Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Hijacker Zyban-zucor-levitra.com


  • Please log in to reply
18 replies to this topic

#1 dpmengefi

dpmengefi

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:11:07 AM

Posted 28 October 2007 - 07:38 AM

I posted a topic at the Bleeping Computer Forum about a problem I'm having with a Hijacker called Zyban-zucor-levitra.com and my firewall program (based on Outpost) always reporting this when I started the computer. This post can be found at:

http://www.bleepingcomputer.com/forums/t/112349/hijacker-zyban-zucor-levitracom/

I had used the CWSchredder program to try and remove this Hijacker, but it reports that the system is clean. Quietman7 suggested that i download the hosts.zip file and use this to rename the present Hosts file. I should also download SUPERAntiSpyware and use this to scan my computer.

After completed this I restarted the computer, and this time the firewall program reported that zz.cqcounter.com has been found in the Hosts file. After removing this, my anti-virus reported that an attempt to change the Host file is being made and if should I allow this. I didn't click yes or no as I wasn't sure what to do.

Next time I started the computer the firewall program didn't report that a Hijacker was found in the Hosts file, so at first it would seem that this problem has been resolved. Especially when every time I start the computer nothing is reported by the firewall program.

During the time I'm using my computer the firewall program reports many times that it has blocked making a connection when a port was scanned. This happened 74 times yesterday which isn't normal. Therefore, I feel that the problem with Hijackers hasn't been 100% resolved.

When following the preparation guide for making this post, the Housecall Anti-Virus scan found a spyware called "Spyware_Trak_Webposition". I couldn't find any information about this in the internet, so I don't know if this has anything to do with the problem about Hijackers and the Hosts file.

Below is the Hijack This log that I did before starting to write this post.

I would be most thankful when someone could examine this log file and let me know what I need to do fix this problem.

Many thanks in advance.

David



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:54:42, on 28.10.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
K:\AdAware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\brsvc01a.exe
C:\WINDOWS\System32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
F:\PC Booster\pcbooster.exe
C:\Programme\Gemeinsame Dateien\G DATA\AVKMail\AVKPOP.EXE
K:\The Cleaner\tca.exe
K:\The Cleaner\tcm.exe
K:\AntiVirenKit\AVKTray\AVKTray.exe
C:\Programme\Java\jre1.6.0_01\bin\jusched.exe
C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
C:\Programme\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Programme\SiteAdvisor\6172\SiteAdv.exe
K:\I-COUNTER\ICOUNTER.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
K:\AntiVirenKit\AVK\AVKService.exe
C:\Programme\Windows Media Player\WMPNSCFG.exe
K:\AntiVirenKit\AVK\AVKWCtl.exe
C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
C:\Programme\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\WINDOWS\System32\GEARSec.exe
F:\MemoKit\memokit2.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\oodag.exe
F:\PC Firewall Pro 2007\pcfw.exe
C:\Programme\SiteAdvisor\6172\SAService.exe
C:\WINDOWS\System32\SLEE401.exe
C:\WINDOWS\SCARDS32.EXE
C:\Programme\PowerQuest\Drive Image 7.0\Agent\PQV2iSvc.exe
C:\Programme\Gemeinsame Dateien\G DATA\AVKProxy\AVKProxy.exe
C:\WINDOWS\System32\Fast.exe
C:\WINDOWS\System32\svchost.exe
K:\SpywareGuard\sgmain.exe
K:\SpywareGuard\sgbhp.exe
K:\ProcessExplorer\procexp.exe
F:\The Bat\thebat.exe
K:\HijackThis\HijackThis.exe
K:\Firefox\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\NOTEPAD.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: (no name) - {0B660087-931C-4056-A04F-0423890E40B6} - (no file)
O2 - BHO: SpywareGuardDLBLOCK.CBrowserHelper - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - K:\SPYWAREGUARD\DLPROTECT.DLL
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - K:\Spybot\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {84B94901-3645-4D80-A6B7-4D0050B19455} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programme\google\googletoolbar5.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: (no name) - {CD9B7762-DFBC-42B1-BB30-02A78287B456} - (no file)
O2 - BHO: Preispiraten 4 - {E9E027BF-C3F3-4022-8F6B-8F6D39A59684} - K:\Preispiraten\Preispiraten4\IEButtonPPInterface.dll
O2 - BHO: (no name) - {FFFFFEF0-5B30-21D4-945D-000000000000} - K:\STARDO~1\SDIEInt.dll
O3 - Toolbar: Copernic Agent - {F2E259E8-0FC8-438C-A6E0-342DD80FA53E} - K:\COPERN~1\COPERN~1.DLL
O3 - Toolbar: FraudEliminator - {A5181F8A-0B9D-43AC-8BE5-EB61651DB685} - C:\Programme\FraudEliminator\2.3.0\FETB.dll
O3 - Toolbar: &Netcraft Toolbar - {D554D8FC-B36D-4BB4-93DB-4A3394D505E3} - C:\Programme\Netcraft Toolbar\nctb.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Programme\SiteAdvisor\6172\SiteAdv.dll
O3 - Toolbar: GVDownloader - {ae4df123-9140-4f93-9b32-ff0186389cc3} - mscoree.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programme\google\googletoolbar5.dll
O4 - HKLM\..\Run: [PC Booster] F:\PC Booster\pcbooster.exe
O4 - HKLM\..\Run: [AVK Mail Checker] "C:\Programme\Gemeinsame Dateien\G DATA\AVKMail\AVKPOP.EXE"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [tcactive] K:\The Cleaner\tca.exe
O4 - HKLM\..\Run: [tcmonitor] K:\The Cleaner\tcm.exe
O4 - HKLM\..\Run: [AVKTray] K:\AntiVirenKit\AVKTray\AVKTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [PC Firewall Professional] "F:\PC Firewall Pro 2007\pcfw.exe" /waitservice
O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "F:\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Programme\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SiteAdvisor] C:\Programme\SiteAdvisor\6172\SiteAdv.exe
O4 - HKCU\..\Run: [iCounter] K:\I-COUNTER\ICOUNTER.EXE /AUTOSTART
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\RunOnce: [ITD7] "K:\STEGANOS INTERNET TRACE DESTRUCTOR 7\ITD7.EXE" -FIRSTBOOT (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-20\..\RunOnce: [ITD7] "K:\STEGANOS INTERNET TRACE DESTRUCTOR 7\ITD7.EXE" -FIRSTBOOT (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [ITD7] "K:\STEGANOS INTERNET TRACE DESTRUCTOR 7\ITD7.EXE" -FIRSTBOOT (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [ITD7] "K:\STEGANOS INTERNET TRACE DESTRUCTOR 7\ITD7.EXE" -FIRSTBOOT (User 'Default user')
O4 - S-1-5-18 Startup: T-Online DSL-Manager.lnk = C:\Programme\T-Online\DSL-Manager\TODslMgr.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: T-Online DSL-Manager.lnk = C:\Programme\T-Online\DSL-Manager\TODslMgr.exe (User 'Default user')
O4 - Startup: ERUNT AutoBackup.lnk = C:\Programme\ERUNT\AUTOBACK.EXE
O4 - Startup: MemoKit.lnk = F:\MemoKit\mk.exe
O4 - Startup: SpywareGuard.lnk = K:\SpywareGuard\sgmain.exe
O4 - Global Startup: DSLMON.lnk = C:\Programme\SAGEM\SAGEM F@st 800-840\dslmon.exe
O8 - Extra context menu item: &Preispiratensuche nach markiertem Text - K:\\Preispiraten\\Preispiraten4\\preispiraten.html
O8 - Extra context menu item: Download with Star Downloader - K:\Star Downloader\sdie.htm
O8 - Extra context menu item: Enqueue in Star Downloader - K:\Star Downloader\sdieenq.htm
O8 - Extra context menu item: Leech with Star Downloader - K:\Star Downloader\leechie.htm
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://F:\MICROS~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Search Using Copernic Shopper - K:\COPERN~2\WEB\FIND.HTM
O8 - Extra context menu item: Suchen mit Copernic Agent - K:\COPERNIC AGENT\WEB\SEARCHEXT.HTM
O8 - Extra context menu item: Zur Filterliste hinzufügen (WebWasher) - http://-Web.Washer-/ie_add
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: (no name) - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - K:\COPERN~1\COPERN~1.EXE
O9 - Extra 'Tools' menuitem: Starten von Copernic Agent - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - K:\COPERN~1\COPERN~1.EXE
O9 - Extra button: Preispiraten 4 - {350F4DA2-3886-4BB8-A1A8-D7F57B56DFFF} - K:\Preispiraten\Preispiraten4\preispiraten3ie.exe
O9 - Extra button: PC Firewall 2007 Pro Quick Tune - {44627E97-789B-40d4-B5C2-58BD171129A1} - F:\PC Firewall Pro 2007\Plugins\BrowserBar\ie_bar.dll
O9 - Extra button: Copernic Agent - {688DC797-DC11-46A7-9F1B-445F4F58CE6E} - K:\COPERN~1\COPERN~1.EXE
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - F:\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - K:\Spybot\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - K:\Spybot\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: eBay - Homepage - {EF79EAC5-3452-4E02-B8BD-BA4C89F1AC7A} - H:\IrfanView\Ebay\Ebay.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O16 - DPF: {0FF3E97F-433D-11D2-B31A-00A0C9B135DB} (CoDetectDigitalRiver Class) - http://ebot.digitalriver.com/v2.0-doc/dlwi...zard3.0.4.3.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6CB5E471-C305-11D3-99A8-000086395495} - http://toolbar.google.com/data/de/big/1.1....g/GoogleNav.cab
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installengine.com/engine/isetup.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {A8482EAF-A1F3-4934-AE3F-56EB195A50BF} (DeskUpdateV2 - Activex Control) - http://support.fujitsu-siemens.de/DeskUpda...api/activex.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Programme\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - K:\AdAware 2007\aawservice.exe
O23 - Service: AVKProxy - G DATA Software AG - C:\Programme\Gemeinsame Dateien\G DATA\AVKProxy\AVKProxy.exe
O23 - Service: AVK Service (AVKService) - G DATA Software AG - K:\AntiVirenKit\AVK\AVKService.exe
O23 - Service: AVK Wächter (AVKWCtl) - Unknown owner - K:\AntiVirenKit\AVK\AVKWCtl.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\System32\brsvc01a.exe
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: SFirewall Service (SFirewall) - Buhl Data Service GmbH - F:\PC Firewall Pro 2007\pcfw.exe
O23 - Service: SiteAdvisor-Dienst (SiteAdvisor Service) - Unknown owner - C:\Programme\SiteAdvisor\6172\SAService.exe
O23 - Service: Steganos Live Encryption Engine (Version 401) [Service] (SLEE_401_SERVICE) - Unknown owner - C:\WINDOWS\System32\SLEE401.exe
O23 - Service: T-Online DSL-Manager (TODslService) - T-Systems International GmbH - C:\Programme\T-Online\DSL-Manager\TODslSvc.exe
O23 - Service: T-DSL SpeedManager (TSMService) - T-Systems Business Services - C:\Programme\T-DSL SpeedManager\TSMSvc.exe
O23 - Service: CHIPDRIVE SCARD Service (TWKSCARDSRV) - SCM Microsystems - C:\WINDOWS\SCARDS32.EXE
O23 - Service: V2i Protector - PowerQuest Corporation - C:\Programme\PowerQuest\Drive Image 7.0\Agent\PQV2iSvc.exe

--
End of file - 12749 bytes

BC AdBot (Login to Remove)

 


#2 Falu

Falu

  • Security Colleague
  • 3,001 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:04:07 AM

Posted 19 November 2007 - 05:56 AM

Hi dpmengefi, :thumbsup:

If you still need help please post a fresh HijackThis log and I'll be happy to look at it for you.

Thanks for your patience. :blink:

P.S. Please copy/paste the log into this thread using the Add Reply button.

#3 dpmengefi

dpmengefi
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:11:07 AM

Posted 19 November 2007 - 11:55 AM

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:48:12, on 19.11.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
K:\AdAware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\brsvc01a.exe
C:\WINDOWS\System32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
F:\PC Booster\pcbooster.exe
C:\Programme\Gemeinsame Dateien\G DATA\AVKMail\AVKPOP.EXE
K:\The Cleaner\tca.exe
K:\The Cleaner\tcm.exe
K:\AntiVirenKit\AVKTray\AVKTray.exe
C:\Programme\Java\jre1.6.0_01\bin\jusched.exe
C:\Programme\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Programme\SiteAdvisor\6172\SiteAdv.exe
K:\AntiVirenKit\AVK\AVKService.exe
C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
K:\AntiVirenKit\AVK\AVKWCtl.exe
K:\I-COUNTER\ICOUNTER.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Programme\Windows Media Player\WMPNSCFG.exe
C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\System32\GEARSec.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programme\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\oodag.exe
F:\PC Firewall Pro 2007\pcfw.exe
C:\Programme\SiteAdvisor\6172\SAService.exe
C:\WINDOWS\System32\SLEE401.exe
C:\WINDOWS\SCARDS32.EXE
C:\Programme\PowerQuest\Drive Image 7.0\Agent\PQV2iSvc.exe
C:\Programme\Gemeinsame Dateien\G DATA\AVKProxy\AVKProxy.exe
C:\WINDOWS\System32\Fast.exe
C:\WINDOWS\System32\svchost.exe
F:\MemoKit\memokit2.exe
K:\SpywareGuard\sgmain.exe
K:\SpywareGuard\sgbhp.exe
F:\FoxItReader\FoxitReader.exe
F:\Microsoft Office\OFFICE11\WINWORD.EXE
F:\The Bat\thebat.exe
K:\Firefox\Mozilla Firefox\firefox.exe
K:\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: (no name) - {0B660087-931C-4056-A04F-0423890E40B6} - (no file)
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Programme\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SpywareGuardDLBLOCK.CBrowserHelper - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - K:\SPYWAREGUARD\DLPROTECT.DLL
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - K:\Spybot\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: amazon - {84B94901-3645-4D80-A6B7-4D0050B19455} - K:\Preispiraten\IEButtonAmazonInterface.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programme\google\googletoolbar5.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: eBay - {CD9B7762-DFBC-42B1-BB30-02A78287B456} - K:\Preispiraten\IEButtonEbayInterface.dll
O2 - BHO: Preispiraten - {E9E027BF-C3F3-4022-8F6B-8F6D39A59684} - K:\Preispiraten\IEButtonPPInterface.dll
O2 - BHO: (no name) - {FFFFFEF0-5B30-21D4-945D-000000000000} - K:\STARDO~1\SDIEInt.dll
O3 - Toolbar: Copernic Agent - {F2E259E8-0FC8-438C-A6E0-342DD80FA53E} - K:\COPERN~1\COPERN~1.DLL
O3 - Toolbar: FraudEliminator - {A5181F8A-0B9D-43AC-8BE5-EB61651DB685} - C:\Programme\FraudEliminator\2.3.0\FETB.dll
O3 - Toolbar: &Netcraft Toolbar - {D554D8FC-B36D-4BB4-93DB-4A3394D505E3} - C:\Programme\Netcraft Toolbar\nctb.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Programme\SiteAdvisor\6172\SiteAdv.dll
O3 - Toolbar: GVDownloader - {ae4df123-9140-4f93-9b32-ff0186389cc3} - mscoree.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programme\google\googletoolbar5.dll
O4 - HKLM\..\Run: [PC Booster] F:\PC Booster\pcbooster.exe
O4 - HKLM\..\Run: [AVK Mail Checker] "C:\Programme\Gemeinsame Dateien\G DATA\AVKMail\AVKPOP.EXE"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [tcactive] K:\The Cleaner\tca.exe
O4 - HKLM\..\Run: [tcmonitor] K:\The Cleaner\tcm.exe
O4 - HKLM\..\Run: [AVKTray] K:\AntiVirenKit\AVKTray\AVKTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [PC Firewall Professional] "F:\PC Firewall Pro 2007\pcfw.exe" /waitservice
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "F:\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Programme\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [SiteAdvisor] C:\Programme\SiteAdvisor\6172\SiteAdv.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [MsgCenterExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\RealOneMessageCenter.exe" -osboot
O4 - HKCU\..\Run: [iCounter] K:\I-COUNTER\ICOUNTER.EXE /AUTOSTART
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\RunOnce: [ITD7] "K:\STEGANOS INTERNET TRACE DESTRUCTOR 7\ITD7.EXE" -FIRSTBOOT (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-20\..\RunOnce: [ITD7] "K:\STEGANOS INTERNET TRACE DESTRUCTOR 7\ITD7.EXE" -FIRSTBOOT (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [ITD7] "K:\STEGANOS INTERNET TRACE DESTRUCTOR 7\ITD7.EXE" -FIRSTBOOT (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [ITD7] "K:\STEGANOS INTERNET TRACE DESTRUCTOR 7\ITD7.EXE" -FIRSTBOOT (User 'Default user')
O4 - S-1-5-18 Startup: T-Online DSL-Manager.lnk = C:\Programme\T-Online\DSL-Manager\TODslMgr.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: T-Online DSL-Manager.lnk = C:\Programme\T-Online\DSL-Manager\TODslMgr.exe (User 'Default user')
O4 - Startup: ERUNT AutoBackup.lnk = C:\Programme\ERUNT\AUTOBACK.EXE
O4 - Startup: MemoKit.lnk = F:\MemoKit\mk.exe
O4 - Startup: SpywareGuard.lnk = K:\SpywareGuard\sgmain.exe
O4 - Global Startup: DSLMON.lnk = C:\Programme\SAGEM\SAGEM F@st 800-840\dslmon.exe
O8 - Extra context menu item: &Preispiratensuche nach markiertem Text - K:\\Preispiraten\\preispiraten.html
O8 - Extra context menu item: Download with Star Downloader - K:\Star Downloader\sdie.htm
O8 - Extra context menu item: Enqueue in Star Downloader - K:\Star Downloader\sdieenq.htm
O8 - Extra context menu item: Leech with Star Downloader - K:\Star Downloader\leechie.htm
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://F:\MICROS~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Search Using Copernic Shopper - K:\COPERN~2\WEB\FIND.HTM
O8 - Extra context menu item: Suchen mit Copernic Agent - K:\COPERNIC AGENT\WEB\SEARCHEXT.HTM
O8 - Extra context menu item: Zur Filterliste hinzufügen (WebWasher) - http://-Web.Washer-/ie_add
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: (no name) - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - K:\COPERN~1\COPERN~1.EXE
O9 - Extra 'Tools' menuitem: Starten von Copernic Agent - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - K:\COPERN~1\COPERN~1.EXE
O9 - Extra button: Preispiraten - {350F4DA2-3886-4BB8-A1A8-D7F57B56DFFF} - K:\Preispiraten\preispiraten3ie.exe
O9 - Extra 'Tools' menuitem: Preispiraten - {350F4DA2-3886-4BB8-A1A8-D7F57B56DFFF} - K:\Preispiraten\preispiraten3ie.exe
O9 - Extra button: PC Firewall 2007 Pro Quick Tune - {44627E97-789B-40d4-B5C2-58BD171129A1} - F:\PC Firewall Pro 2007\Plugins\BrowserBar\ie_bar.dll
O9 - Extra button: Copernic Agent - {688DC797-DC11-46A7-9F1B-445F4F58CE6E} - K:\COPERN~1\COPERN~1.EXE
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - F:\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - K:\Spybot\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - K:\Spybot\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: eBay - {E79005A3-0F92-434B-9F7B-51131FC7168F} - http://www.preispiraten.de/e/tr_ebdestart....p://www.ebay.de (file missing)
O9 - Extra button: eBay - Homepage - {EF79EAC5-3452-4E02-B8BD-BA4C89F1AC7A} - H:\IrfanView\Ebay\Ebay.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O16 - DPF: {0FF3E97F-433D-11D2-B31A-00A0C9B135DB} (CoDetectDigitalRiver Class) - http://ebot.digitalriver.com/v2.0-doc/dlwi...zard3.0.4.3.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6CB5E471-C305-11D3-99A8-000086395495} - http://toolbar.google.com/data/de/big/1.1....g/GoogleNav.cab
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installengine.com/engine/isetup.cab
O16 - DPF: {A8482EAF-A1F3-4934-AE3F-56EB195A50BF} (DeskUpdateV2 - Activex Control) - http://support.fujitsu-siemens.de/DeskUpda...api/activex.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Programme\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - K:\AdAware 2007\aawservice.exe
O23 - Service: AVKProxy - G DATA Software AG - C:\Programme\Gemeinsame Dateien\G DATA\AVKProxy\AVKProxy.exe
O23 - Service: AVK Service (AVKService) - G DATA Software AG - K:\AntiVirenKit\AVK\AVKService.exe
O23 - Service: AVK Wächter (AVKWCtl) - Unknown owner - K:\AntiVirenKit\AVK\AVKWCtl.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\System32\brsvc01a.exe
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: SFirewall Service (SFirewall) - Buhl Data Service GmbH - F:\PC Firewall Pro 2007\pcfw.exe
O23 - Service: SiteAdvisor-Dienst (SiteAdvisor Service) - Unknown owner - C:\Programme\SiteAdvisor\6172\SAService.exe
O23 - Service: Steganos Live Encryption Engine (Version 401) [Service] (SLEE_401_SERVICE) - Unknown owner - C:\WINDOWS\System32\SLEE401.exe
O23 - Service: T-Online DSL-Manager (TODslService) - T-Systems International GmbH - C:\Programme\T-Online\DSL-Manager\TODslSvc.exe
O23 - Service: T-DSL SpeedManager (TSMService) - T-Systems Business Services - C:\Programme\T-DSL SpeedManager\TSMSvc.exe
O23 - Service: CHIPDRIVE SCARD Service (TWKSCARDSRV) - SCM Microsystems - C:\WINDOWS\SCARDS32.EXE
O23 - Service: V2i Protector - PowerQuest Corporation - C:\Programme\PowerQuest\Drive Image 7.0\Agent\PQV2iSvc.exe

--
End of file - 13258 bytes

#4 Falu

Falu

  • Security Colleague
  • 3,001 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:04:07 AM

Posted 20 November 2007 - 12:59 PM

Hi dpmengefi, :thumbsup:

Welcome to BleepingComputer Forums and thanks again for your patience.

1. Please disable some of your protection programmes since they may interfere with the fixes we are going to make. You may re-enable them once you're clean; I will let you know.

