1.0 Software --> C:\WINDOWS\system32\Samsung_USB_Drivers\1\SS_Uninstall.exe
SAMSUNG Mobile USB Modem Software --> C:\WINDOWS\system32\Samsung_USB_Drivers\2\SSM_Uninstall.exe
Samsung PC Studio --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{C4A4722E-79F9-417C-BD72-8D359A090C97}\setup.exe" -l0x7 -removeonly
Sicherheitsupdate für Windows XP (KB923789) --> C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf
Skype 3.1 --> "C:\Programme\Skype\Phone\unins000.exe"
Skype Plugin Manager --> MsiExec.exe /I{3D5E5C0A-5B36-4F98-99A7-287F7DBDCE03}
Spyware Terminator --> "C:\Programme\Spyware Terminator\unins000.exe"
StreamPlug Player --> d:/Programme/Cedelia/StreamPlug\StreamPlug Player.exe --uninstall
TerraTec Home Cinema --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{63B9BAB5-F36A-4A3B-9E5C-68A7F212BFB9}\setup.exe" -l0x7
VeohTV BETA --> C:\Programme\InstallShield Installation Information\{0405E51E-9582-4207-8F38-AC44201D3808}\setup.exe -runfromtemp -l0x0409
VideoLAN VLC media player 0.8.6h --> D:\Programme\VideoLAN\VLC\uninstall.exe
Winamp --> "D:\Programme\Winamp\UninstWA.exe"
Windows Imaging Component --> "C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
WinRAR archiver --> D:\Programme\WinRAR\uninstall.exe
XML Paper Specification Shared Components Language Pack 1.0 --> "C:\WINDOWS\$NtUninstallXPSEPSCLP$\spuninst\spuninst.exe"
XML Paper Specification Shared Components Pack 1.0 -->


-- Application Event Log -------------------------------------------------------

Event Record #/Type2759 / Error
Event Submitted/Written: 08/02/2008 11:35:30 AM
Event ID/Source: 1000 / Application Error
Event Description:
Fehlgeschlagene Anwendung firefox.exe, Version 1.8.20080.4669, fehlgeschlagenes Modul js3250.dll, Version 4.0.0.0, Fehleradresse 0x0001f958.
Das medienspezifische Ereignis für [firefox.exe!ws!] wird verarbeitet.

Event Record #/Type2758 / Error
Event Submitted/Written: 08/02/2008 11:35:13 AM
Event ID/Source: 1000 / Application Error
Event Description:
Fehlgeschlagene Anwendung firefox.exe, Version 1.8.20080.4669, fehlgeschlagenes Modul firefox.exe, Version 1.8.20080.4669, Fehleradresse 0x002d5bb7.
Das medienspezifische Ereignis für [firefox.exe!ws!] wird verarbeitet.

Event Record #/Type2698 / Error
Event Submitted/Written: 07/26/2008 11:27:21 PM
Event ID/Source: 0 / Spybot - Search & Destroy
Event Description:
Version: 1.6.0
Build: 20080707
Exception: Access violation at address 0051E40C in module 'SpybotSD.exe'. Write of address C995CD5D

Event Record #/Type2696 / Error
Event Submitted/Written: 07/26/2008 10:16:02 PM
Event ID/Source: 11704 / MsiInstaller
Event Description:
Produkt: Ad-Aware -- Fehler 1704. Die Installation von ESET NOD32 Antivirus ist derzeit vorübergehend gesperrt. Sie müssen die von dieser Installation vorgenommenen Änderungen widerrufen, um fortzufahren. Möchten Sie diese Änderungen widerrufen?

Event Record #/Type2678 / Error
Event Submitted/Written: 07/26/2008 09:18:56 PM
Event ID/Source: 10005 / MsiInstaller
Event Description:
Produkt: ESET NOD32 Antivirus -- Fehler 5001. Nach dem Deinstallieren von Programmkomponenten wurde der Computer bisher nicht neu gestartet. Bitte starten Sie den Computer neu, und starten Sie anschließend das Installationsprogramm erneut.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type14537 / Error
Event Submitted/Written: 08/03/2008 01:54:00 PM
Event ID/Source: 10005 / DCOM
Event Description:
Bei DCOM ist der Fehler "%%1058" aufgetreten, als der Dienst "wuauserv" mit den Argumenten ""
gestartet wurde, um den folgenden Server zu verwenden:
{E60687F7-01A1-40AA-86AC-DB1CBF673334}

Event Record #/Type14530 / Error
Event Submitted/Written: 08/03/2008 09:47:42 AM
Event ID/Source: 11 / Disk
Event Description:
Der Treiber hat einen Controllerfehler auf \Device\Harddisk0\D gefunden.

Event Record #/Type14529 / Error
Event Submitted/Written: 08/03/2008 09:47:42 AM
Event ID/Source: 11 / Disk
Event Description:
Der Treiber hat einen Controllerfehler auf \Device\Harddisk0\D gefunden.

