Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected With Trojandownloader Xs And Antispyware-review.biz


  • This topic is locked This topic is locked
2 replies to this topic

#1 rower2000

rower2000

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:07:35 AM

Posted 07 May 2008 - 12:12 PM

Hi!
I have the problem that some days ago while surfing the internet I performed a download from a, what I have seen later, not very trustworthy source. Since then I have those two malware programmes on my laptop saying I have spyware on my computer and I should buy their stuff... The two types I had so far were
1.) a standard windows prompt saying I was infected and I should setup an antispyware software. When I exit the setup, a yellow warning sign appears next to the clock. When clicking on that, I am directed to the website <hxxp://antispyware-reviews.biz/?wmid=4663&pwebmid=R3n1c2Bg8A>
2.) a blue/white/red colored prompt saying my computer is infected with trojandownloader.xs and that I should download their removal tool...
Also, since then, my internet connection has slowed down significantly and also, every 30 mins those prompts get annoying!

DSS report main:
Deckard's System Scanner v20071014.68
Run by seyrling on 2008-05-07 18:01:48
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- Last 5 Restore Point(s) --
18: 2008-05-04 18:12:33 UTC - RP91 - Geplanter Prüfpunkt
17: 2008-05-03 16:35:03 UTC - RP90 - ComboFix created restore point
16: 2008-05-02 16:18:30 UTC - RP89 - Installed Ad-Aware 2007
15: 2008-05-02 15:24:08 UTC - RP88 - Windows Update
14: 2008-05-02 15:22:33 UTC - RP87 - Windows Update


-- First Restore Point --
1: 2008-04-03 07:55:52 UTC - RP73 - Geplanter Prüfpunkt


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as seyrling.exe) --------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:03:37, on 07.05.2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\ProgramData\sbuvapyb\utcvyfat.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Windows\sttray.exe
C:\Windows\System32\WLTRAY.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Windows\System32\rundll32.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\System32\krkbmhoz.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
c:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\SetPoint\SetPoint.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Users\seyrling\Desktop\dss.exe
C:\Windows\system32\conime.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\seyrling.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hispeed.ch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:\PROGRA~1\mcafee\msk\mcapbho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe C:\Windows\system32\nvHotkey.dll,Start
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\Windows\system32\WLTRAY.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] "C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE"
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"
O4 - HKLM\..\Run: [dscactivate] c:\dell\dsca.exe 3
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [ICSDCLT] C:\Windows\rundll32.exe C:\Windows\system32\icsdclt.dll,ICSClient
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\RunServices: [SSDPSRV] C:\Windows\system32\ssdpsrv.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [cwzjvjdc] C:\Windows\system32\krkbmhoz.exe
O4 - HKCU\..\Run: [fpbmezkn] C:\ProgramData\fpbmezkn\zshgdexe.exe
O4 - HKLM\..\Policies\Explorer\Run: [Y3enIj2OVi] C:\ProgramData\sbuvapyb\utcvyfat.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST')
O4 - Startup: OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O4 - Global Startup: QuickSet.lnk = ?
O4 - Global Startup: SetPoint.lnk = ?
O4 - Global Startup: VPN Client.lnk = ?
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O13 - Gopher Prefix:
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: McAfee Application Installer Cleanup (0033001210175009) (0033001210175009mcinstcleanup) - Unknown owner - C:\Windows\TEMP\003300~1.EXE (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco VPN Client\cvpnd.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: SiteAdvisor-Dienst (SiteAdvisor Service) - Unknown owner - C:\Program Files\SiteAdvisor\6253\SAService.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Windows\system32\STacSV.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Windows\System32\WLTRYSVC.EXE
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 11718 bytes

-- File Associations -----------------------------------------------------------

.cpl - cplfile - shell\cplopen\command - rundll32.exe shell32.dll,Control_RunDLL "%1",%*


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

S3 DSproct - \??\c:\program files\dellsupport\gtaction\triggers\dsproct.sys
S3 NPF (NetGroup Packet Filter Driver) - c:\windows\system32\drivers\npf.sys <Not Verified; CACE Technologies; WinPcap Netgroup Packet Filter Driver>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 STacSV (SigmaTel Audio Service) - c:\windows\system32\stacsv.exe <Not Verified; SigmaTel, Inc.; C-Major Audio>

S2 0033001210175009mcinstcleanup (McAfee Application Installer Cleanup (0033001210175009)) - c:\windows\temp\003300~1.exe c:\progra~1\common~1\mcafee\instal~1\cleanup.ini -cleanup -nolog -service (file missing)
S3 DSBrokerService - "c:\program files\dellsupport\brkrsvc.exe" <Not Verified; ; Gteko BrkrSvc Application>
S3 rpcapd (Remote Packet Capture Protocol v.0 (experimental)) - "c:\program files\winpcap\rpcapd.exe" -d -f "c:\program files\winpcap\rpcapd.ini" <Not Verified; CACE Technologies; Remote Packet Capture Daemon>
S3 stllssvr - "c:\program files\common files\surething shared\stllssvr.exe" <Not Verified; MicroVision Development, Inc.; SureThing CD Labeler>


