Thread: vundo removal not possible until yet -
View Single Post
Old 11-26-2007, 01:10 PM   #1 (permalink)
guise2
Registered User
 
Join Date: Nov 2007
Posts: 13
OS: xp home


vundo removal not possible until yet -
hi
i have tried to remove an vundo and outer... trojan. tried with vundofix, combofix, killbox - but possibly not in an exact order. my macaffee reports vundo three to five times per hour. is there something i can do...? thanks in advance!

Deckard's System Scanner v20071014.68
Run by Thomas on 2007-11-26 2101
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 3 Restore Point(s) --
3: 2007-11-26 2005 UTC - RP5 - Deckard's System Scanner Restore Point
2: 2007-11-25 22:19:11 UTC - RP4 - ComboFix created restore point
1: 2007-11-25 22:17:44 UTC - RP3 - Systemprüfpunkt


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Thomas.exe) ----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:07:32, on 26.11.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\Cisco Systems\vpnclient-win-is-4.8.01.0300-k9\cvpnd.exe
C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Programme\Java\jre1.5.0_09\bin\jusched.exe
C:\Programme\Analog Devices\SoundMAX\SMax4PNP.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\Programme\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Programme\iTunes\iTunesHelper.exe
C:\Programme\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Programme\McAfee.com\Agent\mcagent.exe
C:\Programme\EPSON\Creativity Suite\Event Manager\EEventManager.exe
C:\Programme\Mindjet\MindManager 6\MMReminderService.exe
c:\programme\gemeinsame dateien\mcafee\mna\mcnasvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Skype\Phone\Skype.exe
c:\PROGRA~1\GEMEIN~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programme\McAfee\MPF\MPFSrv.exe
C:\Programme\Last.fm\LastFMHelper.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programme\iPod\bin\iPodService.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Dokumente und Einstellungen\Thomas\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Thomas.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ch/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.euro.dell.com/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {2ABAAC42-84DF-4C00-89DA-BC7EB2B0E70B} - C:\WINDOWS\system32\iifdcbx.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Programme\McAfee\VirusScan\scriptsn.dll
O2 - BHO: CmjBrowserHelperObject Object - {AC41D38F-B56D-40AD-94E0-B493D130C959} - C:\Programme\Mindjet\MindManager 6\Mm6InternetExplorer.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Programme\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Yahoo! Toolbar mit Pop-Up-Blocker - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Programme\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Programme\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Programme\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Programme\Gemeinsame Dateien\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] C:\Programme\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Programme\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [mcagent_exe] C:\Programme\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [EEventManager] C:\Programme\EPSON\Creativity Suite\Event Manager\EEventManager.exe
O4 - HKLM\..\Run: [MMReminderService] C:\Programme\Mindjet\MindManager 6\MMReminderService.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Programme\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [swg] C:\Programme\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader - Schnellstart.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Cisco Systems VPN Client.lnk = C:\Programme\Cisco Systems\vpnclient-win-is-4.8.01.0300-k9\vpngui.exe
O4 - Global Startup: Last.fm Helper.lnk = C:\Programme\Last.fm\LastFMHelper.exe
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Send to Mindjet MindManager - {531B9DC0-D8EE-4c76-A6EE-6C1E50569655} - C:\Programme\Mindjet\MindManager 6\Mm6InternetExplorer.dll
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O16 - DPF: RaptisoftGameLoader - http://www.miniclips.com/hamsterball...gameloader.cab
O16 - DPF: {3B36B017-7E49-426B-95B0-B5CECD83C2E2} (IfolorUploader Control) - http://chkr-web.ifolor.net/ORDERINGG...oader_chkr.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/sh...6/mcinsctl.cab
O16 - DPF: {60EFC337-15C2-4369-B2A0-3429B071D8B8} (Hewlett-Packard Printer Diagnostics) - http://h50203.www5.hp.com/HPISWeb/Cu...WebManager.CAB
O16 - DPF: {6F1AF9D5-68BB-4A81-93F1-481CB8AB0D0B} (PhotocolorUploader Control) - http://web1.photocolor.net/webupload...orUploader.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/sh...26/mcgdmgr.cab
O16 - DPF: {C111A91F-D4EC-4D22-8D27-C3BCB0389F43} - http://webcam.singlehoteleden.ch/activex/AMC.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{311C0C63-BA81-4421-A34A-EA0D9388B893}: NameServer = 195.186.1.111,212.243.111.237
O17 - HKLM\System\CS1\Services\Tcpip\..\{311C0C63-BA81-4421-A34A-EA0D9388B893}: NameServer = 195.186.1.111,212.243.111.237
O20 - Winlogon Notify: iifdcbx - C:\WINDOWS\SYSTEM32\iifdcbx.dll
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Programme\Cisco Systems\vpnclient-win-is-4.8.01.0300-k9\cvpnd.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Programme\iPod\bin\iPodService.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\programme\gemeinsame dateien\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\GEMEIN~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Programme\McAfee\MPF\MPFSrv.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Programme\Intel\PROSetWired\NCS\Sync\NetSvc.exe