> SpywareGuard:

* Right click the running icon ofSpywareGuard, it will open the program.
* Then go to Menu, file, exit.
* Then confirm the program is closed.

> SuperAntispyware:

Right-click on the shortcut from the
system tray, choose View Control Center (preferences/options), on the General and Startup tab, uncheck, Start SUPERAntispyware when Windows starts, click Close to exit.

You may enable it again once you're clean; I will let you know.

2. Run HijackThis, click Scan and checkmark the following entries:

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
O2 - BHO: (no name) - {0B660087-931C-4056-A04F-0423890E40B6} - (no file)
O3 - Toolbar: GVDownloader - {ae4df123-9140-4f93-9b32-ff0186389cc3} - mscoree.dll (file missing)


Close all browsers and windows, except for HijackThis and click the Fix Checked button; close HijackThis!

3. Download ATF Cleaner by Atribune.

Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.

If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

4. You're using an outdated version of Java (latest one is Java Runtime Environment (JRE) 6u3). Older versions have vulnerabilities that malware can use to infect your system. Please update and remove the older versions. Do the following:
  • Go to Start > Control Panel double-click on the Software icon > add/remove programs.
  • Search in the list for all previous installed versions of Java. (J2SE Runtime Environment.... )

    It should have next icon next to it: Posted Image
    Select it and click Remove.
  • Then Download and install the newest version from here:

    Java Runtime Environment (JRE) 6u3
5. Download Deckard's System Scanner and save it to your Desktop.

* Double click dss.exe and follow the prompts.
* When finished, it will produce a log for you.
* Post the contents of that log in your next reply.
* Using Windows Explorer (to get there right-click your Start button and go to "Explore"), navigate to the C:\Deckard\System Scanner folder. You will find two logs in the folder, main.txt and extra.txt.
* Open the main.txt log in Notepad
* Also Copy and Paste its contents in a reply.

Please post the DSS main/extra logs.

#5 dpmengefi

dpmengefi
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:11:07 AM

Posted 22 November 2007 - 04:55 AM

Deckard's System Scanner v20071014.68
Run by David Meadows on 2007-11-22 10:30:51
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
15: 2007-11-22 09:31:22 UTC - RP2027 - Deckard's System Scanner Restore Point
14: 2007-11-22 09:22:07 UTC - RP2026 - Java™ 6 Update 3 wird installiert
13: 2007-11-22 09:12:38 UTC - RP2025 - Java™ SE Runtime Environment 6 wird entfernt
12: 2007-11-22 09:10:16 UTC - RP2024 - Java™ SE Runtime Environment 6 Update 1 wird entfernt
11: 2007-11-21 17:39:54 UTC - RP2023 - Systemprüfpunkt


-- First Restore Point --
1: 2007-10-31 18:12:26 UTC - RP2013 - Systemprüfpunkt


Backed up registry hives.
Performed disk cleanup.

Percentage of Memory in Use: 80% (more than 75%).


-- HijackThis (run as David Meadows.exe) ---------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:37:04, on 22.11.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
K:\AdAware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\brsvc01a.exe
C:\WINDOWS\System32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
F:\PC Booster\pcbooster.exe
C:\Programme\Gemeinsame Dateien\G DATA\AVKMail\AVKPOP.EXE
K:\The Cleaner\tca.exe
K:\The Cleaner\tcm.exe
K:\AntiVirenKit\AVKTray\AVKTray.exe
C:\Programme\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Programme\SiteAdvisor\6172\SiteAdv.exe
K:\AntiVirenKit\AVK\AVKService.exe
C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
K:\AntiVirenKit\AVK\AVKWCtl.exe
K:\I-COUNTER\ICOUNTER.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
C:\Programme\Windows Media Player\WMPNSCFG.exe
C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\System32\GEARSec.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\SAGEM\SAGEM F@st 800-840\dslmon.exe
F:\MemoKit\memokit2.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programme\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\oodag.exe
F:\PC Firewall Pro 2007\pcfw.exe
C:\Programme\SiteAdvisor\6172\SAService.exe
C:\WINDOWS\System32\SLEE401.exe
C:\WINDOWS\SCARDS32.EXE
C:\Programme\PowerQuest\Drive Image 7.0\Agent\PQV2iSvc.exe
C:\Programme\Gemeinsame Dateien\G DATA\AVKProxy\AVKProxy.exe
C:\WINDOWS\System32\Fast.exe
K:\ProcessExplorer\procexp.exe
F:\PDF Professional 3.0\PdfPro3Hook.exe
K:\Download\dss.exe
K:\HIJACK~1\David Meadows.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Programme\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SpywareGuardDLBLOCK.CBrowserHelper - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - K:\SPYWAREGUARD\DLPROTECT.DLL
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - K:\Spybot\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: amazon - {84B94901-3645-4D80-A6B7-4D0050B19455} - K:\Preispiraten\IEButtonAmazonInterface.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programme\google\googletoolbar5.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: eBay - {CD9B7762-DFBC-42B1-BB30-02A78287B456} - K:\Preispiraten\IEButtonEbayInterface.dll
O2 - BHO: Preispiraten - {E9E027BF-C3F3-4022-8F6B-8F6D39A59684} - K:\Preispiraten\IEButtonPPInterface.dll
O2 - BHO: (no name) - {FFFFFEF0-5B30-21D4-945D-000000000000} - K:\STARDO~1\SDIEInt.dll
O3 - Toolbar: Copernic Agent - {F2E259E8-0FC8-438C-A6E0-342DD80FA53E} - K:\COPERN~1\COPERN~1.DLL
O3 - Toolbar: FraudEliminator - {A5181F8A-0B9D-43AC-8BE5-EB61651DB685} - C:\Programme\FraudEliminator\2.3.0\FETB.dll
O3 - Toolbar: &Netcraft Toolbar - {D554D8FC-B36D-4BB4-93DB-4A3394D505E3} - C:\Programme\Netcraft Toolbar\nctb.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Programme\SiteAdvisor\6172\SiteAdv.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programme\google\googletoolbar5.dll
O4 - HKLM\..\Run: [PC Booster] F:\PC Booster\pcbooster.exe
O4 - HKLM\..\Run: [AVK Mail Checker] "C:\Programme\Gemeinsame Dateien\G DATA\AVKMail\AVKPOP.EXE"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [tcactive] K:\The Cleaner\tca.exe
O4 - HKLM\..\Run: [tcmonitor] K:\The Cleaner\tcm.exe
O4 - HKLM\..\Run: [AVKTray] K:\AntiVirenKit\AVKTray\AVKTray.exe
O4 - HKLM\..\Run: [PC Firewall Professional] "F:\PC Firewall Pro 2007\pcfw.exe" /waitservice
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "F:\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Programme\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [SiteAdvisor] C:\Programme\SiteAdvisor\6172\SiteAdv.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [MsgCenterExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\RealOneMessageCenter.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKCU\..\Run: [iCounter] K:\I-COUNTER\ICOUNTER.EXE /AUTOSTART
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\RunOnce: [ITD7] "K:\STEGANOS INTERNET TRACE DESTRUCTOR 7\ITD7.EXE" -FIRSTBOOT (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-20\..\RunOnce: [ITD7] "K:\STEGANOS INTERNET TRACE DESTRUCTOR 7\ITD7.EXE" -FIRSTBOOT (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [ITD7] "K:\STEGANOS INTERNET TRACE DESTRUCTOR 7\ITD7.EXE" -FIRSTBOOT (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [ITD7] "K:\STEGANOS INTERNET TRACE DESTRUCTOR 7\ITD7.EXE" -FIRSTBOOT (User 'Default user')
O4 - S-1-5-18 Startup: T-Online DSL-Manager.lnk = C:\Programme\T-Online\DSL-Manager\TODslMgr.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: T-Online DSL-Manager.lnk = C:\Programme\T-Online\DSL-Manager\TODslMgr.exe (User 'Default user')
O4 - Startup: ERUNT AutoBackup.lnk = C:\Programme\ERUNT\AUTOBACK.EXE
O4 - Startup: MemoKit.lnk = F:\MemoKit\mk.exe
O4 - Startup: SpywareGuard.lnk = K:\SpywareGuard\sgmain.exe
O4 - Global Startup: DSLMON.lnk = C:\Programme\SAGEM\SAGEM F@st 800-840\dslmon.exe
O8 - Extra context menu item: &Preispiratensuche nach markiertem Text - K:\\Preispiraten\\preispiraten.html
O8 - Extra context menu item: Download with Star Downloader - K:\Star Downloader\sdie.htm
O8 - Extra context menu item: Enqueue in Star Downloader - K:\Star Downloader\sdieenq.htm
O8 - Extra context menu item: Leech with Star Downloader - K:\Star Downloader\leechie.htm
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://F:\MICROS~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Search Using Copernic Shopper - K:\COPERN~2\WEB\FIND.HTM
O8 - Extra context menu item: Suchen mit Copernic Agent - K:\COPERNIC AGENT\WEB\SEARCHEXT.HTM
O8 - Extra context menu item: Zur Filterliste hinzufügen (WebWasher) - http://-Web.Washer-/ie_add
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - K:\COPERN~1\COPERN~1.EXE
O9 - Extra 'Tools' menuitem: Starten von Copernic Agent - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - K:\COPERN~1\COPERN~1.EXE
O9 - Extra button: Preispiraten - {350F4DA2-3886-4BB8-A1A8-D7F57B56DFFF} - K:\Preispiraten\preispiraten3ie.exe
O9 - Extra 'Tools' menuitem: Preispiraten - {350F4DA2-3886-4BB8-A1A8-D7F57B56DFFF} - K:\Preispiraten\preispiraten3ie.exe
O9 - Extra button: PC Firewall 2007 Pro Quick Tune - {44627E97-789B-40d4-B5C2-58BD171129A1} - F:\PC Firewall Pro 2007\Plugins\BrowserBar\ie_bar.dll
O9 - Extra button: Copernic Agent - {688DC797-DC11-46A7-9F1B-445F4F58CE6E} - K:\COPERN~1\COPERN~1.EXE
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - F:\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - K:\Spybot\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - K:\Spybot\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: eBay - {E79005A3-0F92-434B-9F7B-51131FC7168F} - http://www.preispiraten.de/e/tr_ebdestart....p://www.ebay.de (file missing)
O9 - Extra button: eBay - Homepage - {EF79EAC5-3452-4E02-B8BD-BA4C89F1AC7A} - H:\IrfanView\Ebay\Ebay.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O16 - DPF: {0FF3E97F-433D-11D2-B31A-00A0C9B135DB} (CoDetectDigitalRiver Class) - http://ebot.digitalriver.com/v2.0-doc/dlwi...zard3.0.4.3.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6CB5E471-C305-11D3-99A8-000086395495} - http://toolbar.google.com/data/de/big/1.1....g/GoogleNav.cab
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installengine.com/engine/isetup.cab
O16 - DPF: {A8482EAF-A1F3-4934-AE3F-56EB195A50BF} (DeskUpdateV2 - Activex Control) - http://support.fujitsu-siemens.de/DeskUpda...api/activex.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Programme\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - K:\AdAware 2007\aawservice.exe
O23 - Service: AVKProxy - G DATA Software AG - C:\Programme\Gemeinsame Dateien\G DATA\AVKProxy\AVKProxy.exe
O23 - Service: AVK Service (AVKService) - G DATA Software AG - K:\AntiVirenKit\AVK\AVKService.exe
O23 - Service: AVK Wächter (AVKWCtl) - Unknown owner - K:\AntiVirenKit\AVK\AVKWCtl.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\System32\brsvc01a.exe
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: SFirewall Service (SFirewall) - Buhl Data Service GmbH - F:\PC Firewall Pro 2007\pcfw.exe
O23 - Service: SiteAdvisor-Dienst (SiteAdvisor Service) - Unknown owner - C:\Programme\SiteAdvisor\6172\SAService.exe
O23 - Service: Steganos Live Encryption Engine (Version 401) [Service] (SLEE_401_SERVICE) - Unknown owner - C:\WINDOWS\System32\SLEE401.exe
O23 - Service: T-Online DSL-Manager (TODslService) - T-Systems International GmbH - C:\Programme\T-Online\DSL-Manager\TODslSvc.exe
O23 - Service: T-DSL SpeedManager (TSMService) - T-Systems Business Services - C:\Programme\T-DSL SpeedManager\TSMSvc.exe
O23 - Service: CHIPDRIVE SCARD Service (TWKSCARDSRV) - SCM Microsystems - C:\WINDOWS\SCARDS32.EXE
O23 - Service: V2i Protector - PowerQuest Corporation - C:\Programme\PowerQuest\Drive Image 7.0\Agent\PQV2iSvc.exe

--
End of file - 12753 bytes

-- HijackThis Fixed Entries (K:\HIJACK~1\backups\) -----------------------------

backup-20071122-095720-220 O2 - BHO: (no name) - {0B660087-931C-4056-A04F-0423890E40B6} - (no file)
backup-20071122-095720-306 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
backup-20071122-095720-561 O3 - Toolbar: GVDownloader - {ae4df123-9140-4f93-9b32-ff0186389cc3} - mscoree.dll (file missing)

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 BsStor (InCD Storage Helper Driver) - c:\windows\system32\drivers\bsstor.sys <Not Verified; B.H.A Co.,Ltd.; >
R0 drvmcdb - c:\windows\system32\drivers\drvmcdb.sys <Not Verified; VERITAS Software, Inc.; >
R0 PQV2i - c:\windows\system32\drivers\pqv2i.sys <Not Verified; StorageCraft; V2i Protector>
R0 TwkMs (CHIPDRIVE Maus Adapter) - c:\windows\system32\drivers\twkms.sys <Not Verified; Towitoko AG; CHIPDRIVE mouse driver>
R1 BANTExt (Belarc SMBios Access) - c:\windows\system32\drivers\bantext.sys
R1 PQIMount - c:\windows\system32\drivers\pqimount.sys <Not Verified; PowerQuest Corporation; V2i Protector>
R1 PQNTDrv - c:\windows\system32\drivers\pqntdrv.sys
R1 SASDIFSV - c:\programme\superantispyware\sasdifsv.sys
R1 SASKUTIL - c:\programme\superantispyware\saskutil.sys
R1 SSHDRV58 - c:\windows\system32\drivers\sshdrv58.sys
R1 VFILT (SFirewall Kernel Driver) - f:\pc firewall pro 2007\kernel\filtnt.sys <Not Verified; Buhl Data Service GmbH; PC Firewall Pro 2007>
R2 BrPar - c:\windows\system32\drivers\brpar.sys <Not Verified; Brother Industries Ltd.; Brother Parallel Class Driver>
R2 BsUDF (InCD UDF Driver) - c:\windows\system32\drivers\bsudf.sys <Not Verified; ahead software; UDF File System Driver (WindowsXP)>
R2 GDTdiInterceptor - c:\windows\system32\drivers\gdtdiicpt.sys
R2 hardlock - c:\windows\system32\drivers\hardlock.sys <Not Verified; Aladdin Knowledge Systems; Hardlock Device Driver for Windows NT>
R2 Haspnt - c:\windows\system32\drivers\haspnt.sys <Not Verified; Aladdin Knowledge Systems; Windows NT HASP Kernel Device Driver>
R2 NVKEYNT - c:\windows\system32\drivers\nvkeynt.sys <Not Verified; Aktiv Co.; Guardant Stealth/Net LPT Dongle Device Driver for Windows 2000/XP>
R2 SFC4 - c:\windows\system32\drivers\sfc4.sys
R2 SLEE_401_DRIVER (Steganos Live Encryption Engine (Version 401) [Driver]) - c:\windows\system32\drivers\slee401.sys
R2 TwkPCSC (CHIPDRIVE PC/SC Drivers) - c:\windows\system32\drivers\twkpcsc.sys <Not Verified; Towitoko AG; CHIPDRIVE PC/SC Driver>
R3 ADBLOCK.DLL (SFirewall PlugIn (ADBLOCK.DLL)) - f:\pc firewall pro 2007\kernel\adblock.dll <Not Verified; Buhl Data Service GmbH; PC Firewall Pro 2007>
R3 ARP.DLL (SFirewall PlugIn (ARP.DLL)) - f:\pc firewall pro 2007\kernel\arp.dll <Not Verified; Buhl Data Service GmbH; PC Firewall Pro 2007>
R3 CONTENT.DLL (SFirewall PlugIn (CONTENT.DLL)) - f:\pc firewall pro 2007\kernel\content.dll <Not Verified; Buhl Data Service GmbH; PC Firewall Pro 2007>
R3 DNSCACHE.DLL (SFirewall PlugIn (DNSCACHE.DLL)) - f:\pc firewall pro 2007\kernel\dnscache.dll <Not Verified; Buhl Data Service GmbH; PC Firewall Pro 2007>
R3 FTPFILT.DLL (SFirewall PlugIn (FTPFILT.DLL)) - f:\pc firewall pro 2007\kernel\ftpfilt.dll <Not Verified; Buhl Data Service GmbH; PC Firewall Pro 2007>
R3 GDMnIcpt - c:\windows\system32\drivers\miniicpt.sys <Not Verified; G DATA Software AG; G DATA AntiVirusKit>
R3 HookCentre - c:\windows\system32\drivers\hookcentre.sys <Not Verified; G DATA Software AG; >
R3 HTMLFILT.DLL (SFirewall PlugIn (HTMLFILT.DLL)) - f:\pc firewall pro 2007\kernel\htmlfilt.dll <Not Verified; Buhl Data Service GmbH; PC Firewall Pro 2007>
R3 HTTPFILT.DLL (SFirewall PlugIn (HTTPFILT.DLL)) - f:\pc firewall pro 2007\kernel\httpfilt.dll <Not Verified; Buhl Data Service GmbH; PC Firewall Pro 2007>
R3 IMAPFILT.DLL (SFirewall PlugIn (IMAPFILT.DLL)) - f:\pc firewall pro 2007\kernel\imapfilt.dll <Not Verified; Buhl Data Service GmbH; PC Firewall Pro 2007>
R3 MAILFILT.DLL (SFirewall PlugIn (MAILFILT.DLL)) - f:\pc firewall pro 2007\kernel\mailfilt.dll <Not Verified; Buhl Data Service GmbH; PC Firewall Pro 2007>
R3 NNTPFILT.DLL (SFirewall PlugIn (NNTPFILT.DLL)) - f:\pc firewall pro 2007\kernel\nntpfilt.dll <Not Verified; Buhl Data Service GmbH; PC Firewall Pro 2007>
R3 POP3FILT.DLL (SFirewall PlugIn (POP3FILT.DLL)) - f:\pc firewall pro 2007\kernel\pop3filt.dll <Not Verified; Buhl Data Service GmbH; PC Firewall Pro 2007>
R3 PROTECT.DLL (SFirewall PlugIn (PROTECT.DLL)) - f:\pc firewall pro 2007\kernel\protect.dll <Not Verified; Buhl Data Service GmbH; PC Firewall Pro 2007>
R3 SASENUM - c:\programme\superantispyware\sasenum.sys <Not Verified; SuperAdBlocker, Inc.; SuperAntiSpyware>
R3 SECRET.DLL (SFirewall PlugIn (SECRET.DLL)) - f:\pc firewall pro 2007\kernel\secret.dll <Not Verified; Buhl Data Service GmbH; PC Firewall Pro 2007>
R3 TSMPacket (T-DSL SpeedManager Service) - c:\windows\system32\drivers\tsmpkt.sys <Not Verified; T-Systems International; T-DSL SpeedManager>
R3 TWKPNP (CHIPDRIVE Plug and Play driver) - c:\windows\system32\drivers\twkpnp.sys <Not Verified; Towitoko AG; CHIPDRIVE Plug and Play Driver>

S3 ATWPKT - c:\windows\system32\drivers\atwpkt.sys <Not Verified; America Online; ATW Protocol Driver>
S3 C-Dilla - c:\windows\system32\drivers\cdant.sys <Not Verified; Macrovision; Licence Management System>
S3 DarkSpy - c:\windows\system32\darkspykernel.sys <Not Verified; Windows ® Server 2003 DDK provider; Windows ® Server 2003 DDK driver>
S3 HSF_DP - c:\windows\system32\drivers\hsf_dp.sys <Not Verified; Conexant Systems, Inc.; SoftK56>
S3 HSFHWBS2 - c:\windows\system32\drivers\hsfhwbs2.sys <Not Verified; Conexant Systems, Inc.; SoftK56>
S3 NVKEYUSB (Guardant Stealth I/II USB Key) - c:\windows\system32\drivers\nvkeyusb.sys <Not Verified; Aktiv Co.; Guardant Stealth/Net I/II USB Dongle Device Driver for Windows 98/Me/2000/XP/2003>
S3 PCANDIS5 (PCANDIS5 Protocol Driver) - c:\programme\t-dsl speedmanager\pcandis5.sys
S3 TVICHW32 - c:\windows\system32\drivers\tvichw32.sys <Not Verified; EnTech Taiwan; TVicHW32>
S3 wanatw (WAN Miniport (ATW)) - c:\windows\system32\drivers\wanatw4.sys (file missing)
S4 aic78u2 - c:\windows\system32\drivers\aic78u2.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 AVKProxy - "c:\programme\gemeinsame dateien\g data\avkproxy\avkproxy.exe" <Not Verified; G DATA Software AG; AVKProxy Module>
R2 AVKService (AVK Service) - k:\antivirenkit\avk\avkservice.exe <Not Verified; G DATA Software AG; AVKService Module>
R2 AVKWCtl (AVK Wächter) - k:\antivirenkit\avk\avkwctl.exe <Not Verified; ; AVK>
R2 C-DillaSrv - c:\windows\system32\drivers\cdantsrv.exe <Not Verified; C-Dilla Ltd; CD-Secure/CD-Compress Windows NT>
R2 GEARSecurity - c:\windows\system32\gearsec.exe <Not Verified; GEAR Software; gearsec>
R2 SFirewall (SFirewall Service) - f:\pc firewall pro 2007\pcfw.exe /service <Not Verified; Buhl Data Service GmbH; PC Firewall Pro 2007>
R2 SLEE_401_SERVICE (Steganos Live Encryption Engine (Version 401) [Service]) - c:\windows\system32\slee401.exe
R2 TWKSCARDSRV (CHIPDRIVE SCARD Service) - c:\windows\scards32.exe <Not Verified; SCM Microsystems; CHIPDRIVE IFD Drivers>
R2 V2i Protector - c:\programme\powerquest\drive image 7.0\agent\pqv2isvc.exe <Not Verified; PowerQuest Corporation; V2i Protector>