Event Record #/Type14528 / Warning
Event Submitted/Written: 08/03/2008 09:46:48 AM
Event ID/Source: 4226 / Tcpip
Event Description:
TCP/IP hat das Sicherheitslimit erreicht, das für die Anzahl gleichzeitiger TCP-Verbindungsversuche festgelegt wurde.

Event Record #/Type14491 / Error
Event Submitted/Written: 08/02/2008 09:55:19 PM
Event ID/Source: 10010 / DCOM
Event Description:
Der Server "{520CCA63-51A5-11D3-9144-00104BA11C5E}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.



-- End of Deckard's System Scanner: finished at 2008-08-03 14:00:42 ------------


Deckard's System Scanner v20071014.68
Run by Xaver on 2008-08-03 13:57:28
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 3 Restore Point(s) --
3: 2008-08-03 11:57:37 UTC - RP3 - Deckard's System Scanner Restore Point
2: 2008-08-03 10:54:49 UTC - RP2 - Systemprüfpunkt
1: 2008-08-02 09:25:02 UTC - RP1 - Systemprüfpunkt


Performed disk cleanup.

System Drive C: has 1.07 GiB (less than 15%) free.


-- HijackThis (run as Xaver.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:58:10, on 03.08.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
D:\Programme\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Gemeinsame Dateien\AAV\aavus.exe
C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
D:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
D:\Programme\DLink\Bluetooth Software\bin\btwdins.exe
C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Programme\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Canon\CAL\CALMAIN.exe
D:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Programme\Apoint2K\Apoint.exe
D:\Programme\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
D:\Programme\CyberLink\PowerDVD\PDVDServ.exe
C:\Programme\Java\jre1.6.0_03\bin\jusched.exe
C:\Programme\Apoint2K\Apntex.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programme\QuickTime\QTTask.exe
D:\Programme\iTunes\iTunesHelper.exe
D:\PROGRA~1\AVG\AVG8\avgtray.exe
D:\PROGRA~1\MICROS~2\wcescomm.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\iPod\bin\iPodService.exe
D:\PROGRA~1\MICROS~2\rapimgr.exe
D:\Programme\DLink\Bluetooth Software\BTTray.exe
C:\Programme\Google\Google Updater\GoogleUpdater.exe
D:\PROGRA~1\MICROS~1\OFFICE11\OUTLOOK.EXE
D:\Programme\Microsoft Office\OFFICE11\WINWORD.EXE
D:\Programme\Mozilla Firefox\firefox.exe
D:\downloads\dss.exe
D:\PROGRA~1\TRENDM~1\HIJACK~1\Xaver.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.1.1
R3 - URLSearchHook: Yahoo! Toolbar mit Pop-Up-Blocker - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - D:\Programme\AVG\AVG8\avgtoolbar.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - D:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - D:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &TerraTec Home Cinema - {AD6E6555-FB2C-47D4-8339-3E2965509877} - D:\PROGRA~1\TerraTec\TERRAT~1\THCDES~1.DLL
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - D:\Programme\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - D:\Programme\AVG\AVG8\avgtoolbar.dll
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Apoint] C:\Programme\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "D:\Programme\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [RemoteControl] D:\Programme\CyberLink\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "D:\Programme\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] D:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [3065e468] rundll32.exe "C:\WINDOWS\system32\rehhroiq.dll",b
O4 - HKCU\..\Run: [H/PC Connection Agent] "D:\PROGRA~1\MICROS~2\wcescomm.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Google Updater.lnk = C:\Programme\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: Convert link target to Adobe PDF - res://D:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://D:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://D:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://D:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://D:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://D:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://D:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://D:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://D:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Senden an &Bluetooth - D:\Programme\DLink\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - D:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - D:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra 'Tools' menuitem: Mobilen Favoriten erstellen... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - D:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - D:\Programme\DLink\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - D:\Programme\DLink\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Programme\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftup ... 4981720713
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 4981695197
O17 - HKLM\System\CCS\Services\Tcpip\..\{006B45DC-376D-406B-9925-BEAA53343844}: NameServer = 213.191.74.11 213.191.92.82
O17 - HKLM\System\CCS\Services\Tcpip\..\{7D2BD5D1-459A-40E2-8D60-3D6889585E2B}: NameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{C861D032-3F4F-485E-8CCC-32B33C0B0569}: NameServer = 192.168.0.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{006B45DC-376D-406B-9925-BEAA53343844}: NameServer = 213.191.74.11 213.191.92.82
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - D:\Programme\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL,avgrsstx.dll,
O20 - Winlogon Notify: mlJYqRIx - mlJYqRIx.dll (file missing)
O23 - Service: AAV UpdateService - Unknown owner - C:\Programme\Gemeinsame Dateien\AAV\aavus.exe
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - D:\Programme\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - D:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - D:\Programme\DLink\Bluetooth Software\bin\btwdins.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Programme\Canon\CAL\CALMAIN.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Programme\iPod\bin\iPodService.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Programme\Spyware Terminator\sp_rsser.exe