--
End of file - 9079 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R3 smwdm - c:\windows\system32\drivers\smwdm.sys <Not Verified; Analog Devices, Inc.; SoundMAX Digital Audio Driver>

S3 catchme - c:\dokume~1\thomas\lokale~1\temp\catchme.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

All services whitelisted.


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Cisco Systems VPN Adapter
Device ID: ROOT\NET\0000
Manufacturer: Cisco Systems
Name: Cisco Systems VPN Adapter
PNP Device ID: ROOT\NET\0000
Service: CVirtA


-- Scheduled Tasks -------------------------------------------------------------

2007-03-15 0119 360 --a------ C:\WINDOWS\Tasks\McDefragTask.job
2007-03-03 14:47:29 338 --a------ C:\WINDOWS\Tasks\McQcTask.job


-- Files created between 2007-10-26 and 2007-11-26 -----------------------------

2007-11-26 21:07:22 0 d-------- C:\Programme\Trend Micro
2007-11-25 23:51:12 0 d-------- C:\VundoFix Backups
2007-11-25 23:16:49 1545623 --a------ C:\Programme\ComboFix.exe
2007-11-25 22:46:36 0 d-------- C:\!KillBox
2007-11-25 12:18:37 0 d-------- C:\Programme\Enigma Software Group
2007-11-25 01:05:51 38912 --a------ C:\WINDOWS\system32\pmnnklm.dll
2007-11-25 01:05:50 38912 --a------ C:\WINDOWS\system32\tuvwxut.dll
2007-11-25 01:05:15 38912 --a------ C:\WINDOWS\system32\iifdcbx.dll
2007-11-23 09:05:51 0 d-------- C:\Programme\MSXML 4.0
2007-11-22 13:07:21 0 d-------- C:\Programme\Mindjet
2007-11-22 10:35:37 247296 --a------ C:\WINDOWS\system32\enspres.dll <Not Verified; SEIKO EPSON CORPORATION; EpsonNet Print Utility>
2007-11-22 10:35:37 457611 --a------ C:\WINDOWS\system32\ensppui.dll <Not Verified; SEIKO EPSON CORPORATION; EpsonNet Print Utility>
2007-11-22 10:35:37 474892 --a------ C:\WINDOWS\system32\ensppmon.dll <Not Verified; SEIKO EPSON CORPORATION; EpsonNet Print Utility>
2007-11-21 17:30:50 679936 --a------ C:\WINDOWS\system32\UninstBPIP.exe <Not Verified; O2 INTERACTIVE LTD.; Business Photo Index Print Uninstaller>
2007-11-21 17:30:48 406016 --a------ C:\WINDOWS\system32\ltkrn12n.dll <Not Verified; LEAD Technologies, Inc.; LEADTOOLS(r) DLL for Win32 - Japanese build>
2007-11-21 17:30:38 0 d-------- C:\Programme\BPPRINT
2007-11-21 17:29:43 0 d-------- C:\Programme\OfficeReady Essentials
2007-11-21 17:23:27 294912 --a------ C:\WINDOWS\system32\msxbse35.dll <Not Verified; Microsoft Corporation; Microsoft® Jet>
2007-11-21 17:23:27 166672 --a------ C:\WINDOWS\system32\mstext35.dll <Not Verified; Microsoft Corporation; Microsoft® Jet>
2007-11-21 17:23:27 262144 --a------ C:\WINDOWS\system32\msrd2x35.dll <Not Verified; Microsoft Corporation; Microsoft® Jet>
2007-11-21 17:23:27 250128 --a------ C:\WINDOWS\system32\mspdox35.dll <Not Verified; Microsoft Corporation; Microsoft® Jet>
2007-11-21 17:23:27 344064 --a------ C:\WINDOWS\system32\msexch35.dll <Not Verified; Microsoft Corporation; Microsoft® Jet>
2007-11-21 17:23:26 368912 --a------ C:\WINDOWS\system32\VBAR332.DLL <Not Verified; Microsoft Corporation; Microsoft Visual Basic for Applications>