S3 TODslService (T-Online DSL-Manager) - "c:\programme\t-online\dsl-manager\todslsvc.exe" <Not Verified; T-Systems International GmbH; T-Online DSL-Manager>
S3 TSMService (T-DSL SpeedManager) - "c:\programme\t-dsl speedmanager\tsmsvc.exe" <Not Verified; T-Systems Business Services; T-DSL SpeedManager>


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2007-11-20 13:37:57 276 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2007-11-16 17:24:20 392 --a------ C:\WINDOWS\Tasks\1-Klick-Wartung.job


-- Files created between 2007-10-22 and 2007-11-22 -----------------------------

2007-11-17 14:28:18 0 d-------- C:\Programme\Gemeinsame Dateien\Skype
2007-11-16 15:45:26 0 d-------- C:\Programme\Gemeinsame Dateien\xing shared
2007-11-07 19:26:57 0 d-------- C:\Dokumente und Einstellungen\David Meadows\Application Data\deskUNPDF
2007-11-07 10:42:55 0 d-------- C:\Programme\Gemeinsame Dateien\Esoteric Technologies
2007-11-02 20:11:52 196608 --a------ C:\WINDOWS\system32\Utility.dll <Not Verified; Netsmartz; DocSmartz>
2007-11-02 20:11:40 204848 -----n--- C:\WINDOWS\system32\gswin32c.exe
2007-11-02 20:11:09 0 d-------- C:\WINDOWS\system32\gs
2007-11-02 20:11:02 229888 --a------ C:\WINDOWS\system32\Crpaig32.dll <Not Verified; Seagate Software, Information Management Group, Inc.; Crystal Reports Pro For Windows>
2007-11-02 16:36:30 129536 --a-----t C:\WINDOWS\system32\DarkSpyKernel.sys <Not Verified; Windows ® Server 2003 DDK provider; Windows ® Server 2003 DDK driver>
2007-11-02 15:33:58 0 d-------- C:\Dokumente und Einstellungen\David Meadows\Pavark
2007-10-28 12:47:13 0 dr-h----- C:\Dokumente und Einstellungen\David Meadows\Recent
2007-10-27 20:54:27 0 d-------- C:\WINDOWS\system32\ActiveScan
2007-10-27 15:50:46 0 d-------- C:\Dokumente und Einstellungen\David Meadows\.housecall6.6
2007-10-25 22:49:44 0 d-------- C:\Dokumente und Einstellungen\David Meadows\.gimp-2.4


-- Find3M Report ---------------------------------------------------------------

2007-11-22 10:26:44 92437 --a------ C:\WINDOWS\mozver.dat
2007-11-22 10:26:22 562 --a------ C:\WINDOWS\aclockz6.dat
2007-11-22 10:25:34 0 d-------- C:\Programme\Java
2007-11-22 09:42:19 0 d-------- C:\Programme\SUPERAntiSpyware
2007-11-22 09:15:00 0 d-------- C:\Programme\Netcraft Toolbar
2007-11-19 11:33:34 0 d-------- C:\Dokumente und Einstellungen\David Meadows\Anwendungsdaten\OpenOffice.org2
2007-11-18 21:04:17 0 d-------- C:\Dokumente und Einstellungen\David Meadows\Anwendungsdaten\Skype
2007-11-18 16:00:06 0 d-------- C:\Dokumente und Einstellungen\David Meadows\Anwendungsdaten\skypePM
2007-11-17 14:28:18 0 d-------- C:\Programme\Gemeinsame Dateien
2007-11-16 15:43:23 0 d-------- C:\Programme\Gemeinsame Dateien\Real
2007-11-10 20:41:09 0 d-------- C:\Dokumente und Einstellungen\David Meadows\Anwendungsdaten\metaspinner media GmbH
2007-11-07 10:45:25 0 d-------- C:\Dokumente und Einstellungen\David Meadows\Anwendungsdaten\Esoteric Technologies
2007-11-06 17:11:20 0 d-------- C:\Programme\QuickTime
2007-11-05 20:50:48 197966 --a------ C:\WINDOWS\SeaMonkeyUninstall.exe <Not Verified; Mozilla; Firefox>
2007-11-05 20:49:14 118784 --a------ C:\WINDOWS\GREUninstall.exe
2007-11-02 21:41:11 0 d-------- C:\Dokumente und Einstellungen\David Meadows\Anwendungsdaten\OfficeUpdate12
2007-10-28 12:15:32 466102 --a------ C:\WINDOWS\system32\perfh007.dat
2007-10-28 12:15:31 97592 --a------ C:\WINDOWS\system32\perfc007.dat
2007-10-27 20:32:55 0 d-------- C:\Programme\Apple Software Update
2007-10-23 23:01:18 0 d-------- C:\Dokumente und Einstellungen\David Meadows\Anwendungsdaten\SlimBrowser
2007-10-23 19:00:51 0 d-------- C:\Dokumente und Einstellungen\David Meadows\Anwendungsdaten\SopCast
2007-10-22 10:57:52 524288 --a------ C:\WINDOWS\opuc.dll <Not Verified; Microsoft Corporation; 2007 Microsoft Office system>
2007-10-16 23:15:48 0 d-------- C:\Dokumente und Einstellungen\David Meadows\Anwendungsdaten\NoteTab Light
2007-10-15 21:31:19 0 d-------- C:\Dokumente und Einstellungen\David Meadows\Anwendungsdaten\SUPERAntiSpyware.com
2007-10-15 21:28:33 0 d-------- C:\Programme\Gemeinsame Dateien\Wise Installation Wizard
2007-10-15 08:02:37 0 d-------- C:\Dokumente und Einstellungen\David Meadows\Anwendungsdaten\Spamihilator
2007-10-11 15:47:30 516096 --a------ C:\WINDOWS\iwexec.exe <Not Verified; ; InstallWizard XP Setup Application>
2007-10-02 23:30:33 0 d-------- C:\Programme\DivX
2007-09-24 23:24:26 0 d-------- C:\Dokumente und Einstellungen\David Meadows\Anwendungsdaten\phonostar-Player
2007-09-24 23:17:24 0 d-------- C:\Dokumente und Einstellungen\David Meadows\Anwendungsdaten\Simple Sudoku
2007-09-17 19:23:00 823296 --a------ C:\WINDOWS\system32\divx_xx0c.dll <Not Verified; DivX, Inc.; DivX®>
2007-09-17 19:23:00 823296 --a------ C:\WINDOWS\system32\divx_xx07.dll <Not Verified; DivX, Inc.; DivX®>
2007-09-17 19:22:58 802816 --a------ C:\WINDOWS\system32\divx_xx11.dll <Not Verified; DivX, Inc.; DivX?>
2007-09-17 19:22:58 739840 --a------ C:\WINDOWS\system32\DivX.dll <Not Verified; DivX, Inc.; DivX®>
2007-09-14 19:21:22 0 --a------ C:\CONFIG.SYS
2007-09-14 19:21:22 0 --a------ C:\AUTOEXEC.BAT


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PC Booster"="F:\PC Booster\pcbooster.exe" [27.12.2003 13:14]
"AVK Mail Checker"="C:\Programme\Gemeinsame Dateien\G DATA\AVKMail\AVKPOP.EXE" [07.10.2004 15:04]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [06.10.2003 14:16]
"tcactive"="K:\The Cleaner\tca.exe" [11.09.2007 21:26]
"tcmonitor"="K:\The Cleaner\tcm.exe" [11.09.2007 21:26]
"AVKTray"="K:\AntiVirenKit\AVKTray\AVKTray.exe" [07.09.2006 09:00]
"PC Firewall Professional"="F:\PC Firewall Pro 2007\pcfw.exe" [27.11.2006 12:35]
"Adobe Reader Speed Launcher"="F:\Adobe\Reader 8.0\Reader\Reader_sl.exe" [10.10.2007 18:51]
"Adobe Photo Downloader"="C:\Programme\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [16.03.2007 10:45]
"SiteAdvisor"="C:\Programme\SiteAdvisor\6172\SiteAdv.exe" [31.07.2006 16:03]
"QuickTime Task"="C:\Programme\QuickTime\QTTask.exe" [19.10.2007 20:16]
"TkBellExe"="C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" [16.11.2007 15:35]
"MsgCenterExe"="C:\Programme\Gemeinsame Dateien\Real\Update_OB\RealOneMessageCenter.exe" [16.11.2007 15:35]
"SunJavaUpdateSched"="C:\Programme\Java\jre1.6.0_03\bin\jusched.exe" [25.09.2007 01:11]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"iCounter"="K:\I-COUNTER\ICOUNTER.exe" [09.04.2002 14:36]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [03.08.2004 23:57]
"swg"="C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [25.06.2007 13:58]
"WMPNSCFG"="C:\Programme\Windows Media Player\WMPNSCFG.exe" [24.10.2006 20:05]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"ITD7"="K:\STEGANOS INTERNET TRACE DESTRUCTOR 7\ITD7.EXE" -FIRSTBOOT

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"DWQueuedReporting"="C:\PROGRA~1\GEMEIN~1\MICROS~1\DW\dwtrig20.exe" -t

C:\Dokumente und Einstellungen\David Meadows\Startmen\Programme\Autostart\
ERUNT AutoBackup.lnk - C:\Programme\ERUNT\AUTOBACK.EXE [02.11.2004 00:53:24]
MemoKit.lnk - F:\MemoKit\mk.exe [05.09.2003 18:07:16]
SpywareGuard.lnk - K:\SpywareGuard\sgmain.exe [29.08.2003 18:05:35]

C:\Dokumente und Einstellungen\All Users\Startmen\Programme\Autostart\
DSLMON.lnk - C:\Programme\SAGEM\SAGEM F@st 800-840\dslmon.exe [13.09.2004 15:36:09]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoLowDiskSpaceChecks"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{0cab0400-7395-11d0-a5e5-0020afe2fdd9}"= qvphook.dll [ ]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Programme\SUPERAntiSpyware\SASSEH.DLL [20.12.2006 12:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Programme\SUPERAntiSpyware\SASWINLO.dll 19.04.2007 12:41 294912 C:\Programme\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DXDllRegExe]
C:\WINDOWS\System32\dxdllreg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OmniPage]
f:\OmniPagePro90\opware32.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"PhonostarTimer"=H:\Phonostar\ps_timer.exe
"PhonostarAgent"=H:\Phonostar\ps_agent.exe
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe
"Skype"="C:\Programme\Skype\Phone\Skype.exe" /nosplash /minimized
"SpybotSD TeaTimer"=K:\Spybot\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"TkBellExe"="C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot
"Microsoft Works Update Detection"=REM C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkUFind.exe
"Microsoft Works Portfolio"=REM C:\Programme\Microsoft Works\WksSb.exe /AllUsers
"WorksFUD"=C:\Programme\Microsoft Works\wkfud.exe
"FineReader7NewsReaderPro"=F:\FineReader 7.0\AbbyyNewsReader.exe
"0190 Warner"=K:\0190WA~1\WARN0190.EXE
"NeroCheck"=C:\WINDOWS\system32\NeroCheck.exe
"QuickTime Task"="C:\Programme\QuickTime\qttask.exe" -atboottime
"SoundMan"=SOUNDMAN.EXE
"BackgroundSwitcher"=C:\WINDOWS\System32\bgswitch.exe
"FastUser"=C:\WINDOWS\System32\fast.exe
"CoolSwitch"=C:\WINDOWS\System32\taskswitch.exe
"InCD"=C:\Programme\ahead\InCD\InCD.exe
"SunJavaUpdateSched"=C:\Programme\Java\jre1.5.0_07\bin\jusched.exe
"UserFaultCheck"=%systemroot%\system32\dumprep 0 -u
"StorageGuard"="C:\Programme\VERITAS Software\Update Manager\sgtray.exe" /r
"PDF3 Registry Controller"="F:\PDF Professional 3.0\\RegistryController.exe"
"SSBkgdUpdate"="C:\Programme\Gemeinsame Dateien\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
"NvCplDaemon"=RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
"nwiz"=nwiz.exe /install
"Adobe Photo Downloader"="C:\Programme\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp




-- Hosts -----------------------------------------------------------------------

127.0.0.1 www.aaa-livedoor.net #[Trojan-PSW.Win32.Maran.ei]
127.0.0.1 www.abcsearcher.com #[Spamdexing][Microsoft.Strider]
127.0.0.1 abloga.info #[Spamdexing]
127.0.0.1 www.abx4.com #[Adware.ABXToolbar]
127.0.0.1 acezip.net #[SiteAdvisor.acezip.net]
127.0.0.1 www.acezip.net #[Win32/Adware.180Solutions]
127.0.0.1 c.abnad.net #[eTrust.Tracking.Cookie]
127.0.0.1 gtp1.acecounter.com #[eTrust.Tracking.Cookie]
127.0.0.1 www.activemeter.com #[eTrust.Tracking.Cookie]
127.0.0.1 stat.active24stats.nl #[eTrust.Tracking.Cookie]

4959 more entries in hosts file.


-- End of Deckard's System Scanner: finished at 2007-11-22 10:40:30 ------------


Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: German

CPU 0: Intel® Pentium® 4 CPU 2.20GHz
Percentage of Memory in Use: 85%
Physical Memory (total/avail): 511.48 MiB / 72.34 MiB
Pagefile Memory (total/avail): 1250.13 MiB / 468 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1922.73 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 20.81 GiB total, 6.43 GiB free.
D: is CDROM (No Media)
E: is CDROM (No Media)
F: is Fixed (NTFS) - 7.74 GiB total, 0.85 GiB free.
G: is Fixed (NTFS) - 4.2 GiB total, 1.29 GiB free.
H: is Fixed (NTFS) - 3.67 GiB total, 0.96 GiB free.
I: is Fixed (NTFS) - 3.97 GiB total, 1.2 GiB free.
J: is Fixed (NTFS) - 1.46 GiB total, 0.98 GiB free.
K: is Fixed (NTFS) - 3.32 GiB total, 1.23 GiB free.
L: is Fixed (NTFS) - 5.74 GiB total, 1.07 GiB free.
M: is Fixed (NTFS) - 5.68 GiB total, 2.07 GiB free.
N: is Fixed (NTFS) - 4.16 GiB total, 1.59 GiB free.
O: is Fixed (NTFS) - 4.11 GiB total, 3.93 GiB free.
P: is Fixed (NTFS) - 5.65 GiB total, 5.53 GiB free.
Q: is Fixed (NTFS) - 4.05 GiB total, 3.95 GiB free.

\\.\PHYSICALDRIVE0 - SAMSUNG SV8004H - 74.56 GiB - 13 partitions
\PARTITION0 (bootable) - Installierbares Dateisystem - 20.81 GiB - C:
\PARTITION1 - Erweitert mit Int 13 (erweitert) - 53.75 GiB - F: - G: - H: - I: - J: - K: - L: - M: - N: - O: - P: - Q:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is disabled.