--
End of file - 11236 bytes

-- File Associations -----------------------------------------------------------

.reg - regfile - shell\open\command - regedit.exe "%1" %*
.scr - scrfile - shell\open\command - "%1" %*


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 ENECBPTH (ENE Cardbus Patch Driver) - c:\windows\system32\drivers\enecbpth.sys <Not Verified; EnE Technology Inc.; EnE Cardbus Patch Driver for Windows (R) 2000/XP>
R0 PDDSLHND - c:\windows\system32\drivers\pddslhnd.sys <Not Verified; ProDyne; ProDyne DSL Handler>
R1 StarOpen - c:\windows\system32\drivers\staropen.sys
R2 BTSERIAL (Bluetooth Serial Driver) - c:\windows\system32\drivers\btserial.sys
R2 BTSLBCSP (Bluetooth Port Client Driver) - c:\windows\system32\drivers\btslbcsp.sys <Not Verified; WIDCOMM, Inc.; Bluetooth Software 1.4.2 Build 10>
R3 PDDSLADP (ProDyne DSL Adapter) - c:\windows\system32\drivers\pddsladp.sys <Not Verified; ProDyne; ProDyne DSL Adapter>

S2 ousbehci (NEC PCI to USB Enhanced Host Controller) - c:\windows\system32\drivers\ousbehci.sys <Not Verified; OrangeWare Corporation; USB 2.0 Enhanced Host Controller Driver>
S3 AF05BDA (Cinergy T USB XE service) - c:\windows\system32\drivers\af05bda.sys <Not Verified; AfaTech; AF9005 BDA Driver for USB Device>
S3 CBTNDIS5 (CBTNDIS5 NDIS Protocol Driver) - c:\windows\system32\cbtndis5.sys <Not Verified; Printing Communications Assoc., Inc. (PCAUSA); PCAUSA Rawether for Windows>
S3 ousb2hub (OrangeWare USB 2.0 Root Hub Support) - c:\windows\system32\drivers\ousb2hub.sys <Not Verified; OrangeWare Corporation; USB 2.0 Hub Driver>
S3 PDNETCTL (ProDyne MicroPPPoE) - c:\windows\system32\drivers\pdnetctl.sys <Not Verified; ProDyne; ProDyne DSL Driver>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 AAV UpdateService - c:\programme\gemeinsame dateien\aav\aavus.exe <Not Verified; ; AAV - Online Update Dienst>
R2 CCALib8 (Canon Camera Access Library 8) - c:\programme\canon\cal\calmain.exe <Not Verified; Canon Inc.; >
R2 sp_rssrv (Spyware Terminator Realtime Shield Service) - "c:\programme\spyware terminator\sp_rsser.exe" <Not Verified; Crawler.com; Crawler Spyware Terminator>


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Bluetooth LAN Access Server Driver
Device ID: ROOT\NET\0000
Manufacturer: D-Link
Name: Bluetooth LAN Access Server Driver
PNP Device ID: ROOT\NET\0000
Service: BTWDNDIS


-- Process Modules -------------------------------------------------------------

C:\WINDOWS\explorer.exe (pid 1760)
2006-07-26 01:01:10 100544 --a------ C:\WINDOWS\system32\KMPJLMN.DLL <Not Verified; KYOCERA MITA Corporation; >

C:\WINDOWS\system32\rundll32.exe (pid 2592)
2006-07-26 01:01:10 100544 --a------ C:\WINDOWS\system32\KMPJLMN.DLL <Not Verified; KYOCERA MITA Corporation; >


-- Scheduled Tasks -------------------------------------------------------------

2008-07-12 13:45:50 276 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job


-- Files created between 2008-07-03 and 2008-08-03 -----------------------------

2008-08-02 11:43:50 0 dr-h----- C:\Dokumente und Einstellungen\Xaver\Recent
2008-08-02 07:53:56 0 d-------- C:\WINDOWS\CSC
2008-07-28 09:00:46 141312 --a------ C:\WINDOWS\system32\drivers\sp_rsdrv2.sys
2008-07-28 09:00:36 0 d-------- C:\Programme\Spyware Terminator
2008-07-27 09:44:48 0 d--h----- C:\$AVG8.VAULT$
2008-07-27 09:42:54 0 d-------- C:\WINDOWS\system32\drivers\Avg
2008-07-27 09:42:22 0 d-------- C:\Programme\AVG
2008-07-27 08:38:36 0 d-------- C:\Programme\Gemeinsame Dateien\Wise Installation Wizard
2008-07-26 21:17:14 0 d-------- C:\Programme\ESET(2)
2008-07-26 19:09:42 4718592 --a------ C:\Dokumente und Einstellungen\Xaver\ntuser.dat
2008-07-26 19:09:24 459934 --ahs---- C:\WINDOWS\system32\wHNXayay.ini2
2008-07-12 14:11:21 0 d-------- C:\Programme\iPod
2008-07-12 14:02:56 0 d-------- C:\Programme\QuickTime