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Cisco Systems VPN Adapter
Device ID: ROOT\NET\0000
Manufacturer: Cisco Systems
Name: Cisco Systems VPN Adapter
PNP Device ID: ROOT\NET\0000
Service: CVirtA


-- Scheduled Tasks -------------------------------------------------------------

2007-11-07 19:29:29 368 --a------ C:\Windows\Tasks\McQcTask.job
2007-11-07 19:29:29 382 --a------ C:\Windows\Tasks\McDefragTask.job


-- Files created between 2008-04-07 and 2008-05-07 -----------------------------

2008-05-07 17:52:26 0 d-------- C:\Program Files\Trend Micro
2008-05-03 18:33:08 68096 --a------ C:\Windows\zip.exe
2008-05-03 18:33:08 49152 --a------ C:\Windows\VFind.exe
2008-05-03 18:33:08 212480 --a------ C:\Windows\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists>
2008-05-03 18:33:08 136704 --a------ C:\Windows\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller>
2008-05-03 18:33:08 161792 --a------ C:\Windows\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>
2008-05-03 18:33:08 98816 --a------ C:\Windows\sed.exe
2008-05-03 18:33:08 80412 --a------ C:\Windows\grep.exe
2008-05-03 18:33:08 73728 --a------ C:\Windows\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-05-03 18:32:52 0 d-------- C:\327882R2FWJFW
2008-05-02 18:19:18 0 d-------- C:\Program Files\Lavasoft
2008-05-02 18:18:02 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-05-01 15:21:29 4096 --a------ C:\Windows\system32\WINWGPX.EXE
2008-05-01 15:21:29 4096 --a------ C:\Windows\system32\winsystem.exe
2008-05-01 15:21:29 4096 --a------ C:\Windows\system32\winlogonpc.exe
2008-05-01 15:21:29 4096 --a------ C:\Windows\system32\vcatchpi.dll
2008-05-01 15:21:29 4096 --a------ C:\Windows\system32\thun32.dll
2008-05-01 15:21:29 4096 --a------ C:\Windows\system32\thun.dll
2008-05-01 15:21:29 4096 --a------ C:\Windows\system32\temp#01.exe
2008-05-01 15:21:29 4096 --a------ C:\Windows\system32\taack.exe
2008-05-01 15:21:29 4096 --a------ C:\Windows\system32\taack.dat
2008-05-01 15:21:29 4096 --a------ C:\Windows\system32\sysreq.exe
2008-05-01 15:21:29 4096 --a------ C:\Windows\system32\ssvchost.exe
2008-05-01 15:21:29 4096 --a------ C:\Windows\system32\ssvchost.com
2008-05-01 15:21:29 4096 --a------ C:\Windows\system32\ssurf022.dll
2008-05-01 15:21:29 4096 --a------ C:\Windows\system32\sncntr.exe
2008-05-01 15:21:29 4096 --a------ C:\Windows\system32\Rundl1.exe
2008-05-01 15:21:29 4096 --a------ C:\Windows\system32\regm64.dll
2008-05-01 15:21:29 4096 --a------ C:\Windows\system32\regc64.dll
2008-05-01 15:21:29 4096 --a------ C:\Windows\system32\psoft1.exe
2008-05-01 15:21:29 4096 --a------ C:\Windows\system32\psof1.exe
2008-05-01 15:21:29 4096 --a------ C:\Windows\system32\ps1.exe
2008-05-01 15:21:29 4096 --a------ C:\Windows\system32\newsd32.exe
2008-05-01 15:21:29 4096 --a------ C:\Windows\system32\netode.exe
2008-05-01 15:21:29 4096 --a------ C:\Windows\system32\mwin32.exe
2008-05-01 15:21:29 4096 --a------ C:\Windows\system32\mtr2.exe
2008-05-01 15:21:29 4096 --a------ C:\Windows\system32\msvchost.exe
2008-05-01 15:21:29 4096 --a------ C:\Windows\system32\mssecu.exe
2008-05-01 15:21:29 4096 --a------ C:\Windows\system32\msnbho.dll
2008-05-01 15:21:29 4096 --a------ C:\Windows\system32\msgp.exe
2008-05-01 15:21:29 4096 --a------ C:\Windows\system32\hxiwlgpm.exe
2008-05-01 15:21:29 4096 --a------ C:\Windows\system32\hxiwlgpm.dat
2008-05-01 15:21:29 4096 --a------ C:\Windows\system32\hoproxy.dll
2008-05-01 15:21:29 4096 --a------ C:\Windows\system32\h@tkeysh@@k.dll
2008-05-01 15:21:29 4096 --a------ C:\Windows\system32\dpcproxy.exe
2008-05-01 15:21:29 4096 --a------ C:\Windows\system32\bdn.com
2008-05-01 15:21:29 4096 --a------ C:\Windows\system32\awtoolb.dll
2008-05-01 15:21:29 4096 --a------ C:\Windows\system32\anticipator.dll
2008-05-01 15:21:29 4096 --a------ C:\Windows\system32\akttzn.exe
2008-05-01 15:21:28 4096 --a------ C:\Windows\system32\vbsys2.dll
2008-05-01 15:21:21 90112 --a------ C:\Windows\system32\krkbmhoz.exe
2008-04-16 18:40:28 0 d-------- C:\Program Files\WinPcap
2008-04-16 18:40:05 0 d-------- C:\Program Files\SIEMENS