FW: PC Firewall 2007 Pro v4.0 (Buhl Data Service GmbH)
AV: G DATA AntiVirenKit 2007 v17.0 (G DATA)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Programme\\Gemeinsame Dateien\\AOL\\ACS\\AOLDial.exe"="C:\\Programme\\Gemeinsame Dateien\\AOL\\ACS\\AOLDial.exe:*:Enabled:AOL"
"C:\\Programme\\Gemeinsame Dateien\\AOL\\ACS\\AOLAcsd.exe"="C:\\Programme\\Gemeinsame Dateien\\AOL\\ACS\\AOLAcsd.exe:*:Enabled:AOL"
"H:\\OnlineTV 2\\onlineTV.exe"="H:\\OnlineTV 2\\onlineTV.exe:*:Enabled:onlineTV"
"K:\\AOL 9.0\\WAOL.EXE"="K:\\AOL 9.0\\WAOL.EXE:*:ENABLED:AOL 9.0"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"H:\\OnlineTV 3\\onlineTV.exe"="H:\\OnlineTV 3\\onlineTV.exe:*:Enabled:onlineTV"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Programme\\Messenger\\msmsgs.exe"="C:\\Programme\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Programme\\Gemeinsame Dateien\\G DATA\\AVKMail\\AVKPop.exe"="C:\\Programme\\Gemeinsame Dateien\\G DATA\\AVKMail\\AVKPop.exe:127.0.0.1/255.255.255.255:Enabled:AntiVirenKit eMail Virenblocker"
"C:\\Programme\\Gemeinsame Dateien\\AOL\\ACS\\AOLDial.exe"="C:\\Programme\\Gemeinsame Dateien\\AOL\\ACS\\AOLDial.exe:*:Enabled:AOL"
"C:\\Programme\\Gemeinsame Dateien\\AOL\\ACS\\AOLAcsd.exe"="C:\\Programme\\Gemeinsame Dateien\\AOL\\ACS\\AOLAcsd.exe:*:Enabled:AOL"
"H:\\OnlineTV 2\\onlineTV.exe"="H:\\OnlineTV 2\\onlineTV.exe:*:Enabled:onlineTV"
"K:\\AOL 9.0\\WAOL.EXE"="K:\\AOL 9.0\\WAOL.EXE:*:ENABLED:AOL 9.0"
"K:\\NAMO\\WEBEDITOR 5\\BIN\\WEBEDITOR.EXE"="K:\\NAMO\\WEBEDITOR 5\\BIN\\WEBEDITOR.EXE:*:ENABLED:NAMO WEBEDITOR 5"
"K:\\SECURE SURFER\\SECSURF.EXE"="K:\\SECURE SURFER\\SECSURF.EXE:*:ENABLED:SECURE SURFER"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"H:\\Skype\\Skype.exe"="H:\\Skype\\Skype.exe:*:Enabled:Skype"
"H:\\OnlineTV 3\\onlineTV.exe"="H:\\OnlineTV 3\\onlineTV.exe:*:Enabled:onlineTV"
"C:\\Programme\\Skype\\Phone\\Skype.exe"="C:\\Programme\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Dokumente und Einstellungen\All Users
APPDATA=C:\Dokumente und Einstellungen\David Meadows\Anwendungsdaten
CLASSPATH=.;C:\Programme\Java\jre1.6.0_01\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Programme\Gemeinsame Dateien
COMPUTERNAME=DAVID
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Dokumente und Einstellungen\David Meadows
LOGONSERVER=\\DAVID
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=F:\Programme\PTP2004;F:\PTP2004;F:\PTP2001;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Programme\Gemeinsame Dateien\GIS\Tools;C:\Programme\Microsoft SQL Server\80\Tools\Binn\;C:\Programme\Support Tools\;J:\GnuPG;C:\WINDOWS\system32\gs\gs7.05\bin;C:\Programme\QuickTime\QTSystem\;F:\PTP2001;F:\PTP2004;F:\PTP2001;F:\PTP2001;F:\PTP2001;;
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 2 Stepping 4, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0204
ProgramFiles=C:\Programme
PROMPT=$P$G
QTJAVA=C:\Programme\Java\jre1.6.0_01\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOKUME~1\DAVIDM~1\LOKALE~1\Temp
TMP=C:\DOKUME~1\DAVIDM~1\LOKALE~1\Temp
USERDOMAIN=DAVID
USERNAME=David Meadows
USERPROFILE=C:\Dokumente und Einstellungen\David Meadows
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Besitzer (admin)
David Meadows (admin)
Administrator (new local, admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\Programme\DivX\DivXConverterUninstall.exe /CONVERTER
--> C:\Programme\Gemeinsame Dateien\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> C:\WINDOWS\IsUn0407.exe -fC:\WINDOWS\orun32.isu
--> C:\WINDOWS\System32\\MSIEXEC.EXE /x {09DA4F91-2A09-4232-AB8C-6BC740096DE3}
--> C:\WINDOWS\System32\\MSIEXEC.EXE /x {BE130CAB-F7AA-4660-96A2-6BCCE9743946}
--> C:\WINDOWS\unin0407.exe -fi:\vsext2\DeIsL2.isu
--> F:\PC Firewall Pro 2007\uninst.exe
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
100,000 Deluxe Graphics Pack --> C:\WINDOWS\IsUn0407.exe -f"f:\Deluxe Graphics Pack\100kui.isu"
A4 EPP Scanner v4.6 --> C:\WINDOWS\twain_32\CIS600X\UNINST.EXE
ABBYY FineReader 7.0 Professional Edition --> MsiExec.exe /I{AAF70000-22B9-4CE9-98D6-2CCF359BAC07}
ACS PC Atlas --> C:\WINDOWS\IsUninst.exe -fi:\pcatlas\UninPCAt.isu
Acs PC Atlas Manual --> "i:\pcatlas\manual\IsStub32.exe" -fi:\pcatlas\manual\DeIsL1.isu -ci:\pcatlas\manual\_ISREG32.DLL
ActiveWatch --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{9AD1DE3C-6F5F-48C7-9949-B24C136FECE7}\Setup.exe" -l0x9
Ad-Aware 2007 --> MsiExec.exe /X{0E6AB9FC-76C2-431B-9C06-6C1CFFFEA8EB}
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 8.1.1 - Deutsch --> MsiExec.exe /I{AC76BA86-7AD7-1031-7B44-A81000000003}
Adobe SVG Viewer 3.0 --> C:\Programme\Gemeinsame Dateien\Adobe\SVG Viewer 3.0\Uninstall\Winstall.exe -u -fC:\Programme\Gemeinsame Dateien\Adobe\SVG Viewer 3.0\Uninstall\Install.log
Adobe® Photoshop® Album Starter Edition 3.2 --> MsiExec.exe /I{A654A805-41D9-40C7-AA46-4AF04F044D61}
Affiliates Alert 1.0.128 --> "K:\AFFILIATES ALERT\UNINS000.EXE"
AFPL Ghostscript 7.04 --> F:\Ghostscript\uninstgs.exe "F:\Ghostscript\gs7.04\uninstal.txt"
AFPL Ghostscript Fonts --> F:\Ghostscript\uninstgs.exe "F:\Ghostscript\fonts\uninstal.txt"
AM-DeadLink 3.1 --> "K:\DEADLINK\unins000.exe"
Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
Ashampoo Internet Accelerator --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{DD6707C4-6E8F-44BC-9CE8-4BC22AF22390}\setup.exe"
Ashampoo Internet Accelerator 2.00 --> "K:\Ashampoo Internet Accelerator\unins000.exe"
Astro123 --> C:\WINDOWS\ST5UNST.EXE -n "i:\Astro123\ST5UNST.LOG"
Astro123 v1.30 --> "I:\Astro123\unins000.exe"
ASTROCLK --> C:\WINDOWS\ST5UNST.EXE -n "i:\Astroclock\ST5UNST.LOG"
Astrolabe Reports 2 - Professional Natal 2.2 --> "i:\alabe\reports\IsStub32.exe" -fi:\alabe\reports\DeIsL3.isu -ci:\alabe\reports\_ISREG32.DLL
Astrolabe Reports 2.0 --> C:\WINDOWS\uninst.exe -fi:\Alabe\Reports\DeIsL2.isu -ci:\Alabe\Reports\_ISREG32.DLL
Astrolabe Reports Core --> "I:\Alabe\Reports\IsStub32.exe" -fI:\Alabe\Reports\DeIsL1.isu -cI:\Alabe\Reports\_ISREG32.DLL
AstroTides --> C:\WINDOWS\uninst.exe -fI:\AstroTides\DeIsL1.isu -cI:\AstroTides\_ISREG32.DLL
ASTROWIN --> C:\WINDOWS\ST5UNST.EXE -n "i:\Astrowin\ST5UNST.LOG"
AstroWin v3.50 --> "I:\Astrowin\unins000.exe"
Atomic-Win-Clock --> MsiExec.exe /I{365CB7F9-5800-4319-B4E4-1F794EAA2BCB}
Atomic-Win-Clock --> MsiExec.exe /I{A7E19B04-7B98-42D4-B426-B51977BD0B98}
AttachmentOptions --> MsiExec.exe /I{DFD768CC-7A59-45B0-9C23-C5F625C3897E}
Audacity 1.2.6 --> "F:\Audacity\unins000.exe"
Audri Lanford Automation Interview with Corey Rudl --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{1DE3E259-AE33-4B93-8C71-94A7081F5E02}\Setup.exe"
Autostart-Manager --> MsiExec.exe /I{1B324010-E837-4E06-8355-13F5F5421112}
Autostart-Manager --> MsiExec.exe /I{29B2294D-06B1-4A06-AB49-3E8234734B3B}
Autostart-Manager --> MsiExec.exe /I{6D66574C-A441-4972-9F66-401CA32DBE7F}
Autostart-Manager 2006 --> MsiExec.exe /I{3B11379A-9196-4228-981A-BB255E13109E}
AutoText --> MsiExec.exe /I{B4B41D5C-93C2-4524-B846-8E27D21B0EBB}
AutoText --> MsiExec.exe /I{D82172E9-124D-427B-8D33-24A5D3B1F599}
Backgammon Pro für Windows V1.5 --> H:\BGPROW\UNWISE.EXE H:\BGPROW\INSTALL.LOG
Before You Know It 3.6 --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{BA44D42C-5A97-4043-8102-CF8E0E0D01B1}\Setup.exe" -l0x9
Belarc Advisor 6.1 --> C:\PROGRA~1\Belarc\Advisor\Uninstall.exe C:\PROGRA~1\Belarc\Advisor\INSTALL.LOG
BlackWidow --> K:\BLACKW~1\UNINST~1.EXE K:\BLACKW~1\INSTALL.LOG
Brockhaus multimedial Atlas 2004 --> MsiExec.exe /I{4E2DC494-526B-4DA8-A220-87F41F6F20CF}
Brother 1850 --> C:\WINDOWS\IsUn0407.exe -fC:\Programme\Brother\BRHL1850\DeIsL1.isu -cBRUNI185.dll
Brownie --> C:\WINDOWS\IsUninst.exe -fC:\Programme\Brownie\Uninst.isu
Caere Scan Manager 4.02 --> C:\WINDOWS\UNSCAN40.EXE -f"C:\Programme\Gemeinsame Dateien\Caere\Scan Manager\DeIsL1.isu"
CCleaner (remove only) --> "K:\CCleaner\uninst.exe"
Centermail --> MsiExec.exe /I{4784B44D-B4F0-475C-9E45-18D33D165F8D}
Centermail --> MsiExec.exe /I{B98AE238-2DEE-4EFF-BA38-CE36DF5DB7BB}
CHIPDRIVE - Gerätetreiber V2.14.41 --> C:\WINDOWS\setp-twk.exe uninstall scn=CHIPDRIVE mcn=TOWITOKO
ChronosXP --> MsiExec.exe /I{C1909CD4-4CAE-4B83-ACEE-079BC24AC410}
ClearProg 1.5.0 Final --> K:\CLEARPROG\Uninstall.exe
Click-Crypt --> MsiExec.exe /X{B722FBCA-350B-4B54-B465-D183421D3401}
ClickCrypt --> MsiExec.exe /I{FBB9C36D-70BB-4E59-BF44-53CECA4497C3}
Client für die Windows-Rechteverwaltung --> MsiExec.exe /X{EC905264-BCFE-423B-9C42-C3A106266790}
CodeStuff Starter --> "F:\CodeStuff\Starter\unStarter.exe"
Compatibility Pack für 2007 Office System --> MsiExec.exe /X{90120000-0020-0407-0000-0000000FF1CE}
concept/design onlineTV 3 --> "H:\OnlineTV 3\unins000.exe"
Copernic Agent Basic --> "C:\WINDOWS\COPERNICAGENTUNINSTALL.EXE" /ARGSFILE="K:\COPERNIC AGENT\UNWISE.DAT"
CrackZ & SerialZ-Sniper 1 --> C:\WINDOWS\uninstall\CrackZ & SerialZ-Sniper\setup.exe
Cutting Edge eBook --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{84C3A24A-5204-48A1-BFF1-B27694CBF5E1}\Setup.exe"
DAO 3.5/3.6 --> C:\WINDOWS\IsUn0407.exe -f"C:\Programme\Gemeinsame Dateien\Lexware\Dao\Uninst.isu"
DAO 3.6 --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{5A079749-C925-11D5-8229-00500440ED05}\setup.exe"
DasTelefonbuch. Alles in einem. München 2007 --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{014FD902-F3D4-44FC-B643-9E18D5C6E5F1}\Setup.exe"
Deinstallation Arbeitszeugnis-Generator --> "H:\Arbeitszeugnis Generator\unins000.exe"
Digitale Telefonauskunft auf CD-ROM --> C:\Programme\InstallShield Installation Information\{1FC11AA5-49F6-4567-BEB6-6744BE8DB84C}\setup.exe -runfromtemp -l0x0007 -removeonly
DivX Codec --> C:\Programme\DivX\DivXCodecUninstall.exe /CODEC
DivX Content Uploader --> C:\Programme\DivX\DivXContentUploaderUninstall.exe /CUPLOADER
DivX Converter --> C:\Programme\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player --> C:\Programme\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player --> C:\Programme\DivX\DivXWebPlayerUninstall.exe /PLUGIN
Download Manager --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{D59B81CF-8558-41E2-AB04-4BA770158AAA}\Setup.exe" -l0x9
Dr. Hardware 2004 --> RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\D2004CDV.INF, DefaultUninstall.ntx86
Dr. Hardware 2004 5.5.0d --> RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\D2004GER.INF, DefaultUninstall.ntx86
DriveImage XML --> "F:\DriveImage XML\Uninstall.exe" "F:\DriveImage XML\install.log" -u
Earn Staggering Fees Selling Your Service on the Net --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{C1F7E124-706A-4F89-B76E-FDB926CAFB34}\Setup.exe"
EasyCleaner --> C:\WINDOWS\UNINST.EXE -FK:\EASYCLEANER\DEISL1.ISU -CK:\EASYCLEANER\_ISREG32.DLL
EasyCleaner --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{F5346614-B7C4-4E94-826A-E2363155233D}\setup.exe" -l0x9
eBook Pro Viewer 5.54 --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{E0233B01-BE70-4D0B-8B69-64331593535C}\Setup.exe"
eBot --> C:\WINDOWS\DownloadWizard\DownloadWizard.exe UNINSTALL
EF Commander Free --> F:\EF Commander\UnInst.exe
Election Helper --> C:\WINDOWS\ST5UNST.EXE -n "i:\ELECTION\ST5UNST.LOG"
Encyclopaedia Britannica 2006 Ultimate Reference Suite DVD --> "L:\BRITANNICA 2006\ULTIMATE REFERENCE SUITE DVD\UNINSTALLERDATA\UNINSTALL ENCYCLOPAEDIA BRITANNICA 2006 ULTIMATE REFERENCE SUITE DVD.EXE"
ERUNT 1.1j --> C:\Programme\ERUNT\unins000.exe
EVEREST Home Edition v2.20 --> "C:\Programme\Everest Home Edition\unins000.exe"
FireTune --> C:\WINDOWS\iun6002.exe "K:\Firetune\irunin.ini"
FLV Player 1.3.3 --> "H:\FLVPlayer\uninstall.exe"
Format- und Konvertierungs-Assistent --> F:\SMARTT~1\FKAssi\UNWISE.EXE F:\SMARTT~1\FKAssi\INSTALL.LOG
Fotostory 3 für Windows --> MsiExec.exe /I{4F41AD68-89F2-4262-A32C-2F70B01FCE9E}
Foxmail --> K:\FOXMAIL\UNINS001.EXE
Foxmail 4.2 deutsch --> K:\FOXMAIL\UNINS000.EXE
FraudEliminator 2.3.0 --> MsiExec.exe /X{91AE4961-E70A-43D6-9C24-CEED4E5DE9FC}
FreeCommander 2007.10 --> "F:\FreeCommander\unins000.exe"
FreeMind --> "F:\FreeMind\unins000.exe"
G DATA AntiVirenKit --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{B9D1079B-9BB3-4826-92B1-D50B1F25C838}\setup.exe" -l0x7 -removeonly
GEAR 32bit Driver Installer --> MsiExec.exe /X{E89B484C-B913-49A0-959B-89E836001658}
GEK Management 2001 --> H:\GEK Management 2001\uninst.exe
GelbeSeiten Für München 2007/2008 --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{9927D1BC-3DD4-4365-829D-FEAD2A420ECE}\Setup.exe"
Get Net Ready 2005 1.0 --> "K:\INSTANT DIY WEBSITE\GETNETREADY 2005\VIDEO\UNINSTALL.EXE"
GetFoldersize 1.2 --> F:\GetFoldersize\unins000.exe
GIMP 2.4.1 --> "F:\Gimp\setup\unins000.exe"
Good Keywords v1.5g --> "K:\GOOD KEYWORDS\UNINS000.EXE"
Good Keywords v2.01.082907 --> "K:\Good Keywords\unins001.exe"
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\programme\google\googletoolbar5.dll"
Großer Reiseplaner --> C:\WINDOWS\IsUn0407.exe -f"G:\Marco Polo Reiseplaner\tc7r1.isu"
GSview 4.3 --> F:\GS View\gsview\uninstgs.exe "F:\GS View\gsview\uninstal.txt"
Guardant driver --> "C:\WINDOWS\system32\rundll32.exe" grddrv32.dll,GD_UninstallDriver 1
GVDownloader --> MsiExec.exe /I{BE6AC902-190B-49D7-8844-419F1E156426}
HackDetect 1.0 --> F:\HackDetect\unins000.exe
Harvard Publisher 6.0 --> C:\WINDOWS\IsUn0407.exe -f"f:\Harvard Publisher\UninstHP60.isu"
Harvard Publisher 6.0 Inhalts-CD-ROM --> C:\WINDOWS\IsUn0407.exe -f"f:\Harvard Publisher\hp60design1.isu"
Haufe Steuern und Buchführung --> C:\WINDOWS\IsUn0407.exe -ff:\Haufe\SUB\SUB.isu
HaufeReader --> C:\WINDOWS\IsUn0407.exe -f"f:\Haufe\Haufer Reader\HaufeReader.isu"
Hide-My-Address --> MsiExec.exe /X{955368DB-4B7A-4DB3-A54A-E34EF24C3787}
Hide-My-Code --> MsiExec.exe /I{3DF9B3F1-07EF-47C8-9B18-B730D0661AB9}
Hide-My-Code --> MsiExec.exe /I{D27E2122-6C71-4818-9CE1-0C6D740C7714}
HighMAT-Erweiterung für den Microsoft Windows XP-Assistenten zum Schreiben von CDs --> MsiExec.exe /X{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}
HijackThis 2.0.2 --> "K:\HijackThis\HijackThis.exe" /uninstall
Homepage-ObServer --> MsiExec.exe /I{A40D345F-EF28-4956-BF54-B66688D63C96}
Horizons - 1.00.10 --> I:\Horizons\UNWISE.EXE I:\Horizons\Horizons.log
Horizons - 1.00.11 --> I:\Horizons\UNWISE.EXE I:\Horizons\Horizons.log
Horizons - 1.00.12 --> I:\Horizons\UNWISE.EXE I:\Horizons\Horizons.log
Hotfix für Windows XP (KB906569) --> "C:\WINDOWS\$NtUninstallKB906569$\spuninst\spuninst.exe"
Hotfix für Windows XP (KB914440) --> "C:\WINDOWS\$NtUninstallKB914440$\spuninst\spuninst.exe"
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
HS Euro Kalkulator --> F:\Eurokalk\UNWISE.EXE
HS Mehrwertsteuer --> F:\Mehrwert\UNWISE.EXE F:\Mehrwert\INSTALL.LOG
HS Mehrwertsteuer 3.23 --> F:\Mehrwert\UNWISE.EXE F:\Mehrwert\INSTALL.LOG
HS Nettoeinkommen Pro --> H:\NettoPro\UNWISE.EXE
HS Nettoeinkommen Pro 2007 --> H:\NettoPro\UNWISE.EXE
I-Counter --> MsiExec.exe /I{35235C49-2373-41C0-8F7D-175F0F733AD9}
IBM ViaVoice Outloud Runtime - Deutsch --> C:\WINDOWS\IsUn0407.exe -f"f:\viavoice outloud\DeIsL14.isu"
IBM ViaVoice Outloud Runtime - US English --> C:\WINDOWS\IsUninst.exe -f"f:\viavoice outloud\DeIsL15.isu"
Image Optimizer 4 deutsch --> "F:\Image Optimizer\\uninstall.exe"
InCD (Ahead Software) --> C:\WINDOWS\NuNInst.exe /UNINSTALL
InfoBibliothek --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{F5FB4B71-6301-11D4-9AD1-00A0C9B0C5F6}\setup.exe"
Install Parashara's Light Fonts --> C:\WINDOWS\uninst.exe -f"C:\Install Parashara's Light Fonts\DeIsL1.isu" -c"C:\Install Parashara's Light Fonts\_ISREG32.DLL"
Instant DIY Websites 2005 1.0 --> "K:\INSTANT DIY WEBSITE\MAIN DOWNLOADS\NVU TUTORIAL\UNINSTALL.EXE"
Instant DIY Websites 2005 Frontpage 1.0 --> "K:\INSTANT DIY WEBSITE\MAIN DOWNLOADS\FRONTPAGE 2003 TUTORIAL\UNINSTALL.EXE"
Internet Cache Explorer --> C:\WINDOWS\SYSTEM32\GKSUI16.EXE K:\INTERNET CACHE EXPLORER V1.4.03A\\UNINSTAL.DAT
InterVideo WinDVD --> "C:\Programme\InstallShield Installation Information\{C1939820-A945-11D4-86F6-0001031E5712}\setup.exe" REMOVEALL
IPIX ActiveX Viewer --> C:\WINDOWS\Unwise.exe /a C:\WINDOWS\occache\IPIXActX.log
IrfanView (remove only) --> H:\IrfanView\iv_uninstall.exe
J2SE Development Kit 5.0 Update 7 --> MsiExec.exe /I{32A3A4F4-B792-11D6-A78A-00B0D0150070}
J2SE Runtime Environment 5.0 Update 4 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150040}
J2SE Runtime Environment 5.0 Update 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
J2SE Runtime Environment 5.0 Update 7 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150070}
Janus 3.0 Update 17 Sep 2003 --> C:\WINDOWS\ST5UNST.EXE -n "i:\Janus\ST5UNST.002"
Janus 3.0 Update 23 Apr 2003 --> C:\WINDOWS\ST5UNST.EXE -n "i:\Janus\ST5UNST.001"
Janus 3.0 Update 24 Jun 2002 --> C:\WINDOWS\ST5UNST.EXE -n "i:\Janus\ST5UNST.000"
Janus 3.0 Update 6 Mar 2007 --> C:\WINDOWS\ST5UNST.EXE -n "i:\Janus\ST5UNST.003"
Jasc Paint Shop Pro 8 --> MsiExec.exe /I{81A34902-9D0B-4920-A25C-4CDC5D14B328}
Jasc Paint Shop Pro 8.10 Update Patch --> F:\Paint Shop Pro 8\Unwise.exe /R /U F:\PAINTS~1\INSTALL.LOG
Java 2 Runtime Environment Standard Edition v1.3.1 --> C:\WINDOWS\ISUNINST.EXE -FK:\JAVASOFT\UNINST.ISU
Java 2 Runtime Environment, SE v1.4.0_01 --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{7CF31609-270B-11D6-9445-000102308676}\Setup.exe" Anytext
Java 2 Runtime Environment, SE v1.4.0_03 --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{AC1E4C93-C1E7-11D6-9D10-00010240CE95}\Setup.exe" Anytext
Java 2 Runtime Environment, SE v1.4.1_01 --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{1666FA7C-CB5F-11D6-A78C-00B0D079AF64}\setup.exe" Anytext
Java 2 Runtime Environment, SE v1.4.2_01 --> MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142010}
Java Web Start --> "C:\Programme\Java Web Start\uninst-javaws.exe"
Java™ 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
JGoodies JDiskReport 1.3.0 --> "F:\JDiskReport 1.3.0\uninstall.exe"
Jigsaw 2 Manual --> "i:\jigsaw\JS2UserGuide\IsStub32.exe" -fi:\jigsaw\JS2UserGuide\DeIsL1.isu -ci:\jigsaw\JS2UserGuide\_ISREG32.DLL
JigSaw v2 --> C:\WINDOWS\uninst.exe -fI:\JIGSAW\DeIsL1.isu -cI:\JIGSAW\_ISREG32.DLL
Kakuro Master --> C:\WINDOWS\unvise32.exe H:\Kakuro Master Demo\uninstal.log
Kakuro v0.7.0.0 --> "H:\Kakuro\unins000.exe"
Keywords Analyzer SEO Pro 7 --> "F:\KeywordsAnalyzer7\unins000.exe"
KKH-TopSystem --> C:\WINDOWS\IsUn0407.exe -fH:\KKH-TopSystem\KHUninst.isu
KlipFolio (remove only) --> "K:\KLIPFOLIO\KlipFolio.exe" /UNINSTALL
KompoZer 0.77 --> "F:\KompoZer\unins000.exe"
Learn2 Player (Uninstall Only) --> C:\Programme\Learn2.com\StRunner\stuninst.exe
Lets Trade Komponenten --> rundll32 C:\WINDOWS\fpuninst.dll,Uninstall
Lexware anlagenverwaltung 2.10 --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{41902FDC-4EA0-11D5-98FB-00104B45E05E}\setup.exe"
Lexware eBusiness --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{BC37D56E-943C-11D4-9B01-0050044B1327}\setup.exe" WEGDAMIT
Lexware financial analyse --> C:\WINDOWS\IsUn0407.exe -ff:\lexware\Analyse\Analyse.isu
Link Defender --> K:\LINKDE~1\UNWISE.EXE K:\LINKDE~1\INSTALL20.LOG
Link Defender Update --> K:\LINKDE~1\UNWISE.EXE K:\LINKDE~1\INSTAL~1.LOG
LiveUpdate --> C:\Programme\Symantec\LiveUpdate\Uninst.exe -u
Lotus Organizer 5.0 --> C:\WINDOWS\lunin11.exe /T Organizer /V 99.0 /I "f:\lotus\organize\org.inf" /C "f:\lotus\organize\cinstall.ini" /O c:\uninst.log /L DE /U ME the user
Macromedia Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~2\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~2\Install.log
MagiAstroSoft v7.87 --> "C:\Programme\MagiAstroSoft\unins000.exe"
MagiSoft --> C:\WINDOWS\ST5UNST.EXE -n "C:\MagiSoft\ST5UNST.LOG"
Maitreya's Dream 3.2.2 --> "I:\Maitreya's Dream\unins000.exe"
MATCHMKR --> C:\WINDOWS\ST5UNST.EXE -n "i:\Matchmaker\ST5UNST.LOG"
McAfee SiteAdvisor --> C:\Programme\SiteAdvisor\6172\uninstall.exe
mediaPlay --> MsiExec.exe /X{11E0A1C9-38ED-43FE-92CD-E3B395A9C297}
MemoKit --> F:\MemoKit\uninstall.exe
Meta Magician 2 --> K:\METAMA~1\UNWISE.EXE K:\METAMA~1\INSTALL.LOG
MetaTrader 4.00 --> "H:\MetaTrader 4\Uninstall.exe" "H:\MetaTrader 4\install.log"
Microsoft AutoRoute 2002 --> MsiExec.exe /I{F7F2DC0A-C22E-49AD-AD37-797309A54E7B}
Microsoft Baseline Security Analyzer 2.0.1 --> MsiExec.exe /I{7F231232-C309-4401-964A-2A002B6E1ED9}
Microsoft Bootvis --> MsiExec.exe /I{0F9196C6-58B4-445B-B56E-B1200FECC151}
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Data Access Components KB870669 --> C:\WINDOWS\muninst.exe C:\WINDOWS\INF\KB870669.inf
Microsoft Encarta Enzyklopädie 2002 --> MsiExec.exe /I{01008202-823E-46CD-A70E-BEE818F97169}
Microsoft Encarta Recherche-Planer --> "G:\Encarta Research Organizer\EROunins.exe" /uninstall
Microsoft Encarta Weltatlas 2000 --> "G:\Encarta Weltatlas 2000\evgunnst.exe" /uninstall
Microsoft MSN MoneyCentral Stock Quotes Add-In for Excel --> MsiExec.exe /X{A99C1048-A569-4B65-A3DD-3584B0A4AA69}
Microsoft Office 2000 SR-1 Disc 2 --> MsiExec.exe /I{00040407-78E1-11D2-B60F-006097C998E7}
Microsoft Office FrontPage 2003 --> MsiExec.exe /I{91170407-6000-11D3-8CFE-0150048383C9}
Microsoft Office Professional Edition 2003 --> MsiExec.exe /I{91110407-6000-11D3-8CFE-0150048383C9}
Microsoft Outlook-Sicherung für Persönliche Ordner --> MsiExec.exe /X{C63E7C60-25EB-11D3-8EDA-00A0C911E8E5}
Microsoft Picture It! Foto 2002 --> MsiExec.exe /I{C769A271-7E1C-48F9-B331-474600DD4C06}
Microsoft Rechner-Plus --> MsiExec.exe /I{437C19B3-7E20-4E39-B868-CA6BAA820E1C}
Microsoft SQL Server Desktop Engine (MICROSOFTSMLBIZ) --> MsiExec.exe /X{E09B48B5-E141-427A-AB0C-D3605127224A}
Microsoft Time Zone --> MsiExec.exe /I{03F7DFF0-A406-4F1A-9E37-F75E6D614ABC}
Microsoft TV Photo Viewer --> MsiExec.exe /X{A22403F4-44E9-4724-B34F-071A4402C43E}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Microsoft Windows-Journal-Viewer --> MsiExec.exe /X{43DCF766-6838-4F9A-8C91-D92DA586DFA7}
Microsoft Works 2002-Setup-Start --> C:\Programme\Microsoft Works Suite 2002\Setup\Launcher.exe D:\
Microsoft Works 6.0 --> MsiExec.exe /I{ED5EDCD0-5745-4B13-8061-58C9833FD06D}
Microsoft Works Suite-Add-Ins für Microsoft Word --> MsiExec.exe /I{25F60491-F5AB-4985-9354-37C146783F35}
Microsoft XML Parser und SDK --> MsiExec.exe /I{35343FF7-939B-401A-87B3-FF90A5123D88}
Microsoft XML Parser und SDK --> MsiExec.exe /I{3E908702-AF35-4611-9518-955DA24B7E07}
MozBackup 1.4.7 --> "K:\MozBackup\unins000.exe"
Mozilla Firefox (1.5) --> K:\Firefox\uninstall\uninstall.exe /ua "1.5 (de)"
Mozilla Firefox (2.0.0.9) --> R:\Portable Firefox\App\firefox\uninstall\helper.exe
Mozilla Sunbird (0.7) --> F:\Sunbird\uninstall\uninst.exe
Mozilla Thunderbird (2.0.0.9) --> R:\Portable Thunderbird\App\thunderbird\uninstall\helper.exe
MSP3885-E 56K PCI Modem --> C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_14F1&DEV_2F00&SUBSYS_8D88122D\HxfSETUP.EXE -U -IVEN_14F1&DEV_2F00&SUBSYS_8D88122D
Mustek 1200 CP v4.7 --> C:\WINDOWS\twain_32\CIS600X\UNINST.EXE
MWSnap 3 --> "F:\MWSnap\uninstall.exe"
MwSt-Mini --> F:\Mehrwert\UNWISE.EXE F:\Mehrwert\INSTALL.LOG