-- Find3M Report ---------------------------------------------------------------

2008-08-02 13:44:27 0 d-------- C:\Programme\Plaxo
2008-08-02 08:22:11 0 d-------- C:\Dokumente und Einstellungen\Xaver\Anwendungsdaten\Malwarebytes
2008-08-02 07:56:21 0 d-------- C:\Dokumente und Einstellungen\Xaver\Anwendungsdaten\Spyware Terminator
2008-07-28 11:09:02 0 d-------- C:\Dokumente und Einstellungen\Xaver\Anwendungsdaten\Adobe
2008-07-28 09:15:06 0 d-------- C:\Programme\Yahoo!
2008-07-27 13:27:59 0 d-------- C:\Dokumente und Einstellungen\Xaver\Anwendungsdaten\AVGTOOLBAR
2008-07-27 08:38:36 0 d-------- C:\Programme\Gemeinsame Dateien
2008-07-18 09:05:14 0 d-------- C:\Programme\Gemeinsame Dateien\TerraTec
2008-07-12 14:33:22 2018 --a----c- C:\WINDOWS\mozver.dat
2008-07-12 13:50:58 0 d-------- C:\Programme\Apple Software Update
2008-06-29 20:44:50 2932 --a------ C:\WINDOWS\system32\d3d9caps.dat
2008-06-11 02:07:20 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2008-06-11 02:03:26 196608 --a------ C:\WINDOWS\system32\dtu100.dll <Not Verified; DivX, Inc.; DivX, Inc. dtu100>
2008-06-11 02:03:26 81920 --a------ C:\WINDOWS\system32\dpl100.dll <Not Verified; DivX, Inc.; DivX, Inc. dpl100>
2008-06-11 02:03:20 802816 --a------ C:\WINDOWS\system32\divx_xx11.dll <Not Verified; DivX, Inc.; DivX?>
2008-06-11 02:03:20 823296 --a------ C:\WINDOWS\system32\divx_xx0c.dll <Not Verified; DivX, Inc.; DivX®>
2008-06-11 02:03:20 815104 --a------ C:\WINDOWS\system32\divx_xx0a.dll <Not Verified; DivX, Inc.; DivX®>
2008-06-11 02:03:20 823296 --a------ C:\WINDOWS\system32\divx_xx07.dll <Not Verified; DivX, Inc.; DivX®>
2008-06-11 02:03:18 683520 --a------ C:\WINDOWS\system32\DivX.dll <Not Verified; DivX, Inc.; DivX®>
2008-06-08 16:38:54 0 d-------- C:\Dokumente und Einstellungen\Xaver\Anwendungsdaten\gtk-2.0
2008-06-07 18:17:30 463344 --a------ C:\WINDOWS\system32\perfh007.dat
2008-06-07 18:17:30 86100 --a------ C:\WINDOWS\system32\perfc007.dat
2008-05-23 00:18:54 12288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}]
27.07.2008 09:42 2055960 --a------ D:\Programme\AVG\AVG8\avgtoolbar.dll

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{A057A204-BACC-4D26-9990-79A187E2698E}"= D:\Programme\AVG\AVG8\avgtoolbar.dll [27.07.2008 09:42 2055960]

[-HKEY_CLASSES_ROOT\CLSID\{A057A204-BACC-4D26-9990-79A187E2698E}]
[HKEY_CLASSES_ROOT\avgtoolbar.AVGTOOLBAR]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIModeChange"="Ati2mdxx.exe" [04.09.2001 18:24 C:\WINDOWS\system32\Ati2mdxx.exe]
"ATIPTA"="C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe" [20.01.2004 22:10]
"AGRSMMSG"="AGRSMMSG.exe" [21.06.2002 11:47 C:\WINDOWS\AGRSMMSG.exe]
"Apoint"="C:\Programme\Apoint2K\Apoint.exe" [06.08.2002 08:48]
"Acrobat Assistant 7.0"="D:\Programme\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [14.12.2004 03:12]
"RemoteControl"="D:\Programme\CyberLink\PowerDVD\PDVDServ.exe" [02.11.2004 21:24]
"SunJavaUpdateSched"="C:\Programme\Java\jre1.6.0_03\bin\jusched.exe" [25.09.2007 01:11]
"KernelFaultCheck"="C:\WINDOWS\system32\dumprep 0 -k" []
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [03.08.2004 23:32]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [03.08.2004 23:31]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [03.08.2004 23:32]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [03.08.2004 23:32]
"BluetoothAuthenticationAgent"="bthprops.cpl" [04.08.2004 01:58 C:\WINDOWS\system32\bthprops.cpl]
"AppleSyncNotifier"="C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [10.07.2008 09:47]
"QuickTime Task"="C:\Programme\QuickTime\QTTask.exe" [27.05.2008 10:50]
"iTunesHelper"="D:\Programme\iTunes\iTunesHelper.exe" [10.07.2008 10:51]
"AVG8_TRAY"="D:\PROGRA~1\AVG\AVG8\avgtray.exe" [27.07.2008 09:42]
"3065e468"="C:\WINDOWS\system32\rehhroiq.dll" []