-- Find3M Report ---------------------------------------------------------------

2008-05-07 17:43:26 0 d-------- C:\Program Files\McAfee
2008-05-07 17:40:04 641344 --a------ C:\Windows\system32\perfh007.dat
2008-05-07 17:40:04 116706 --a------ C:\Windows\system32\perfc007.dat
2008-05-07 17:35:52 0 d-------- C:\Users\seyrling\AppData\Roaming\skypePM
2008-05-07 17:35:50 67100 --a------ C:\Users\seyrling\AppData\Roaming\nvModes.dat
2008-05-07 17:35:49 67100 --a------ C:\Users\seyrling\AppData\Roaming\nvModes.001
2008-05-05 20:15:01 1515 --a------ C:\Windows\bthservsdp.dat
2008-05-04 11:55:20 0 d-------- C:\Program Files\Mozilla Thunderbird
2008-05-02 18:18:02 0 d-------- C:\Program Files\Common Files
2008-04-30 17:25:40 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-04-30 17:18:14 0 d-------- C:\Program Files\Microsoft Games
2008-04-20 19:18:47 0 d-------- C:\Users\seyrling\AppData\Roaming\Skype
2008-04-17 18:03:39 0 d-------- C:\Program Files\Java
2008-04-12 03:03:34 0 d-------- C:\Program Files\Windows Mail
2008-04-06 13:47:13 0 d-------- C:\Program Files\DivX
2008-04-06 13:47:02 0 d-------- C:\Program Files\Common Files\PX Storage Engine
2008-04-04 19:34:43 0 d-------- C:\Program Files\cablecom
2008-03-24 18:22:53 0 d-------- C:\Program Files\Common Files\McAfee
2008-03-23 21:30:26 0 d-------- C:\Users\seyrling\AppData\Roaming\Real
2008-02-21 04:05:44 3596288 --a------ C:\Windows\system32\qt-dx331.dll
2008-02-21 04:04:16 196608 --a------ C:\Windows\system32\dtu100.dll <Not Verified; DivX, Inc.; DivX, Inc. dtu100>
2008-02-21 04:04:16 81920 --a------ C:\Windows\system32\dpl100.dll <Not Verified; DivX, Inc.; DivX, Inc. dpl100>
2008-02-21 04:04:04 802816 --a------ C:\Windows\system32\divx_xx11.dll <Not Verified; DivX, Inc.; DivX?>
2008-02-21 04:04:04 823296 --a------ C:\Windows\system32\divx_xx0c.dll <Not Verified; DivX, Inc.; DivX®>
2008-02-21 04:04:04 823296 --a------ C:\Windows\system32\divx_xx07.dll <Not Verified; DivX, Inc.; DivX®>
2008-02-21 04:04:04 682496 --a------ C:\Windows\system32\DivX.dll <Not Verified; DivX, Inc.; DivX®>
2008-02-21 04:03:24 12288 --a------ C:\Windows\system32\DivXWMPExtType.dll


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{377C180E-6F0E-4D4C-980F-F45BD3D40CF4}]
19.09.2007 07:15 329032 --a------ c:\PROGRA~1\mcafee\msk\mcapbho.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [08.11.2007 02:17]
"Apoint"="C:\Program Files\DellTPad\Apoint.exe" [18.04.2007 05:31]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [16.05.2007 07:35]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [16.05.2007 07:35]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [16.05.2007 07:35]
"NVHotkey"="C:\Windows\system32\nvHotkey.dll" [16.05.2007 07:35]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [22.02.2008 04:25]
"SigmatelSysTrayApp"="sttray.exe" [06.03.2007 22:37 C:\Windows\sttray.exe]
"Broadcom Wireless Manager UI"="C:\Windows\system32\WLTRAY.exe" [21.03.2007 21:33]
"Logitech Hardware Abstraction Layer"="C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE" [11.01.2007 21:15]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [03.10.2006 13:37]
"RoxWatchTray"="C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [05.11.2006 13:22]
"PCMService"="C:\Program Files\Dell\MediaDirect\PCMService.exe" [16.04.2007 18:10]
"dscactivate"="c:\dell\dsca.exe" [30.07.2007 21:40]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [10.10.2007 20:51]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [03.10.2006 13:35]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [11.01.2007 21:15 C:\Windows\KHALMNPR.Exe]
"ICSDCLT"="C:\Windows\C:\Windows\system32\icsdclt.dll" []
"SiteAdvisor"="C:\Program Files\SiteAdvisor\6253\SiteAdv.exe" [24.08.2007 23:57]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [10.01.2008 16:27]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [15.01.2008 04:22]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [29.02.2008 17:53]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [03.08.2007 23:33]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [12.01.2008 17:16]
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [15.03.2007 14:09]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [02.11.2006 14:35]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [07.12.2007 16:08]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [02.11.2006 14:36]
"cwzjvjdc"="C:\Windows\system32\krkbmhoz.exe" [01.05.2008 15:21]
"fpbmezkn"="C:\ProgramData\fpbmezkn\zshgdexe.exe" [03.05.2008 18:53]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices]
"SSDPSRV"=C:\Windows\system32\ssdpsrv.exe