Namo WebEditor 5 --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{F0696CA8-CD01-4E27-BB5E-702CA0A9ED29}\setup.exe"
Nero - Burning Rom --> MsiExec.exe /X{A4D7B764-4140-11D4-88EB-0050DA3579C0}
Netcraft Toolbar --> MsiExec.exe /I{00F87673-B929-4644-9322-7243E8289B54}
Niche Browser --> "K:\Niche Browser\unins000.exe"
Norton Commander --> C:\WINDOWS\IsUninst.exe -f"f:\Norton Commander\uninst.isu" -cNC_INST.DLL
NoteTab Light 5 (Remove only) --> "F:\NoteTab Light\unins000.exe"
Nova Chartwheels --> "i:\Nova Chartwheels\IsStub32.exe" -f"i:\Nova Chartwheels\DeIsL1.isu" -c"i:\Nova Chartwheels\_ISREG32.DLL"
NVIDIA Display Driver --> C:\WINDOWS\System32\nvudisp.exe Uninstall C:\WINDOWS\System32\nvdisp.nvu,NVIDIA Display Driver
NVIDIA Windows 2000/XP Display Drivers --> rundll32.exe C:\WINDOWS\System32\nvinstnt.dll,NvUninstallNT4 nv4_disp.inf
O&O Defrag Professional Edition --> MsiExec.exe /I{53480370-6CA2-47EC-BC05-02B4B9271C31}
Oak Systems Kakuro Works --> "H:\Kakuro Works\Uninstall.exe" "H:\Kakuro Works\install.log" -u
Office-Bibliothek 4.0 --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{54971F17-9D16-4D43-95D6-3A86E3D20EDB}\setup.exe" -uninst
OmniPage Pro 9.0 --> f:\OmniPagePro90\uninstall.exe -f"f:\OmniPagePro90\DeIsL1.isu"
OpenOffice.org 2.3 --> MsiExec.exe /I{A625D45F-1DC4-47FB-ABCF-6B27684AA717}
Opera 9.24 --> MsiExec.exe /X{05ACA3FE-1029-408D-82B7-8130E1A91CDF}
orlogix Backup MyPC --> MsiExec.exe /I{BE130CAB-F7AA-4660-96A2-6BCCE9743946}
Orlogix Backup MyPC Update Manager --> MsiExec.exe /I{09DA4F91-2A09-4232-AB8C-6BC740096DE3}
Password Magic --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{584F988F-492D-4ABE-B40A-70773850E38A}\setup.exe"
PC Booster --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{BA0601E1-B65C-11D5-80A9-0000B494D9A6}\setup.exe" -l0x7
PC Firewall Pro 2007 --> "F:\PC Firewall Pro 2007\unins000.exe"
PDF-Analyzer --> F:\PDF-Analyzer\Uninstal.exe
PDF-Analyzer 2.0 --> F:\PDF-Analyzer\Uninstal.exe
PDF-Analyzer 2.5 --> F:\PDF-Analyzer\Uninstal.exe
PDF-Analyzer 3.0 --> F:\PDF-Analyzer\Uninstal.exe
PDF2HTML powered by webdesign-forum.de v3.0 --> "F:\PDF2HTML\unins000.exe"
Perfect FTP --> MsiExec.exe /X{42A74897-DE10-11D5-AB0D-000374890932}
Personal Translator 2004 Office plus --> F:\PTP2004\UNWISE.EXE F:\PTP2004\INSTALL.LOG
phonostar-Player Version 2.01.0 --> "H:\Phonostar\unins000.exe"
Photovista Panorama 2.02 --> "H:\Photovista 2.02\UninstallerData\Uninstall Photovista Panorama 2.02.exe"
Piece-Maker --> MsiExec.exe /I{BB63BE32-C9BC-47A5-9923-C0C4A598D52E}
Placidus NK 4.0 --> C:\WINDOWS\uninst.exe -fi:\Placidus\DeIsL1.isu -ci:\Placidus\_ISREG32.DLL
POP3-Killer --> MsiExec.exe /I{1B046D15-EC86-4FF8-9CF5-43B14FC4937C}
POP3-Killer --> MsiExec.exe /I{DE31E0B5-5F4B-49AF-998E-2969A47EF80E}
PopHR --> C:\WINDOWS\ST5UNST.EXE -n "i:\PopHR\ST5UNST.LOG"
PowerQuest Drive Image 7.0 --> MsiExec.exe /X{8D538DFC-1E7A-45F0-9C7B-D8B6629CC2DC}
PowerQuest PartitionMagic 7.0 --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{1E5007FA-DA5E-4EDD-BDE5-14D128D66887}\Setup.exe"
Powertoys For Windows XP --> MsiExec.exe /I{6C31E111-96BB-4ADC-9C81-E6D3EEDDD8D3}
Preispiraten --> "K:\Preispiraten\Uninstall.exe" "K:\Preispiraten\install.log" -u
Professional Numerologist --> "I:\Professional Numerologist\Uninstall.exe" "I:\Professional Numerologist\install.log"
ProgTran v2.34 --> "I:\ProgTran\unins000.exe"
Quick View Plus --> C:\WINDOWS\UNINSQVP.EXE
QuickTime --> MsiExec.exe /I{5B09BD67-4C99-46A1-8161-B7208CE18121}
Real-DRAW Pro 3.1 --> F:\RealDRAW\unins000.exe
RealPlayer --> C:\Programme\Gemeinsame Dateien\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
RedMon - Druckeranschluß-Umleitungsmonitor --> C:\WINDOWS\System32\unredmon.exe
RedShift 4 --> C:\WINDOWS\IsUninst.exe -fi:\RedShift4\Uninst.isu
Registry-Dompteur --> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\RegDom.inf
Registry System Wizard --> "F:\Registry System Wizard\unins000.exe"
Remove Jyotish --> I:\PL2000\unstall.exe
SAGEM F@st 800-840 --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{4AE3A0CB-87B0-4F51-BECD-3D1F8DFDD62F}\setup.exe" -l0x7
ScanSoft PDF Professional 3.0 --> MsiExec.exe /I{B63C8315-DCDF-4BCB-BE19-3958D1A849B5}
SeaMonkey (1.1.6) --> C:\WINDOWS\SeaMonkeyUninstall.exe /ua "1.1.6 (de)"
Secure Surfer --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{8AC3BD96-8BE0-44A1-8AAE-518E3D40FE5A}\Setup.exe"
Serials 2000 7.1+ --> "K:\SERIALS 2000\UNINS000.EXE"
Shockwave --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Sicherheitsupdate für Step by Step Interactive Training (KB898458) --> "C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
Sicherheitsupdate für Step by Step Interactive Training (KB923723) --> "C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB883939) --> "C:\WINDOWS\$NtUninstallKB883939$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB890046) --> "C:\WINDOWS\$NtUninstallKB890046$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB893756) --> "C:\WINDOWS\$NtUninstallKB893756$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB896358) --> "C:\WINDOWS\$NtUninstallKB896358$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB896422) --> "C:\WINDOWS\$NtUninstallKB896422$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB896423) --> "C:\WINDOWS\$NtUninstallKB896423$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB896424) --> "C:\WINDOWS\$NtUninstallKB896424$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB896428) --> "C:\WINDOWS\$NtUninstallKB896428$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB896688) --> "C:\WINDOWS\$NtUninstallKB896688$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB899587) --> "C:\WINDOWS\$NtUninstallKB899587$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB899588) --> "C:\WINDOWS\$NtUninstallKB899588$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB899591) --> "C:\WINDOWS\$NtUninstallKB899591$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB900725) --> "C:\WINDOWS\$NtUninstallKB900725$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB901017) --> "C:\WINDOWS\$NtUninstallKB901017$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB901214) --> "C:\WINDOWS\$NtUninstallKB901214$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB902400) --> "C:\WINDOWS\$NtUninstallKB902400$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB903235) --> "C:\WINDOWS\$NtUninstallKB903235$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB904706) --> "C:\WINDOWS\$NtUninstallKB904706$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB905414) --> "C:\WINDOWS\$NtUninstallKB905414$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB905749) --> "C:\WINDOWS\$NtUninstallKB905749$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB905915) --> "C:\WINDOWS\$NtUninstallKB905915$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB908519) --> "C:\WINDOWS\$NtUninstallKB908519$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB908531) --> "C:\WINDOWS\$NtUninstallKB908531$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB911280) --> "C:\WINDOWS\$NtUninstallKB911280$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB911562) --> "C:\WINDOWS\$NtUninstallKB911562$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB911567) --> "C:\WINDOWS\$NtUninstallKB911567$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB911927) --> "C:\WINDOWS\$NtUninstallKB911927$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB912812) --> "C:\WINDOWS\$NtUninstallKB912812$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB912919) --> "C:\WINDOWS\$NtUninstallKB912919$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB913446) --> "C:\WINDOWS\$NtUninstallKB913446$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB913580) --> "C:\WINDOWS\$NtUninstallKB913580$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB914388) --> "C:\WINDOWS\$NtUninstallKB914388$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB914389) --> "C:\WINDOWS\$NtUninstallKB914389$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB916281) --> "C:\WINDOWS\$NtUninstallKB916281$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB917159) --> "C:\WINDOWS\$NtUninstallKB917159$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB917344) --> "C:\WINDOWS\$NtUninstallKB917344$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB917422) --> "C:\WINDOWS\$NtUninstallKB917422$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB917953) --> "C:\WINDOWS\$NtUninstallKB917953$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB918118) --> "C:\WINDOWS\$NtUninstallKB918118$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB918439) --> "C:\WINDOWS\$NtUninstallKB918439$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB918899) --> "C:\WINDOWS\$NtUninstallKB918899$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB919007) --> "C:\WINDOWS\$NtUninstallKB919007$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB920213) --> "C:\WINDOWS\$NtUninstallKB920213$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB920214) --> "C:\WINDOWS\$NtUninstallKB920214$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB920670) --> "C:\WINDOWS\$NtUninstallKB920670$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB920683) --> "C:\WINDOWS\$NtUninstallKB920683$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB920685) --> "C:\WINDOWS\$NtUninstallKB920685$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB921398) --> "C:\WINDOWS\$NtUninstallKB921398$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB921503) --> "C:\WINDOWS\$NtUninstallKB921503$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB921883) --> "C:\WINDOWS\$NtUninstallKB921883$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB922616) --> "C:\WINDOWS\$NtUninstallKB922616$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB922819) --> "C:\WINDOWS\$NtUninstallKB922819$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB923191) --> "C:\WINDOWS\$NtUninstallKB923191$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB923414) --> "C:\WINDOWS\$NtUninstallKB923414$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB923694) --> "C:\WINDOWS\$NtUninstallKB923694$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB923980) --> "C:\WINDOWS\$NtUninstallKB923980$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB924191) --> "C:\WINDOWS\$NtUninstallKB924191$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB924270) --> "C:\WINDOWS\$NtUninstallKB924270$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB924496) --> "C:\WINDOWS\$NtUninstallKB924496$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB924667) --> "C:\WINDOWS\$NtUninstallKB924667$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB925486) --> "C:\WINDOWS\$NtUninstallKB925486$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB925902) --> "C:\WINDOWS\$NtUninstallKB925902$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB926255) --> "C:\WINDOWS\$NtUninstallKB926255$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB926436) --> "C:\WINDOWS\$NtUninstallKB926436$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB927779) --> "C:\WINDOWS\$NtUninstallKB927779$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB927802) --> "C:\WINDOWS\$NtUninstallKB927802$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB928255) --> "C:\WINDOWS\$NtUninstallKB928255$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB928843) --> "C:\WINDOWS\$NtUninstallKB928843$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB929123) --> "C:\WINDOWS\$NtUninstallKB929123$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB930178) --> "C:\WINDOWS\$NtUninstallKB930178$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB931261) --> "C:\WINDOWS\$NtUninstallKB931261$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB931784) --> "C:\WINDOWS\$NtUninstallKB931784$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB932168) --> "C:\WINDOWS\$NtUninstallKB932168$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB933729) --> "C:\WINDOWS\$NtUninstallKB933729$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB935839) --> "C:\WINDOWS\$NtUninstallKB935839$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB935840) --> "C:\WINDOWS\$NtUninstallKB935840$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB936021) --> "C:\WINDOWS\$NtUninstallKB936021$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB938829) --> "C:\WINDOWS\$NtUninstallKB938829$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB941202) --> "C:\WINDOWS\$NtUninstallKB941202$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB943460) --> "C:\WINDOWS\$NtUninstallKB943460$\spuninst\spuninst.exe"
Simple Sudoku 4.2 --> "H:\Simple Sudoku\unins000.exe"
Skat 3000 SE --> "H:\Skat 3000 Special Edition\unins000.exe"
Skype™ 3.6 --> MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
SlimBrowser (remove only) --> "K:\SLIMBROWSER\uninst.exe"
Snooker147 & Poolster 1.3 --> C:\WINDOWS\uninst.exe -fh:\snooker147\DeIsL1.isu
Solar Fire Deluxe --> MsiExec.exe /X{871DF9AF-8E0E-462F-973C-F5045759B79E}
Solar Fire Gold (Beta) --> MsiExec.exe /X{E3A0960E-46AE-430E-A6A4-30A60DF6327B}
Solar Maps v3 --> C:\WINDOWS\uninst.exe -f"i:\solar maps\DeIsL2.isu" -ci:\SOLARM~1\_ISREG32.DLL
Solar Spark --> C:\WINDOWS\uninst.exe -fI:\SOLSPARK\DeIsL1.isu -cI:\SOLSPARK\_ISREG32.DLL
Solar Writer --> C:\WINDOWS\uninst.exe -fI:\SOLWRITE\DeIsL2.isu -cI:\SOLWRITE\_ISREG32.DLL
Solar Writer Engine --> MsiExec.exe /X{C121EE2F-3CF1-4FB7-923A-B5D8C3D595D2}
SopCast 1.1.2 --> H:\SopCast\uninst.exe
SP500 - Stock and Planets 500 v.2.1 --> I:\SP500\uninst.exe
Spam Blocker --> C:\WINDOWS\SBUn.EXE /UnInst:"C:\WINDOWS\SpamBlocker_Uninstall.ins"
SpeedCommander 9 --> F:\SpeedCommander 9\Uninstall.exe
Spelling Dictionaries Support For Adobe Reader 8 --> MsiExec.exe /I{AC76BA86-7AD7-5464-3428-800000000003}
Spybot - Search & Destroy --> "K:\Spybot\unins001.exe"
Spybot - Search & Destroy 1.4 --> "K:\SPYBOT\unins000.exe"
SpywareBlaster v3.5.1 --> "K:\SPYWAREBLASTER\UNINS000.EXE"
SpywareGuard v2.2 --> K:\SPYWAREGUARD\UNINS000.EXE
Star Downloader Pro --> K:\STARDO~1\UNWISE.EXE K:\STARDO~1\INSTALL.LOG
Steganos Internet Trace Destructor 7.1.6 --> MsiExec.exe /I{00000000-5736-4205-1000-75FF97AC5007}
Steganos Live Encryption Engine 4.01 --> MsiExec.exe /X{E6C64B69-B70D-4D3C-97B7-D5A450B87759}
Steuer-Spar-Erklärung 2006 --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\09\00\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{1E279749-9F3A-47B5-81AB-B197A2A38A71}\setup.exe" -l0x7
Steuer-Spar-Erklärung 2007 --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{B7088B71-86FC-4F5E-B295-68FAB7B6C85B}\setup.exe" -l0x7
Stripem 1.2 --> C:\WINDOWS\IsUninst.exe -f"F:\E-Mail Extractor\Uninst.isu"
StuffIt Deluxe --> C:\Programme\Gemeinsame Dateien\InstallShield\Driver\8\Intel 32\IDriver.exe /M{ABB752F5-5D10-4ECB-AE1C-6050BFBFCD73}
StyleWriter --> C:\WINDOWS\IsUninst.exe -ff:\stylewriter\Uninst.isu
SuDoku Pro 2.0 --> H:\Sudoku Pro\uninst.exe
SUPERAntiSpyware Free Edition --> MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
SupertabCOM --> C:\WINDOWS\IsUn0407.exe -f"f:\Haufe\Haufer Reader\SupertabCOM.isu"
T-DSL SpeedManager --> MsiExec.exe /I{1762C1BA-66BF-454A-8746-F921574CFF6C}
T-Online DSL-Manager --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{90A455A7-0FC8-4508-B7FA-8F135B8F041A}\Setup.exe" -l0x7
Tara --> C:\WINDOWS\uninst.exe -fi:\Tara\DeIsL1.isu -ci:\Tara\_ISREG32.DLL
TGeb V5.3 --> C:\WINDOWS\st6unst.exe -n "F:\TGeb\ST6UNST.LOG"
TGeb V5.4 --> C:\WINDOWS\st6unst.exe -n "F:\TGeb\ST6UNST.000"
The Bat! International Pack v3.99.24 --> MsiExec.exe /I{302D5675-F28B-440C-96E7-84B96AD88298}
The Cleaner --> "K:\The Cleaner\unins000.exe"
The Imperial Astrologer --> MsiExec.exe /I{0C488931-0A1D-42C7-956C-140705FFAFC9}
The Number One Fatal Mistake Made By Internet Marketers --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{D7334B66-73AF-4226-B2A6-29DD472340D8}\Setup.exe"
The Stalker for Lucky Times v.1 --> I:\THESTA~1\UNINST~1.EXE I:\THESTA~1\INSTALL.LOG
The Web Army Knife (remove only) --> "K:\INSTANT PROFIT WEBSITES\WEB ARMY KNIFE\UNINST.EXE"
TheBat! Home v3.99.29 --> MsiExec.exe /I{22EB24CB-222E-4C4C-A84F-967048B6CF46}
Tool zum Entfernen verborgener Daten --> MsiExec.exe /X{90F80407-6000-11D3-8CFE-0150048383C9}
toolboxx Lexware minijobs --> C:\WINDOWS\IsUn0407.exe -f"f:\Lexware\Lexware toolboxx\Lexware minijobs\TB_MJ.isu"
Total Commander (Remove or Repair) --> f:\Total Commander\tcuninst.exe
Trace Eliminator Pro v2.0 --> "K:\TRACE ELIMINATOR PRO\UNINS000.EXE"
TuneUp Utilities 2006 --> MsiExec.exe /I{868D7896-99D4-4513-BC62-2B3AD3E24926}
TV-Browser 2.6 --> H:\TV-Browser\Uninstall.exe
TVgenial 4.04 --> H:\TVgenial\Uninstall.exe
TweakPower --> K:\TWEAKPOWER\UNINSTALLER.EXE
Update für Microsoft Office Outlook 2003 mit Business Contact Manager --> MsiExec.exe /I{BA68600E-96D9-4E92-80F2-26B9681B5A65}
Update für Windows XP (KB894391) --> "C:\WINDOWS\$NtUninstallKB894391$\spuninst\spuninst.exe"
Update für Windows XP (KB896727) --> "C:\WINDOWS\$NtUninstallKB896727$\spuninst\spuninst.exe"
Update für Windows XP (KB898461) --> "C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
Update für Windows XP (KB900485) --> "C:\WINDOWS\$NtUninstallKB900485$\spuninst\spuninst.exe"
Update für Windows XP (KB904942) --> "C:\WINDOWS\$NtUninstallKB904942$\spuninst\spuninst.exe"
Update für Windows XP (KB910437) --> "C:\WINDOWS\$NtUninstallKB910437$\spuninst\spuninst.exe"
Update für Windows XP (KB916595) --> "C:\WINDOWS\$NtUninstallKB916595$\spuninst\spuninst.exe"
Update für Windows XP (KB920872) --> "C:\WINDOWS\$NtUninstallKB920872$\spuninst\spuninst.exe"
Update für Windows XP (KB922582) --> "C:\WINDOWS\$NtUninstallKB922582$\spuninst\spuninst.exe"
Update für Windows XP (KB927891) --> "C:\WINDOWS\$NtUninstallKB927891$\spuninst\spuninst.exe"
Update für Windows XP (KB929338) --> "C:\WINDOWS\$NtUninstallKB929338$\spuninst\spuninst.exe"
Update für Windows XP (KB930916) --> "C:\WINDOWS\$NtUninstallKB930916$\spuninst\spuninst.exe"
Update für Windows XP (KB931836) --> "C:\WINDOWS\$NtUninstallKB931836$\spuninst\spuninst.exe"
Update für Windows XP (KB933360) --> "C:\WINDOWS\$NtUninstallKB933360$\spuninst\spuninst.exe"
Update für Windows XP (KB936357) --> "C:\WINDOWS\$NtUninstallKB936357$\spuninst\spuninst.exe"
Update für Windows XP (KB938828) --> "C:\WINDOWS\$NtUninstallKB938828$\spuninst\spuninst.exe"
V3760 User's Manual --> C:\PROGRA~1\V3760C~1\UNWISE.EXE C:\PROGRA~1\V3760C~1\INSTALL.LOG
VegaSviri Expert --> I:\VegaSviri Expert\uninstal.exe
VegaSviri Horary --> I:\VegaSviri Horary\uninstal.exe
Verlag Praktisches Wissen GmbH KABC 1/2003 --> C:\WINDOWS\IsUn0407.exe -ff:\Kontierung\DeIsL1.isu
Vienna*Star GeburtszeitKorrekturMaschine --> C:\WINDOWS\IsUn0407.exe -fi:\GKM\Uninst.isu
Viewpoint Media Player (Remove Only) --> C:\Programme\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u
Visual C++ CRT 8.0 --> MsiExec.exe /I{B2395631-54D5-481E-B9A8-74B269546F40}
Visual Sokoban 2.02 --> "H:\Visual Sokoban\unins000.exe"
Wait-Watcher --> MsiExec.exe /I{79136293-0CA9-4C78-B14B-64F416F0CCAD}
Wait-Watcher --> MsiExec.exe /X{95BA9C00-6F03-424D-BAB3-3DAA369D64C3}
Web-Domain-Checker --> MsiExec.exe /I{10171606-5922-41D3-8FE6-099B5C76D2E7}
WebPosition 3 Training Video --> K:\WEBPOS~2\UNWISE.EXE K:\WEBPOS~2\INSTALL.LOG
WebWasher --> K:\WEBWASHER\WWASHER.EXE /FEEDBACK:UNINSTALL /LAUNCH:"K:\WEBWAS~1\UNWISE.EXE K:\WEBWAS~1\INSTALL.LOG"
Win Star Express 1.0 Setup --> I:\wstarexp\UNWISE.EXE I:\wstarexp\INSTALL.LOG
Win*Star 2.05 Update --> I:\WSTAR20\UNWISE.EXE I:\WSTAR20\INSTALL.LOG
Win*Writer 2.04.05 --> I:\WSTAR20\UNWISE.EXE I:\WSTAR20\INSTALL.LOG
Win*Writer 2.05 Update --> I:\WSTAR20\UNWISE.EXE I:\WSTAR20\INSTALL.LOG
Windows-Sicherungsprogramm --> MsiExec.exe /I{76EFFC7C-17A6-479D-9E47-8E658C1695AE}
Windows Defender Signatures --> MsiExec.exe /I{A5CC2A09-E9D3-49EC-923D-03874BBD4C2C}
Windows Media Encoder 9-Reihe --> msiexec.exe /I {E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}
Windows Media Encoder 9-Reihe --> MsiExec.exe /I{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Support Tools --> MsiExec.exe /I{8398B542-3CC4-44D9-83DF-696CCE70124B}
Windows XP-Hotfix - KB834707 --> C:\WINDOWS\$NtUninstallKB834707$\spuninst\spuninst.exe
Windows XP-Hotfix - KB867282 --> C:\WINDOWS\$NtUninstallKB867282$\spuninst\spuninst.exe
Windows XP-Hotfix - KB873333 --> C:\WINDOWS\$NtUninstallKB873333$\spuninst\spuninst.exe
Windows XP-Hotfix - KB873339 --> C:\WINDOWS\$NtUninstallKB873339$\spuninst\spuninst.exe
Windows XP-Hotfix - KB884020 --> C:\WINDOWS\$NtUninstallKB884020$\spuninst\spuninst.exe
Windows XP-Hotfix - KB885250 --> C:\WINDOWS\$NtUninstallKB885250$\spuninst\spuninst.exe
Windows XP-Hotfix - KB885295 --> C:\WINDOWS\$NtUninstallKB885295$\spuninst\spuninst.exe
Windows XP-Hotfix - KB885523 --> C:\WINDOWS\$NtUninstallKB885523$\spuninst\spuninst.exe
Windows XP-Hotfix - KB885835 --> C:\WINDOWS\$NtUninstallKB885835$\spuninst\spuninst.exe
Windows XP-Hotfix - KB885836 --> C:\WINDOWS\$NtUninstallKB885836$\spuninst\spuninst.exe
Windows XP-Hotfix - KB885884 --> C:\WINDOWS\$NtUninstallKB885884$\spuninst\spuninst.exe
Windows XP-Hotfix - KB885894 --> C:\WINDOWS\$NtUninstallKB885894$\spuninst\spuninst.exe
Windows XP-Hotfix - KB886185 --> C:\WINDOWS\$NtUninstallKB886185$\spuninst\spuninst.exe
Windows XP-Hotfix - KB887472 --> C:\WINDOWS\$NtUninstallKB887472$\spuninst\spuninst.exe
Windows XP-Hotfix - KB887742 --> C:\WINDOWS\$NtUninstallKB887742$\spuninst\spuninst.exe
Windows XP-Hotfix - KB887797 --> C:\WINDOWS\$NtUninstallKB887797$\spuninst\spuninst.exe
Windows XP-Hotfix - KB888113 --> C:\WINDOWS\$NtUninstallKB888113$\spuninst\spuninst.exe
Windows XP-Hotfix - KB888302 --> C:\WINDOWS\$NtUninstallKB888302$\spuninst\spuninst.exe
Windows XP-Hotfix - KB890047 --> C:\WINDOWS\$NtUninstallKB890047$\spuninst\spuninst.exe
Windows XP-Hotfix - KB890175 --> C:\WINDOWS\$NtUninstallKB890175$\spuninst\spuninst.exe
Windows XP-Hotfix - KB890859 --> "C:\WINDOWS\$NtUninstallKB890859$\spuninst\spuninst.exe"
Windows XP-Hotfix - KB890923 --> "C:\WINDOWS\$NtUninstallKB890923$\spuninst\spuninst.exe"
Windows XP-Hotfix - KB891781 --> C:\WINDOWS\$NtUninstallKB891781$\spuninst\spuninst.exe
Windows XP-Hotfix - KB893066 --> "C:\WINDOWS\$NtUninstallKB893066$\spuninst\spuninst.exe"
Windows XP-Hotfix - KB893086 --> "C:\WINDOWS\$NtUninstallKB893086$\spuninst\spuninst.exe"
Winstar 2.0.4 --> I:\WSTAR20\UNWISE.EXE I:\WSTAR20\INSTALL.LOG
WinZip --> "F:\WinZip\WINZIP32.EXE" /uninstall
WordToPDF 2.4 --> "F:\WordToPDF\unins000.exe"
World Watch --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{96AC14CE-2C73-4978-8D20-3ACCC293D746}\Setup.exe" -l0x9
Xaldon WebSpider 2 --> C:\WINDOWS\UNIN0407.EXE -F"K:\WEBSPIDER 2\DEISL1.ISU" -C"K:\WEBSPIDER 2\_ISREG32.DLL"
XP-Clean --> MsiExec.exe /I{95F48480-6D51-49A5-BFC3-7D8043AC5386}
xpTuner V1.04 --> "F:\XP Tuner\unins000.exe"
XQDC X-Setup Pro 7.2.360.Final1 --> "K:\X-SETUP PRO\UNINS000.EXE"
ZoneTrekker --> MsiExec.exe /X{06B64445-5561-43A0-9304-801C47617F30}