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"H/PC Connection Agent"="D:\PROGRA~1\MICROS~2\wcescomm.exe" [26.06.2006 21:09]
"@"="" []
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [04.08.2004 01:57]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Picasa Media Detector"=C:\Programme\Picasa2\PicasaMediaDetector.exe

C:\Dokumente und Einstellungen\All Users\Startmen\Programme\Autostart\
Adobe Acrobat Speed Launcher.lnk - C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe [10.02.2007 12:20:59]
BTTray.lnk - D:\Programme\DLink\Bluetooth Software\BTTray.exe [29.10.2003 19:41:58]
Google Updater.lnk - C:\Programme\Google\Google Updater\GoogleUpdater.exe [03.03.2007 16:06:25]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"ClearRecentDocsOnExit"=1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\mlJYqRIx]
mlJYqRIx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL,avgrsstx.dll,

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\yayaXNHw

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs BthServ




-- End of Deckard's System Scanner: finished at 2008-08-03 14:00:42 ------------

Thank you very much again for your help.
Do you think my system is clean now?!
fierce81
Active Member
 
Posts: 8
Joined: July 27th, 2008, 1:04 pm

Re: Strange Internet behaviour

Unread postby Rodav » August 3rd, 2008, 9:44 am

Just in case you did not read the link I posted in my previous post, we have a zero tolerance policy with P2P programs here at this forum:
http://malwareremoval.com/forum/viewtopic.php?f=11&t=33112

While the other entries may have been leftovers, you have BearShare still installed. BearShare itself is not considered a clean P2P program and should be removed anyway.
http://www.malwareremoval.com/p2pindex.php#BearShare

If you want me to continue to help you, you must remove it. If you still want to keep it, then we can't continue any further. Let me know what you decide.
User avatar
Rodav
MRU Master Emeritus
 
Posts: 1480
Joined: April 19th, 2007, 6:44 am
Location: Here, there and yonder.

Re: Strange Internet behaviour

Unread postby Rodav » August 6th, 2008, 4:20 am

Hi fierce81, do you need any more help?
User avatar
Rodav
MRU Master Emeritus
 
Posts: 1480
Joined: April 19th, 2007, 6:44 am
Location: Here, there and yonder.

Re: Strange Internet behaviour

Unread postby fierce81 » August 6th, 2008, 2:03 pm

Hi Rodav ...

I have removed BearShare and BearFlix ... thanks for your advice on these programs.

Do you think I am clean now or what you be the next steps and how do I get rid of the leftovers of the other programs?! ...

Thanks for your help ... Cheers fierce81
fierce81
Active Member
 
Posts: 8
Joined: July 27th, 2008, 1:04 pm

Re: Strange Internet behaviour

Unread postby Rodav » August 7th, 2008, 4:59 pm

There's still a bit to do, good job getting rid of those programs.

Step 1:
Please turn off Spyware Terminator realtime protection as it may interfere with the fix.

Step 2:
  1. Download ERUNT from here
    (ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.)
  2. Install ERUNT by double clicking it and then following the prompts
    (use the default install settings but say no to the portion that asks you to add ERUNT to the start-up folder, if you like you can enable this option at a later date)
  3. Start ERUNT
    (either by double clicking on the desktop icon or choosing to start the program at the end of the setup)
  4. Choose a location for the backup
    (the default location is C:\WINDOWS\ERDNT which is acceptable).
  5. Make sure that at least the first two check boxes are ticked which are System registry and Current user registry
  6. Press OK
  7. Press YES to create the folder.


Step 3:
Download OTMoveIt2 by Old Timer and save it to your Desktop.
  • Double-click OTMoveIt2.exe.
  • Copy the lines in the codebox below.
Code: Select all
HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\D:\Programme\BearShare\BearShare.exe
HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\D:\Programme\LimeWire\LimeWire.exe
HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Programme\uTorrent\uTorrent.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\3065e468
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\mlJYqRIx
D:\PROGRA~1\BEARSH~1
D:\Programme\Eset
C:\Programme\ESET(2)
C:\WINDOWS\system32\wHNXayay.ini2

  • Return to OTMoveIt2, right click in the Paste List of Files/Folders to Move window (under the yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • Copy everything in the Results window (under the green bar), and paste it in your next reply.
  • Close OTMoveIt2


Step 4:
Open Notepad (Go to Start > Run, type Notepad and click OK)
Copy and Paste everything from the Quote box into Notepad:
REGEDIT4

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"=hex(7):6d,73,76,31,5f,30,00,00


Make sure there are NO blank lines before REGEDIT4
Make sure there IS one blank line at the end of the file.