C:\Users\seyrling\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [24.08.2007 05:45:42]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
BTTray.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [03.11.2006 19:55:50]
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [07.11.2007 19:02:07]
QuickSet.lnk - C:\Windows\Installer\{7F0C4457-8E64-491B-8D7B-991504365D1E}\NewShortcut2_53A01CC614B04512A2E710D39BF83DC4.exe [07.11.2007 19:00:32]
SetPoint.lnk - C:\Program Files\SetPoint\SetPoint.exe [07.11.2007 19:03:14]
VPN Client.lnk - C:\Windows\Installer\{14FCFE7C-AB86-428A-9D2E-BFB6F5A7AA6E}\Icon3E5562ED7.ico [22.12.2007 20:26:01]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"=2 (0x2)
"DisableRegistryTools"=0 (0x0)
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=1 (0x1)
"HideStartupScripts"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=1 (0x1)
"HideStartupScripts"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\Run]
"Y3enIj2OVi"=C:\ProgramData\sbuvapyb\utcvyfat.exe

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
@="IEEE 1394 Bus host controllers"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
@="SBP2 IEEE 1394 Devices"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
@="SecurityDevices"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalSystemNetworkRestricted hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc EMDMgmt TabletInputService wlansvc WPDBusEnum
bthsvcs BthServ


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a2052965-8d4f-11dc-ade1-806e6f6e6963}]
AutoRun\command- E:\Autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a7b797a5-f421-11dc-a727-001dd9e5a0c7}]
AutoRun\command- higj2p.bat
explore\Command- higj2p.bat
open\Command- higj2p.bat


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
C:\Windows\system32\unregmp2.exe /ShowWMP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
%SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI



-- End of Deckard's System Scanner: finished at 2008-05-07 18:05:05 ------------


DSS report extra:
Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft® Windows Vistaâ„¢ Home Premium (build 6000)
Architecture: X86; Language: German

CPU 0: Intel® Core™2 Duo CPU T7250 @ 2.00GHz
Percentage of Memory in Use: 46%
Physical Memory (total/avail): 2045.57 MiB / 1100.58 MiB
Pagefile Memory (total/avail): 4307.93 MiB / 3075.24 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1924.2 MiB

C: is Fixed (NTFS) - 136.44 GiB total, 82.03 GiB free.
D: is Fixed (NTFS) - 10 GiB total, 5.61 GiB free.
E: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - SAMSUNG HM160HI - 149.05 GiB - 4 partitions
\PARTITION0 - Unknown - 109.79 MiB
\PARTITION1 - Installierbares Dateisystem - 10 GiB - D:
\PARTITION2 (bootable) - Installierbares Dateisystem - 136.44 GiB - C:
\PARTITION3 - Erweitert mit Int 13 (erweitert) - 2.5 GiB



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

FW: McAfee Personal Firewall v (McAfee)
AV: McAfee VirusScan v (McAfee)
AS: McAfee VirusScan v (McAfee)
AS: Windows-Defender v1.1.1505.0 (Microsoft Corporation)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\ProgramData
APPDATA=C:\Users\seyrling\AppData\Roaming
CLASSPATH=.;C:\Program Files\Java\jre1.6.0\lib\ext\QTJava.zip
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=MYLAPTOP
ComSpec=C:\Windows\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Users\seyrling
LOCALAPPDATA=C:\Users\seyrling\AppData\Local
LOGONSERVER=\\MYLAPTOP
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\Windows\system32;C:\Windows;C:\Windows\system32\wbem;C:\Program Files\MiKTeX 2.7\miktex\bin;C:\Program Files\Common Files\Roxio Shared\DLLShared;C:\Program Files\Common Files\Roxio Shared\DLLShared;C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared;C:\Program Files\QuickTime\QTSystem
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 15 Stepping 13, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0f0d
ProgramData=C:\ProgramData
ProgramFiles=C:\Program Files
PROMPT=$P$G
PUBLIC=C:\Users\Public
QTJAVA=C:\Program Files\Java\jre1.6.0\lib\ext\QTJava.zip
RoxioCentral=C:\Program Files\Common Files\Roxio Shared\9.0\Roxio Central33\
SystemDrive=C:
SystemRoot=C:\Windows
TEMP=C:\Users\seyrling\AppData\Local\Temp
TMP=C:\Users\seyrling\AppData\Local\Temp
USERDOMAIN=myLaptop
USERNAME=seyrling
USERPROFILE=C:\Users\seyrling
windir=C:\Windows