2007-11-21 17:23:26 44304 --a------ C:\WINDOWS\system32\msrpfs35.dll <Not Verified; Microsoft Corporation; Microsoft® Jet>
2007-11-21 17:23:26 415504 --a------ C:\WINDOWS\system32\msrepl35.dll <Not Verified; Microsoft Corporation; Microsoft® Access>
2007-11-21 17:23:26 168720 --a------ C:\WINDOWS\system32\msltus35.dll <Not Verified; Microsoft Corporation; Microsoft® Jet>
2007-11-21 17:23:26 1238288 --a------ C:\WINDOWS\system32\msjt4jlt.dll <Not Verified; Microsoft Corporation; Microsoft® Jet>
2007-11-21 17:23:26 1050896 --a------ C:\WINDOWS\system32\msjet35.dll <Not Verified; Microsoft Corporation; Microsoft® Jet>
2007-11-21 17:23:26 252688 --a------ C:\WINDOWS\system32\msexcl35.dll <Not Verified; Microsoft Corporation; Microsoft® Jet>
2007-11-21 17:23:26 39424 --a------ C:\WINDOWS\system32\JETCOMP.exe <Not Verified; Microsoft Corporation; Microsoft® Database Compact Utility>
2007-11-21 17:23:25 24848 --a------ C:\WINDOWS\system32\msjter35.dll <Not Verified; Microsoft Corporation; Microsoft® Jet>
2007-11-21 17:23:25 123664 --a------ C:\WINDOWS\system32\msjint35.dll <Not Verified; Microsoft Corporation; Microsoft® Jet>
2007-11-21 17:23:24 73810 --a------ C:\WINDOWS\system32\rapi.dll <Not Verified; Microsoft Corporation; Microsoft ActiveSync>
2007-11-21 17:23:24 41044 --a------ C:\WINDOWS\system32\ceutil.dll <Not Verified; Microsoft Corporation; Microsoft ActiveSync>
2007-11-21 17:23:13 0 d-------- C:\Programme\NewSoft
2007-11-21 17:00:03 0 d-------- C:\Programme\EPSON
2007-11-21 16:55:18 65536 --a------ C:\WINDOWS\system32\EEBUtil.dll <Not Verified; SEIKO EPSON CORPORATION; EPSON Bidirectional Printer DebugTrace Tool>
2007-11-21 16:55:18 54272 --a------ C:\WINDOWS\system32\EEBSDKIF.dll <Not Verified; SEIKO EPSON CORPORATION; EPSON Bidirectional Printer>
2007-11-21 16:55:17 94208 --a------ C:\WINDOWS\system32\EEBDSCVR.dll
2007-11-21 16:55:17 126976 --a------ C:\WINDOWS\system32\EEBAPI.dll
2007-11-21 16:55:17 49152 --a------ C:\WINDOWS\system32\EBAPI.dll
2007-11-21 16:55:16 0 d-------- C:\Programme\Gemeinsame Dateien\EPSON
2007-11-21 16:55:15 247296 --a------ C:\WINDOWS\system32\enpres.dll <Not Verified; SEIKO EPSON CORPORATION; EpsonNet Print Utility>
2007-11-21 16:55:15 457611 --a------ C:\WINDOWS\system32\enppui.dll <Not Verified; SEIKO EPSON CORPORATION; EpsonNet Print Utility>
2007-11-21 16:55:15 474892 --a------ C:\WINDOWS\system32\enppmon.dll <Not Verified; SEIKO EPSON CORPORATION; EpsonNet Print Utility>
2007-11-21 16:55:15 208384 -----n--- C:\WINDOWS\system32\EBSETUP.dll <Not Verified; SEIKO EPSON CORPORATION; EPSON Status Monitor 2>
2007-11-21 16:55:15 5344 -----n--- C:\WINDOWS\system32\EBP16PIF.DLL <Not Verified; SEIKO EPSON Corporation; EBP16PIF>
2007-11-21 16:55:15 23040 -----n--- C:\WINDOWS\system32\EBAPISET.exe
2007-11-21 16:55:15 301056 -----n--- C:\WINDOWS\system32\EBAPISET.dll <Not Verified; SEIKO EPSON CORPORATION; EPSON Bidirectional Printer>
2007-11-21 16:55:12 0 d-------- C:\Programme\EpsonNet
2007-11-11 19:22:11 0 d-------- C:\Programme\Last.fm


-- Find3M Report ---------------------------------------------------------------

2007-11-26 21:04:36 0 d-------- C:\Dokumente und Einstellungen\Thomas\Anwendungsdaten\Skype
2007-11-26 20:01:04 396012 --a------ C:\WINDOWS\system32\PERFH007.DAT
2007-11-26 20:01:04 65470 --a------ C:\WINDOWS\system32\PERFC007.DAT
2007-11-25 23:12:48 0 d-------- C:\Programme\Gemeinsame Dateien
2007-11-25 23:11:56 0 d-------- C:\Programme\Axis Communications
2007-11-25 12:45:51 1613990 --a------ C:\Programme\ProcessExplorer.zip
2007-11-22 10:39:47 0 d--h----- C:\Programme\InstallShield Installation Information
2007-11-22 10:28:29 0 d-------- C:\Dokumente und Einstellungen\Thomas\Anwendungsdaten\InstallShield
2007-11-21 22:33:05 0 d-------- C:\Programme\Avery Zweckform Assistent 3.1
2007-11-21 21:54:20 0 d-------- C:\Dokumente und Einstellungen\Thomas\Anwendungsdaten\EPSON
2007-11-21 17:26:25 0 d-------- C:\Programme\Gemeinsame Dateien\InstallShield
2007-11-13 13:22:54 0 d-------- C:\Programme\McAfee
2007-11-12 20:43:37 0 d-------- C:\Programme\Gemeinsame Dateien\McAfee
2007-10-30 21:55:50 0 d-------- C:\Dokumente und Einstellungen\Thomas\Anwendungsdaten\WinRAR
2007-10-11 10:36:28 0 d-------- C:\Programme\Google


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2ABAAC42-84DF-4C00-89DA-BC7EB2B0E70B}]
25.11.2007 01:05 38912 --a------ C:\WINDOWS\system32\iifdcbx.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Programme\Java\jre1.5.0_09\bin\jusched.exe" [12.10.2006 03:10]
"SoundMAXPnP"="C:\Programme\Analog Devices\SoundMAX\SMax4PNP.exe" [30.06.2004 14:33]
"DVDLauncher"="C:\Programme\CyberLink\PowerDVD\DVDLauncher.exe" [12.10.2004 17:54]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [13.08.2004 02:05]
"UpdateManager"="C:\Programme\Gemeinsame Dateien\Sonic\Update Manager\sgtray.exe" [07.01.2004 02:01]
"QuickTime Task"="C:\Programme\QuickTime\qttask.exe" [01.09.2006 15:57]
"iTunesHelper"="C:\Programme\iTunes\iTunesHelper.exe" [17.12.2004 23:20]
"Adobe Photo Downloader"="C:\Programme\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [23.06.2005 20:33]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [20.09.2005 09:35]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [20.09.2005 09:32]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [20.09.2005 09:36]
"mcagent_exe"="C:\Programme\McAfee.com\Agent\mcagent.exe" [03.08.2007 22:33]
"EEventManager"="C:\Programme\EPSON\Creativity Suite\Event Manager\EEventManager.exe" [31.01.2005 10:02]
"pdfSaver3"="" []
"MMReminderService"="C:\Programme\Mindjet\MindManager 6\MMReminderService.exe" [12.04.2006 21:12]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [04.08.2004 15:00]
"Skype"="C:\Programme\Skype\Phone\Skype.exe" [24.11.2006 17:16]
"swg"="C:\Programme\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" []

C:\Dokumente und Einstellungen\Thomas\Startmen\Programme\Autostart\
DESKTOP.INI [18.08.2004 14:18:48]

C:\Dokumente und Einstellungen\All Users\Startmen\Programme\Autostart\
Adobe Gamma Loader.exe.lnk - C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe [14.02.2005 08:28:46]
Adobe Reader - Schnellstart.lnk - C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe [23.09.2005 22:05:26]
Cisco Systems VPN Client.lnk - C:\Programme\Cisco Systems\vpnclient-win-is-4.8.01.0300-k9\vpngui.exe [13.04.2007 16:59:48]
DESKTOP.INI [18.08.2004 14:18:48]
Last.fm Helper.lnk - C:\Programme\Last.fm\LastFMHelper.exe [11.11.2007 19:22:12]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{2ABAAC42-84DF-4C00-89DA-BC7EB2B0E70B}"= C:\WINDOWS\system32\iifdcbx.dll [25.11.2007 01:05 38912]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\iifdcbx]
iifdcbx.dll 25.11.2007 01:05 38912 C:\WINDOWS\SYSTEM32\iifdcbx.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\jkkll.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""




-- End of Deckard's System Scanner: finished at 2007-11-26 21:08:38 ------------
Attached Files
File Type: txt extra.txt (27.4 KB, 0 views)
guise2 is offline  
Important Information
Join the #1 Tech Support Forum Today - It's Totally Free!

TechSupportForum.com is a leading support website for your computer needs. We offer free, friendly and personalized computer support. Why pay to have your computer fixed when you can do it for free.

Join TechSupportforum.com Today - Click Here