Go to File > Save As
Save File name as fix.reg
Change Save as Type to All Files and save the file to your desktop.

Close Notepad, and double-click fix.reg on your Desktop. When it asks if you want to merge the info to the registry, hit YES/OK, then Reboot the computer.


Step 5:
Click start/ run and copy and paste the following into the box:

D:\downloads\dss.exe /daft

Read the disclaimer and click OK.
  • Click on the Scan button.
  • Place a checkmark next to the following entries in case they appear:

    .reg
    .scr
  • Click the Fix button.
  • Re-scan and save a logfile. By default, it will save as daft.txt
  • I'll need that log later.
If everything is ok again, it should display the "all associations ok message"


Step 6:
Using Internet Explorer Go to http://www.kaspersky.nl/scanforvirus-en/kavwebscan.html and click the Accept button at the end of the page.

Note for Internet Explorer 7 users: If at any time you have trouble with the accept button of the licence, click on the Zoom tool located at the right bottom of the IE window and set the zoom to 75 %. Once the license accepted, reset to 100%.
  • Read the Requirements and limitations before you click Accept.
  • Allow the ActiveX download if necessary.
  • Once the database has downloaded, click Next.
  • Click Scan Settings and change the "Scan using the following antivirus database" from standard to extended and then click OK.
  • Click on "My Computer" and then put the kettle on!
  • When the scan has completed, click Save Report As...
  • Enter a name for the file in the Filename: text box and then click the down arrow to the right of Save as type: and select text file (*.txt)
  • Click Save - by default the file will be saved to your Desktop, but you can change this if you wish.
Copy and paste the report into your next reply.


Step 7:
Run DSS.exe (Deckard System Scanner) by double clicking it and post the following into your next reply.
  • The OTMovit2 results
  • The online Kaspersky results
  • The DSS log

Also let me know how your computer is running.
User avatar
Rodav
MRU Master Emeritus
 
Posts: 1480
Joined: April 19th, 2007, 6:44 am
Location: Here, there and yonder.

Re: Strange Internet behaviour

Unread postby Rodav » August 10th, 2008, 10:24 am

Are you having any trouble, fierce81?
User avatar
Rodav
MRU Master Emeritus
 
Posts: 1480
Joined: April 19th, 2007, 6:44 am
Location: Here, there and yonder.

Re: Strange Internet behaviour

Unread postby Simon V. » August 13th, 2008, 4:24 pm

Due to lack of response this topic is now closed.

If you still need help open a new thread in the Malware Removal forum and wait for a new helper.

If you have been helped and wish to donate to help with the costs of this volunteer site, please read Donations For Malware Removal
User avatar
Simon V.
MRU Emeritus
MRU Emeritus
 
Posts: 3388
Joined: November 11th, 2006, 3:35 pm
Location: Antwerp, Belgium

For RODAV: Strange Internet Behaviour

Unread postby fierce81 » August 16th, 2008, 7:09 am

Hi Rodav,

sorry that I did not reply earlier, but I have been away on a business trip again.
When I came back the topic was closed already.

I have run all your suggested scans, exept Kapersky Online scanner.
The licence was expired:

Here are my results from dss.exe:

Deckard's System Scanner v20071014.68
Run by Xaver on 2008-08-16 13:04:37
Computer is in Normal Mode.
--------------------------------------------------------------------------------

System Drive C: has 0.54 GiB (less than 15%) free.