-- User Profiles ---------------------------------------------------------------

seyrling


-- Add/Remove Programs ---------------------------------------------------------

--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0016-0407-0000-0000000FF1CE} /uninstall {DCBECE36-8F23-4B33-925E-A1C6183C0DBD}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0018-0407-0000-0000000FF1CE} /uninstall {DCBECE36-8F23-4B33-925E-A1C6183C0DBD}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001B-0407-0000-0000000FF1CE} /uninstall {DCBECE36-8F23-4B33-925E-A1C6183C0DBD}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001F-0407-0000-0000000FF1CE} /uninstall {2AB528A5-BB1B-4EBE-8E51-AD0C4CD33CA9}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {430971B1-C31E-45DA-81E0-72C095BAB72C}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001F-0410-0000-0000000FF1CE} /uninstall {58FC5E37-DD28-4D4A-A549-125744C6763C}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-006E-0407-0000-0000000FF1CE} /uninstall {888B9AC7-8F5C-456B-A27A-157A6C310E52}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-00A1-0407-0000-0000000FF1CE} /uninstall {DCBECE36-8F23-4B33-925E-A1C6183C0DBD}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419}
Ad-Aware 2007 --> MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Flash Player 9 ActiveX --> C:\Windows\system32\Macromed\Flash\UninstFl.exe -q
Adobe Flash Player ActiveX --> C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin --> C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 8.1.1 - Deutsch --> MsiExec.exe /I{AC76BA86-7AD7-1031-7B44-A81000000003}
Apple Mobile Device Support --> MsiExec.exe /I{D8AB8F0C-CEEB-4A29-8EF5-219B064813F4}
Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
Assistant zum Anpassen des Dell-Systems --> MsiExec.exe /I{FD023F61-65E9-465C-B558-7C64EB2B97E6}
BearShare --> C:\PROGRA~1\BEARSH~1\UNWISE.EXE C:\PROGRA~1\BEARSH~1\INSTALL.LOG
Benutzerhandbuch --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5CD29180-A95E-11D3-A4EB-00C04F7BDB2C}\setup.exe"
Broadcom Management Programs --> MsiExec.exe /I{C99C0593-3B48-41D9-B42F-6E035B320449}
cablecom Starten --> "C:\ProgramData\{33192069-C12D-42A7-99B0-5DECF0AB0841}\cablecom Starten.exe" REMOVE=TRUE MODIFY=FALSE
cablecom Starten --> C:\ProgramData\{33192069-C12D-42A7-99B0-5DECF0AB0841}\cablecom Starten.exe
CDDRV_Installer --> MsiExec.exe /I{8CC990CD-87C8-475C-AC32-8A7984E2FCFA}
Cisco Systems VPN Client 5.0.01.0600 --> MsiExec.exe /X{14FCFE7C-AB86-428A-9D2E-BFB6F5A7AA6E}
Conexant HDA D330 MDC V.92 Modem --> C:\Program Files\CONEXANT\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2C06&SUBSYS_14F1000F\HXFSETUP.EXE -U -Idel000fz.inf
Dell Support Center --> MsiExec.exe /X{B8C54AB1-7E1A-40E8-B794-EDB6E8921F3A}
Dell Touchpad --> C:\Program Files\DellTPad\Uninstap.exe ADDREMOVE
Dell Wireless WLAN Card --> "C:\Program Files\Dell\Dell Wireless WLAN Card\bcmwlu00.exe" verbose /rootkey="Software\Broadcom\802.11\UninstallInfo" /rootdir="C:\Program Files\Dell\Dell Wireless WLAN Card"
DellSupport --> MsiExec.exe /X{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}
Digital Line Detect --> C:\Program Files\InstallShield Installation Information\{E646DCF0-5A68-11D5-B229-002078017FBF}\setup.exe -runfromtemp -l0x0007 -removeonly
DivX Codec --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Content Uploader --> C:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER
DivX Converter --> C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player --> C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
FileZilla Client 3.0.3 --> C:\Program Files\FileZilla Client\uninstall.exe
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
ICQ6 --> C:\Program Files\InstallShield Installation Information\{60DE4033-9503-48D1-A483-7846BD217CA9}\setup.exe -runfromtemp -l0x0009 -removeonly
iTunes --> MsiExec.exe /I{B85C4D19-6CEB-48CF-BD98-C887AC8C6F94}
Java™ 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java™ 6 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Java™ SE Runtime Environment 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160000}
KhalSetup --> MsiExec.exe /I{9060B698-2B29-4A1F-B876-BEAC4C0A25D5}
McAfee SecurityCenter --> C:\Program Files\McAfee\MSC\mcuninst.exe
MediaDirect --> C:\Program Files\InstallShield Installation Information\{9C6978E8-B6D0-4AB7-A7A0-D81A74FBF745}\setup.exe -runfromtemp -l0x0007 -cluninstall
Microsoft Flight Simulator X Demo --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{B98A34C0-A6A2-4087-B272-557C1C6D0A07}