-- Application Event Log -------------------------------------------------------

Event Record #/Type5715 / Error
Event Submitted/Written: 11/22/2007 10:37:25 AM
Event ID/Source: 11 / crypt32
Event Description:
Die Extrahierung der Drittanbieterstammlisten aus der automatischen Aktualisierungs-CAB-Datei bei <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> ist fehlgeschlagen mit dem Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.

Event Record #/Type5707 / Warning
Event Submitted/Written: 11/22/2007 08:17:52 AM
Event ID/Source: 19011 / MSSQL$MICROSOFTSMLBIZ
Event Description:
(SpnRegister) : Error 1355

Event Record #/Type5705 / Error
Event Submitted/Written: 11/22/2007 01:18:48 AM
Event ID/Source: 1512 / Userenv
Event Description:
Die Registrierungsdatei konnte nicht entladen werden. Der für die Registrierung verwendete Arbeitsspeicher wurde nicht freigegeben. Dies wird oft durch Dienste verursacht, die unter einem Benutzerkonto ausgeführt werden. Versuchen Sie die Dienste entweder unter dem Konto "LocalService" oder "NetworkService" auszuführen. Wenden Sie sich an den Netzwerkadministrator, wenn das Problem weiterhin besteht.


Details - Nicht genügend Systemressourcen, um den angeforderten Dienst auszuführen.

Event Record #/Type5704 / Warning
Event Submitted/Written: 11/22/2007 01:18:18 AM
Event ID/Source: 1524 / Userenv
Event Description:
Die Klassenregistrierungsdatei kann nicht entladen werden, da sie weiterhin von anderen Anwendungen bzw. Diensten verwendet wird. Die Datei wird entladen, wenn sie nicht mehr verwendet wird.

Event Record #/Type5699 / Warning
Event Submitted/Written: 11/21/2007 02:48:01 PM
Event ID/Source: 19011 / MSSQL$MICROSOFTSMLBIZ
Event Description:
(SpnRegister) : Error 1355



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type156851 / Error
Event Submitted/Written: 11/22/2007 10:37:30 AM
Event ID/Source: 7016 / Service Control Manager
Event Description:
Der Dienst "BrSplService" hat einen ungültigen aktuellen Status gemeldet: 0

Event Record #/Type156849 / Error
Event Submitted/Written: 11/22/2007 10:14:24 AM
Event ID/Source: 7023 / Service Control Manager
Event Description:
Der Dienst "Anwendungsverwaltung" wurde mit folgendem Fehler beendet:
%%126

Event Record #/Type156846 / Error
Event Submitted/Written: 11/22/2007 10:14:24 AM
Event ID/Source: 7023 / Service Control Manager
Event Description:
Der Dienst "Anwendungsverwaltung" wurde mit folgendem Fehler beendet:
%%126

Event Record #/Type156843 / Error
Event Submitted/Written: 11/22/2007 10:14:24 AM
Event ID/Source: 7023 / Service Control Manager
Event Description:
Der Dienst "Anwendungsverwaltung" wurde mit folgendem Fehler beendet:
%%126

Event Record #/Type156840 / Error
Event Submitted/Written: 11/22/2007 10:14:24 AM
Event ID/Source: 7023 / Service Control Manager
Event Description:
Der Dienst "Anwendungsverwaltung" wurde mit folgendem Fehler beendet:
%%126



-- End of Deckard's System Scanner: finished at 2007-11-22 10:40:30 ------------

#6 Falu

Falu

  • Security Colleague
  • 3,001 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:04:07 AM

Posted 25 November 2007 - 12:57 PM

Hi dpmengefi, :thumbsup:

1. Click on Start, Settings, Control Panel and double-click on Add or Remove Programs. From within Add or Remove Programs uninstall the following programmes:

J2SE Development Kit 5.0 Update 7
J2SE Runtime Environment 5.0 Update 4
J2SE Runtime Environment 5.0 Update 6
J2SE Runtime Environment 5.0 Update 7
Java 2 Runtime Environment Standard Edition v1.3.1
Java 2 Runtime Environment, SE v1.4.0_01
Java 2 Runtime Environment, SE v1.4.0_03
Java 2 Runtime Environment, SE v1.4.1_01
Java 2 Runtime Environment, SE v1.4.2_01
Serials 2000 7.1+


Viewpoint is classed as Foistware and a Potentially unwanted program as its sometimes installed without the users consent, There maybe some indications that they will move into tracking users at some stage which you can read more about Here. If you value the service they provide then it can be left on the system but if not then it can be removed using the Add/Remove screen. More info. If you agree to remove it checkmark:

Viewpoint Media Player

Do you know what the following programmes are? If not remove them:

ProgTran v2.34
Secure Surfer
SupertabCOM


2. Please Reboot

3. Disable SuperAntispyware again:

Right-click on the shortcut from the
system tray, choose View Control Center (preferences/options), on the General and Startup tab, uncheck, Start SUPERAntispyware when Windows starts, click Close to exit.

4. Before we start fixing anything you should print out these instructions or copy them to a NotePad file so they will be accessible. Some steps will require you to disconnect from the Internet or use Safe Mode and you will not have access to this page.

Please download DrWeb-CureIt & save it to your desktop. DO NOT perform a scan yet.

5. Reboot your computer in "SAFE MODE" using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode".

6. Scan with DrWeb-CureIt as follows:
  • Double-click on drweb-cureit.exe to start the program. An "Express Scan of your PC" notice will appear.
  • Under "Start the Express Scan Now", Click "OK" to start. This is a short scan that will scan the files currently running in memory and when something is found, click the Yes button when it asks you if you want to cure it.
  • Once the short scan has finished, Click Options > Change settings
  • Choose the "Scan tab" and UNcheck "Heuristic analysis"
  • Back at the main window, click "Select drives" (a red dot will show which drives have been chosen)
  • Then click the "Start/Stop Scanning" button (green arrow on the right) and the scan will start.
  • When done, a message will be displayed at the bottom advising if any viruses were found.
  • Click "Yes to all" if it asks if you want to cure/move the file.
  • When the scan has finished, look if you can see the icon next to the files found. If so, click it, then click the next icon right below and select "Move incurable".
    (This will move it to the C:\Documents and Settings\userprofile\DoctorWeb\Quarantine folder if it can't be cured)
  • Next, in the Dr.Web CureIt menu on top, click file and choose save report list.
  • Save the DrWeb.csv report to your desktop.
  • Exit Dr.Web Cureit when done.
  • Important! Reboot your computer because it could be possible that files in use will be moved/deleted during reboot.
  • After reboot, post the contents of the log from Dr.Web in your next reply. (You can use Notepad to open the DrWeb.cvs report)
Please post the Dr. Web report along wit a fresh HijackThis log and let me know how things are running.

#7 dpmengefi

dpmengefi
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:11:07 AM

Posted 26 November 2007 - 03:21 PM

Hi Falu

ICounter is a program to record how long I've been online which I used with a dial-up connection. I now have a DSL Flat Rate, so I've uninstalled this program.

I know the programs ProgTran v2.34 and Secure Surfer. SupertabCOM is used by a program called Haufer Reader for reading an ebook on tax and accountancy.

Still getting messages from my Firewall Program that it is blocking an attempt to scan certain ports, so it seems that "something" is still trying to make a connection.

Here are the reports from Dr Web and a fresh Hijack This log.




icounter.exe;k:\i-counter;möglicherweise BACKDOOR.Trojan;Nicht desinfizierbar.Verschoben.;
DLFileWI.dll;C:\Programme\Gemeinsame Dateien\G DATA\IUpdate;Adware.Sguide.origin;Nicht desinfizierbar.Verschoben.;
SDShelEx.dll;F:\TuneUp Utilities 2006;Trojan.MulDrop.6045;Gelöscht.;
w0svc.exe;K:\0190 Warner;Trojan.Rootkit.origin;Nicht desinfizierbar.Verschoben.;
A0486588.exe;K:\System Volume Information\_restore{49E2419C-B47E-42B7-B202-DB3F0F3543DA}\RP2040;Trojan.Rootkit.origin;Nicht desinfizierbar.Verschoben.;


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:02:37, on 26.11.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
K:\AdAware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\brsvc01a.exe
C:\WINDOWS\System32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
F:\PC Booster\pcbooster.exe
K:\The Cleaner\tca.exe
K:\The Cleaner\tcm.exe
C:\Programme\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Programme\SiteAdvisor\6172\SiteAdv.exe
C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
K:\AntiVirus 2008\AVKTray\AVKTray.exe
C:\Programme\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
K:\AntiVirus 2008\AVK\AVKService.exe
C:\Programme\Windows Media Player\WMPNSCFG.exe
K:\AntiVirus 2008\AVK\AVKWCtl.exe
C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
C:\Programme\SAGEM\SAGEM F@st 800-840\dslmon.exe
F:\MemoKit\memokit2.exe
K:\SpywareGuard\sgmain.exe
C:\WINDOWS\System32\GEARSec.exe
C:\WINDOWS\System32\svchost.exe
K:\SpywareGuard\sgbhp.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programme\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\oodag.exe
F:\PC Firewall Pro 2007\pcfw.exe
C:\Programme\SiteAdvisor\6172\SAService.exe
C:\WINDOWS\System32\SLEE401.exe
C:\WINDOWS\SCARDS32.EXE
C:\Programme\PowerQuest\Drive Image 7.0\Agent\PQV2iSvc.exe
C:\Programme\Gemeinsame Dateien\G DATA\AVKProxy\AVKProxy.exe
C:\WINDOWS\System32\Fast.exe
K:\ProcessExplorer\procexp.exe
F:\The Bat\thebat.exe
F:\Microsoft Office\OFFICE11\WINWORD.EXE
K:\Firefox\Mozilla Firefox\firefox.exe
K:\Star Downloader\stardown.exe
K:\Star Downloader\stardown.exe
K:\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - F:\SnagIt 7\SnagItBHO.dll
O2 - BHO: G DATA WebFilter - {0124123D-61B4-456f-AF86-78C53A0790C5} - K:\AntiVirus 2008\Webfilter\AVKWebIE.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Programme\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SpywareGuardDLBLOCK.CBrowserHelper - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - K:\SPYWAREGUARD\DLPROTECT.DLL
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - K:\Spybot\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: amazon - {84B94901-3645-4D80-A6B7-4D0050B19455} - K:\Preispiraten\IEButtonAmazonInterface.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programme\google\googletoolbar5.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: eBay - {CD9B7762-DFBC-42B1-BB30-02A78287B456} - K:\Preispiraten\IEButtonEbayInterface.dll
O2 - BHO: Preispiraten - {E9E027BF-C3F3-4022-8F6B-8F6D39A59684} - K:\Preispiraten\IEButtonPPInterface.dll
O2 - BHO: (no name) - {FFFFFEF0-5B30-21D4-945D-000000000000} - K:\STARDO~1\SDIEInt.dll
O3 - Toolbar: Copernic Agent - {F2E259E8-0FC8-438C-A6E0-342DD80FA53E} - K:\COPERN~1\COPERN~1.DLL
O3 - Toolbar: FraudEliminator - {A5181F8A-0B9D-43AC-8BE5-EB61651DB685} - C:\Programme\FraudEliminator\2.3.0\FETB.dll
O3 - Toolbar: &Netcraft Toolbar - {D554D8FC-B36D-4BB4-93DB-4A3394D505E3} - C:\Programme\Netcraft Toolbar\nctb.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Programme\SiteAdvisor\6172\SiteAdv.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programme\google\googletoolbar5.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - F:\SnagIt 7\SnagItIEAddin.dll
O3 - Toolbar: G DATA WebFilter - {0124123D-61B4-456f-AF86-78C53A0790C5} - K:\AntiVirus 2008\Webfilter\AVKWebIE.dll
O4 - HKLM\..\Run: [PC Booster] F:\PC Booster\pcbooster.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [tcactive] K:\The Cleaner\tca.exe
O4 - HKLM\..\Run: [tcmonitor] K:\The Cleaner\tcm.exe
O4 - HKLM\..\Run: [PC Firewall Professional] "F:\PC Firewall Pro 2007\pcfw.exe" /waitservice
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "F:\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Programme\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [SiteAdvisor] C:\Programme\SiteAdvisor\6172\SiteAdv.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [MsgCenterExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\RealOneMessageCenter.exe" -osboot
O4 - HKLM\..\Run: [AVKTray] "K:\AntiVirus 2008\AVKTray\AVKTray.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.6.0_03\bin\jusched.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\RunOnce: [ITD7] "K:\STEGANOS INTERNET TRACE DESTRUCTOR 7\ITD7.EXE" -FIRSTBOOT (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-20\..\RunOnce: [ITD7] "K:\STEGANOS INTERNET TRACE DESTRUCTOR 7\ITD7.EXE" -FIRSTBOOT (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [ITD7] "K:\STEGANOS INTERNET TRACE DESTRUCTOR 7\ITD7.EXE" -FIRSTBOOT (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [ITD7] "K:\STEGANOS INTERNET TRACE DESTRUCTOR 7\ITD7.EXE" -FIRSTBOOT (User 'Default user')
O4 - S-1-5-18 Startup: T-Online DSL-Manager.lnk = C:\Programme\T-Online\DSL-Manager\TODslMgr.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: T-Online DSL-Manager.lnk = C:\Programme\T-Online\DSL-Manager\TODslMgr.exe (User 'Default user')
O4 - Startup: ERUNT AutoBackup.lnk = C:\Programme\ERUNT\AUTOBACK.EXE
O4 - Startup: MemoKit.lnk = F:\MemoKit\mk.exe
O4 - Startup: SpywareGuard.lnk = K:\SpywareGuard\sgmain.exe
O4 - Global Startup: DSLMON.lnk = C:\Programme\SAGEM\SAGEM F@st 800-840\dslmon.exe
O8 - Extra context menu item: &Preispiratensuche nach markiertem Text - K:\\Preispiraten\\preispiraten.html
O8 - Extra context menu item: Download with Star Downloader - K:\Star Downloader\sdie.htm
O8 - Extra context menu item: Enqueue in Star Downloader - K:\Star Downloader\sdieenq.htm
O8 - Extra context menu item: Leech with Star Downloader - K:\Star Downloader\leechie.htm
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://F:\MICROS~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Search Using Copernic Shopper - K:\COPERN~2\WEB\FIND.HTM
O8 - Extra context menu item: Suchen mit Copernic Agent - K:\COPERNIC AGENT\WEB\SEARCHEXT.HTM
O8 - Extra context menu item: Zur Filterliste hinzufügen (WebWasher) - http://-Web.Washer-/ie_add
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra button: (no name) - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - K:\COPERN~1\COPERN~1.EXE
O9 - Extra 'Tools' menuitem: Starten von Copernic Agent - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - K:\COPERN~1\COPERN~1.EXE
O9 - Extra button: Preispiraten - {350F4DA2-3886-4BB8-A1A8-D7F57B56DFFF} - K:\Preispiraten\preispiraten3ie.exe
O9 - Extra 'Tools' menuitem: Preispiraten - {350F4DA2-3886-4BB8-A1A8-D7F57B56DFFF} - K:\Preispiraten\preispiraten3ie.exe
O9 - Extra button: PC Firewall 2007 Pro Quick Tune - {44627E97-789B-40d4-B5C2-58BD171129A1} - F:\PC Firewall Pro 2007\Plugins\BrowserBar\ie_bar.dll
O9 - Extra button: Copernic Agent - {688DC797-DC11-46A7-9F1B-445F4F58CE6E} - K:\COPERN~1\COPERN~1.EXE
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - F:\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - K:\Spybot\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - K:\Spybot\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: eBay - {E79005A3-0F92-434B-9F7B-51131FC7168F} - http://www.preispiraten.de/e/tr_ebdestart....p://www.ebay.de (file missing)
O9 - Extra button: eBay - Homepage - {EF79EAC5-3452-4E02-B8BD-BA4C89F1AC7A} - H:\IrfanView\Ebay\Ebay.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O16 - DPF: {0FF3E97F-433D-11D2-B31A-00A0C9B135DB} (CoDetectDigitalRiver Class) - http://ebot.digitalriver.com/v2.0-doc/dlwi...zard3.0.4.3.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6CB5E471-C305-11D3-99A8-000086395495} - http://toolbar.google.com/data/de/big/1.1....g/GoogleNav.cab
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installengine.com/engine/isetup.cab
O16 - DPF: {A8482EAF-A1F3-4934-AE3F-56EB195A50BF} (DeskUpdateV2 - Activex Control) - http://support.fujitsu-siemens.de/DeskUpda...api/activex.cab
O16 - DPF: {CAFEEFAC-0013-0001-0000-ABCDEFFEDCBA} (Java Runtime Environment 1.3.1) -
O16 - DPF: {CAFEEFAC-0014-0000-0001-ABCDEFFEDCBA} (Java Runtime Environment 1.4.0_01) -
O16 - DPF: {CAFEEFAC-0014-0000-0003-ABCDEFFEDCBA} (Java Runtime Environment 1.4.0_03) -
O16 - DPF: {CAFEEFAC-0014-0001-0001-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1_01) -
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Programme\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - K:\AdAware 2007\aawservice.exe
O23 - Service: G DATA AntiVirus Proxy (AVKProxy) - G DATA Software AG - C:\Programme\Gemeinsame Dateien\G DATA\AVKProxy\AVKProxy.exe
O23 - Service: AVK Service (AVKService) - G DATA Software AG - K:\AntiVirus 2008\AVK\AVKService.exe
O23 - Service: AVK Wächter (AVKWCtl) - G DATA Software AG - K:\AntiVirus 2008\AVK\AVKWCtl.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\System32\brsvc01a.exe
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: SFirewall Service (SFirewall) - Buhl Data Service GmbH - F:\PC Firewall Pro 2007\pcfw.exe
O23 - Service: SiteAdvisor-Dienst (SiteAdvisor Service) - Unknown owner - C:\Programme\SiteAdvisor\6172\SAService.exe
O23 - Service: Steganos Live Encryption Engine (Version 401) [Service] (SLEE_401_SERVICE) - Unknown owner - C:\WINDOWS\System32\SLEE401.exe
O23 - Service: T-Online DSL-Manager (TODslService) - T-Systems International GmbH - C:\Programme\T-Online\DSL-Manager\TODslSvc.exe
O23 - Service: T-DSL SpeedManager (TSMService) - T-Systems Business Services - C:\Programme\T-DSL SpeedManager\TSMSvc.exe
O23 - Service: CHIPDRIVE SCARD Service (TWKSCARDSRV) - SCM Microsystems - C:\WINDOWS\SCARDS32.EXE
O23 - Service: V2i Protector - PowerQuest Corporation - C:\Programme\PowerQuest\Drive Image 7.0\Agent\PQV2iSvc.exe