-- HijackThis (run as Xaver.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:04:54, on 16.08.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
D:\Programme\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Gemeinsame Dateien\AAV\aavus.exe
C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
D:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
D:\Programme\DLink\Bluetooth Software\bin\btwdins.exe
C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Programme\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Canon\CAL\CALMAIN.exe
D:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Programme\Apoint2K\Apoint.exe
D:\Programme\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
D:\Programme\CyberLink\PowerDVD\PDVDServ.exe
C:\Programme\Java\jre1.6.0_03\bin\jusched.exe
C:\Programme\Apoint2K\Apntex.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programme\QuickTime\QTTask.exe
D:\Programme\iTunes\iTunesHelper.exe
D:\PROGRA~1\AVG\AVG8\avgtray.exe
D:\PROGRA~1\MICROS~2\wcescomm.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\iPod\bin\iPodService.exe
D:\PROGRA~1\MICROS~2\rapimgr.exe
D:\Programme\DLink\Bluetooth Software\BTTray.exe
C:\Programme\Google\Google Updater\GoogleUpdater.exe
D:\Programme\Mozilla Firefox\firefox.exe
D:\downloads\dss.exe
D:\PROGRA~1\TRENDM~1\HIJACK~1\Xaver.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.1.1
R3 - URLSearchHook: Yahoo! Toolbar mit Pop-Up-Blocker - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - D:\Programme\AVG\AVG8\avgtoolbar.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - D:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - D:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &TerraTec Home Cinema - {AD6E6555-FB2C-47D4-8339-3E2965509877} - D:\PROGRA~1\TerraTec\TERRAT~1\THCDES~1.DLL
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - D:\Programme\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - D:\Programme\AVG\AVG8\avgtoolbar.dll
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Apoint] C:\Programme\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "D:\Programme\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [RemoteControl] D:\Programme\CyberLink\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "D:\Programme\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] D:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "D:\PROGRA~1\MICROS~2\wcescomm.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Google Updater.lnk = C:\Programme\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: Convert link target to Adobe PDF - res://D:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://D:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://D:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://D:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://D:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://D:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://D:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://D:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://D:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Senden an &Bluetooth - D:\Programme\DLink\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - D:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - D:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra 'Tools' menuitem: Mobilen Favoriten erstellen... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - D:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - D:\Programme\DLink\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - D:\Programme\DLink\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.nl/scanforvirus-en ... nicode.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Programme\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftup ... 4981720713
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 4981695197
O17 - HKLM\System\CCS\Services\Tcpip\..\{006B45DC-376D-406B-9925-BEAA53343844}: NameServer = 213.191.74.11 213.191.92.82
O17 - HKLM\System\CCS\Services\Tcpip\..\{7D2BD5D1-459A-40E2-8D60-3D6889585E2B}: NameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{C861D032-3F4F-485E-8CCC-32B33C0B0569}: NameServer = 192.168.0.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{006B45DC-376D-406B-9925-BEAA53343844}: NameServer = 213.191.74.11 213.191.92.82
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - D:\Programme\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL,avgrsstx.dll,
O23 - Service: AAV UpdateService - Unknown owner - C:\Programme\Gemeinsame Dateien\AAV\aavus.exe
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - D:\Programme\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - D:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - D:\Programme\DLink\Bluetooth Software\bin\btwdins.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Programme\Canon\CAL\CALMAIN.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Programme\iPod\bin\iPodService.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Programme\Spyware Terminator\sp_rsser.exe

--
End of file - 11135 bytes

-- Files created between 2008-07-16 and 2008-08-16 -----------------------------

2008-08-16 13:03:29 0 d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-08-16 13:03:25 0 d-------- C:\WINDOWS\LastGood
2008-08-16 12:56:17 0 dr-h----- C:\Dokumente und Einstellungen\Xaver\Recent
2008-08-02 07:53:56 0 d-------- C:\WINDOWS\CSC
2008-07-28 09:00:46 141312 --a------ C:\WINDOWS\system32\drivers\sp_rsdrv2.sys
2008-07-28 09:00:36 0 d-------- C:\Programme\Spyware Terminator
2008-07-27 09:44:48 0 d--h----- C:\$AVG8.VAULT$
2008-07-27 09:42:54 0 d-------- C:\WINDOWS\system32\drivers\Avg
2008-07-27 09:42:22 0 d-------- C:\Programme\AVG
2008-07-27 08:38:36 0 d-------- C:\Programme\Gemeinsame Dateien\Wise Installation Wizard
2008-07-26 19:09:42 4718592 --a------ C:\Dokumente und Einstellungen\Xaver\ntuser.dat


-- Find3M Report ---------------------------------------------------------------

2008-08-15 08:08:12 0 d-------- C:\Programme\Plaxo
2008-08-08 19:28:21 0 d-------- C:\Dokumente und Einstellungen\Xaver\Anwendungsdaten\Skype
2008-08-03 17:07:46 0 d-------- C:\Dokumente und Einstellungen\Xaver\Anwendungsdaten\Apple Computer
2008-08-02 08:22:11 0 d-------- C:\Dokumente und Einstellungen\Xaver\Anwendungsdaten\Malwarebytes
2008-08-02 07:56:21 0 d-------- C:\Dokumente und Einstellungen\Xaver\Anwendungsdaten\Spyware Terminator
2008-07-28 11:09:02 0 d-------- C:\Dokumente und Einstellungen\Xaver\Anwendungsdaten\Adobe
2008-07-28 09:15:06 0 d-------- C:\Programme\Yahoo!
2008-07-27 13:27:59 0 d-------- C:\Dokumente und Einstellungen\Xaver\Anwendungsdaten\AVGTOOLBAR
2008-07-27 08:38:36 0 d-------- C:\Programme\Gemeinsame Dateien
2008-07-18 09:05:14 0 d-------- C:\Programme\Gemeinsame Dateien\TerraTec
2008-07-12 14:33:22 2018 --a----c- C:\WINDOWS\mozver.dat
2008-07-12 14:11:21 0 d-------- C:\Programme\iPod
2008-07-12 14:04:35 0 d-------- C:\Programme\QuickTime
2008-07-12 13:50:58 0 d-------- C:\Programme\Apple Software Update
2008-06-29 20:44:50 2932 --a------ C:\WINDOWS\system32\d3d9caps.dat
2008-06-11 02:07:20 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2008-06-11 02:03:26 196608 --a------ C:\WINDOWS\system32\dtu100.dll <Not Verified; DivX, Inc.; DivX, Inc. dtu100>
2008-06-11 02:03:26 81920 --a------ C:\WINDOWS\system32\dpl100.dll <Not Verified; DivX, Inc.; DivX, Inc. dpl100>
2008-06-11 02:03:20 802816 --a------ C:\WINDOWS\system32\divx_xx11.dll <Not Verified; DivX, Inc.; DivX?>
2008-06-11 02:03:20 823296 --a------ C:\WINDOWS\system32\divx_xx0c.dll <Not Verified; DivX, Inc.; DivX®>
2008-06-11 02:03:20 815104 --a------ C:\WINDOWS\system32\divx_xx0a.dll <Not Verified; DivX, Inc.; DivX®>
2008-06-11 02:03:20 823296 --a------ C:\WINDOWS\system32\divx_xx07.dll <Not Verified; DivX, Inc.; DivX®>
2008-06-11 02:03:18 683520 --a------ C:\WINDOWS\system32\DivX.dll <Not Verified; DivX, Inc.; DivX®>
2008-06-07 18:17:30 463344 --a------ C:\WINDOWS\system32\perfh007.dat
2008-06-07 18:17:30 86100 --a------ C:\WINDOWS\system32\perfc007.dat
2008-05-23 00:18:54 12288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}]
27.07.2008 09:42 2055960 --a------ D:\Programme\AVG\AVG8\avgtoolbar.dll