Microsoft Office Excel MUI (German) 2007 --> MsiExec.exe /X{90120000-0016-0407-0000-0000000FF1CE}
Microsoft Office Home and Student 2007 --> "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall HOMESTUDENTR /dll OSETUP.DLL
Microsoft Office Home and Student 2007 --> MsiExec.exe /X{91120000-002F-0000-0000-0000000FF1CE}
Microsoft Office OneNote MUI (German) 2007 --> MsiExec.exe /X{90120000-00A1-0407-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (German) 2007 --> MsiExec.exe /X{90120000-0018-0407-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007 --> MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007 --> MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (German) 2007 --> MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}
Microsoft Office Proof (Italian) 2007 --> MsiExec.exe /X{90120000-001F-0410-0000-0000000FF1CE}
Microsoft Office Proofing (German) 2007 --> MsiExec.exe /X{90120000-002C-0407-0000-0000000FF1CE}
Microsoft Office Shared MUI (German) 2007 --> MsiExec.exe /X{90120000-006E-0407-0000-0000000FF1CE}
Microsoft Office Word MUI (German) 2007 --> MsiExec.exe /X{90120000-001B-0407-0000-0000000FF1CE}
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
MiKTeX 2.7 --> "C:\Program Files\MiKTeX 2.7\miktex\bin\copystart_admin.exe" "C:\Program Files\MiKTeX 2.7\miktex\config\uninstall.dat"
Modem-Diagnose-Tool --> MsiExec.exe /I{F63A3748-B93D-4360-9AD4-B064481A5C7B}
Mozilla Firefox (2.0.0.14) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
Mozilla Thunderbird (2.0.0.14) --> C:\Program Files\Mozilla Thunderbird\uninstall\helper.exe
MSXML 4.0 SP2 (KB936181) --> MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB941833) --> MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF}
MSXML 4.0 SP2 Parser and SDK --> MsiExec.exe /I{716E0306-8318-4364-8B8F-0CC4E9376BAC}
NetWaiting --> C:\Program Files\InstallShield Installation Information\{3F92ABBB-6BBF-11D5-B229-002078017FBF}\setup.exe -runfromtemp -l0x0007 -removeonly
NVIDIA Drivers --> C:\Windows\system32\NVUNINST.EXE UninstallGUI
OutlookAddinSetup --> MsiExec.exe /I{9BDEF074-020E-458D-ADC5-8FF68E0C9B56}
QuickSet --> MsiExec.exe /I{7F0C4457-8E64-491B-8D7B-991504365D1E}
QuickTime --> MsiExec.exe /I{6EC874C2-F950-4B7E-A5B7-B1066D6B74AA}
RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Roxio Creator Audio --> MsiExec.exe /I{83FFCFC7-88C6-41c6-8752-958A45325C82}
Roxio Creator BDAV Plugin --> MsiExec.exe /I{880AF49C-34F7-4285-A8AD-8F7A3D1C33DC}
Roxio Creator Copy --> MsiExec.exe /I{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}
Roxio Creator Data --> MsiExec.exe /I{0D397393-9B50-4c52-84D5-77E344289F87}
Roxio Creator DE --> MsiExec.exe /I{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}
Roxio Creator Tools --> MsiExec.exe /I{0394CDC8-FABD-4ed8-B104-03393876DFDF}
Roxio Express Labeler --> MsiExec.exe /I{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
Roxio MyDVD DE --> MsiExec.exe /I{D639085F-4B6E-4105-9F37-A0DBB023E2FB}
Roxio Update Manager --> MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E}
Security Update for Excel 2007 (KB946974) --> msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {85E83E2E-AF9B-439B-B4F9-EB9B7EF6A00E}
Security Update for Office 2007 (KB947801) --> msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {02B5A17B-01BE-4BA6-95F1-1CBB46EBC76E}
Security Update for Visio 2007 (KB947590) --> msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {6BAD036C-261F-4BEF-96CF-C20678D07A41}
SetPoint --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2E8EAC71-BFE4-417A-88F0-5A1BDFBCF5D3}\setup.exe" -l0x7 -removeonly
SIEMENS HomePlug Utility 2.2.20060629.0 --> "C:\Program Files\SIEMENS\HomePlug\unins000.exe"
SigmaTel Audio --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}\setup.exe" -l0x7 -remove -removeonly
Simon Bergner´s ATC Simulator --> MsiExec.exe /I{EA312C43-6187-11D8-AEFD-00A0CC5F5288}
Skypeâ„¢ 3.6 --> MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
Sonic Activation Module --> MsiExec.exe /I{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}
TeXnicCenter Version 1 Beta 7.01 (Greengrass) --> "C:\Program Files\TeXnicCenter\unins000.exe"
Update for Office 2007 (KB946691) --> msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278}
WIDCOMM Bluetooth Software 6.0.1.3100 --> MsiExec.exe /X{A13E07E1-A423-44FB-9DEE-B24C75C1BAF2}
Windows Media Player Firefox Plugin --> MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
WinPcap 3.1 --> C:\Program Files\WinPcap\uninstall.exe


-- Application Event Log -------------------------------------------------------

Event Record #/Type8257 / Error
Event Submitted/Written: 05/07/2008 05:35:33 PM
Event ID/Source: 5007 / WerSvc
Event Description:
Die Zieldatei für die Windows-Feedbackplattform (eine DLL-Datei, die eine Liste der auf diesem Computer aufgetretenen Probleme enthält, für deren Diagnose das Sammeln zusätzlicher Daten erforderlich ist) konnte nicht analysiert werden. Fehlercode 8014FFF9.

Event Record #/Type8252 / Success
Event Submitted/Written: 05/07/2008 05:35:24 PM
Event ID/Source: 5617 / WinMgmt
Event Description:


Event Record #/Type8251 / Success
Event Submitted/Written: 05/07/2008 05:35:19 PM
Event ID/Source: 5615 / WinMgmt
Event Description:


Event Record #/Type8246 / Success
Event Submitted/Written: 05/07/2008 05:35:06 PM
Event ID/Source: 902 / Software Licensing Service
Event Description:
Der Softwarelizenzierungsdienst wurde gestartet.

Event Record #/Type8239 / Warning
Event Submitted/Written: 05/05/2008 08:14:59 PM
Event ID/Source: 1530 / profsvc
Event Description:
Es wurde festgestellt, dass Ihre Registrierungsdatei noch von anderen Anwendungen oder Diensten verwendet wird. Die Datei wird nun entladen. Die Anwendungen oder Dienste, die Ihre Registrierungsdatei anhalten, funktionieren anschließend u. U. nicht mehr ordnungsgemäß.

DETAIL -
1 user registry handles leaked from \Registry\User\S-1-5-21-2965797782-3205723179-3418297201-1000_Classes:
Process 912 (\Device\HarddiskVolume3\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2965797782-3205723179-3418297201-1000_CLASSES



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type38582 / Warning
Event Submitted/Written: 05/07/2008 06:03:54 PM
Event ID/Source: 3004 / WinDefend
Event Description:
Vom %myLaptop27-Echtzeitschutz-Agent wurden Änderungen erkannt. Microsoft empfiehlt, die Software, die diese Änderungen vorgenommen hat, zu analysieren, um potenzielle Risiken festzustellen. Sie können anhand der Informationen über die Funktionsweise dieser Programme entscheiden, ob die Software ausgeführt werden kann oder vom Computer entfernt werden soll. Lassen Sie nur Änderungen zu, wenn das Programm oder der Softwareherausgeber vertrauenswürdig ist. %myLaptop27 kann Änderungen, die Sie zugelassen haben, nicht mehr rückgängig machen.

Weitere Informationen finden Sie im Folgenden:
%myLaptop275

Scan-ID: {B294D292-45C1-43B0-9D45-7110BBD9E499}

Benutzer: myLaptop\seyrling

Name: %myLaptop271

ID: %myLaptop272

Schweregrad-ID: %myLaptop273

Kategorie-ID: %myLaptop274

Gefundener Pfad: %myLaptop276

Warnungsart: %myLaptop278

Feststellungstyp: 1.1.1505.02

Event Record #/Type38581 / Warning
Event Submitted/Written: 05/07/2008 06:03:54 PM
Event ID/Source: 3004 / WinDefend
Event Description:
Vom %myLaptop27-Echtzeitschutz-Agent wurden Änderungen erkannt. Microsoft empfiehlt, die Software, die diese Änderungen vorgenommen hat, zu analysieren, um potenzielle Risiken festzustellen. Sie können anhand der Informationen über die Funktionsweise dieser Programme entscheiden, ob die Software ausgeführt werden kann oder vom Computer entfernt werden soll. Lassen Sie nur Änderungen zu, wenn das Programm oder der Softwareherausgeber vertrauenswürdig ist. %myLaptop27 kann Änderungen, die Sie zugelassen haben, nicht mehr rückgängig machen.

Weitere Informationen finden Sie im Folgenden:
%myLaptop275

Scan-ID: {DB2D79F2-E862-4B9F-97CD-86E3CA9D9E05}

Benutzer: myLaptop\seyrling

Name: %myLaptop271

ID: %myLaptop272

Schweregrad-ID: %myLaptop273

Kategorie-ID: %myLaptop274

Gefundener Pfad: %myLaptop276

Warnungsart: %myLaptop278

Feststellungstyp: 1.1.1505.02

Event Record #/Type38580 / Warning
Event Submitted/Written: 05/07/2008 06:03:54 PM
Event ID/Source: 3004 / WinDefend
Event Description:
Vom %myLaptop27-Echtzeitschutz-Agent wurden Änderungen erkannt. Microsoft empfiehlt, die Software, die diese Änderungen vorgenommen hat, zu analysieren, um potenzielle Risiken festzustellen. Sie können anhand der Informationen über die Funktionsweise dieser Programme entscheiden, ob die Software ausgeführt werden kann oder vom Computer entfernt werden soll. Lassen Sie nur Änderungen zu, wenn das Programm oder der Softwareherausgeber vertrauenswürdig ist. %myLaptop27 kann Änderungen, die Sie zugelassen haben, nicht mehr rückgängig machen.

Weitere Informationen finden Sie im Folgenden:
%myLaptop275

Scan-ID: {B3A10E53-76EF-430F-95B1-FC53F5A7B665}

Benutzer: myLaptop\seyrling

Name: %myLaptop271

ID: %myLaptop272

Schweregrad-ID: %myLaptop273

Kategorie-ID: %myLaptop274

Gefundener Pfad: %myLaptop276

Warnungsart: %myLaptop278

Feststellungstyp: 1.1.1505.02

Event Record #/Type38579 / Warning
Event Submitted/Written: 05/07/2008 06:03:54 PM
Event ID/Source: 3004 / WinDefend
Event Description:
Vom %myLaptop27-Echtzeitschutz-Agent wurden Änderungen erkannt. Microsoft empfiehlt, die Software, die diese Änderungen vorgenommen hat, zu analysieren, um potenzielle Risiken festzustellen. Sie können anhand der Informationen über die Funktionsweise dieser Programme entscheiden, ob die Software ausgeführt werden kann oder vom Computer entfernt werden soll. Lassen Sie nur Änderungen zu, wenn das Programm oder der Softwareherausgeber vertrauenswürdig ist. %myLaptop27 kann Änderungen, die Sie zugelassen haben, nicht mehr rückgängig machen.

Weitere Informationen finden Sie im Folgenden:
%myLaptop275

Scan-ID: {C3C0F8F6-C0FB-4F9E-8BF7-0ACDC893E3ED}

Benutzer: myLaptop\seyrling

Name: %myLaptop271

ID: %myLaptop272

Schweregrad-ID: %myLaptop273

Kategorie-ID: %myLaptop274

Gefundener Pfad: %myLaptop276

Warnungsart: %myLaptop278

Feststellungstyp: 1.1.1505.02

Event Record #/Type38578 / Warning
Event Submitted/Written: 05/07/2008 06:03:52 PM
Event ID/Source: 3004 / WinDefend
Event Description:
Vom %myLaptop27-Echtzeitschutz-Agent wurden Änderungen erkannt. Microsoft empfiehlt, die Software, die diese Änderungen vorgenommen hat, zu analysieren, um potenzielle Risiken festzustellen. Sie können anhand der Informationen über die Funktionsweise dieser Programme entscheiden, ob die Software ausgeführt werden kann oder vom Computer entfernt werden soll. Lassen Sie nur Änderungen zu, wenn das Programm oder der Softwareherausgeber vertrauenswürdig ist. %myLaptop27 kann Änderungen, die Sie zugelassen haben, nicht mehr rückgängig machen.

Weitere Informationen finden Sie im Folgenden:
%myLaptop275

Scan-ID: {C9EA65A0-D6BC-4029-802D-54FF8D8211CC}

Benutzer: myLaptop\seyrling

Name: %myLaptop271

ID: %myLaptop272

Schweregrad-ID: %myLaptop273

Kategorie-ID: %myLaptop274

Gefundener Pfad: %myLaptop276

Warnungsart: %myLaptop278

Feststellungstyp: 1.1.1505.02



-- End of Deckard's System Scanner: finished at 2008-05-07 18:05:05 ------------

Thank you for your help in advance!
Sigi

Edited by Orange Blossom, 11 February 2013 - 03:19 AM.
deactivate link. ~ OB


BC AdBot (Login to Remove)

 


#2 rookie147

rookie147

  • Members
  • 5,321 posts
  • OFFLINE
  •  
  • Local time:06:35 AM

Posted 25 May 2008 - 03:34 PM

Hello there and welcome to BleepingComputer. My name is Charles and I will be dealing with your log today.
As you can probably see our HijackThis Team is incredibly busy at the moment, but I apologise for the delay you have experienced. If you are still having problems please post a brand new HijackThis log as a reply to this topic. Before posting the log, please make sure you follow all the steps found in this topic:
Preparation Guide For Use Before Posting A HijackThis Log
Thanks,
Charles

If you are pleased with the service I have offered, you may like to consider making a donation. Posted Image
Posted Image


#3 rookie147

rookie147

  • Members
  • 5,321 posts
  • OFFLINE
  •  
  • Local time:06:35 AM

Posted 18 June 2008 - 03:55 PM

Due to lack of feedback, this topic is now closed.
If you need this topic reopened, please request this by sending me a Personal Message including a link to your thread.
This applies only to the original topic starter. Everyone else please begin a New Topic.

If you are pleased with the service I have offered, you may like to consider making a donation. Posted Image
Posted Image





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users