--
End of file - 13384 bytes

#8 Falu

Falu

  • Security Colleague
  • 3,001 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:04:07 AM

Posted 27 November 2007 - 12:02 PM

Hi dpmengefi, :thumbsup:

1.

Still getting messages from my Firewall Program that it is blocking an attempt to scan certain ports, so it seems that "something" is still trying to make a connection.


Which is good since that's what your firewall should do: stop unwanted traffic.

2. You have SpywareGuard installed. While this is a great program, we need to temporarily disable (not uninstall) the program because it might stop our fix. You may re-enable it once you're clean; I will let you know.

* Right click the running icon ofSpywareGuard, it will open the program.
* Then go to Menu, file, exit.
* Then confirm the program is closed.

3. Run HijackThis, click Scan and checkmark the following entries:

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
O16 - DPF: {CAFEEFAC-0013-0001-0000-ABCDEFFEDCBA} (Java Runtime Environment 1.3.1) -
O16 - DPF: {CAFEEFAC-0014-0000-0001-ABCDEFFEDCBA} (Java Runtime Environment 1.4.0_01) -
O16 - DPF: {CAFEEFAC-0014-0000-0003-ABCDEFFEDCBA} (Java Runtime Environment 1.4.0_03) -
O16 - DPF: {CAFEEFAC-0014-0001-0001-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1_01) -


Close all browsers and windows, except for HijackThis and click the Fix Checked button; close HijackThis!

4. You'll still have ATF-Cleaner, run it again.

Please reboot, post a fresh HijackThis log and let me know how your computer is running.

#9 dpmengefi

dpmengefi
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:11:07 AM

Posted 28 November 2007 - 10:57 AM

Hi Falu,

Using AFT-Cleaner, the settings for Firefox were grayed out, but I use Firefox in preference to IE. Maybe to do with the settings I have in Firefox.

After completing everything I've noticed no difference with how things are running. Still messages from Firewall blocking an attempt to scan certain ports.

Here is a new HiJack This log.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:44:53, on 28.11.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
K:\AdAware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\brsvc01a.exe
C:\WINDOWS\System32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
F:\PC Booster\pcbooster.exe
K:\The Cleaner\tca.exe
K:\AntiVirus 2008\AVK\AVKService.exe
K:\The Cleaner\tcm.exe
K:\AntiVirus 2008\AVK\AVKWCtl.exe
C:\Programme\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Programme\SiteAdvisor\6172\SiteAdv.exe
C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
K:\AntiVirus 2008\AVKTray\AVKTray.exe
C:\Programme\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\GEARSec.exe
C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Programme\Windows Media Player\WMPNSCFG.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programme\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\Programme\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
F:\MemoKit\memokit2.exe
K:\SpywareGuard\sgmain.exe
C:\WINDOWS\System32\nvsvc32.exe
K:\SpywareGuard\sgbhp.exe
C:\WINDOWS\system32\oodag.exe
F:\PC Firewall Pro 2007\pcfw.exe
C:\Programme\SiteAdvisor\6172\SAService.exe
C:\WINDOWS\System32\SLEE401.exe
C:\WINDOWS\SCARDS32.EXE
C:\Programme\Gemeinsame Dateien\G DATA\AVKProxy\AVKProxy.exe
C:\WINDOWS\System32\Fast.exe
K:\ProcessExplorer\procexp.exe
K:\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - F:\SnagIt 7\SnagItBHO.dll
O2 - BHO: G DATA WebFilter - {0124123D-61B4-456f-AF86-78C53A0790C5} - K:\AntiVirus 2008\Webfilter\AVKWebIE.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Programme\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SpywareGuardDLBLOCK.CBrowserHelper - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - K:\SPYWAREGUARD\DLPROTECT.DLL
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - K:\Spybot\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_03\bin\ssv.dll (file missing)
O2 - BHO: amazon - {84B94901-3645-4D80-A6B7-4D0050B19455} - K:\Preispiraten\IEButtonAmazonInterface.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programme\google\googletoolbar5.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: eBay - {CD9B7762-DFBC-42B1-BB30-02A78287B456} - K:\Preispiraten\IEButtonEbayInterface.dll
O2 - BHO: Preispiraten - {E9E027BF-C3F3-4022-8F6B-8F6D39A59684} - K:\Preispiraten\IEButtonPPInterface.dll
O2 - BHO: (no name) - {FFFFFEF0-5B30-21D4-945D-000000000000} - K:\STARDO~1\SDIEInt.dll
O3 - Toolbar: Copernic Agent - {F2E259E8-0FC8-438C-A6E0-342DD80FA53E} - K:\COPERN~1\COPERN~1.DLL
O3 - Toolbar: FraudEliminator - {A5181F8A-0B9D-43AC-8BE5-EB61651DB685} - C:\Programme\FraudEliminator\2.3.0\FETB.dll
O3 - Toolbar: &Netcraft Toolbar - {D554D8FC-B36D-4BB4-93DB-4A3394D505E3} - C:\Programme\Netcraft Toolbar\nctb.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Programme\SiteAdvisor\6172\SiteAdv.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programme\google\googletoolbar5.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - F:\SnagIt 7\SnagItIEAddin.dll
O3 - Toolbar: G DATA WebFilter - {0124123D-61B4-456f-AF86-78C53A0790C5} - K:\AntiVirus 2008\Webfilter\AVKWebIE.dll
O4 - HKLM\..\Run: [PC Booster] F:\PC Booster\pcbooster.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [tcactive] K:\The Cleaner\tca.exe
O4 - HKLM\..\Run: [tcmonitor] K:\The Cleaner\tcm.exe
O4 - HKLM\..\Run: [PC Firewall Professional] "F:\PC Firewall Pro 2007\pcfw.exe" /waitservice
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "F:\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Programme\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [SiteAdvisor] C:\Programme\SiteAdvisor\6172\SiteAdv.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [MsgCenterExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\RealOneMessageCenter.exe" -osboot
O4 - HKLM\..\Run: [AVKTray] "K:\AntiVirus 2008\AVKTray\AVKTray.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.6.0_03\bin\jusched.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\RunOnce: [ITD7] "K:\STEGANOS INTERNET TRACE DESTRUCTOR 7\ITD7.EXE" -FIRSTBOOT (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-20\..\RunOnce: [ITD7] "K:\STEGANOS INTERNET TRACE DESTRUCTOR 7\ITD7.EXE" -FIRSTBOOT (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [ITD7] "K:\STEGANOS INTERNET TRACE DESTRUCTOR 7\ITD7.EXE" -FIRSTBOOT (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [ITD7] "K:\STEGANOS INTERNET TRACE DESTRUCTOR 7\ITD7.EXE" -FIRSTBOOT (User 'Default user')
O4 - S-1-5-18 Startup: T-Online DSL-Manager.lnk = C:\Programme\T-Online\DSL-Manager\TODslMgr.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: T-Online DSL-Manager.lnk = C:\Programme\T-Online\DSL-Manager\TODslMgr.exe (User 'Default user')
O4 - Startup: ERUNT AutoBackup.lnk = C:\Programme\ERUNT\AUTOBACK.EXE
O4 - Startup: MemoKit.lnk = F:\MemoKit\mk.exe
O4 - Startup: SpywareGuard.lnk = K:\SpywareGuard\sgmain.exe
O4 - Global Startup: DSLMON.lnk = C:\Programme\SAGEM\SAGEM F@st 800-840\dslmon.exe
O8 - Extra context menu item: &Preispiratensuche nach markiertem Text - K:\\Preispiraten\\preispiraten.html
O8 - Extra context menu item: Download with Star Downloader - K:\Star Downloader\sdie.htm
O8 - Extra context menu item: Enqueue in Star Downloader - K:\Star Downloader\sdieenq.htm
O8 - Extra context menu item: Leech with Star Downloader - K:\Star Downloader\leechie.htm
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://F:\MICROS~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Search Using Copernic Shopper - K:\COPERN~2\WEB\FIND.HTM
O8 - Extra context menu item: Suchen mit Copernic Agent - K:\COPERNIC AGENT\WEB\SEARCHEXT.HTM
O8 - Extra context menu item: Zur Filterliste hinzufügen (WebWasher) - http://-Web.Washer-/ie_add
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra button: (no name) - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - K:\COPERN~1\COPERN~1.EXE
O9 - Extra 'Tools' menuitem: Starten von Copernic Agent - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - K:\COPERN~1\COPERN~1.EXE
O9 - Extra button: Preispiraten - {350F4DA2-3886-4BB8-A1A8-D7F57B56DFFF} - K:\Preispiraten\preispiraten3ie.exe
O9 - Extra 'Tools' menuitem: Preispiraten - {350F4DA2-3886-4BB8-A1A8-D7F57B56DFFF} - K:\Preispiraten\preispiraten3ie.exe
O9 - Extra button: PC Firewall 2007 Pro Quick Tune - {44627E97-789B-40d4-B5C2-58BD171129A1} - F:\PC Firewall Pro 2007\Plugins\BrowserBar\ie_bar.dll
O9 - Extra button: Copernic Agent - {688DC797-DC11-46A7-9F1B-445F4F58CE6E} - K:\COPERN~1\COPERN~1.EXE
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - F:\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - K:\Spybot\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - K:\Spybot\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: eBay - {E79005A3-0F92-434B-9F7B-51131FC7168F} - http://www.preispiraten.de/e/tr_ebdestart....p://www.ebay.de (file missing)
O9 - Extra button: eBay - Homepage - {EF79EAC5-3452-4E02-B8BD-BA4C89F1AC7A} - H:\IrfanView\Ebay\Ebay.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O16 - DPF: {0FF3E97F-433D-11D2-B31A-00A0C9B135DB} (CoDetectDigitalRiver Class) - http://ebot.digitalriver.com/v2.0-doc/dlwi...zard3.0.4.3.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6CB5E471-C305-11D3-99A8-000086395495} - http://toolbar.google.com/data/de/big/1.1....g/GoogleNav.cab
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installengine.com/engine/isetup.cab
O16 - DPF: {A8482EAF-A1F3-4934-AE3F-56EB195A50BF} (DeskUpdateV2 - Activex Control) - http://support.fujitsu-siemens.de/DeskUpda...api/activex.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Programme\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - K:\AdAware 2007\aawservice.exe
O23 - Service: G DATA AntiVirus Proxy (AVKProxy) - G DATA Software AG - C:\Programme\Gemeinsame Dateien\G DATA\AVKProxy\AVKProxy.exe
O23 - Service: AVK Service (AVKService) - G DATA Software AG - K:\AntiVirus 2008\AVK\AVKService.exe
O23 - Service: AVK Wächter (AVKWCtl) - G DATA Software AG - K:\AntiVirus 2008\AVK\AVKWCtl.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\System32\brsvc01a.exe
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: SFirewall Service (SFirewall) - Buhl Data Service GmbH - F:\PC Firewall Pro 2007\pcfw.exe
O23 - Service: SiteAdvisor-Dienst (SiteAdvisor Service) - Unknown owner - C:\Programme\SiteAdvisor\6172\SAService.exe
O23 - Service: Steganos Live Encryption Engine (Version 401) [Service] (SLEE_401_SERVICE) - Unknown owner - C:\WINDOWS\System32\SLEE401.exe
O23 - Service: T-Online DSL-Manager (TODslService) - T-Systems International GmbH - C:\Programme\T-Online\DSL-Manager\TODslSvc.exe
O23 - Service: T-DSL SpeedManager (TSMService) - T-Systems Business Services - C:\Programme\T-DSL SpeedManager\TSMSvc.exe
O23 - Service: CHIPDRIVE SCARD Service (TWKSCARDSRV) - SCM Microsystems - C:\WINDOWS\SCARDS32.EXE
O23 - Service: V2i Protector - PowerQuest Corporation - C:\Programme\PowerQuest\Drive Image 7.0\Agent\PQV2iSvc.exe

--
End of file - 12744 bytes

#10 dpmengefi

dpmengefi
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:11:07 AM

Posted 28 November 2007 - 01:53 PM

Hi Falu,

My Firewall program has just reported a warning which I've had before after using HiJack This to delete

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

I clicked on a link in an emal which then started to open Internet Explorer very slowly. Then the warning appeared.

As I can't insert an image, I'll translate the contents of this warning.

What should be done with the found spyware?
PC Firewall Pro has identified 1 spyware object in your system

Allow to carry out changes to the quoted URL from Internet Explorer, to avoid the browser from being taken over.

Data in HCKU\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page

Object name: Internet Explorer-URL's
Object Type: System Object
Action: Correct/Ignore
Number of Signatures: 1

Correct All
Ignore All
Ignore All Once


I closed Internet Explorer, they clicked on "Ignore All Once". Previous time I clicked on "Correct All" and the setting was changed back to :

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

Maybe this information will help you to work out what is going on.

#11 Falu

Falu

  • Security Colleague
  • 3,001 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:04:07 AM

Posted 29 November 2007 - 12:20 PM

Hi dpmengefi, :thumbsup:

1. Click on Start, Settings, Control Panel and double-click on Add or Remove Programs. From within Add or Remove Programs uninstall the following programs:

Spybot Search and Destroy
Spybot - Search & Destroy 1.4


Don't worry you will get it back later, the right version that is.

2. It's probably best to safe/print those instructions for use in safe mode, since you will not have access to this site at that time.

1) Restart your computer
2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3) Instead of Windows loading as normal, a menu should appear
4) Select the first option, to run Windows in Safe Mode.
5) Select your normal user account.

3. Clean your Cache and Cookies in IE:

* Close all instances of Outlook Express and Internet Explorer
* Go to Control Panel > Internet Options > General tab
* Click the "Delete Cookies" button
* Next to it, Click the "Delete Files" button
* When prompted, place a check in: "Delete all offline content", click OK

Clean your Cache and Cookies in Firefox (In case you also have Firefox installed):

* Go to Tools > Options.
* Click Privacy in the menu on the left side of the Options window.
* Click the Clear button located to the right of each option (History, Cookies, Cache).
* Click OK to close the Options window
Alternatively, you can clear all information stored while browsing by clicking Clear All.
A confirmation dialog box will be shown before clearing the information.

Clean other Temporary files + Recycle bin

* Go to start > run and type: cleanmgr and click ok.
* Let it scan your system for files to remove.
* Make sure Temporary Files, Temporary Internet Files, and Recycle Bin are the only things checked.
* Press OK to remove them.

4. Reboot to go back into normal mode.

5. Assuming you want Spybot back on your computer download and install the latest version: Spybot 1.5.1

6.

I clicked on a link in an emal


The e-mail was thrustworthy as was the link?

7.

Still messages from Firewall blocking an attempt to scan certain ports.


Please check you firewall settings and let me know if you see something odd.

8.

As I can't insert an image


Maybe you can next time using this tutorial: How to make a screen shot in Windows.

9. If I understand well you got this message after you produced the HijackThis log you posted (post 9). Please post a fresh HiajckThis log to check possible changes.

#12 dpmengefi

dpmengefi
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:11:07 AM

Posted 30 November 2007 - 03:31 AM

Hi,

I know how to make a screenshoot, it's just I didn't know how to upload a grafic to the Bleeping Computer forum. Now I know that I need to create a link on another webiste.

When I clicked on a link in this email it was from someone that can be trusted. Afterwards, I did copy and paste of this link into Firefox and it showed me the information I wanted to read about.

Things still the same with Firewall program blocking an attempt to scan certain ports. What settings shoulsd I check?Here is a new HiJachThis log.





Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:50:16, on 29.11.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
K:\AdAware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\brsvc01a.exe
C:\WINDOWS\System32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
F:\PC Booster\pcbooster.exe
K:\The Cleaner\tca.exe
K:\The Cleaner\tcm.exe
K:\AntiVirus 2008\AVK\AVKService.exe
C:\Programme\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Programme\SiteAdvisor\6172\SiteAdv.exe
K:\AntiVirus 2008\AVK\AVKWCtl.exe
C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
K:\AntiVirus 2008\AVKTray\AVKTray.exe
C:\Programme\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
C:\Programme\Windows Media Player\WMPNSCFG.exe
C:\WINDOWS\System32\GEARSec.exe
C:\Programme\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\WINDOWS\System32\svchost.exe
F:\MemoKit\memokit2.exe
K:\SpywareGuard\sgmain.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programme\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
K:\SpywareGuard\sgbhp.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\oodag.exe
F:\PC Firewall Pro 2007\pcfw.exe
C:\Programme\SiteAdvisor\6172\SAService.exe
C:\WINDOWS\System32\SLEE401.exe
C:\WINDOWS\SCARDS32.EXE
C:\Programme\PowerQuest\Drive Image 7.0\Agent\PQV2iSvc.exe
C:\Programme\Gemeinsame Dateien\G DATA\AVKProxy\AVKProxy.exe
C:\WINDOWS\System32\Fast.exe
C:\WINDOWS\System32\svchost.exe
K:\ProcessExplorer\procexp.exe
F:\The Bat\thebat.exe
K:\Firefox\Mozilla Firefox\firefox.exe
K:\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - F:\SnagIt 7\SnagItBHO.dll
O2 - BHO: G DATA WebFilter - {0124123D-61B4-456f-AF86-78C53A0790C5} - K:\AntiVirus 2008\Webfilter\AVKWebIE.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Programme\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SpywareGuardDLBLOCK.CBrowserHelper - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - K:\SPYWAREGUARD\DLPROTECT.DLL
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - K:\Spybot\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_03\bin\ssv.dll (file missing)
O2 - BHO: amazon - {84B94901-3645-4D80-A6B7-4D0050B19455} - K:\Preispiraten\IEButtonAmazonInterface.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programme\google\googletoolbar5.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: eBay - {CD9B7762-DFBC-42B1-BB30-02A78287B456} - K:\Preispiraten\IEButtonEbayInterface.dll
O2 - BHO: Preispiraten - {E9E027BF-C3F3-4022-8F6B-8F6D39A59684} - K:\Preispiraten\IEButtonPPInterface.dll
O2 - BHO: (no name) - {FFFFFEF0-5B30-21D4-945D-000000000000} - K:\STARDO~1\SDIEInt.dll
O3 - Toolbar: Copernic Agent - {F2E259E8-0FC8-438C-A6E0-342DD80FA53E} - K:\COPERN~1\COPERN~1.DLL
O3 - Toolbar: FraudEliminator - {A5181F8A-0B9D-43AC-8BE5-EB61651DB685} - C:\Programme\FraudEliminator\2.3.0\FETB.dll
O3 - Toolbar: &Netcraft Toolbar - {D554D8FC-B36D-4BB4-93DB-4A3394D505E3} - C:\Programme\Netcraft Toolbar\nctb.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Programme\SiteAdvisor\6172\SiteAdv.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programme\google\googletoolbar5.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - F:\SnagIt 7\SnagItIEAddin.dll
O3 - Toolbar: G DATA WebFilter - {0124123D-61B4-456f-AF86-78C53A0790C5} - K:\AntiVirus 2008\Webfilter\AVKWebIE.dll
O4 - HKLM\..\Run: [PC Booster] F:\PC Booster\pcbooster.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [tcactive] K:\The Cleaner\tca.exe
O4 - HKLM\..\Run: [tcmonitor] K:\The Cleaner\tcm.exe
O4 - HKLM\..\Run: [PC Firewall Professional] "F:\PC Firewall Pro 2007\pcfw.exe" /waitservice
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "F:\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Programme\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [SiteAdvisor] C:\Programme\SiteAdvisor\6172\SiteAdv.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [MsgCenterExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\RealOneMessageCenter.exe" -osboot
O4 - HKLM\..\Run: [AVKTray] "K:\AntiVirus 2008\AVKTray\AVKTray.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.6.0_03\bin\jusched.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\RunOnce: [ITD7] "K:\STEGANOS INTERNET TRACE DESTRUCTOR 7\ITD7.EXE" -FIRSTBOOT (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-20\..\RunOnce: [ITD7] "K:\STEGANOS INTERNET TRACE DESTRUCTOR 7\ITD7.EXE" -FIRSTBOOT (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [ITD7] "K:\STEGANOS INTERNET TRACE DESTRUCTOR 7\ITD7.EXE" -FIRSTBOOT (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [ITD7] "K:\STEGANOS INTERNET TRACE DESTRUCTOR 7\ITD7.EXE" -FIRSTBOOT (User 'Default user')
O4 - S-1-5-18 Startup: T-Online DSL-Manager.lnk = C:\Programme\T-Online\DSL-Manager\TODslMgr.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: T-Online DSL-Manager.lnk = C:\Programme\T-Online\DSL-Manager\TODslMgr.exe (User 'Default user')
O4 - Startup: ERUNT AutoBackup.lnk = C:\Programme\ERUNT\AUTOBACK.EXE
O4 - Startup: MemoKit.lnk = F:\MemoKit\mk.exe
O4 - Startup: SpywareGuard.lnk = K:\SpywareGuard\sgmain.exe
O4 - Global Startup: DSLMON.lnk = C:\Programme\SAGEM\SAGEM F@st 800-840\dslmon.exe
O8 - Extra context menu item: &Preispiratensuche nach markiertem Text - K:\\Preispiraten\\preispiraten.html
O8 - Extra context menu item: Download with Star Downloader - K:\Star Downloader\sdie.htm
O8 - Extra context menu item: Enqueue in Star Downloader - K:\Star Downloader\sdieenq.htm
O8 - Extra context menu item: Leech with Star Downloader - K:\Star Downloader\leechie.htm
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://F:\MICROS~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Search Using Copernic Shopper - K:\COPERN~2\WEB\FIND.HTM
O8 - Extra context menu item: Suchen mit Copernic Agent - K:\COPERNIC AGENT\WEB\SEARCHEXT.HTM
O8 - Extra context menu item: Zur Filterliste hinzufügen (WebWasher) - http://-Web.Washer-/ie_add
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra button: (no name) - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - K:\COPERN~1\COPERN~1.EXE
O9 - Extra 'Tools' menuitem: Starten von Copernic Agent - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - K:\COPERN~1\COPERN~1.EXE
O9 - Extra button: Preispiraten - {350F4DA2-3886-4BB8-A1A8-D7F57B56DFFF} - K:\Preispiraten\preispiraten3ie.exe
O9 - Extra 'Tools' menuitem: Preispiraten - {350F4DA2-3886-4BB8-A1A8-D7F57B56DFFF} - K:\Preispiraten\preispiraten3ie.exe
O9 - Extra button: PC Firewall 2007 Pro Quick Tune - {44627E97-789B-40d4-B5C2-58BD171129A1} - F:\PC Firewall Pro 2007\Plugins\BrowserBar\ie_bar.dll
O9 - Extra button: Copernic Agent - {688DC797-DC11-46A7-9F1B-445F4F58CE6E} - K:\COPERN~1\COPERN~1.EXE
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - F:\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - K:\Spybot\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - K:\Spybot\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: eBay - {E79005A3-0F92-434B-9F7B-51131FC7168F} - http://www.preispiraten.de/e/tr_ebdestart....p://www.ebay.de (file missing)
O9 - Extra button: eBay - Homepage - {EF79EAC5-3452-4E02-B8BD-BA4C89F1AC7A} - H:\IrfanView\Ebay\Ebay.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O16 - DPF: {0FF3E97F-433D-11D2-B31A-00A0C9B135DB} (CoDetectDigitalRiver Class) - http://ebot.digitalriver.com/v2.0-doc/dlwi...zard3.0.4.3.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6CB5E471-C305-11D3-99A8-000086395495} - http://toolbar.google.com/data/de/big/1.1....g/GoogleNav.cab
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installengine.com/engine/isetup.cab
O16 - DPF: {A8482EAF-A1F3-4934-AE3F-56EB195A50BF} (DeskUpdateV2 - Activex Control) - http://support.fujitsu-siemens.de/DeskUpda...api/activex.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Programme\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - K:\AdAware 2007\aawservice.exe
O23 - Service: G DATA AntiVirus Proxy (AVKProxy) - G DATA Software AG - C:\Programme\Gemeinsame Dateien\G DATA\AVKProxy\AVKProxy.exe
O23 - Service: AVK Service (AVKService) - G DATA Software AG - K:\AntiVirus 2008\AVK\AVKService.exe
O23 - Service: AVK Wächter (AVKWCtl) - G DATA Software AG - K:\AntiVirus 2008\AVK\AVKWCtl.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\System32\brsvc01a.exe
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: SFirewall Service (SFirewall) - Buhl Data Service GmbH - F:\PC Firewall Pro 2007\pcfw.exe
O23 - Service: SiteAdvisor-Dienst (SiteAdvisor Service) - Unknown owner - C:\Programme\SiteAdvisor\6172\SAService.exe
O23 - Service: Steganos Live Encryption Engine (Version 401) [Service] (SLEE_401_SERVICE) - Unknown owner - C:\WINDOWS\System32\SLEE401.exe
O23 - Service: T-Online DSL-Manager (TODslService) - T-Systems International GmbH - C:\Programme\T-Online\DSL-Manager\TODslSvc.exe
O23 - Service: T-DSL SpeedManager (TSMService) - T-Systems Business Services - C:\Programme\T-DSL SpeedManager\TSMSvc.exe
O23 - Service: CHIPDRIVE SCARD Service (TWKSCARDSRV) - SCM Microsystems - C:\WINDOWS\SCARDS32.EXE
O23 - Service: V2i Protector - PowerQuest Corporation - C:\Programme\PowerQuest\Drive Image 7.0\Agent\PQV2iSvc.exe

--
End of file - 12978 bytes

#13 Falu

Falu

  • Security Colleague
  • 3,001 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:04:07 AM

Posted 01 December 2007 - 03:25 PM

HI dpmengefi,

1. Disable SpywareGuard:

* Right click the running icon ofSpywareGuard, it will open the program.
* Then go to Menu, file, exit.
* Then confirm the program is closed.

2. Run HijackThis, click Scan and checkmark the following entries:

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_03\bin\ssv.dll (file missing)

Close all browsers and windows, except for HijackThis and click the Fix Checked button; close HijackThis!

3.

Things still the same with Firewall program blocking an attempt to scan certain ports.


A firewall is constantly checking incoming and/or outgoing traffic. I use Comodo and see a little icon in my taskbar showing when it's doing that. Whatever it finds is stored in a log, you will have that too I assume, so you can check and see what it blocked.

4.

What settings shoulsd I check?


You can check which sites/files you want your firewall to block and change those settings. You probably can set the level of securtiy you want. Since I'm not familiar with your firewall it's difficult to advise you but you should read the manual of your firewall or maybe there is users forum to ask for help.

Please post a fresh HijackThis log.

#14 dpmengefi

dpmengefi
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:11:07 AM

Posted 04 December 2007 - 08:05 AM

Hi Falu,

The Firewall is blocking the following outgoing traffic:

Process Name: svchost.exe
Protocol: UDP
Remote-Address: 192.168.252.16
Remote Port: DNS
Reason: Instead is DNS used (translated from German to English)

The settings show that the “rule assistant” is used for the firewall. This is between “allow almost everything” and “block almost everything”. When a new program wants to connect to the internet, the firewall asks me if I will allow this. It is also set for the “stealth mode”. There aren’t any blocked sites/files listed, only those with limited access and the ones that are trustworthy.

Here is a new HiJackThis log.



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:33:08, on 03.12.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
K:\AdAware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\brsvc01a.exe
C:\WINDOWS\System32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
K:\AntiVirus 2008\AVK\AVKService.exe
K:\AntiVirus 2008\AVK\AVKWCtl.exe
F:\PC Booster\pcbooster.exe
C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
K:\The Cleaner\tca.exe
K:\The Cleaner\tcm.exe
C:\Programme\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\WINDOWS\System32\GEARSec.exe
C:\Programme\SiteAdvisor\6172\SiteAdv.exe
C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
K:\AntiVirus 2008\AVKTray\AVKTray.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Programme\Windows Media Player\WMPNSCFG.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programme\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\oodag.exe
C:\Programme\SAGEM\SAGEM F@st 800-840\dslmon.exe
F:\PC Firewall Pro 2007\pcfw.exe
F:\MemoKit\memokit2.exe
C:\Programme\SiteAdvisor\6172\SAService.exe
C:\WINDOWS\System32\SLEE401.exe
C:\WINDOWS\SCARDS32.EXE
C:\Programme\PowerQuest\Drive Image 7.0\Agent\PQV2iSvc.exe
C:\Programme\Gemeinsame Dateien\G DATA\AVKProxy\AVKProxy.exe
C:\WINDOWS\System32\Fast.exe
C:\WINDOWS\System32\svchost.exe
F:\Microsoft Office\OFFICE11\WINWORD.EXE
K:\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - F:\SnagIt 7\SnagItBHO.dll
O2 - BHO: G DATA WebFilter - {0124123D-61B4-456f-AF86-78C53A0790C5} - K:\AntiVirus 2008\Webfilter\AVKWebIE.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Programme\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SpywareGuardDLBLOCK.CBrowserHelper - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - K:\SPYWAREGUARD\DLPROTECT.DLL
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - K:\Spybot\SDHelper.dll
O2 - BHO: amazon - {84B94901-3645-4D80-A6B7-4D0050B19455} - K:\Preispiraten\IEButtonAmazonInterface.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programme\google\googletoolbar5.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: eBay - {CD9B7762-DFBC-42B1-BB30-02A78287B456} - K:\Preispiraten\IEButtonEbayInterface.dll
O2 - BHO: Preispiraten - {E9E027BF-C3F3-4022-8F6B-8F6D39A59684} - K:\Preispiraten\IEButtonPPInterface.dll
O2 - BHO: (no name) - {FFFFFEF0-5B30-21D4-945D-000000000000} - K:\STARDO~1\SDIEInt.dll
O3 - Toolbar: Copernic Agent - {F2E259E8-0FC8-438C-A6E0-342DD80FA53E} - K:\COPERN~1\COPERN~1.DLL
O3 - Toolbar: FraudEliminator - {A5181F8A-0B9D-43AC-8BE5-EB61651DB685} - C:\Programme\FraudEliminator\2.3.0\FETB.dll
O3 - Toolbar: &Netcraft Toolbar - {D554D8FC-B36D-4BB4-93DB-4A3394D505E3} - C:\Programme\Netcraft Toolbar\nctb.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Programme\SiteAdvisor\6172\SiteAdv.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programme\google\googletoolbar5.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - F:\SnagIt 7\SnagItIEAddin.dll
O3 - Toolbar: G DATA WebFilter - {0124123D-61B4-456f-AF86-78C53A0790C5} - K:\AntiVirus 2008\Webfilter\AVKWebIE.dll
O4 - HKLM\..\Run: [PC Booster] F:\PC Booster\pcbooster.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [tcactive] K:\The Cleaner\tca.exe
O4 - HKLM\..\Run: [tcmonitor] K:\The Cleaner\tcm.exe
O4 - HKLM\..\Run: [PC Firewall Professional] "F:\PC Firewall Pro 2007\pcfw.exe" /waitservice
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "F:\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Programme\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [SiteAdvisor] C:\Programme\SiteAdvisor\6172\SiteAdv.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [MsgCenterExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\RealOneMessageCenter.exe" -osboot
O4 - HKLM\..\Run: [AVKTray] "K:\AntiVirus 2008\AVKTray\AVKTray.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.6.0_03\bin\jusched.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\RunOnce: [ITD7] "K:\STEGANOS INTERNET TRACE DESTRUCTOR 7\ITD7.EXE" -FIRSTBOOT (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-20\..\RunOnce: [ITD7] "K:\STEGANOS INTERNET TRACE DESTRUCTOR 7\ITD7.EXE" -FIRSTBOOT (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [ITD7] "K:\STEGANOS INTERNET TRACE DESTRUCTOR 7\ITD7.EXE" -FIRSTBOOT (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [ITD7] "K:\STEGANOS INTERNET TRACE DESTRUCTOR 7\ITD7.EXE" -FIRSTBOOT (User 'Default user')
O4 - S-1-5-18 Startup: T-Online DSL-Manager.lnk = C:\Programme\T-Online\DSL-Manager\TODslMgr.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: T-Online DSL-Manager.lnk = C:\Programme\T-Online\DSL-Manager\TODslMgr.exe (User 'Default user')
O4 - Startup: ERUNT AutoBackup.lnk = C:\Programme\ERUNT\AUTOBACK.EXE
O4 - Startup: MemoKit.lnk = F:\MemoKit\mk.exe
O4 - Startup: SpywareGuard.lnk = K:\SpywareGuard\sgmain.exe
O4 - Global Startup: DSLMON.lnk = C:\Programme\SAGEM\SAGEM F@st 800-840\dslmon.exe
O8 - Extra context menu item: &Preispiratensuche nach markiertem Text - K:\\Preispiraten\\preispiraten.html
O8 - Extra context menu item: Download with Star Downloader - K:\Star Downloader\sdie.htm
O8 - Extra context menu item: Enqueue in Star Downloader - K:\Star Downloader\sdieenq.htm
O8 - Extra context menu item: Leech with Star Downloader - K:\Star Downloader\leechie.htm
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://F:\MICROS~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Search Using Copernic Shopper - K:\COPERN~2\WEB\FIND.HTM
O8 - Extra context menu item: Suchen mit Copernic Agent - K:\COPERNIC AGENT\WEB\SEARCHEXT.HTM
O8 - Extra context menu item: Zur Filterliste hinzufügen (WebWasher) - http://-Web.Washer-/ie_add
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra button: (no name) - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - K:\COPERN~1\COPERN~1.EXE
O9 - Extra 'Tools' menuitem: Starten von Copernic Agent - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - K:\COPERN~1\COPERN~1.EXE
O9 - Extra button: Preispiraten - {350F4DA2-3886-4BB8-A1A8-D7F57B56DFFF} - K:\Preispiraten\preispiraten3ie.exe
O9 - Extra 'Tools' menuitem: Preispiraten - {350F4DA2-3886-4BB8-A1A8-D7F57B56DFFF} - K:\Preispiraten\preispiraten3ie.exe
O9 - Extra button: PC Firewall 2007 Pro Quick Tune - {44627E97-789B-40d4-B5C2-58BD171129A1} - F:\PC Firewall Pro 2007\Plugins\BrowserBar\ie_bar.dll
O9 - Extra button: Copernic Agent - {688DC797-DC11-46A7-9F1B-445F4F58CE6E} - K:\COPERN~1\COPERN~1.EXE
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - F:\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - K:\Spybot\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - K:\Spybot\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: eBay - {E79005A3-0F92-434B-9F7B-51131FC7168F} - http://www.preispiraten.de/e/tr_ebdestart....p://www.ebay.de (file missing)
O9 - Extra button: eBay - Homepage - {EF79EAC5-3452-4E02-B8BD-BA4C89F1AC7A} - H:\IrfanView\Ebay\Ebay.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O16 - DPF: {0FF3E97F-433D-11D2-B31A-00A0C9B135DB} (CoDetectDigitalRiver Class) - http://ebot.digitalriver.com/v2.0-doc/dlwi...zard3.0.4.3.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6CB5E471-C305-11D3-99A8-000086395495} - http://toolbar.google.com/data/de/big/1.1....g/GoogleNav.cab
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installengine.com/engine/isetup.cab
O16 - DPF: {A8482EAF-A1F3-4934-AE3F-56EB195A50BF} (DeskUpdateV2 - Activex Control) - http://support.fujitsu-siemens.de/DeskUpda...api/activex.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Programme\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - K:\AdAware 2007\aawservice.exe
O23 - Service: G DATA AntiVirus Proxy (AVKProxy) - G DATA Software AG - C:\Programme\Gemeinsame Dateien\G DATA\AVKProxy\AVKProxy.exe
O23 - Service: AVK Service (AVKService) - G DATA Software AG - K:\AntiVirus 2008\AVK\AVKService.exe
O23 - Service: AVK Wächter (AVKWCtl) - G DATA Software AG - K:\AntiVirus 2008\AVK\AVKWCtl.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\System32\brsvc01a.exe
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: SFirewall Service (SFirewall) - Buhl Data Service GmbH - F:\PC Firewall Pro 2007\pcfw.exe
O23 - Service: SiteAdvisor-Dienst (SiteAdvisor Service) - Unknown owner - C:\Programme\SiteAdvisor\6172\SAService.exe
O23 - Service: Steganos Live Encryption Engine (Version 401) [Service] (SLEE_401_SERVICE) - Unknown owner - C:\WINDOWS\System32\SLEE401.exe
O23 - Service: T-Online DSL-Manager (TODslService) - T-Systems International GmbH - C:\Programme\T-Online\DSL-Manager\TODslSvc.exe
O23 - Service: T-DSL SpeedManager (TSMService) - T-Systems Business Services - C:\Programme\T-DSL SpeedManager\TSMSvc.exe
O23 - Service: CHIPDRIVE SCARD Service (TWKSCARDSRV) - SCM Microsystems - C:\WINDOWS\SCARDS32.EXE
O23 - Service: V2i Protector - PowerQuest Corporation - C:\Programme\PowerQuest\Drive Image 7.0\Agent\PQV2iSvc.exe

--
End of file - 12743 bytes

#15 Falu

Falu

  • Security Colleague
  • 3,001 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:04:07 AM

Posted 05 December 2007 - 12:32 PM

HI dpmengefi, :thumbsup:

Firewall looks to be working just fine, HijackThis log looks okay so I think you're ready to go.

1. You may remove DSS from your computer since there's no sense in keeping it: it's updated all the time.

2. Remove previous restore points and set a new one to purge any malware that may have been backed up:

Click Start>Help and Support>Undo changes to your computer with System Restore
Click Create A Restore Point then click Next. Give it a name it and then click Create

Click Start>Run and type Cleanmgr
Click the More Options Tab.
Click Clean Up in the System Restore section.

This will remove all previous restore points except the newly created one.

3. You may enable your protection programmes again if you want to:

> SpywareGuard:

* Right click the running icon ofSpywareGuard, it will open the program.
* Then go to Menu, file, exit.
* Then confirm the program is closed.

> SuperAntispyware:

Right-click on the shortcut from the
system tray, choose View Control Center (preferences/options), on the General and Startup tab, check, Start SUPERAntispyware when Windows starts, click Close to exit.

4. In order to prevent future infections follow these recommendations:

a. Visit Windows Update on a regular basis to stay current with critical updates.

b. Install and run the following free programs:

* Ad-Aware SE
A tutorial on using Ad-Aware to remove spyware from your computer may be found here!

* Spybot-Search & Destroy
A tutorial on using Spybot to remove spyware from your computer may be found
here! Please also remember to enable Spybot's "Immunize" and "TeaTimer" features.

* SpywareBlaster
A tutorial on using SpywareBlaster to prevent spyware from ever installing on your computer may be found here!

* SpywareGuard
A tutorial on using SpywareGuard for realtime protection against spyware and hijackers may be found here!

* IE-SPYAD puts over 5000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all.

Keep all these programs (including your anti-virus) up-to-date and run them regularly.
If you do not update regularly they will not be able to catch any of the new variants that may come out.

e. I recommend you to read Tony Klein's excellent article: So how did I get infected in the first place?

f. If you want to fight back the Malware Writers, please take a look here!

Glad I was able to help and if there are any other problems related to your computer please feel free to post them in the appropriate forum. Though we help people with spyware and viruses here at BleepingComputer Forums, we also help people with other computer problems! Do not forget to tell your friends about us!

Good luck!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users