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{A057A204-BACC-4D26-9990-79A187E2698E}"= D:\Programme\AVG\AVG8\avgtoolbar.dll [27.07.2008 09:42 2055960]

[-HKEY_CLASSES_ROOT\CLSID\{A057A204-BACC-4D26-9990-79A187E2698E}]
[HKEY_CLASSES_ROOT\avgtoolbar.AVGTOOLBAR]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIModeChange"="Ati2mdxx.exe" [04.09.2001 18:24 C:\WINDOWS\system32\Ati2mdxx.exe]
"ATIPTA"="C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe" [20.01.2004 22:10]
"AGRSMMSG"="AGRSMMSG.exe" [21.06.2002 11:47 C:\WINDOWS\AGRSMMSG.exe]
"Apoint"="C:\Programme\Apoint2K\Apoint.exe" [06.08.2002 08:48]
"Acrobat Assistant 7.0"="D:\Programme\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [14.12.2004 03:12]
"RemoteControl"="D:\Programme\CyberLink\PowerDVD\PDVDServ.exe" [02.11.2004 21:24]
"SunJavaUpdateSched"="C:\Programme\Java\jre1.6.0_03\bin\jusched.exe" [25.09.2007 01:11]
"KernelFaultCheck"="C:\WINDOWS\system32\dumprep 0 -k" []
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [03.08.2004 23:32]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [03.08.2004 23:31]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [03.08.2004 23:32]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [03.08.2004 23:32]
"BluetoothAuthenticationAgent"="bthprops.cpl" [04.08.2004 01:58 C:\WINDOWS\system32\bthprops.cpl]
"AppleSyncNotifier"="C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [10.07.2008 09:47]
"QuickTime Task"="C:\Programme\QuickTime\QTTask.exe" [27.05.2008 10:50]
"iTunesHelper"="D:\Programme\iTunes\iTunesHelper.exe" [10.07.2008 10:51]
"AVG8_TRAY"="D:\PROGRA~1\AVG\AVG8\avgtray.exe" [27.07.2008 09:42]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"H/PC Connection Agent"="D:\PROGRA~1\MICROS~2\wcescomm.exe" [26.06.2006 21:09]
"@"="" []
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [04.08.2004 01:57]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Picasa Media Detector"=C:\Programme\Picasa2\PicasaMediaDetector.exe

C:\Dokumente und Einstellungen\All Users\Startmen\Programme\Autostart\
Adobe Acrobat Speed Launcher.lnk - C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe [10.02.2007 12:20:59]
BTTray.lnk - D:\Programme\DLink\Bluetooth Software\BTTray.exe [29.10.2003 19:41:58]
Google Updater.lnk - C:\Programme\Google\Google Updater\GoogleUpdater.exe [03.03.2007 16:06:25]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"ClearRecentDocsOnExit"=1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL,avgrsstx.dll,

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs BthServ




-- End of Deckard's System Scanner: finished at 2008-08-16 13:05:41 ------------

Daft.txt:

DAFT Log saved on 2008-08-16 13:02:00
-----------------------------------------------------------------------
All associations okay!

My Computer is running better now.
Access to the internet is good but it seems to be slower at start-up.

You think my computer is clean now?!

Thank you very very much for your help so far!!!

Cheers fierce81
fierce81
Active Member
 
Posts: 8
Joined: July 27th, 2008, 1:04 pm
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 60 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware