|
|
|
|
|||||
|
|
|
|
|
|
|||
| Welcome
to Tech Support Forum home to more then 136,000 problems solved. Issues
have included: Spyware, Malware, Virus Issues, Windows, Microsoft,
Linux, Networking, Security, Hardware, and Gaming Getting your
problem solved is as easy as: 1. Registering for a free account 2. Asking your question 3. Receiving an answer Registered members: * See fewer ads. * And much more..
|
| Want to know how to post a question? click here | Having problems with spyware and pop-ups? First Steps |
|
|||||||
| Resolved HJT Threads Resolved spyware and popup issues. |
|
|
LinkBack | Thread Tools |
11-28-2007, 02:57 AM
|
#1 (permalink) |
|
Registered User
Join Date: Nov 2007
Posts: 15
OS: WIN XP SP2
|
Adware-gen + Trojan-gen + Agent-LTS --- rmv.exe etc. -- Red Wallpaper
My avast engine keeps comping up with these files
%USER%\LOCALS~1\Temp\ac8zt2\main_uninstaller.exe %USER%\LOCALS~1\Temp\ac8zt2\msmdev.dll %USER%\LOCALS~1\Temp\ac8zt2\nsduo.dll %USER%\LOCALS~1\Temp\ac8zt2\rmv.exe C:\WINDOWS\nsduo.dll C:\WINDOWS\msmdev.dll complaining to find Win32:Adware-gen [Adw] Win32:Trojan-gen {Other} Win32:Agent-LTS [Trj] Then I choose to permanently delete the items found. Afterwards, explorer exits and restarts again. This procedure repeats itself about every 5 minutes. During the first times, "Task Manager" option after STRG+ALT+DEL was disabled, but I managed to have it restored. Later, an ugly red wallpaper came up saying "Your privacy is in danger". WHAT I TRIED SO FAR (several times): - started Windows in Safe Mode with and without Network Support (F8) - Ran avast! Anti Virus tool - deleted all found files - Ran SuperAntispyware Complete Scan with all files - deleted all threats - Ran SmitfraudFix (by S!Ri) option 2 and 3 - Ran ATF Cleaner - Ran VundoFix (found nothing) - Looked for entires in Control Panel>Display>Desktop>Customize>Desktop>Web> -- nothing there - Ran SmitfraudFix (by S!Ri) option 2 again - Ran SuperAntispyware Complete Scan with all files again - Ran online scanner on bitdefender.com/scan8 and deleted all threats - Ran Spybot and deleted all threats - Ran avast! Anti Virus tool again (found nothing) Well, I got rid off the red wallpaper with SmitfraudFix but when I start in normal mode after 5 minutes the files where found again, avast deletes the files, explorer restarts. Anything else seems to function normally. I'll post HJT log later tonight as I am currently in the office. Do I run HTJ in normal mode or safe mode or does that not matter? (sorry, first time I'm dealing with this) |
|
     |
| Important Information |
|
Join the #1 Tech Support Forum Today - It's Totally Free!
TechSupportForum.com is a leading support website for your computer needs. We offer free, friendly and personalized computer support. Why pay to have your computer fixed when you can do it for free. Join TechSupportforum.com Today - Click Here |
|
11-28-2007, 11:21 AM
|
#2 (permalink) |
|
Registered User
Join Date: Nov 2007
Posts: 15
OS: WIN XP SP2
|
Re: Adware-gen + Trojan-gen + Agent-LTS --- rmv.exe etc. -- Red Wallpaper
Other info:
- system restore is disabled all the time - Spybot SD warns after avast! deletings, will post details when it occurs again Okay, here my HJT log file. Logfile of HijackThis v1.99.1 Scan saved at 19:17:59, on 28.11.2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16544) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Programme\WIDCOMM\Bluetooth Software\bin\btwdins.exe C:\Programme\Gemeinsame Dateien\Logitech\Bluetooth\LBTSERV.EXE C:\WINDOWS\Explorer.EXE C:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\symlcsvc.exe C:\Programme\Avast4\aswUpdSv.exe C:\Programme\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\Programme\Gemeinsame Dateien\LogiShrd\LVMVFM\LVPrcSrv.exe C:\WINDOWS\system32\taskmgr.exe C:\Programme\Logitech\SetPoint\LBTWiz.exe C:\Programme\Logitech\Easy Synchronization\LogitechEasySync.exe C:\PROGRA~1\Avast4\ashDisp.exe C:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe C:\Programme\Acronis\TrueImageHome\TrueImageMonitor.exe C:\Programme\Acronis\TrueImageHome\TimounterMonitor.exe C:\Programme\Utimaco\SafeGuard Easy\Ecview.exe C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Programme\Logitech\Easy Synchronization\servicestub.exe C:\Programme\Logitech\Easy Synchronization\LogitechEasySync.exe C:\Programme\iTunes\iTunesHelper.exe C:\Programme\Gemeinsame Dateien\LogiShrd\LVCOMSER\LVComSer.exe C:\Programme\Gemeinsame Dateien\LogiShrd\LComMgr\Communications_Helper.exe C:\WINDOWS\system32\nvsvc32.exe C:\Programme\Skype\Phone\Skype.exe C:\Programme\TrueCrypt\TrueCrypt.exe C:\Programme\Utimaco\SafeGuard Easy\SgeCtl.exe C:\Programme\Copernic Desktop Search 2\DesktopSearchService.exe C:\WINDOWS\system32\SgLogPlayer.exe C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\WINDOWS\System32\svchost.exe C:\Programme\Spybot - Search & Destroy\TeaTimer.exe C:\Programme\UPHClean\uphclean.exe C:\Programme\Utimaco\SafeGuard Easy\WksCfgSrv.exe C:\Programme\MSI\Core Center\CoreCenter.exe C:\Programme\Skype\Plugin Manager\SkypePM.exe C:\WINDOWS\system32\wuauclt.exe C:\Programme\Avast4\ashMaiSv.exe C:\Programme\Gemeinsame Dateien\LogiShrd\LVCOMSER\LVComSer.exe C:\Programme\Avast4\ashWebSv.exe C:\Programme\iPod\bin\iPodService.exe C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe C:\Programme\Logitech\SetPoint\SetPoint.exe C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE C:\Programme\Avast4\setup\avast.setup C:\Programme\Gemeinsame Dateien\Logitech\KhalShared\KHALMNPR.EXE C:\Dokumente und Einstellungen\Iven Engert\Desktop\HijackThis.exe O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O3 - Toolbar: Copernic Desktop Search 2 - {968631B6-4729-440D-9BF4-251F5593EC9A} - C:\Programme\Copernic Desktop Search 2\DesktopSearchBand201013011.dll O4 - HKLM\..\Run: [SourcePath] syscfg32.exe O4 - HKLM\..\Run: [wtadd_taskmgr.exe] C:\WINDOWS\system32\taskmgr.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [Logitech BT Wizard] LBTWiz.exe -silent O4 - HKLM\..\Run: [Easy Synchronization] C:\Programme\Logitech\Easy Synchronization\LogitechEasySync.exe O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Programme\Acronis\TrueImageHome\TrueImageMonitor.exe O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Programme\Acronis\TrueImageHome\TimounterMonitor.exe O4 - HKLM\..\Run: [SgeEcView] C:\Programme\Utimaco\SafeGuard Easy\Ecview.exe O4 - HKLM\..\Run: [EdWizard] C:\Programme\Utimaco\SafeGuard Easy\EdWizard.exe as O4 - HKLM\..\Run: [iTunesHelper] "C:\Programme\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Programme\Gemeinsame Dateien\LogiShrd\LComMgr\Communications_Helper.exe" O4 - HKLM\..\RunServices: [SourcePath] syscfg32.exe O4 - HKLM\..\RunOnce: [Easy Synchronization] C:\Programme\Logitech\Easy Synchronization\LogitechEasySync.exe --ports O4 - HKCU\..\Run: [Skype] "C:\Programme\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [TrueCrypt] "C:\Programme\TrueCrypt\TrueCrypt.exe" /q preferences /a favorites O4 - HKCU\..\Run: [Copernic Desktop Search 2] "C:\Programme\Copernic Desktop Search 2\DesktopSearchService.exe" /tray O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe O4 - Startup: Verknüpfung mit startcopy.bat.lnk = C:\Dokumente und Einstellungen\Iven Engert\startcopy.bat O4 - Global Startup: CoreCenter.lnk = C:\Programme\MSI\Core Center\CoreCenter.exe O4 - Global Startup: BTTray.lnk = ? O4 - Global Startup: Logitech SetPoint.lnk = C:\Programme\Logitech\SetPoint\SetPoint.exe O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Senden an &Bluetooth-Gerät... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O11 - Options group: [INTERNATIONAL] International* O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/par...an_unicode.cab O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/reso...an8/oscan8.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab O18 - Protocol: Festoon - (no CLSID) - (no file) O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL O18 - Protocol: vskype - (no CLSID) - (no file) O20 - Winlogon Notify: !SASWinLogon - C:\Programme\SUPERAntiSpyware\SASWINLO.dll O20 - Winlogon Notify: LBTWlgn - c:\programme\gemeinsame dateien\logitech\bluetooth\LBTWlgn.dll O20 - Winlogon Notify: NotLog - C:\WINDOWS\SYSTEM32\SGLogEx.dll O20 - Winlogon Notify: SGLogNotification - C:\WINDOWS\SYSTEM32\SGLogNotification.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O21 - SSODL: sapnet - {1BFCCE79-034A-4101-A31B-C4CCAA3D6A83} - C:\WINDOWS\sapnet.dll (file missing) O21 - SSODL: rmvgor - {5D1BCF85-BDDB-4BF0-8CFA-7659F3A3C137} - C:\WINDOWS\rmvgor.dll O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe O23 - Service: Adobe LM Service - Adobe Systems - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programme\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Programme\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Programme\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Programme\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Programme\WIDCOMM\Bluetooth Software\bin\btwdins.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Programme\iPod\bin\iPodService.exe O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech Inc. - C:\Programme\Gemeinsame Dateien\Logitech\Bluetooth\LBTSERV.EXE O23 - Service: Logitech Easy Synchronization - Unknown owner - C:\Programme\Logitech\Easy Synchronization\servicestub.exe O23 - Service: LVCOMSer - Logitech Inc. - C:\Programme\Gemeinsame Dateien\LogiShrd\LVCOMSER\LVComSer.exe O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Programme\Gemeinsame Dateien\LogiShrd\LVMVFM\LVPrcSrv.exe O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Programme\Gemeinsame Dateien\LogiShrd\SrvLnch\SrvLnch.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: SafeGuard Easy Control (SgeCtl) - Utimaco Safeware AG - C:\Programme\Utimaco\SafeGuard Easy\SgeCtl.exe O23 - Service: SafeGuard SGLOG Player (SgLogPlayer) - Utimaco Safeware AG - C:\WINDOWS\system32\SgLogPlayer.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: SafeGuard Easy Workstation Server (WksCfgSrv) - Utimaco Safeware AG - C:\Programme\Utimaco\SafeGuard Easy\WksCfgSrv.exe |
|
|
|
|
11-28-2007, 01:05 PM
|
#3 (permalink) |
|
Registered User
Join Date: Nov 2007
Posts: 15
OS: WIN XP SP2
|
Re: Adware-gen + Trojan-gen + Agent-LTS --- rmv.exe etc. -- Red Wallpaper
Okay, I fixed the trojan. But avast! still comes up with the following warnings:
28.11.2007 20:56:15 SYSTEM 1832 Sign of "Win32:Adware-gen [Adw]" has been found in "C:\DOKUME~1\IVENEN~1\LOKALE~1\Temp\ac8zt2\main_uninstaller.exe" file. 28.11.2007 20:56:32 SYSTEM 1832 Sign of "Win32:Agent-LTS [Trj]" has been found in "C:\DOKUME~1\IVENEN~1\LOKALE~1\Temp\ac8zt2\msmdev.dll" file. 28.11.2007 20:56:36 SYSTEM 1832 Sign of "Win32:Adware-gen [Adw]" has been found in "C:\DOKUME~1\IVENEN~1\LOKALE~1\Temp\ac8zt2\msmhost.dll" file. 28.11.2007 20:56:40 SYSTEM 1832 Sign of "Win32:Adware-gen [Adw]" has been found in "C:\DOKUME~1\IVENEN~1\LOKALE~1\Temp\ac8zt2\nsduo.dll" file. 28.11.2007 20:56:45 SYSTEM 1832 Sign of "Win32:Adware-gen [Adw]" has been found in "C:\DOKUME~1\IVENEN~1\LOKALE~1\Temp\ac8zt2\rmv.exe" file. |
|
|
|
|
11-29-2007, 02:53 AM
|
#4 (permalink) |
|
Registered User
Join Date: Nov 2007
Posts: 15
OS: WIN XP SP2
|
Re: Adware-gen + Trojan-gen + Agent-LTS --- rmv.exe etc. -- Red Wallpaper
In addition, SPYBOT prevents two registry entries from
- msmdev.dll and - msmhost.dll Another observation: seconds before the warnings and blockings a command windows opens and does something. In the window title it just reads the path to cmd.exe and the black screen remains emty - after 1 or 2 seconds the window / shell disappears. Then avast! and spybot come up with the described warnings. |
|
|
|
|
11-30-2007, 09:36 AM
|
#5 (permalink) |
|
Registered User
Join Date: Nov 2007
Posts: 15
OS: WIN XP SP2
|
Re: Adware-gen + Trojan-gen + Agent-LTS --- rmv.exe etc. -- Red Wallpaper
Here is the panda scan results
Incident Status Location Adware:adware/wintools Not disinfected Windows Registry Spyware:spyware/media-motor Not disinfected Windows Registry Adware:adware/savenow Not disinfected Windows Registry Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\WINDOWS\NirCmd.exe Spyware:Cookie/Adverserve Not disinfected C:\Dokumente und Einstellungen\%USER%\Cookies\%USER%@adverserve[1].txt Spyware:Cookie/WebtrendsLive Not disinfected C:\Dokumente und Einstellungen\%USER%\Cookies\%USER%@statse.webtrendslive[2].txt Spyware:Cookie/Tribalfusion Not disinfected C:\Dokumente und Einstellungen\%USER%\Cookies\%USER%@tribalfusion[1].txt Spyware:Cookie/Adverserve Not disinfected C:\Dokumente und Einstellungen\%USER%\Anwendungsdaten\Mozilla\Firefox\Profiles\3i4l3xal.default\COOKIES.TXT[.adverserve.net/] Spyware:Cookie/Mediaplex Not disinfected C:\Dokumente und Einstellungen\%USER%\Anwendungsdaten\Mozilla\Firefox\Profiles\3i4l3xal.default\COOKIES.TXT[.mediaplex.com/] Spyware:Cookie/Tribalfusion Not disinfected C:\Dokumente und Einstellungen\%USER%\Anwendungsdaten\Mozilla\Firefox\Profiles\3i4l3xal.default\COOKIES.TXT[.tribalfusion.com/] Spyware:Cookie/Doubleclick Not disinfected C:\Dokumente und Einstellungen\%USER%\Anwendungsdaten\Mozilla\Firefox\Profiles\3i4l3xal.default\COOKIES.TXT[.doubleclick.net/] Virus:Trj/Citifraud.A Disinfected C:\Programme\Netscape\Users\DEFAULT\Mail\Inbox[~0000050.~] Virus:Bck/MIRCBased.BI Disinfected C:\Programme\mIRC\BACKUP\MIRC.EXE Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\RECYCLED\Dc1.exe[nircmd.exe] Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\RECYCLED\Dc1.exe[nircmd.cfexe] Potentially unwanted tool:Application/Processor Not disinfected C:\RECYCLED\Dc2.exe Potentially unwanted tool:Application/Processor Not disinfected C:\RECYCLED\Dc4\Process.exe Virus:Trj/Rebooter.J Disinfected C:\RECYCLED\Dc4\Reboot.exe Potentially unwanted tool:Application/SuperFast Not disinfected C:\RECYCLED\Dc4\RESTART.EXE Potentially unwanted tool:Application/Processor Not disinfected C:\RECYCLED\Dc5.zip[SmitfraudFix/Process.exe] Virus:Trj/Rebooter.J Disinfected C:\RECYCLED\Dc5.zip[SmitfraudFix/Reboot.exe] Potentially unwanted tool:Application/SuperFast Not disinfected C:\RECYCLED\Dc5.zip[SmitfraudFix/restart.exe] Virus:Generic Malware Disinfected E:\Download\Audio.zip[Audio/BeatM200.exe] Virus:Generic Trojan Not disinfected E:\Download\Graphic.zip[Graphic/Adobe/aps70kg[1].zip][aps70kg.rar][keygen.exe] Virus:Generic Trojan Not disinfected E:\Download\New\System\WinTasks.Professional.v5.04.Incl.Patch-SnD.rar[WinTasks.Professional.v5.04.Incl.Patch-SnD\Patch\patch.exe] Virus:W32/Nuwar.C.worm Disinfected E:\Download\New\System\Harddrive Encrypting\SecurStar[1].DriveCrypt.v4.20.040517.Read.NFO.Internal-dT.ZIP[SecurStar.DriveCrypt.v4.20.040517.Read.NFO.Internal-dT/d-dc42i1.zip][keymaker.exe] Virus:Generic Backdoor Not disinfected E:\Download\New\System\Powerquest Drive Image v7.03 Incl Keygen-Ror Shareconnector.rar[KeyGen\keygen.exe] Hacktool:Exploit/iFrame Not disinfected Lokale Ordner\Archiv\Jahr 2001\Dezember 2001\EBS Mails\Veranstaltungen im Park-Cafe Hacktool:Exploit/iFrame Not disinfected Lokale Ordner\Archiv\Jahr 2004\03 - 06 / 2004 Sydney\Newsletter\[EVO] Mail Delivery Hacktool:Exploit/iFrame Not disinfected Lokale Ordner\Archiv\Jahr 2004\03 - 06 / 2004 Sydney\Newsletter\Mail Delivery Hacktool:Exploit/iFrame Not disinfected Lokale Ordner\Archiv\Jahr 2004\03 - 06 / 2004 Sydney\Newsletter\Mail Delivery Hacktool:Exploit/iFrame Not disinfected Lokale Ordner\Archiv\Jahr 2004\03 - 06 / 2004 Sydney\Newsletter\[EVO] Mail Delivery Hacktool:Exploit/iFrame Not disinfected Lokale Ordner\Gesendete Objekte\Send 2002\Fwd: Wochenende, feier Virus:Generic Trojan Disinfected Lokale Ordner\Gesendete Objekte\Send 2002\keygen\keygen.zip[keygen.exe] |
|
|
|
|
11-30-2007, 09:40 AM
|
#6 (permalink) |
|
Registered User
Join Date: Nov 2007
Posts: 15
OS: WIN XP SP2
|
Re: Adware-gen + Trojan-gen + Agent-LTS --- rmv.exe etc. -- Red Wallpaper
Here is the DSS scan results
Deckard's System Scanner v20071014.68 Extra logfile - please post this as an attachment with your post. -------------------------------------------------------------------------------- -- System Information ---------------------------------------------------------- Microsoft Windows XP Professional (build 2600) SP 2.0 Architecture: X86; Language: German CPU 0: AMD Athlon(tm) 64 Processor 2800+ Percentage of Memory in Use: 71% Physical Memory (total/avail): 511.48 MiB / 145.71 MiB Pagefile Memory (total/avail): 2478.94 MiB / 1955.27 MiB Virtual Memory (total/avail): 2047.88 MiB / 1914.55 MiB C: is Fixed (FAT32) - 16.57 GiB total, 2.58 GiB free. D: is Fixed (FAT32) - 191.95 GiB total, 35.23 GiB free. E: is Fixed (FAT32) - 87.44 GiB total, 1.05 GiB free. G: is CDROM (Unformatted) I: is CDROM (No Media) \\.\PHYSICALDRIVE1 - SAMSUNG HD300LD - 279.46 GiB - 2 partitions \PARTITION0 - Erweitert mit Int 13 (erweitert) - 279.45 GiB - D: - E: \\.\PHYSICALDRIVE0 - WDC WD800BB-00BSA0 - 74.53 GiB - 1 partition \PARTITION0 (bootable) - Unknown - 16.6 GiB - C: -- Security Center ------------------------------------------------------------- AUOptions is scheduled to auto-install. Windows Internal Firewall is enabled. FW: Norton Internet Worm Protection v2006 (Symantec) Disabled AV: Norton AntiVirus 2006 v2005 (Symantec Corporation) AV: avast! antivirus 4.7.1074 [VPS 071129-0] v4.7.1074 (ALWIL Software) [HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\\Programme\\iTunes\\iTunes.exe"="C:\\Programme\\iTunes\\iTunes.exe:*:Enabled:iTunes" "C:\\Programme\\eMule\\emule.exe"="C:\\Programme\\eMule\\emule.exe:*:Enabled:eMule" "C:\\Programme\\Skype\\Phone\\Skype.exe"="C:\\Programme\\Skype\\Phone\\Skype.exe:*:Enabled:Skype. Take a deep breath " -- Environment Variables ------------------------------------------------------- ALLUSERSPROFILE=C:\Dokumente und Einstellungen\All Users APPDATA=C:\Dokumente und Einstellungen\%USER%\Anwendungsdaten CLASSPATH=.;C:\Programme\Java\j2re1.4.2_05\lib\ext\QTJava.zip CLIENTNAME=Console CommonProgramFiles=C:\Programme\Gemeinsame Dateien COMPUTERNAME=IVEN-MAIN ComSpec=C:\WINDOWS\system32\cmd.exe FP_NO_HOST_CHECK=NO HOMEDRIVE=C: HOMEPATH=\Dokumente und Einstellungen\%USER% LOGONSERVER=\\IVEN-MAIN NUMBER_OF_PROCESSORS=1 OS=Windows_NT Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\PROGRA~1\THRIXXX\3D SexVilla;C:\Programme\Gemeinsame Dateien\Adobe\AGL;C:\Programme\Utimaco\SafeGuard Easy\;C:\Programme\QuickTime\QTSystem\ PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH PROCESSOR_ARCHITECTURE=x86 PROCESSOR_IDENTIFIER=x86 Family 15 Model 12 Stepping 0, AuthenticAMD PROCESSOR_LEVEL=15 PROCESSOR_REVISION=0c00 ProgramFiles=C:\Programme PROMPT=$P$G QTJAVA=C:\Programme\Java\j2re1.4.2_05\lib\ext\QTJava.zip SESSIONNAME=Console SystemDrive=C: SystemRoot=C:\WINDOWS TEMP=C:\DOKUME~1\IVENEN~1\LOKALE~1\Temp TMP=C:\DOKUME~1\IVENEN~1\LOKALE~1\Temp USERDOMAIN=IVEN-MAIN USERNAME=%USER% USERPROFILE=C:\Dokumente und Einstellungen\%USER% windir=C:\WINDOWS __COMPAT_LAYER=EnableNXShowUI -- User Profiles --------------------------------------------------------------- %USER% (admin) Administrator (admin) -- Add/Remove Programs --------------------------------------------------------- --> C:\Programme\DivX\DivXConverterUninstall.exe /CONVERTER --> C:\Programme\Gemeinsame Dateien\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0 --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{EFB21DE7-8C19-4A88-BB28-A766E16493BC}\setup.exe" -l0x9 --> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf AC3Filter (remove only) --> C:\Programme\AC3Filter\uninstall.exe Acronis*True*Image*Home --> MsiExec.exe /X{419CF344-3D94-4DAD-99C8-EA7B00E5EA8B} Adobe Common File Installer --> MsiExec.exe /I{8EDBA74D-0686-4C99-BFDD-F894678E5B39} Adobe Creative Suite --> C:\PROGRA~1\INSTAL~1\{D52EC~1\setup.exe /Relaunched=yes /Uninstall /Relaunched=yes Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete Adobe Help Center 1.0 --> MsiExec.exe /I{E9787678-1033-0000-8E67-000000000001} Adobe Photoshop CS2 --> msiexec /I {236BB7C4-4419-42FD-0409-1E257A25E34D} Adobe Reader 8.1.1 - Deutsch --> MsiExec.exe /I{AC76BA86-7AD7-1031-7B44-A81000000003} Adobe Shockwave Player --> C:\WINDOWS\system32\MACROMED\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\MACROMED\SHOCKW~1\INSTALL.LOG Adobe Stock Photos 1.0 --> MsiExec.exe /I{EE0D5DCD-2B97-4473-98DF-E93C0BD92F7A} Advanced Archive Password Recovery --> C:\PROGRA~1\ARCHPR\UNWISE.EXE C:\PROGRA~1\ARCHPR\INSTALL.LOG Alive iPod Video Converter (version 2.1.0.6) --> "C:\Programme\AliveMedia iPod Video Converter\unins000.exe" Aplus Video To iPod 3.0 --> "C:\Programme\Aplus Video To iPod\unins000.exe" Apollo iPod Video Converter 3.0.3 --> "C:\Programme\Apollo iPod Video Converter\unins000.exe" Apple Mobile Device Support --> MsiExec.exe /I{3EBD3749-304E-4A4C-9575-C00E5F015217} Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4} Athlon 64 Processor Driver --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{C151CE54-E7EA-4804-854B-F515368B0798}\setup.exe" -l0x7 AudioAlchemy MP3 Edition --> "C:\Dokumente und Einstellungen\All Users\Application Data\{2CC4A372-ADDC-4BE1-8FA4-B370EEFD776A}\setup_aa-mp3.exe" REMOVE=TRUE MODIFY=FALSE Auto MP3 Renamer 2.2 --> C:\Programme\AMR\unins000.exe avast! Antivirus --> rundll32 C:\PROGRA~1\Avast4\Setup\setiface.dll,RunSetup AviSynth 2.5 --> "C:\Programme\AviSynth 2.5\Uninstall.exe" Azureus --> C:\Programme\Azureus\Uninstall.exe BlueSoleil --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{B9F499B8-D1F0-42FC-84BE-CC552123CCCB}\Setup.exe" -l0x7 BPM-Studio 4 Profi --> C:\WINDOWS\uninst.exe -f"C:\Programme\BPM-Studio Profi\DeIsL1.isu" -c"C:\Programme\BPM-Studio Profi\_ISREG32.DLL" CDDB MP3 Tool (remove only) --> "C:\Programme\CDDBMP3Tool\uninstall.exe" CDDRV_Installer --> MsiExec.exe /I{8CC990CD-87C8-475C-AC32-8A7984E2FCFA} CloneCD --> "C:\Programme\CloneCD\ccd-uninst.exe" /D="C:\Programme\CloneCD" Collectorz.com Movie Collector --> C:\PROGRA~1\MOVIEC~1\UNWISE.EXE C:\PROGRA~1\MOVIEC~1\install.log Copernic Desktop Search 2 --> C:\Programme\Copernic Desktop Search 2\uninst.exe Core Center --> C:\WINDOWS\IsUninst.exe -f"C:\Programme\MSI\Core Center\Uninst.isu" CorelDRAW Graphics Suite 12 --> MsiExec.exe /I{505AFDC0-5E72-4928-8368-5DEA385E3647} coverXP (remove only) --> "C:\Programme\coverXP\cxp-uninst.exe" D-Link AirPlus --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{CDC74FE6-5224-11D6-B27F-00E0181A6FA8}\Setup.exe" -l0x9 Deutsche Sprachdatei für Winamp 5.02 v14 --> C:\Programme\Winamp\WA502DeUnInst.exe DioneSS Playlist Editor v2.1 --> "C:\Programme\DioneSS Playlist Editor\unins000.exe" DivX Codec --> C:\Programme\DivX\DivXCodecUninstall.exe /CODEC DivX Content Uploader --> C:\Programme\DivX\DivXContentUploaderUninstall.exe /CUPLOADER DivX Converter --> C:\Programme\DivX\DivXConverterUninstall.exe /CONVERTER DivX Player --> C:\Programme\DivX\DivXPlayerUninstall.exe /PLAYER DivX Web Player --> C:\Programme\DivX\DivXWebPlayerUninstall.exe /PLUGIN Driver Cleaner 3 --> C:\Programme\Driver Cleaner\Uninst.exe Driverheaven Full PC Info 2 --> C:\Programme\DHFPCI\Uninst.exe EasyTools 1.1 Trial --> C:\WINDOWS\Algoui.exe AlgoPlug25.exe alsetup.exe eMule --> "C:\Programme\eMule\Uninstall.exe" FairStars Audio Converter 1.45 --> "C:\Programme\FairStars Audio Converter\unins000.exe" ffdshow (remove only) --> "C:\WINDOWS\system32\ffdshow\uninstall.exe" FILE and MP3 Renamer 2003 --> "C:\Programme\File and MP3 Renamer 2003\uninstall-fren.exe" File Renamer - Basic --> C:\WINDOWS\File Renamer - Basic Uninstaller.exe FLAC Installer 1.1.1a (remove only) --> C:\Programme\FLAC\uninstall.exe FlashPlayer8 8.0.500 --> C:\Programme\FlashPlayer8\uninstall.exe FLV-Media Player 1.1 --> C:\Programme\FLV-Media Player\uninst.exe FolderShare --> MsiExec.exe /I{0BFD81DC-1DF3-4674-9760-9853A6B4E8B2} FTP Explorer --> C:\Programme\FTP Explorer\ftpx.exe /uninstall GSpot Codec Information Appliance --> C:\Programme\GSpot\Uninstall.exe Hotfix für Windows XP (KB914440) --> "C:\WINDOWS\$NtUninstallKB914440$\spuninst\spuninst.exe" Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe" Huffyuv AVI lossless video codec (Remove Only) --> rundll.exe setupx.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\HUFFYUV.INF ICQ --> C:\PROGRA~1\ICQ\ICQUninstall.EXE ICQ 5 --> C:\Programme\ICQLite\ICQLiteUninstall.EXE iPod for Windows 2006-01-10 --> C:\Programme\Gemeinsame Dateien\InstallShield\Driver\8\Intel 32\IDriver.exe /M{3D047C15-C859-45F7-81CE-F2681778069B} /l1031 IrfanView (remove only) --> C:\Programme\IrfanView\iv_uninstall.exe IsoBuster 1.9 --> "C:\Programme\IsoBuster\Uninst\unins000.exe" iTunes --> MsiExec.exe /I{B045B608-4A47-4C77-9EAD-06C394503306} iTunes Library Updater --> MsiExec.exe /I{D5C281BE-A8E8-4E28-B40B-B5524C219900} Java 2 Runtime Environment, SE v1.4.2_05 --> MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142050} Kaspersky Online Scanner --> C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe KhalInstallWrapper --> MsiExec.exe /I{56918C0C-0D87-4CA6-92BF-4975A43AC719} LineIn plugin for WinAMP v1.80 (remove only) --> "C:\Programme\Winamp\Plugins\uninstlinein.exe" Logitech Audio Echo Cancellation Component --> MsiExec.exe /X{BEF726DD-4037-4214-8C6A-E625C02D2870} Logitech Legacy USB Camera-Treiberpaket --> "C:\Programme\Gemeinsame Dateien\LogiShrd\LogiDriverStore\legacyqcam\11.10.2016\LgDrvInst.exe" -remove -instdir"C:\Programme\Gemeinsame Dateien\LogiShrd\LogiDriverStore\legacyqcam\" -enumdelay=2000 -enabledifx -forcedelete -usbhubsfirst -forceremove -cumulativeremove -promptuninstall -arpregkey"legacyqcam_11.10" /clone_wait /hide_progress Logitech QuickCam-Treiberpaket --> "C:\Programme\Gemeinsame Dateien\LogiShrd\LogiDriverStore\lvdrivers\11.50.1145\LgDrvInst.exe" -remove -instdir"C:\Programme\Gemeinsame Dateien\LogiShrd\LogiDriverStore\lvdrivers\" -enumdelay=2000 -enabledifx -forcedelete -usbhubsfirst -forceremove -cumulativeremove -promptuninstall -arpregkey"lvdrivers_11.50" /clone_wait /hide_progress Logitech QuickCam --> MsiExec.exe /X{945AC98B-3DC8-45BE-BAE0-22CEEE37A103} Logitech SetPoint --> C:\Programme\InstallShield Installation Information\{2E8EAC71-BFE4-417A-88F0-5A1BDFBCF5D3}\setup.exe -runfromtemp -l0x0007 -removeonly Logitech Video Enumerator --> MsiExec.exe /X{EA516024-D84D-41F1-814F-83175A6188F2} Magic Ball 2 --> C:\PROGRA~1\MAGICB~1\UNWISE.EXE /U C:\PROGRA~1\MAGICB~1\INSTALL.LOG Magic File Renamer --> C:\WINDOWS\iun6002.exe "C:\Programme\MFR\irunin.ini" Magic File Renamer 6.03 Professional Edition --> MsiExec.exe /I{54F578E9-8E69-4039-98E5-4AC3D709C7B8} mediaRECOVER --> C:\PROGRA~1\MEDIAR~2\UNWISE.EXE C:\PROGRA~1\MEDIAR~2\INSTALL.LOG Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe" Microsoft Kernel-Mode Driver Framework Feature Pack 1.5 --> "C:\WINDOWS\$NtUninstallWdf01005$\spuninst\spuninst.exe" Microsoft Office Professional Edition 2003 --> MsiExec.exe /I{90110407-6000-11D3-8CFE-0150048383C9} Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe" Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7} mIRC --> "C:\Programme\mIRC\mirc.exe" -uninstall MixMeister BPM Analyzer 1.0 --> "C:\Programme\MixMeister BPM Analyzer\unins000.exe" Mozilla Firefox (2.0.0.10) --> C:\Programme\Mozilla Firefox\uninstall\helper.exe MP3-Info extension V3.4.23 --> C:\Programme\MP3ext\unins000.exe MP3-Tool --> C:\WINDOWS\unvise32.exe C:\Programme\mp3tool\uninstal.log MP3 Hammer 4.2 --> "C:\Programme\MP3 Hammer\unins000.exe" mp3 RightName 1.27 --> C:\Programme\mp3RightName\unins000.exe MP3 Splitter & Joiner 3.02 (Build 5) Update Trial to Full --> "C:\Programme\MP3 Splitter & Joiner\unins001.exe" Mp3tag v2.36a --> C:\Programme\Mp3tag\Mp3tagUninstall.EXE MSI Live Update 3 --> C:\WINDOWS\IsUninst.exe -f"C:\Programme\MSI\Live Update 3\Uninst.isu" MVision --> MsiExec.exe /I{35725FBC-A136-4A46-9F29-091759D9BB93} myFairTunes6 v.0.5.7b --> "C:\Programme\myFairTunes6\unins000.exe" Nero 6 Ultra Edition --> C:\Programme\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL Nimo Codecs Pack v5.0 (Remove Only) --> "C:\Programme\NimoCodec Pack\uninstall.exe" NVIDIA Drivers --> C:\WINDOWS\system32\nvudisp.exe UninstallGUI Panda ActiveScan --> C:\WINDOWS\system32\ASUninst.exe Panda ActiveScan PowerDVD --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall PowerQuest PartitionMagic 8.0 --> C:\PROGRA~1\GEMEIN~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{6BE2A4A4-99FB-48ED-AE1E-4E850389F804} PS FileRenamer 2.33 --> "C:\Programme\PS FileRenamer\unins000.exe" QuickTime --> MsiExec.exe /I{95A890AA-B3B1-44B6-9C18-A8F7AB3EE7FC} R-Studio FAT v2.0 --> "C:\Programme\R-Studio FAT\unins000.exe" RealPlayer --> C:\Programme\Gemeinsame Dateien\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0 Registry Mechanic 6.0 --> "C:\Programme\Registry Mechanic\unins000.exe" Safari --> MsiExec.exe /I{3E719879-9914-4C56-843E-96D0C3FCC3FB} SafeGuard® Easy 4.11.0 --> MsiExec.exe /I{536521E3-389A-41B2-82E5-F61B95957CDF} Serials 2000 7.1+ --> "C:\Programme\Serials 2000 7.1 Plus\unins000.exe" Sicherheitsupdate für Windows XP (KB883939) --> "C:\WINDOWS\$NtUninstallKB883939$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB890046) --> "C:\WINDOWS\$NtUninstallKB890046$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB893756) --> "C:\WINDOWS\$NtUninstallKB893756$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB896358) --> "C:\WINDOWS\$NtUninstallKB896358$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB896422) --> "C:\WINDOWS\$NtUninstallKB896422$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB896423) --> "C:\WINDOWS\$NtUninstallKB896423$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB896424) --> "C:\WINDOWS\$NtUninstallKB896424$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB896428) --> "C:\WINDOWS\$NtUninstallKB896428$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB896688) --> "C:\WINDOWS\$NtUninstallKB896688$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB899587) --> "C:\WINDOWS\$NtUninstallKB899587$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB899588) --> "C:\WINDOWS\$NtUninstallKB899588$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB899589) --> "C:\WINDOWS\$NtUninstallKB899589$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB899591) --> "C:\WINDOWS\$NtUninstallKB899591$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB900725) --> "C:\WINDOWS\$NtUninstallKB900725$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB901017) --> "C:\WINDOWS\$NtUninstallKB901017$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB901190) --> "C:\WINDOWS\$NtUninstallKB901190$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB901214) --> "C:\WINDOWS\$NtUninstallKB901214$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB902400) --> "C:\WINDOWS\$NtUninstallKB902400$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB903235) --> "C:\WINDOWS\$NtUninstallKB903235$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB904706) --> "C:\WINDOWS\$NtUninstallKB904706$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB905414) --> "C:\WINDOWS\$NtUninstallKB905414$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB905749) --> "C:\WINDOWS\$NtUninstallKB905749$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB905915) --> "C:\WINDOWS\$NtUninstallKB905915$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB908519) --> "C:\WINDOWS\$NtUninstallKB908519$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB908531) --> "C:\WINDOWS\$NtUninstallKB908531$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB911562) --> "C:\WINDOWS\$NtUninstallKB911562$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB911567) --> "C:\WINDOWS\$NtUninstallKB911567$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB911927) --> "C:\WINDOWS\$NtUninstallKB911927$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB912812) --> "C:\WINDOWS\$NtUninstallKB912812$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB912919) --> "C:\WINDOWS\$NtUninstallKB912919$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB913446) --> "C:\WINDOWS\$NtUninstallKB913446$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB913580) --> "C:\WINDOWS\$NtUninstallKB913580$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB914388) --> "C:\WINDOWS\$NtUninstallKB914388$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB914389) --> "C:\WINDOWS\$NtUninstallKB914389$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB916281) --> "C:\WINDOWS\$NtUninstallKB916281$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB917159) --> "C:\WINDOWS\$NtUninstallKB917159$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB917344) --> "C:\WINDOWS\$NtUninstallKB917344$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB917422) --> "C:\WINDOWS\$NtUninstallKB917422$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB917953) --> "C:\WINDOWS\$NtUninstallKB917953$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB918118) --> "C:\WINDOWS\$NtUninstallKB918118$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB918439) --> "C:\WINDOWS\$NtUninstallKB918439$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB918899) --> "C:\WINDOWS\$NtUninstallKB918899$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB919007) --> "C:\WINDOWS\$NtUninstallKB919007$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB920213) --> "C:\WINDOWS\$NtUninstallKB920213$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB920214) --> "C:\WINDOWS\$NtUninstallKB920214$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB920670) --> "C:\WINDOWS\$NtUninstallKB920670$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB920683) --> "C:\WINDOWS\$NtUninstallKB920683$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB920685) --> "C:\WINDOWS\$NtUninstallKB920685$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB921398) --> "C:\WINDOWS\$NtUninstallKB921398$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB921503) --> "C:\WINDOWS\$NtUninstallKB921503$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB921883) --> "C:\WINDOWS\$NtUninstallKB921883$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB922616) --> "C:\WINDOWS\$NtUninstallKB922616$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB922760) --> "C:\WINDOWS\$NtUninstallKB922760$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB922819) --> "C:\WINDOWS\$NtUninstallKB922819$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB923191) --> "C:\WINDOWS\$NtUninstallKB923191$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB923414) --> "C:\WINDOWS\$NtUninstallKB923414$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB923689) --> "C:\WINDOWS\$NtUninstallKB923689$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB923694) --> "C:\WINDOWS\$NtUninstallKB923694$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB923980) --> "C:\WINDOWS\$NtUninstallKB923980$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB924191) --> "C:\WINDOWS\$NtUninstallKB924191$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB924270) --> "C:\WINDOWS\$NtUninstallKB924270$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB924496) --> "C:\WINDOWS\$NtUninstallKB924496$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB924667) --> "C:\WINDOWS\$NtUninstallKB924667$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB925454) --> "C:\WINDOWS\$NtUninstallKB925454$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB925486) --> "C:\WINDOWS\$NtUninstallKB925486$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB925902) --> "C:\WINDOWS\$NtUninstallKB925902$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB926255) --> "C:\WINDOWS\$NtUninstallKB926255$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB926436) --> "C:\WINDOWS\$NtUninstallKB926436$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB927779) --> "C:\WINDOWS\$NtUninstallKB927779$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB927802) --> "C:\WINDOWS\$NtUninstallKB927802$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB928255) --> "C:\WINDOWS\$NtUninstallKB928255$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB928843) --> "C:\WINDOWS\$NtUninstallKB928843$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB929123) --> "C:\WINDOWS\$NtUninstallKB929123$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB930178) --> "C:\WINDOWS\$NtUninstallKB930178$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB931261) --> "C:\WINDOWS\$NtUninstallKB931261$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB931784) --> "C:\WINDOWS\$NtUninstallKB931784$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB932168) --> "C:\WINDOWS\$NtUninstallKB932168$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB933729) --> "C:\WINDOWS\$NtUninstallKB933729$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB935839) --> "C:\WINDOWS\$NtUninstallKB935839$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB935840) --> "C:\WINDOWS\$NtUninstallKB935840$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB936021) --> "C:\WINDOWS\$NtUninstallKB936021$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB938829) --> "C:\WINDOWS\$NtUninstallKB938829$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB941202) --> "C:\WINDOWS\$NtUninstallKB941202$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB943460) --> "C:\WINDOWS\$NtUninstallKB943460$\spuninst\spuninst.exe" Skype™ 3.2 --> MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82} Spelling Dictionaries Support For Adobe Reader 8 --> MsiExec.exe /I{AC76BA86-7AD7-5464-3428-800000000003} Spybot - Search & Destroy --> "C:\Programme\Spybot - Search & Destroy\unins000.exe" SUPERAntiSpyware Free Edition --> MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA} Symantec Network Driver Update --> MsiExec.exe /X{6AF90EF6-F7F9-466C-99F4-1774826FBB40} Symantec Technical Support Web Controls --> MsiExec.exe /X{C4868E88-F5B5-4E45-9592-C7062BD97441} Tar98 --> C:\PROGRA~1\TAR98\UNWISE.EXE C:\PROGRA~1\TAR98\INSTALL.LOG TerraTec Home Cinema --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{63B9BAB5-F36A-4A3B-9E5C-68A7F212BFB9}\setup.exe" -l0x7 TextPad 4.7 --> MsiExec.exe /X{B510A987-487E-4C66-9F4F-D386AC275715} TransMac version 7.5 --> "C:\Programme\TransMac\unins000.exe" TrueCrypt --> C:\WINDOWS\TrueCrypt Setup.exe /u C:\Programme\TrueCrypt TVUPlayer 1.5.12 --> C:\Programme\TVU Player\uninst.exe Update für Windows XP (KB894391) --> "C:\WINDOWS\$NtUninstallKB894391$\spuninst\spuninst.exe" Update für Windows XP (KB896727) --> "C:\WINDOWS\$NtUninstallKB896727$\spuninst\spuninst.exe" Update für Windows XP (KB898461) --> "C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe" Update für Windows XP (KB900485) --> "C:\WINDOWS\$NtUninstallKB900485$\spuninst\spuninst.exe" Update für Windows XP (KB904942) --> "C:\WINDOWS\$NtUninstallKB904942$\spuninst\spuninst.exe" Update für Windows XP (KB910437) --> "C:\WINDOWS\$NtUninstallKB910437$\spuninst\spuninst.exe" Update für Windows XP (KB911280) --> "C:\WINDOWS\$NtUninstallKB911280$\spuninst\spuninst.exe" Update für Windows XP (KB916595) --> "C:\WINDOWS\$NtUninstallKB916595$\spuninst\spuninst.exe" Update für Windows XP (KB920872) --> "C:\WINDOWS\$NtUninstallKB920872$\spuninst\spuninst.exe" Update für Windows XP (KB922582) --> "C:\WINDOWS\$NtUninstallKB922582$\spuninst\spuninst.exe" Update für Windows XP (KB927891) --> "C:\WINDOWS\$NtUninstallKB927891$\spuninst\spuninst.exe" Update für Windows XP (KB929338) --> "C:\WINDOWS\$NtUninstallKB929338$\spuninst\spuninst.exe" Update für Windows XP (KB930916) --> "C:\WINDOWS\$NtUninstallKB930916$\spuninst\spuninst.exe" Update für Windows XP (KB931836) --> "C:\WINDOWS\$NtUninstallKB931836$\spuninst\spuninst.exe" Update für Windows XP (KB933360) --> "C:\WINDOWS\$NtUninstallKB933360$\spuninst\spuninst.exe" Update für Windows XP (KB938828) --> "C:\WINDOWS\$NtUninstallKB938828$\spuninst\spuninst.exe" User Profile Hive Cleanup Service --> MsiExec.exe /I{FF77941A-2BFA-4A18-BE2E-69B9498E4D55} VideoLAN VLC media player 0.7.0 --> "C:\Programme\VLC\uninstall.exe" WIDCOMM Bluetooth Software --> MsiExec.exe /X{84814E6B-2581-46EC-926A-823BD1C670F6} WinAce Archiver 2.0 --> C:\Programme\WinAce\SXUNINST.EXE C:\Programme\WinAce\SXUNINST.INI Winamp --> "C:\Programme\Winamp\UninstWA.exe" Windows Live Messenger --> MsiExec.exe /I{571700F0-DB9D-4B3A-B03D-35A14BB5939F} Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe" Windows XP-Hotfix - KB834707 --> C:\WINDOWS\$NtUninstallKB834707$\spuninst\spuninst.exe Windows XP-Hotfix - KB867282 --> C:\WINDOWS\$NtUninstallKB867282$\spuninst\spuninst.exe Windows XP-Hotfix - KB873333 --> C:\WINDOWS\$NtUninstallKB873333$\spuninst\spuninst.exe Windows XP-Hotfix - KB873339 --> C:\WINDOWS\$NtUninstallKB873339$\spuninst\spuninst.exe Windows XP-Hotfix - KB885250 --> C:\WINDOWS\$NtUninstallKB885250$\spuninst\spuninst.exe Windows XP-Hotfix - KB885835 --> C:\WINDOWS\$NtUninstallKB885835$\spuninst\spuninst.exe Windows XP-Hotfix - KB885836 --> C:\WINDOWS\$NtUninstallKB885836$\spuninst\spuninst.exe Windows XP-Hotfix - KB885884 --> C:\WINDOWS\$NtUninstallKB885884$\spuninst\spuninst.exe Windows XP-Hotfix - KB886185 --> C:\WINDOWS\$NtUninstallKB886185$\spuninst\spuninst.exe Windows XP-Hotfix - KB887472 --> C:\WINDOWS\$NtUninstallKB887472$\spuninst\spuninst.exe Windows XP-Hotfix - KB887742 --> C:\WINDOWS\$NtUninstallKB887742$\spuninst\spuninst.exe Windows XP-Hotfix - KB888113 --> C:\WINDOWS\$NtUninstallKB888113$\spuninst\spuninst.exe Windows XP-Hotfix - KB888302 --> C:\WINDOWS\$NtUninstallKB888302$\spuninst\spuninst.exe Windows XP-Hotfix - KB890047 --> C:\WINDOWS\$NtUninstallKB890047$\spuninst\spuninst.exe Windows XP-Hotfix - KB890175 --> C:\WINDOWS\$NtUninstallKB890175$\spuninst\spuninst.exe Windows XP-Hotfix - KB890859 --> "C:\WINDOWS\$NtUninstallKB890859$\spuninst\spuninst.exe" Windows XP-Hotfix - KB890923 --> "C:\WINDOWS\$NtUninstallKB890923$\spuninst\spuninst.exe" Windows XP-Hotfix - KB891781 --> C:\WINDOWS\$NtUninstallKB891781$\spuninst\spuninst.exe Windows XP-Hotfix - KB893066 --> "C:\WINDOWS\$NtUninstallKB893066$\spuninst\spuninst.exe" Windows XP-Hotfix - KB893086 --> "C:\WINDOWS\$NtUninstallKB893086$\spuninst\spuninst.exe" WinISO 5.3 --> C:\Programme\WinISO\unins000.exe WinRAR Archiver --> C:\Programme\WinRAR\uninstall.exe WinTasks 4 Professional --> C:\Programme\LIUtilities\WinTasks\unins000.exe WinZip --> "C:\Programme\WinZip\WINZIP32.EXE" /uninstall WM Recorder + RM Recorder 9.1 --> C:\WINDOWS\iun6002.exe "C:\Programme\WM Recorder\irunin.ini" XviD MPEG-4 Codec --> "C:\Programme\XviD\UninstXviD.exe" XviD MPEG-4 Video Codec --> C:\Programme\XviD\unins000.exe -- Application Event Log ------------------------------------------------------- Event Record #/Type14694 / Warning Event Submitted/Written: 11/30/2007 01:46:56 PM Event ID/Source: 1001 / MsiInstaller Event Description: Erkennung von Produkt "{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}" und Funktion "Phone" fehlgeschlagen beim Anfordern von Komponente "{57FF4446-590E-4894-AE39-D55928DBDE01}". Event Record #/Type14693 / Warning Event Submitted/Written: 11/30/2007 01:46:56 PM Event ID/Source: 1004 / MsiInstaller Event Description: Erkennung von Produkt "{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}", Funktion "Phone" und Komponente "{98916693-F0B5-4923-8BC6-1F0E6A883411}" fehlgeschlagen. Die Ressource "HKEY_CURRENT_USER\Software\Skype\Phone\FE_label" ist nicht vorhanden. Event Record #/Type14692 / Warning Event Submitted/Written: 11/30/2007 01:46:27 PM Event ID/Source: 1001 / MsiInstaller Event Description: Erkennung von Produkt "{945AC98B-3DC8-45BE-BAE0-22CEEE37A103}" und Funktion "QuickCam" fehlgeschlagen beim Anfordern von Komponente "{C207503F-9631-4AF6-8CD2-D11260DBA3C5}". Event Record #/Type14691 / Warning Event Submitted/Written: 11/30/2007 01:46:27 PM Event ID/Source: 1004 / MsiInstaller Event Description: Erkennung von Produkt "{945AC98B-3DC8-45BE-BAE0-22CEEE37A103}", Funktion "QuickCam" und Komponente "{B52C7B4D-F46F-438C-ADF2-05A138C57757}" fehlgeschlagen. Die Ressource "HKEY_CURRENT_USER\Software\Logitech\InstallerKeys\QCDesktopShortcutKey" ist nicht vorhanden. Event Record #/Type14690 / Warning Event Submitted/Written: 11/30/2007 01:46:27 PM Event ID/Source: 1001 / MsiInstaller Event Description: Erkennung von Produkt "{945AC98B-3DC8-45BE-BAE0-22CEEE37A103}" und Funktion "QuickCam" fehlgeschlagen beim Anfordern von Komponente "{C207503F-9631-4AF6-8CD2-D11260DBA3C5}". -- Security Event Log ---------------------------------------------------------- No Errors/Warnings found. -- System Event Log ------------------------------------------------------------ Event Record #/Type55828 / Error Event Submitted/Written: 11/30/2007 01:45:53 PM Event ID/Source: 2 / ParVdm Event Description: Zeiger für Geräteobjekt lässt sich nicht für Anschlussobjekt ermitteln. Event Record #/Type55826 / Error Event Submitted/Written: 11/30/2007 01:45:22 PM / 11/30/2007 01:45:52 PM Event ID/Source: 4307 / NetBT Event Description: Initialisierung fehlgeschlagen, da die Transportschicht das Öffnen der Anfangsadressen verweigerte. Event Record #/Type55819 / Warning Event Submitted/Written: 11/30/2007 00:35:04 AM Event ID/Source: 4226 / Tcpip Event Description: TCP/IP hat das Sicherheitslimit erreicht, das für die Anzahl gleichzeitiger TCP-Verbindungsversuche festgelegt wurde. Event Record #/Type55818 / Warning Event Submitted/Written: 11/29/2007 10:12:08 PM Event ID/Source: 36 / W32Time Event Description: Der Zeitdienst konnte die Systemzeit seit 49152 Sekunden nicht synchronisieren, da kein Zeitanbieter einen gültigen Zeitstempel anbieten konnte. Die Systemuhr ist nicht synchronisiert. Event Record #/Type55817 / Warning Event Submitted/Written: 11/29/2007 08:37:50 PM Event ID/Source: 4226 / Tcpip Event Description: TCP/IP hat das Sicherheitslimit erreicht, das für die Anzahl gleichzeitiger TCP-Verbindungsversuche festgelegt wurde. -- End of Deckard's System Scanner: finished at 2007-11-30 14:01:48 ------------ |
|
|
|
|
11-30-2007, 09:45 AM
|
#7 (permalink) |
|
Registered User
Join Date: Nov 2007
Posts: 15
OS: WIN XP SP2
|
Re: Adware-gen + Trojan-gen + Agent-LTS --- rmv.exe etc. -- Red Wallpaper
Did also the following
- checked all programs in step 1 (none of them was installed) - system restore is disabled - running spybot, superantispyware and avast! as live scanner - all windows updates are installed and here is even a new HTJ scan result as the first was version 1.9, here is the newest version: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 17:45:08, on 30.11.2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16544) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Programme\WIDCOMM\Bluetooth Software\bin\btwdins.exe C:\Programme\Gemeinsame Dateien\Logitech\Bluetooth\LBTSERV.EXE C:\WINDOWS\Explorer.EXE C:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\symlcsvc.exe C:\Programme\Avast4\aswUpdSv.exe C:\Programme\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\Programme\Gemeinsame Dateien\LogiShrd\LVMVFM\LVPrcSrv.exe C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Programme\Gemeinsame Dateien\LogiShrd\LVCOMSER\LVComSer.exe C:\WINDOWS\system32\nvsvc32.exe C:\Programme\Utimaco\SafeGuard Easy\SgeCtl.exe C:\WINDOWS\system32\SgLogPlayer.exe C:\WINDOWS\System32\svchost.exe C:\Programme\UPHClean\uphclean.exe C:\Programme\Utimaco\SafeGuard Easy\WksCfgSrv.exe C:\Programme\Avast4\ashMaiSv.exe C:\Programme\Avast4\ashWebSv.exe C:\Programme\Gemeinsame Dateien\LogiShrd\LVCOMSER\LVComSer.exe C:\WINDOWS\system32\taskmgr.exe C:\Programme\Logitech\SetPoint\LBTWiz.exe C:\PROGRA~1\Avast4\ashDisp.exe C:\Programme\Acronis\TrueImageHome\TrueImageMonitor.exe C:\Programme\Acronis\TrueImageHome\TimounterMonitor.exe C:\Programme\Utimaco\SafeGuard Easy\Ecview.exe C:\Programme\iTunes\iTunesHelper.exe C:\Programme\Gemeinsame Dateien\LogiShrd\LComMgr\Communications_Helper.exe C:\Programme\Skype\Phone\Skype.exe C:\Programme\TrueCrypt\TrueCrypt.exe C:\Programme\Copernic Desktop Search 2\DesktopSearchService.exe C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Programme\Spybot - Search & Destroy\TeaTimer.exe C:\Programme\MSI\Core Center\CoreCenter.exe C:\WINDOWS\System32\svchost.exe C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe C:\Programme\Logitech\SetPoint\SetPoint.exe C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE C:\WINDOWS\system32\notepad.exe C:\Programme\Gemeinsame Dateien\Logitech\KhalShared\KHALMNPR.EXE C:\Programme\Skype\Plugin Manager\SkypePM.exe C:\Programme\Internet Explorer\iexplore.exe C:\Programme\iPod\bin\iPodService.exe C:\Programme\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O3 - Toolbar: Copernic Desktop Search 2 - {968631B6-4729-440D-9BF4-251F5593EC9A} - C:\Programme\Copernic Desktop Search 2\DesktopSearchBand201013011.dll O4 - HKLM\..\Run: [SourcePath] syscfg32.exe O4 - HKLM\..\Run: [wtadd_taskmgr.exe] C:\WINDOWS\system32\taskmgr.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [Logitech BT Wizard] LBTWiz.exe -silent O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Programme\Acronis\TrueImageHome\TrueImageMonitor.exe O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Programme\Acronis\TrueImageHome\TimounterMonitor.exe O4 - HKLM\..\Run: [SgeEcView] C:\Programme\Utimaco\SafeGuard Easy\Ecview.exe O4 - HKLM\..\Run: [EdWizard] C:\Programme\Utimaco\SafeGuard Easy\EdWizard.exe as O4 - HKLM\..\Run: [iTunesHelper] "C:\Programme\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Programme\Gemeinsame Dateien\LogiShrd\LComMgr\Communications_Helper.exe" O4 - HKLM\..\RunServices: [SourcePath] syscfg32.exe O4 - HKCU\..\Run: [Skype] "C:\Programme\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [TrueCrypt] "C:\Programme\TrueCrypt\TrueCrypt.exe" /q preferences /a favorites O4 - HKCU\..\Run: [Copernic Desktop Search 2] "C:\Programme\Copernic Desktop Search 2\DesktopSearchService.exe" /tray O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETZWERKDIENST') O4 - HKUS\S-1-5-18\..\RunOnce: [SRUUninstall] "C:\WINDOWS\system32\msiexec.exe" /L*v C:\WINDOWS\TEMP\SND532unin.txt /x {6AF90EF6-F7F9-466C-99F4-1774826FBB40} /qn REBOOT=ReallySuppress (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\RunOnce: [SRUUninstall] "C:\WINDOWS\system32\msiexec.exe" /L*v C:\WINDOWS\TEMP\SND532unin.txt /x {6AF90EF6-F7F9-466C-99F4-1774826FBB40} /qn REBOOT=ReallySuppress (User 'Default user') O4 - S-1-5-18 Startup: Verknüpfung mit startcopy.bat.lnk = C:\Dokumente und Einstellungen\Iven Engert\startcopy.bat (User 'SYSTEM') O4 - .DEFAULT Startup: Verknüpfung mit startcopy.bat.lnk = C:\Dokumente und Einstellungen\Iven Engert\startcopy.bat (User 'Default user') O4 - Startup: Verknüpfung mit startcopy.bat.lnk = C:\Dokumente und Einstellungen\Iven Engert\startcopy.bat O4 - Global Startup: CoreCenter.lnk = C:\Programme\MSI\Core Center\CoreCenter.exe O4 - Global Startup: BTTray.lnk = ? O4 - Global Startup: Logitech SetPoint.lnk = C:\Programme\Logitech\SetPoint\SetPoint.exe O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Senden an &Bluetooth-Gerät... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/par...an_unicode.cab O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/reso...an8/oscan8.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab O18 - Protocol: Festoon - (no CLSID) - (no file) O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL O18 - Protocol: vskype - (no CLSID) - (no file) O20 - Winlogon Notify: !SASWinLogon - C:\Programme\SUPERAntiSpyware\SASWINLO.dll O20 - Winlogon Notify: NotLog - C:\WINDOWS\SYSTEM32\SGLogEx.dll O20 - Winlogon Notify: SGLogNotification - C:\WINDOWS\SYSTEM32\SGLogNotification.dll O21 - SSODL: sapnet - {1BFCCE79-034A-4101-A31B-C4CCAA3D6A83} - C:\WINDOWS\sapnet.dll (file missing) O21 - SSODL: rmvgor - {5D1BCF85-BDDB-4BF0-8CFA-7659F3A3C137} - C:\WINDOWS\rmvgor.dll O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe O23 - Service: Adobe LM Service - Adobe Systems - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programme\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Programme\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programme\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programme\Avast4\ashWebSv.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Programme\WIDCOMM\Bluetooth Software\bin\btwdins.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Programme\iPod\bin\iPodService.exe O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech Inc. - C:\Programme\Gemeinsame Dateien\Logitech\Bluetooth\LBTSERV.EXE O23 - Service: LVCOMSer - Logitech Inc. - C:\Programme\Gemeinsame Dateien\LogiShrd\LVCOMSER\LVComSer.exe O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Programme\Gemeinsame Dateien\LogiShrd\LVMVFM\LVPrcSrv.exe O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Programme\Gemeinsame Dateien\LogiShrd\SrvLnch\SrvLnch.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: SafeGuard Easy Control (SgeCtl) - Utimaco Safeware AG - C:\Programme\Utimaco\SafeGuard Easy\SgeCtl.exe O23 - Service: SafeGuard SGLOG Player (SgLogPlayer) - Utimaco Safeware AG - C:\WINDOWS\system32\SgLogPlayer.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: SafeGuard Easy Workstation Server (WksCfgSrv) - Utimaco Safeware AG - C:\Programme\Utimaco\SafeGuard Easy\WksCfgSrv.exe -- End of file - 11674 bytes |
|
|
|
|
12-02-2007, 10:27 AM
|
#8 (permalink) |
|
Registered User
Join Date: Nov 2007
Posts: 15
OS: WIN XP SP2
|
Re: Adware-gen + Trojan-gen + Agent-LTS --- rmv.exe etc. -- Red Wallpaper
I tried to fix some unusual entries with HJT , here is the current HJT log:
Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 22:49:12, on 01.12.2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16544) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Programme\WIDCOMM\Bluetooth Software\bin\btwdins.exe C:\Programme\Gemeinsame Dateien\Logitech\Bluetooth\LBTSERV.EXE C:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\symlcsvc.exe C:\Programme\Avast4\aswUpdSv.exe C:\Programme\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\Programme\Gemeinsame Dateien\LogiShrd\LVMVFM\LVPrcSrv.exe C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Programme\Gemeinsame Dateien\LogiShrd\LVCOMSER\LVComSer.exe C:\WINDOWS\system32\nvsvc32.exe C:\Programme\Utimaco\SafeGuard Easy\SgeCtl.exe C:\WINDOWS\system32\SgLogPlayer.exe C:\WINDOWS\System32\svchost.exe C:\Programme\UPHClean\uphclean.exe C:\Programme\Utimaco\SafeGuard Easy\WksCfgSrv.exe C:\Programme\Avast4\ashMaiSv.exe C:\Programme\Avast4\ashWebSv.exe C:\Programme\Gemeinsame Dateien\LogiShrd\LVCOMSER\LVComSer.exe C:\WINDOWS\system32\taskmgr.exe C:\Programme\Logitech\SetPoint\LBTWiz.exe C:\PROGRA~1\Avast4\ashDisp.exe C:\Programme\Acronis\TrueImageHome\TrueImageMonitor.exe C:\Programme\Acronis\TrueImageHome\TimounterMonitor.exe C:\Programme\Utimaco\SafeGuard Easy\Ecview.exe C:\Programme\iTunes\iTunesHelper.exe C:\Programme\Gemeinsame Dateien\LogiShrd\LComMgr\Communications_Helper.exe C:\Programme\Skype\Phone\Skype.exe C:\Programme\TrueCrypt\TrueCrypt.exe C:\Programme\Copernic Desktop Search 2\DesktopSearchService.exe C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Programme\Spybot - Search & Destroy\TeaTimer.exe C:\Programme\MSI\Core Center\CoreCenter.exe C:\WINDOWS\System32\svchost.exe C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe C:\Programme\Logitech\SetPoint\SetPoint.exe C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE C:\Programme\Gemeinsame Dateien\Logitech\KhalShared\KHALMNPR.EXE C:\Programme\Skype\Plugin Manager\SkypePM.exe C:\Programme\iPod\bin\iPodService.exe C:\Programme\Internet Explorer\IEXPLORE.EXE C:\Programme\Messenger\msmsgs.exe C:\Programme\Winamp\winamp.exe C:\Programme\Mozilla Firefox\firefox.exe C:\WINDOWS\Explorer.exe C:\Programme\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O3 - Toolbar: Copernic Desktop Search 2 - {968631B6-4729-440D-9BF4-251F5593EC9A} - C:\Programme\Copernic Desktop Search 2\DesktopSearchBand201013011.dll O4 - HKLM\..\Run: [SourcePath] syscfg32.exe O4 - HKLM\..\Run: [wtadd_taskmgr.exe] C:\WINDOWS\system32\taskmgr.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [Logitech BT Wizard] LBTWiz.exe -silent O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Programme\Acronis\TrueImageHome\TrueImageMonitor.exe O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Programme\Acronis\TrueImageHome\TimounterMonitor.exe O4 - HKLM\..\Run: [SgeEcView] C:\Programme\Utimaco\SafeGuard Easy\Ecview.exe O4 - HKLM\..\Run: [EdWizard] C:\Programme\Utimaco\SafeGuard Easy\EdWizard.exe as O4 - HKLM\..\Run: [iTunesHelper] "C:\Programme\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Programme\Gemeinsame Dateien\LogiShrd\LComMgr\Communications_Helper.exe" O4 - HKLM\..\RunServices: [SourcePath] syscfg32.exe O4 - HKCU\..\Run: [Skype] "C:\Programme\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [TrueCrypt] "C:\Programme\TrueCrypt\TrueCrypt.exe" /q preferences /a favorites O4 - HKCU\..\Run: [Copernic Desktop Search 2] "C:\Programme\Copernic Desktop Search 2\DesktopSearchService.exe" /tray O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETZWERKDIENST') O4 - S-1-5-18 Startup: Verkn¸pfung mit startcopy.bat.lnk = C:\Dokumente und Einstellungen\Iven Engert\startcopy.bat (User 'SYSTEM') O4 - .DEFAULT Startup: Verkn¸pfung mit startcopy.bat.lnk = C:\Dokumente und Einstellungen\Iven Engert\startcopy.bat (User 'Default user') O4 - Startup: Verkn¸pfung mit startcopy.bat.lnk = C:\Dokumente und Einstellungen\Iven Engert\startcopy.bat O4 - Global Startup: CoreCenter.lnk = C:\Programme\MSI\Core Center\CoreCenter.exe O4 - Global Startup: BTTray.lnk = ? O4 - Global Startup: Logitech SetPoint.lnk = C:\Programme\Logitech\SetPoint\SetPoint.exe O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Senden an &Bluetooth-Ger‰t... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/par...an_unicode.cab O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/reso...an8/oscan8.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab O18 - Protocol: Festoon - (no CLSID) - (no file) O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL O18 - Protocol: vskype - (no CLSID) - (no file) O20 - Winlogon Notify: !SASWinLogon - C:\Programme\SUPERAntiSpyware\SASWINLO.dll O20 - Winlogon Notify: NotLog - C:\WINDOWS\SYSTEM32\SGLogEx.dll O20 - Winlogon Notify: SGLogNotification - C:\WINDOWS\SYSTEM32\SGLogNotification.dll O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe O23 - Service: Adobe LM Service - Adobe Systems - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programme\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Programme\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programme\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programme\Avast4\ashWebSv.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Programme\WIDCOMM\Bluetooth Software\bin\btwdins.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Programme\iPod\bin\iPodService.exe O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech Inc. - C:\Programme\Gemeinsame Dateien\Logitech\Bluetooth\LBTSERV.EXE O23 - Service: LVCOMSer - Logitech Inc. - C:\Programme\Gemeinsame Dateien\LogiShrd\LVCOMSER\LVComSer.exe O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Programme\Gemeinsame Dateien\LogiShrd\LVMVFM\LVPrcSrv.exe O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Programme\Gemeinsame Dateien\LogiShrd\SrvLnch\SrvLnch.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: SafeGuard Easy Control (SgeCtl) - Utimaco Safeware AG - C:\Programme\Utimaco\SafeGuard Easy\SgeCtl.exe O23 - Service: SafeGuard SGLOG Player (SgLogPlayer) - Utimaco Safeware AG - C:\WINDOWS\system32\SgLogPlayer.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: SafeGuard Easy Workstation Server (WksCfgSrv) - Utimaco Safeware AG - C:\Programme\Utimaco\SafeGuard Easy\WksCfgSrv.exe -- End of file - 11155 bytes |
|
|
|
|
12-04-2007, 11:24 AM
|
#9 (permalink) |
|
Manager, Security Center, TSF Academy; Analyst, Security Team
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 35,158
OS: 2000 Pro; XP Pro; XP Home
|
Re: Adware-gen + Trojan-gen + Agent-LTS --- rmv.exe etc. -- Red Wallpaper
Hi, you didn't post the main.txt from the DSS scan.
Rather than post an older one, let's get a look at the current condition of your system. Please run Deckard's System Scanner once again, this time using these instructions: Click the Windows 'Start' button > Select 'Run' - then copy/paste this into the run box & click OK (this assumes dss.exe is on your desktop!) "%userprofile%\desktop\dss.exe" /configClick on "Check All" Click Scan! When finished, it shall produce two logs for you. Post those logs in your next reply.
__________________
Practice Safe Surfing Because what you don't know, CAN hurt you.  Microsoft MVP - Consumer Security 2009
|
|
|
|
|
12-06-2007, 12:46 AM
|
#10 (permalink) |
|
Registered User
Join Date: Nov 2007
Posts: 15
OS: WIN XP SP2
|
Re: Adware-gen + Trojan-gen + Agent-LTS --- rmv.exe etc. -- Red Wallpaper
Main.txt
Deckard's System Scanner v20071014.68 Run by %USER% on 2007-12-06 08:38:54 Computer is in Normal Mode. -------------------------------------------------------------------------------- -- System Restore -------------------------------------------------------------- Successfully created a Deckard's System Scanner Restore Point. -- Last 5 Restore Point(s) -- 8: 2007-12-06 07:39:04 UTC - RP8 - Deckard's System Scanner Restore Point 7: 2007-12-02 23:17:44 UTC - RP7 - Systemprüfpunkt 6: 2007-12-01 21:32:53 UTC - RP6 - Systemprüfpunkt 5: 2007-11-30 12:59:06 UTC - RP5 - Deckard's System Scanner Restore Point 4: 2007-11-29 19:14:10 UTC - RP4 - Entfernt Easy Synchronization -- First Restore Point -- 1: 2007-11-22 22:49:04 UTC - RP1 - Systemprüfpunkt Performed disk cleanup. Percentage of Memory in Use: 85% (more than 75%). System Drive C: has 2.32 GiB (less than 15%) free. -- HijackThis (run as %USER%.exe) ----------------------------------------- Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 08:39:26, on 06.12.2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16544) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Programme\WIDCOMM\Bluetooth Software\bin\btwdins.exe C:\Programme\Gemeinsame Dateien\Logitech\Bluetooth\LBTSERV.EXE C:\WINDOWS\Explorer.EXE C:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\symlcsvc.exe C:\Programme\Avast4\aswUpdSv.exe C:\Programme\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\Programme\Gemeinsame Dateien\LogiShrd\LVMVFM\LVPrcSrv.exe C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Programme\Gemeinsame Dateien\LogiShrd\LVCOMSER\LVComSer.exe C:\WINDOWS\system32\nvsvc32.exe C:\Programme\Utimaco\SafeGuard Easy\SgeCtl.exe C:\WINDOWS\system32\SgLogPlayer.exe C:\WINDOWS\System32\svchost.exe C:\Programme\UPHClean\uphclean.exe C:\Programme\Utimaco\SafeGuard Easy\WksCfgSrv.exe C:\Programme\Avast4\ashMaiSv.exe C:\Programme\Avast4\ashWebSv.exe C:\Programme\Gemeinsame Dateien\LogiShrd\LVCOMSER\LVComSer.exe C:\WINDOWS\system32\taskmgr.exe C:\Programme\Logitech\SetPoint\LBTWiz.exe C:\PROGRA~1\Avast4\ashDisp.exe C:\Programme\Acronis\TrueImageHome\TrueImageMonitor.exe C:\Programme\Acronis\TrueImageHome\TimounterMonitor.exe C:\Programme\Utimaco\SafeGuard Easy\Ecview.exe C:\Programme\iTunes\iTunesHelper.exe C:\Programme\Gemeinsame Dateien\LogiShrd\LComMgr\Communications_Helper.exe C:\Programme\Skype\Phone\Skype.exe C:\Programme\TrueCrypt\TrueCrypt.exe C:\Programme\Copernic Desktop Search 2\DesktopSearchService.exe C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Programme\Spybot - Search & Destroy\TeaTimer.exe C:\Programme\MSI\Core Center\CoreCenter.exe C:\WINDOWS\System32\svchost.exe C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe C:\Programme\Logitech\SetPoint\SetPoint.exe C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE C:\Programme\Gemeinsame Dateien\Logitech\KhalShared\KHALMNPR.EXE C:\Programme\Skype\Plugin Manager\SkypePM.exe C:\Programme\iPod\bin\iPodService.exe C:\Programme\Mozilla Firefox\firefox.exe C:\Dokumente und Einstellungen\%USER%\desktop\dss.exe C:\PROGRA~1\TRENDM~1\HIJACK~1\IVENEN~1.EXE R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O3 - Toolbar: Copernic Desktop Search 2 - {968631B6-4729-440D-9BF4-251F5593EC9A} - C:\Programme\Copernic Desktop Search 2\DesktopSearchBand201013011.dll O4 - HKLM\..\Run: [SourcePath] syscfg32.exe O4 - HKLM\..\Run: [wtadd_taskmgr.exe] C:\WINDOWS\system32\taskmgr.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [Logitech BT Wizard] LBTWiz.exe -silent O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Programme\Acronis\TrueImageHome\TrueImageMonitor.exe O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Programme\Acronis\TrueImageHome\TimounterMonitor.exe O4 - HKLM\..\Run: [SgeEcView] C:\Programme\Utimaco\SafeGuard Easy\Ecview.exe O4 - HKLM\..\Run: [EdWizard] C:\Programme\Utimaco\SafeGuard Easy\EdWizard.exe as O4 - HKLM\..\Run: [iTunesHelper] "C:\Programme\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Programme\Gemeinsame Dateien\LogiShrd\LComMgr\Communications_Helper.exe" O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\RunServices: [SourcePath] syscfg32.exe O4 - HKCU\..\Run: [Skype] "C:\Programme\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [TrueCrypt] "C:\Programme\TrueCrypt\TrueCrypt.exe" /q preferences /a favorites O4 - HKCU\..\Run: [Copernic Desktop Search 2] "C:\Programme\Copernic Desktop Search 2\DesktopSearchService.exe" /tray O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETZWERKDIENST') O4 - S-1-5-18 Startup: Verknüpfung mit startcopy.bat.lnk = C:\Dokumente und Einstellungen\%USER%\startcopy.bat (User 'SYSTEM') O4 - .DEFAULT Startup: Verknüpfung mit startcopy.bat.lnk = C:\Dokumente und Einstellungen\%USER%\startcopy.bat (User 'Default user') O4 - Startup: Verknüpfung mit startcopy.bat.lnk = C:\Dokumente und Einstellungen\%USER%\startcopy.bat O4 - Global Startup: CoreCenter.lnk = C:\Programme\MSI\Core Center\CoreCenter.exe O4 - Global Startup: BTTray.lnk = ? O4 - Global Startup: Logitech SetPoint.lnk = C:\Programme\Logitech\SetPoint\SetPoint.exe O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Senden an &Bluetooth-Gerät... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/par...an_unicode.cab O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/reso...an8/oscan8.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab O18 - Protocol: Festoon - (no CLSID) - (no file) O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL O18 - Protocol: vskype - (no CLSID) - (no file) O20 - Winlogon Notify: !SASWinLogon - C:\Programme\SUPERAntiSpyware\SASWINLO.dll O20 - Winlogon Notify: NotLog - C:\WINDOWS\SYSTEM32\SGLogEx.dll O20 - Winlogon Notify: SGLogNotification - C:\WINDOWS\SYSTEM32\SGLogNotification.dll O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe O23 - Service: Adobe LM Service - Adobe Systems - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programme\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Programme\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programme\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programme\Avast4\ashWebSv.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Programme\WIDCOMM\Bluetooth Software\bin\btwdins.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Programme\iPod\bin\iPodService.exe O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech Inc. - C:\Programme\Gemeinsame Dateien\Logitech\Bluetooth\LBTSERV.EXE O23 - Service: LVCOMSer - Logitech Inc. - C:\Programme\Gemeinsame Dateien\LogiShrd\LVCOMSER\LVComSer.exe O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Programme\Gemeinsame Dateien\LogiShrd\LVMVFM\LVPrcSrv.exe O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Programme\Gemeinsame Dateien\LogiShrd\SrvLnch\SrvLnch.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: SafeGuard Easy Control (SgeCtl) - Utimaco Safeware AG - C:\Programme\Utimaco\SafeGuard Easy\SgeCtl.exe O23 - Service: SafeGuard SGLOG Player (SgLogPlayer) - Utimaco Safeware AG - C:\WINDOWS\system32\SgLogPlayer.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: SafeGuard Easy Workstation Server (WksCfgSrv) - Utimaco Safeware AG - C:\Programme\Utimaco\SafeGuard Easy\WksCfgSrv.exe -- End of file - 11168 bytes -- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) ----------- backup-20071201-224804-492 O21 - SSODL: sapnet - {1BFCCE79-034A-4101-A31B-C4CCAA3D6A83} - C:\WINDOWS\sapnet.dll (file missing) backup-20071201-224808-918 O21 - SSODL: rmvgor - {5D1BCF85-BDDB-4BF0-8CFA-7659F3A3C137} - C:\WINDOWS\rmvgor.dll backup-20071201-224900-833 O4 - HKUS\S-1-5-18\..\RunOnce: [SRUUninstall] "C:\WINDOWS\system32\msiexec.exe" /L*v C:\WINDOWS\TEMP\SND532unin.txt /x {6AF90EF6-F7F9-466C-99F4-1774826FBB40} /qn REBOOT=ReallySuppress (User 'SYSTEM') backup-20071201-224900-647 O4 - HKUS\.DEFAULT\..\RunOnce: [SRUUninstall] "C:\WINDOWS\system32\msiexec.exe" /L*v C:\WINDOWS\TEMP\SND532unin.txt /x {6AF90EF6-F7F9-466C-99F4-1774826FBB40} /qn REBOOT=ReallySuppress (User 'Default user') -- File Associations ----------------------------------------------------------- .reg - regfile - shell\edit\command - unable to read value -- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------- R0 AES-256 - c:\windows\system32\drivers\aes256.sys <Not Verified; Utimaco Safeware AG; SafeGuard Easy> R0 BTHidMgr (Bluetooth HID Manager Service) - c:\windows\system32\drivers\bthidmgr.sys <Not Verified; IVT Corporation; BlueSoleil(c)> R0 MMRTKRNL - c:\windows\system32\drivers\mmrtkrnl.sys <Not Verified; ALCATech GmbH; ALCATech Realtime Audio Kernel> R0 SgeFlt - c:\windows\system32\drivers\sgeflt.sys <Not Verified; Utimaco Safeware AG; SafeGuard Easy> R1 PQNTDrv - c:\windows\system32\drivers\pqntdrv.sys <Not Verified; PowerQuest Corporation; PowerQuest product> R1 SASDIFSV - c:\programme\superantispyware\sasdifsv.sys R1 SASKUTIL - c:\programme\superantispyware\saskutil.sys R1 SSHDRV62 - c:\windows\system32\drivers\sshdrv62.sys R2 ElbyCDIO (ElbyCDIO Driver) - c:\windows\system32\drivers\elbycdio.sys <Not Verified; Elaborate Bytes AG; CDRTools> R2 LBeepKE - c:\windows\system32\drivers\lbeepke.sys <Not Verified; Logitech Inc.; Logitech SetPoint> R2 MarxDev1 - c:\windows\system32\drivers\marxdev1.sys R2 MarxDev2 - c:\windows\system32\drivers\marxdev2.sys R2 MarxDev3 - c:\windows\system32\drivers\marxdev3.sys R2 truecrypt - c:\windows\system32\drivers\truecrypt.sys <Not Verified; TrueCrypt Foundation; TrueCrypt> R3 ElbyCDFL - c:\windows\system32\drivers\elbycdfl.sys <Not Verified; SlySoft, Inc.; CloneCD> R3 PCAlertDriver - c:\programme\msi\core center\ntglm7x.sys <Not Verified; MICRO-STAR INT'L CO., LTD.; MSI PCAlert 4> R3 pfc (Padus ASPI Shell) - c:\windows\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus(R) ASPI Shell> R3 RushTopDevice - c:\programme\msi\core center\rushtop.sys <Not Verified; MICRO-STAR INT'L CO., LTD.; MSI CoreCenter> R3 SASENUM - c:\programme\superantispyware\sasenum.sys <Not Verified; SuperAdBlocker, Inc.; SuperAntiSpyware> R3 TMSPPCI (PCI Multi I/O Card Driver) - c:\windows\system32\drivers\snxpcard.sys <Not Verified; eTiMedia Technology; Sunix Multi I/O PCI Board> R3 TMSPPCIP (PCI Multi I/O Parallel Port Driver) - c:\windows\system32\drivers\snxppal.sys <Not Verified; eTiMedia Technology; Sunix Multi I/O PCI Board> R3 vsbus (Virtual Serial Bus Enumerator) - c:\windows\system32\drivers\vsb.sys <Not Verified; ELTIMA Software; ELTIMA Virtual Serial Bus> S3 akshasp (Aladdin HASP Key) - c:\windows\system32\drivers\akshasp.sys (file missing) S3 aksusb (Aladdin USB Key) - c:\windows\system32\drivers\aksusb.sys (file missing) S3 BlueletAudio (Bluetooth Audio Service) - c:\windows\system32\drivers\blueletaudio.sys <Not Verified; IVT Corporation; Windows (R) 2000 DDK driver> S3 BT (Bluetooth PAN Network Adapter) - c:\windows\system32\drivers\btnetdrv.sys <Not Verified; IVT Corporation; BlueSoleil> S3 Btcsrusb (Bluetooth USB For Bluetooth Service) - c:\windows\system32\drivers\btcusb.sys <Not Verified; IVT Corporation; Bluetooth USB Device Driver> S3 BTHidEnum (Bluetooth HID Enumerator) - c:\windows\system32\drivers\vbtenum.sys S3 catchme - c:\dokume~1\ivenen~1\lokale~1\temp\catchme.sys (file missing) S3 EraserUtilRebootDrv - c:\programme\gemeinsame dateien\symantec shared\eengine\eraserutilrebootdrv.sys (file missing) S3 GMSIPCI - f:\install\gmsipci.sys (file missing) S3 L8042mou (Logitech SetPoint PS/2 Mouse Filter Driver) - c:\windows\system32\drivers\l8042mou.sys <Not Verified; Logitech Inc.; Logitech SetPoint> S3 LHidUsbK (SetPoint USB Receiver device driver) - c:\windows\system32\drivers\lhidusbk.sys <Not Verified; Logitech Inc.; Logitech SetPoint> S3 TSP - c:\windows\system32\drivers\klif.sys (file missing) S3 VComm (Virtual Serial port driver) - c:\windows\system32\drivers\vcomm.sys <Not Verified; IVT Corporation; BlueSoleil> S3 VcommMgr (Bluetooth VComm Manager Service) - c:\windows\system32\drivers\vcommmgr.sys <Not Verified; IVT Corporation; BlueSoleil> S3 vserial (ELTIMA Virtual Serial Ports Driver) - c:\windows\system32\drivers\vserial.sys <Not Verified; ELTIMA Software; ELTIMA Virtual Serial Ports> -- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled -------------------- R2 Apple Mobile Device - "c:\programme\gemeinsame dateien\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service> R2 LBTServ (Logitech Bluetooth Service) - c:\programme\gemeinsame dateien\logitech\bluetooth\lbtserv.exe <Not Verified; Logitech Inc.; Logitech SetPoint> R2 SgeCtl (SafeGuard Easy Control) - c:\programme\utimaco\safeguard easy\sgectl.exe <Not Verified; Utimaco Safeware AG; SGECTL Module> R2 SgLogPlayer (SafeGuard SGLOG Player) - c:\windows\system32\sglogplayer.exe <Not Verified; Utimaco Safeware AG; SGLOG> R2 UPHClean (User Profile Hive Cleanup) - c:\programme\uphclean\uphclean.exe <Not Verified; Microsoft Corporation; User Profile Hive Cleanup Service> R2 WksCfgSrv (SafeGuard Easy Workstation Server) - c:\programme\utimaco\safeguard easy\wkscfgsrv.exe <Not Verified; Utimaco Safeware AG; WksCfgSrv Module> -- Device Manager: Disabled ---------------------------------------------------- No disabled devices found. -- Process Modules ------------------------------------------------------------- C:\WINDOWS\system32\winlogon.exe (pid 696) 2005-02-22 13:05:32 217088 --a------ C:\WINDOWS\system32\Sggina.dll <Not Verified; Utimaco Safeware AG; SafeGuard Logon> 2005-02-22 13:14:30 172032 -ra------ C:\WINDOWS\system32\SGGina0407.dll <Not Verified; Utimaco Safeware AG; SafeGuard Logon> 2005-06-08 18:50:20 184320 --a------ C:\Programme\Utimaco\SafeGuard Easy\SGEGINA.dll <Not Verified; Utimaco Safeware AG; SafeGuard Easy> 2005-06-08 18:34:58 36864 --a------ C:\Programme\Utimaco\SafeGuard Easy\CMessage.dll <Not Verified; Utimaco Safeware AG; SafeGuard Easy> 2005-06-08 18:33:48 45056 --a------ C:\Programme\Utimaco\SafeGuard Easy\SgWin32.dll <Not Verified; Utimaco Safeware AG; SafeGuard Easy> 2005-06-08 18:34:56 65536 --a------ C:\Programme\Utimaco\SafeGuard Easy\CmfcApi.dll <Not Verified; Utimaco Safeware AG; SafeGuard Easy> 2005-06-08 18:36:26 45056 --a------ C:\Programme\Utimaco\SafeGuard Easy\SCClass.dll <Not Verified; Utimaco Safeware AG; SafeGuard Easy> 2005-06-08 18:48:06 1474560 --a------ C:\Programme\Utimaco\SafeGuard Easy\EcView.dll <Not Verified; Utimaco Safeware AG; SafeGuard Easy> 2005-06-08 18:35:48 53248 --a------ C:\Programme\Utimaco\SafeGuard Easy\SgeUtil.dll <Not Verified; Utimaco Safeware AG; SafeGuard Easy> 2005-06-08 18:38:52 348160 --a------ C:\Programme\Utimaco\SafeGuard Easy\SgUicl.dll <Not Verified; Utimaco Safeware AG; SafeGuard Easy> 2005-06-08 18:42:14 12800 --a------ C:\Programme\Utimaco\SafeGuard Easy\FLTAPI.dll <Not Verified; Utimaco Safeware AG; SafeGuard Easy> 2005-06-08 18:45:24 65536 --a------ C:\Programme\Utimaco\SafeGuard Easy\SgUiclRes.DLL <Not Verified; Utimaco Safeware AG; SafeGuard Easy> 2005-06-08 18:45:24 12288 --a------ C:\Programme\Utimaco\SafeGuard Easy\SgUicl.msg 2005-06-08 18:33:38 77824 --a------ C:\Programme\Utimaco\SafeGuard Easy\SGE_ERR0407.dll 2005-06-08 18:34:44 49152 --a------ C:\Programme\Utimaco\SafeGuard Easy\SGE_MSG0407.dll 2005-06-08 18:47:36 12288 --a------ C:\Programme\Utimaco\SafeGuard Easy\EcView0407.dll 2005-06-08 18:07:28 204800 --a------ C:\Programme\Utimaco\SafeGuard Easy\EncViewer.ocx <Not Verified; Utimaco Safeware AG; EncViewer Module> 2005-06-08 18:11:34 12288 --a------ C:\Programme\Utimaco\SafeGuard Easy\SGE_INFO0407.dll 2005-06-08 18:45:10 389120 --a------ C:\Programme\Utimaco\SafeGuard Easy\SgeA40.dll <Not Verified; Utimaco Safeware AG; SgeAutomation Module> 2005-06-08 18:40:46 81920 --a------ C:\Programme\Utimaco\SafeGuard Easy\CfgApi.dll <Not Verified; Utimaco Safeware AG; SafeGuard Easy> 2005-06-08 18:41:44 40960 --a------ C:\Programme\Utimaco\SafeGuard Easy\SGEDRV.dll <Not Verified; Utimaco Safeware AG; SafeGuard Easy> 2007-04-19 13:41:36 294912 --a------ C:\Programme\SUPERAntiSpyware\SASWINLO.dll <Not Verified; SUPERAntiSpyware.com; SUPERAntiSpyware WinLogon Processor> 2007-01-30 02:15:12 65536 --a------ C:\Programme\Gemeinsame Dateien\Logitech\Bluetooth\LBTWlgn.DLL <Not Verified; Logitech Inc.; Logitech SetPoint> 2007-01-30 02:16:16 126976 --a------ C:\Programme\Gemeinsame Dateien\Logitech\Bluetooth\LBTServ.dll <Not Verified; Logitech Inc.; Logitech SetPoint> 2005-03-31 11:26:16 32768 --a------ C:\WINDOWS\system32\GetUserSid.dll <Not Verified; Utimaco Safeware AG; SGLOG> 2005-03-31 11:26:28 90112 --a------ C:\WINDOWS\system32\LogMsgApp.Dll <Not Verified; Utimaco Safeware AG; SGLOG> 2005-03-31 11:26:26 176128 --a------ C:\WINDOWS\system32\LogData.dll <Not Verified; Utimaco Safeware AG; SGLOG> 2002-01-22 15:28:36 110592 --a------ C:\WINDOWS\system32\SGLogEx.dll <Not Verified; Utimaco Safeware AG; Utimaco SGLogEx> 2005-03-31 11:27:12 69632 --a------ C:\WINDOWS\system32\SGLogNotification.dll <Not Verified; Utimaco Safeware AG; SGLOG> 2005-06-08 18:39:44 286720 --a------ C:\Programme\Utimaco\SafeGuard Easy\DCOMSec.dll <Not Verified; Utimaco Safeware AG; SafeGuard DCOMSec Module> 2005-06-08 17:59:50 24576 --a------ C:\Programme\Utimaco\SafeGuard Easy\SecClassFactoryPs.dll 2005-06-08 18  06 24576 --a------ C:\Programme\Utimaco\SafeGuard Easy\WksCfgSrvps.dllC:\WINDOWS\explorer.exe (pid 1568) 2005-06-08 18:30:48 77824 --a------ C:\Programme\Utimaco\SafeGuard Easy\SgeDrse.dll <Not Verified; Utimaco Safeware AG; SafeGuard Easy> 2005-06-08 18:35:48 53248 --a------ C:\Programme\Utimaco\SafeGuard Easy\SgeUtil.dll <Not Verified; Utimaco Safeware AG; SafeGuard Easy> 2005-06-08 18:35:50 24576 --a------ C:\Programme\Utimaco\SafeGuard Easy\SgMsgBhk.dll <Not Verified; Utimaco Safeware AG; SafeGuard Easy> 2007-09-26 14:42:08 43008 --a------ C:\Programme\iTunes\iTunesMiniPlayer.Resources\de.lproj\iTunesMiniPlayerLocalized.dll <Not Verified; Apple Inc.; iTunes> 2007-09-26 14:42:04 129536 --a------ C:\Programme\iTunes\iTunesMiniPlayer.Resources\iTunesMiniPlayer.dll <Not Verified; Apple Inc.; iTunes> 1997-02-20 10:11:56 33280 --a------ C:\WINDOWS\system32\ftpxext.dll <Not Verified; FTPx Corp.; FTP Explorer> 2006-11-29 22:12:36 65536 --a------ C:\WINDOWS\system32\BTNCopy.dll <Not Verified; Broadcom Corporation.; Bluetooth Software 5.1.0.2700> 2007-04-23 04:00:00 45568 --a------ C:\Programme\Logitech\SetPoint\lgscroll.dll <Not Verified; Logitech Inc.; Logitech SetPoint> 2007-04-23 04:00:00 10240 --a------ C:\Programme\Logitech\SetPoint\IMHook.dll <Not Verified; Logitech Inc.; Logitech SetPoint> 2006-11-29 22:41:44 77824 --a------ C:\WINDOWS\system32\BtMmHook.dll <Not Verified; Broadcom Corporation.; Bluetooth Software 5.1.0.2700> 2006-12-20 13:55:48 77824 --a------ C:\Programme\SUPERAntiSpyware\SASSEH.DLL <Not Verified; SuperAdBlocker.com; SuperAntiSpyware> -- Scheduled Tasks ------------------------------------------------------------- 2007-10-02 10:19:58 276 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job -- Files created between 2007-11-06 and 2007-12-06 ----------------------------- 2007-11-30 17:44:47 0 d-------- C:\Programme\Trend Micro 2007-11-29 20:18:09 0 d-------- C:\WINDOWS\system32\ActiveScan 2007-11-27 21:35:14 0 d-------- C:\WINDOWS\BDOSCAN8 2007-11-23 00:19:39 0 d-------- C:\Programme\RogueRemover FREE 2007-11-23 00:05:27 0 d-------- C:\Programme\SUPERAntiSpyware 2007-11-23 00:04:44 0 d-------- C:\Programme\Gemeinsame Dateien\Wise Installation Wizard 2007-11-23 00:00:52 0 d-------- C:\VundoFix Backups 2007-11-22 23:25:44 3318 --a------ C:\WINDOWS\system32\tmp.reg 2007-11-22 23:02:58 0 d-------- C:\WINDOWS\system32\Kaspersky Lab 2007-11-22 21:56:37 229376 --a------ C:\WINDOWS\rmvgor.dll <Not Verified; ; rmvgor> 2007-11-22 21:56:36 81920 --a------ C:\WINDOWS\nethop.exe 2007-11-22 21:52:36 0 d-------- C:\Programme\LS_Duhem 2007-11-20 23:31:34 0 d-------- C:\Programme\TransMac 2007-11-16 17:18:01 44544 -ra------ C:\WINDOWS\system32\msxml4a.dll <Not Verified; Microsoft Corporation; Microsoft(R) MSXML 4.0 SP1> 2007-11-16 17:17:57 1712128 -ra------ C:\WINDOWS\system32\gdiplus.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System> 2007-11-16 17:17:41 0 d-------- C:\Programme\Gemeinsame Dateien\TerraTec 2007-11-16 17:17:20 0 d-------- C:\Programme\TerraTec Home Cinema -- Find3M Report --------------------------------------------------------------- 2007-12-04 23:32:46 12 --a------ C:\WINDOWS\bthservsdp.dat 2007-12-02 18:55:14 12 --a------ C:\WINDOWS\system32\RFMDat.dat 2007-11-23 00:05:28 0 d-------- C:\Dokumente und Einstellungen\%USER%\Anwendungsdaten\SUPERAntiSpyware.com 2007-11-16 17:18:30 0 d-------- C:\Dokumente und Einstellungen\%USER%\Anwendungsdaten\TerraTec 2007-10-25 10:26:48 53248 --a------ C:\WINDOWS\bdoscandel.exe 2007-09-28 18:07:52 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll 2007-09-28 18:05:50 196608 --a------ C:\WINDOWS\system32\dtu100.dll <Not Verified; DivX, Inc.; DivX, Inc. dtu100> 2007-09-28 18:05:50 81920 --a------ C:\WINDOWS\system32\dpl100.dll <Not Verified; DivX, Inc.; DivX, Inc. dpl100> 2007-09-28 18:05:40 802816 --a------ C:\WINDOWS\system32\divx_xx11.dll <Not Verified; DivX, Inc.; DivX?> 2007-09-28 18:05:40 823296 --a------ C:\WINDOWS\system32\divx_xx0c.dll <Not Verified; DivX, Inc.; DivX®> 2007-09-28 18:05:40 823296 --a------ C:\WINDOWS\system32\divx_xx07.dll <Not Verified; DivX, Inc.; DivX®> 2007-09-28 18:05:40 739840 --a------ C:\WINDOWS\system32\DivX.dll <Not Verified; DivX, Inc.; DivX®> 2007-09-28 18:05:08 12288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll -- Registry Dump --------------------------------------------------------------- *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SourcePath"="syscfg32.exe" [] "wtadd_taskmgr.exe"="C:\WINDOWS\system32\taskmgr.exe" [04.08.2004 00:58] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [30.09.2004 13:35] "Logitech BT Wizard"="LBTWiz.exe" [] "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [11.04.2007 15:32 C:\WINDOWS\KHALMNPR.Exe] "RegistryMechanic"="" [] "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [30.09.2004 13:35] "avast!"="C:\PROGRA~1\Avast4\ashDisp.exe" [25.10.2007 17:20] "Adobe Reader Speed Launcher"="C:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe" [10.10.2007 19:51] "TrueImageMonitor.exe"="C:\Programme\Acronis\TrueImageHome\TrueImageMonitor.exe" [16.10.2006 21:12] "AcronisTimounterMonitor"="C:\Programme\Acronis\TrueImageHome\TimounterMonitor.exe" [16.10.2006 21:17] "SgeEcView"="C:\Programme\Utimaco\SafeGuard Easy\Ecview.exe" [08.06.2005 18:48] "EdWizard"="C:\Programme\Utimaco\SafeGuard Easy\EdWizard.exe" [08.06.2005 18:28] "iTunesHelper"="C:\Programme\iTunes\iTunesHelper.exe" [26.09.2007 14:42] "LogitechCommunicationsManager"="C:\Programme\Gemeinsame Dateien\LogiShrd\LComMgr\Communications_Helper.exe" [25.10.2007 16:33] "KernelFaultCheck"="C:\WINDOWS\system32\dumprep 0 -k" [] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Skype"="C:\Programme\Skype\Phone\Skype.exe" [02.07.2007 17:10] "TrueCrypt"="C:\Programme\TrueCrypt\TrueCrypt.exe" [25.11.2005 23:43] "Copernic Desktop Search 2"="C:\Programme\Copernic Desktop Search 2\DesktopSearchService.exe" [01.08.2007 20:26] "SUPERAntiSpyware"="C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe" [21.06.2007 14:06] "SpybotSD TeaTimer"="C:\Programme\Spybot - Search & Destroy\TeaTimer.exe" [31.08.2007 16:46] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices] "SourcePath"=syscfg32.exe C:\Dokumente und Einstellungen\%USER%\Startmen\Programme\Autostart\ Verknpfung mit startcopy.bat.lnk - C:\Dokumente und Einstellungen\%USER%\startcopy.bat [09.10.2006 20:04:50] C:\Dokumente und Einstellungen\All Users\Startmen\Programme\Autostart\ CoreCenter.lnk - C:\Programme\MSI\Core Center\CoreCenter.exe [18.12.2005 18:31:26] BTTray.lnk - C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe [29.11.2006 22:37:20] Logitech SetPoint.lnk - C:\Programme\Logitech\SetPoint\SetPoint.exe [08.06.2007 16 46][HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "HideShutdownScripts"=0 (0x0) "RunLogonScriptSync"=0 (0x0) "RunStartupScriptSync"=0 (0x0) "HideStartupScripts"=0 (0x0) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system] "HideLogonScripts"=0 (0x0) "HideLogoffScripts"=0 (0x0) "HideLegacyLogonScripts"=0 (0x0) [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system] "NoDispCPL"=0 (0x0) "NoDispAppearancePage"=0 (0x0) "NoDispBackgroundPage"=0 (0x0) "NoDispScrSavPage"=0 (0x0) "NoDispSettingsPage"=0 (0x0) "NoVisualStyleChoice"=0 (0x0) "NoColorChoice"=0 (0x0) "NoSizeChoice"=0 (0x0) "DisableLockWorkstation"=0 (0x0) "DisableChangePassword"=0 (0x0) "HideLogonScripts"=0 (0x0) "HideLogoffScripts"=0 (0x0) "HideLegacyLogonScripts"=0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "NoWelcomeScreen"=0 (0x0) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoChangeKeyboardNavigationIndicators"=0 (0x0) "NoChangeAnimation"=0 (0x0) "NoAddPrinter"=0 (0x0) "NoDeletePrinter"=0 (0x0) "RestrictRun"=0 (0x0) "DisallowRun"=0 (0x0) "NoPropertiesMyComputer"=0 (0x0) "NoManageMyComputerVerb"=0 (0x0) "NoFileAssociate"=0 (0x0) "NoDFSTab"=0 (0x0) "NoHardwareTab"=0 (0x0) "NoSecurityTab"=0 (0x0) "NoPropertiesRecycleBin"=0 (0x0) "NoSMConfigurePrograms"=0 (0x0) "NoCommonGroups"=0 (0x0) "NoChangeStartMenu"=0 (0x0) "NoStartMenuMFUprogramsList"=0 (0x0) "NoStartMenuPinnedList"=0 (0x0) "NoUserNameInStartMenu"=0 (0x0) "NoStartMenuMorePrograms"=0 (0x0) "NoStartMenuEjectPC"=0 (0x0) "NoSimpleStartMenu"=0 (0x0) "ForceStartMenuLogoff"=0 (0x0) "NoStartMenuSubFolders"=0 (0x0) "NoDisconnect"=0 (0x0) "NoNtSecurity"=0 (0x0) "NoTrayContextMenu"=0 (0x0) "NoTrayItemsDisplay"=0 (0x0) "LockTaskbar"=0 (0x0) "NoToolbarsOnTaskbar"=0 (0x0) "NoStartBanner"=00000000 "NoNetConnectDisconnect"=0 (0x0) "NoRecentDocsNetHood"=0 (0x0) "EnforceShellExtensionSecurity"=0 (0x0) "NoLowDiskSpaceChecks"=0 (0x0) "NoLogOff"=0 (0x0) "NoRunasInstallPrompt"=0 (0x0) "PromptRunasInstallNetPath"=0 (0x0) "NoResolveTrack"=0 (0x0) "NoResolveSearch"=0 (0x0) "LinkResolveIgnoreLinkInfo"=0 (0x0) "NoDevMgrUpdate"=0 (0x0) "ForceCopyAclwithFile"=0 (0x0) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\RestrictRun] "0?"=ccapp.exe "1?"=advchk.exe "2?"=syscfg32.exe "3?"=soundman.exe "4?"=icqnet.exe "5?"=mmrtkrnl.exe "6?"=lvcoms.exe "7?"=newadmin.exe "8?"=kiosk.exe "9?"=ctfmon.exe [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer] "NoThemesTab"=0 (0x0) "NoChangeKeyboardNavigationIndicators"=0 (0x0) "NoChangeAnimation"=0 (0x0) "NoAddPrinter"=0 (0x0) "NoDeletePrinter"=0 (0x0) "NoPrinters"=0 (0x0) "NoViewOnDrive"=0 (0x0) "RestrictRun"=0 (0x0) "DisallowRun"=0 (0x0) "NoRecycleFiles"=0 (0x0) "NoSharedDocuments"=0 (0x0) "NoPropertiesMyComputer"=0 (0x0) "NoManageMyComputerVerb"=0 (0x0) "NoCustomizeWebView"=0 (0x0) "NoSaveSettings"=0 (0x0) "NoViewContextMenu"=0 (0x0) "NoFileMenu"=0 (0x0) "NoShellSearchButton"=0 (0x0) "ClearRecentDocsOnExit"=0 (0x0) "NoWinKeys"=0 (0x0) "NoFileAssociate"=0 (0x0) "NoDFSTab"=0 (0x0) "NoHardwareTab"=0 (0x0) "NoSecurityTab"=0 (0x0) "NoInstrumentation"=0 (0x0) "NoPropertiesRecycleBin"=0 (0x0) "NoRun"=0 (0x0) "NoSetTaskbar"=0 (0x0) "NoSMConfigurePrograms"=0 (0x0) "NoRecentDocsMenu"=0 (0x0) "NoSMMyPictures"=0 (0x0) "NoStartMenuMyMusic"=0 (0x0) "NoSMMyDocs"=0 (0x0) "NoStartMenuNetworkPlaces"=0 (0x0) "NoFavoritesMenu"=0 (0x0) "NoSMHelp"=0 (0x0) "NoHelp"=0 (0x0) "NoNetworkConnections"=0 (0x0) "NoCommonGroups"=0 (0x0) "NoFind"=0 (0x0) "NoWindowsUpdate"=0 (0x0) "NoFolderOptions"=0 (0x0) "NoChangeStartMenu"=0 (0x0) "NoRecentDocsHistory"=0 (0x0) "NoStartMenuMFUprogramsList"=0 (0x0) "NoStartMenuPinnedList"=0 (0x0) "NoUserNameInStartMenu"=0 (0x0) "NoStartMenuMorePrograms"=0 (0x0) "NoStartMenuEjectPC"=0 (0x0) "NoSimpleStartMenu"=0 (0x0) "ForceStartMenuLogoff"=0 (0x0) "StartMenuLogoff"=0 (0x0) "NoStartMenuSubFolders"=0 (0x0) "NoDisconnect"=0 (0x0) "NoNtSecurity"=0 (0x0) "NoSetFolders"=0 (0x0) "NoTrayContextMenu"=0 (0x0) "NoTrayItemsDisplay"=0 (0x0) "LockTaskbar"=0 (0x0) "HideClock"=0 (0x0) "NoToolbarsOnTaskbar"=0 (0x0) "NoStartBanner"=00000000 "NoActiveDesktopChanges"=0 (0x0) "NoFileUrl"=0 (0x0) "NoInternetIcon"=0 (0x0) "NoBandCustomize"=0 (0x0) "NoToolbarCustomize"=0 (0x0) "NoExpandedNewMenu"=0 (0x0) "SpecifyDefaultButtons"=0 (0x0) "NoNetConnectDisconnect"=0 (0x0) "NoRecentDocsNetHood"=0 (0x0) "EnforceShellExtensionSecurity"=0 (0x0) "NoLowDiskSpaceChecks"=0 (0x0) "NoClose"=0 (0x0) "NoLogOff"=0 (0x0) "NoRunasInstallPrompt"=0 (0x0) "PromptRunasInstallNetPath"=0 (0x0) "NoResolveTrack"=0 (0x0) "NoResolveSearch"=0 (0x0) "LinkResolveIgnoreLinkInfo"=0 (0x0) "NoDevMgrUpdate"=0 (0x0) "ForceCopyAclwithFile"=0 (0x0) [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer\RestrictRun] "0?"=ccapp.exe "1?"=advchk.exe "2?"=syscfg32.exe "3?"=soundman.exe "4?"=icqnet.exe "5?"=mmrtkrnl.exe "6?"=lvcoms.exe "7?"=newadmin.exe "8?"=kiosk.exe "9?"=ctfmon.exe "10?"=sndmon.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Programme\SUPERAntiSpyware\SASSEH.DLL [20.12.2006 13:55 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] C:\Programme\SUPERAntiSpyware\SASWINLO.dll 19.04.2007 13:41 294912 C:\Programme\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn] c:\programme\gemeinsame dateien\logitech\bluetooth\LBTWlgn.dll 30.01.2007 02:15 65536 c:\Programme\Gemeinsame Dateien\Logitech\Bluetooth\LBTWlgn.DLL [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\NotLog] SGLogEx.dll 22.01.2002 15:28 110592 C:\WINDOWS\system32\SGLogEx.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\SGLogNotification] SGLogNotification.dll 31.03.2005 11:27 69632 C:\WINDOWS\system32\SGLogNotification.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] "Authentication Packages"= msv1_0 relog_ap [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup] @="" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}] @="Volume shadow copy" [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] bthsvcs BthServ [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\##Iven-main#8. Semester] AutoRun\command- install.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7ad7733a-9d2b-11db-a7e5-00110965799b}] verb1\command- desktop.exe -- End of Deckard's System Scanner: finished at 2007-12-06 08:40:32 ------------ extra.txt Deckard's System Scanner v20071014.68 Extra logfile - please post this as an attachment with your post. -------------------------------------------------------------------------------- -- System Information ---------------------------------------------------------- Microsoft Windows XP Professional (build 2600) SP 2.0 Architecture: X86; Language: German CPU 0: AMD Athlon(tm) 64 Processor 2800+ Percentage of Memory in Use: 80% Physical Memory (total/avail): 511.48 MiB / 100.35 MiB Pagefile Memory (total/avail): 2478.94 MiB / 1918.71 MiB Virtual Memory (total/avail): 2047.88 MiB / 1914.71 MiB C: is Fixed (FAT32) - 16.57 GiB total, 2.32 GiB free. D: is Fixed (FAT32) - 191.95 GiB total, 30.46 GiB free. E: is Fixed (FAT32) - 87.44 GiB total, 8.42 GiB free. G: is CDROM (No Media) I: is CDROM (No Media) \\.\PHYSICALDRIVE1 - SAMSUNG HD300LD - 279.46 GiB - 2 partitions \PARTITION0 - Erweitert mit Int 13 (erweitert) - 279.45 GiB - D: - E: \\.\PHYSICALDRIVE0 - WDC WD800BB-00BSA0 - 74.53 GiB - 1 partition \PARTITION0 (bootable) - Unknown - 16.6 GiB - C: -- Security Center ------------------------------------------------------------- AUOptions is scheduled to auto-install. Windows Internal Firewall is enabled. FW: Norton Internet Worm Protection v2006 (Symantec) Disabled AV: Norton AntiVirus 2006 v2005 (Symantec Corporation) AV: avast! antivirus 4.7.1074 [VPS 071205-2] v4.7.1074 (ALWIL Software) [HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\\Programme\\iTunes\\iTunes.exe"="C:\\Programme\\iTunes\\iTunes.exe:*:Enabled:iTunes" "C:\\Programme\\eMule\\emule.exe"="C:\\Programme\\eMule\\emule.exe:*:Enabled:eMule" "C:\\Programme\\Skype\\Phone\\Skype.exe"="C:\\Programme\\Skype\\Phone\\Skype.exe:*:Enabled:Skype. Take a deep breath " -- Environment Variables ------------------------------------------------------- ALLUSERSPROFILE=C:\Dokumente und Einstellungen\All Users APPDATA=C:\Dokumente und Einstellungen\%USER%\Anwendungsdaten CLASSPATH=.;C:\Programme\Java\j2re1.4.2_05\lib\ext\QTJava.zip CLIENTNAME=Console CommonProgramFiles=C:\Programme\Gemeinsame Dateien COMPUTERNAME=IVEN-MAIN ComSpec=C:\WINDOWS\system32\cmd.exe FP_NO_HOST_CHECK=NO HOMEDRIVE=C: HOMEPATH=\Dokumente und Einstellungen\%USER% LOGONSERVER=\\IVEN-MAIN NUMBER_OF_PROCESSORS=1 OS=Windows_NT Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\PROGRA~1\THRIXXX\3D SexVilla;C:\Programme\Gemeinsame Dateien\Adobe\AGL;C:\Programme\Utimaco\SafeGuard Easy\;C:\Programme\QuickTime\QTSystem\ PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH PROCESSOR_ARCHITECTURE=x86 PROCESSOR_IDENTIFIER=x86 Family 15 Model 12 Stepping 0, AuthenticAMD PROCESSOR_LEVEL=15 PROCESSOR_REVISION=0c00 ProgramFiles=C:\Programme PROMPT=$P$G QTJAVA=C:\Programme\Java\j2re1.4.2_05\lib\ext\QTJava.zip SESSIONNAME=Console SystemDrive=C: SystemRoot=C:\WINDOWS TEMP=C:\DOKUME~1\IVENEN~1\LOKALE~1\Temp TMP=C:\DOKUME~1\IVENEN~1\LOKALE~1\Temp USERDOMAIN=IVEN-MAIN USERNAME=%USER% USERPROFILE=C:\Dokumente und Einstellungen\%USER% windir=C:\WINDOWS __COMPAT_LAYER=EnableNXShowUI -- User Profiles --------------------------------------------------------------- %USER% (admin) Administrator (admin) -- Add/Remove Programs --------------------------------------------------------- --> C:\Programme\DivX\DivXConverterUninstall.exe /CONVERTER --> C:\Programme\Gemeinsame Dateien\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0 --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{EFB21DE7-8C19-4A88-BB28-A766E16493BC}\setup.exe" -l0x9 --> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf AC3Filter (remove only) --> C:\Programme\AC3Filter\uninstall.exe Acronis True Image Home --> MsiExec.exe /X{419CF344-3D94-4DAD-99C8-EA7B00E5EA8B} Adobe Common File Installer --> MsiExec.exe /I{8EDBA74D-0686-4C99-BFDD-F894678E5B39} Adobe Creative Suite --> C:\PROGRA~1\INSTAL~1\{D52EC~1\setup.exe /Relaunched=yes /Uninstall /Relaunched=yes Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete Adobe Help Center 1.0 --> MsiExec.exe /I{E9787678-1033-0000-8E67-000000000001} Adobe Photoshop CS2 --> msiexec /I {236BB7C4-4419-42FD-0409-1E257A25E34D} Adobe Reader 8.1.1 - Deutsch --> MsiExec.exe /I{AC76BA86-7AD7-1031-7B44-A81000000003} Adobe Shockwave Player --> C:\WINDOWS\system32\MACROMED\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\MACROMED\SHOCKW~1\INSTALL.LOG Adobe Stock Photos 1.0 --> MsiExec.exe /I{EE0D5DCD-2B97-4473-98DF-E93C0BD92F7A} Advanced Archive Password Recovery --> C:\PROGRA~1\ARCHPR\UNWISE.EXE C:\PROGRA~1\ARCHPR\INSTALL.LOG Alive iPod Video Converter (version 2.1.0.6) --> "C:\Programme\AliveMedia iPod Video Converter\unins000.exe" Aplus Video To iPod 3.0 --> "C:\Programme\Aplus Video To iPod\unins000.exe" Apollo iPod Video Converter 3.0.3 --> "C:\Programme\Apollo iPod Video Converter\unins000.exe" Apple Mobile Device Support --> MsiExec.exe /I{3EBD3749-304E-4A4C-9575-C00E5F015217} Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4} Athlon 64 Processor Driver --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{C151CE54-E7EA-4804-854B-F515368B0798}\setup.exe" -l0x7 AudioAlchemy MP3 Edition --> "C:\Dokumente und Einstellungen\All Users\Application Data\{2CC4A372-ADDC-4BE1-8FA4-B370EEFD776A}\setup_aa-mp3.exe" REMOVE=TRUE MODIFY=FALSE Auto MP3 Renamer 2.2 --> C:\Programme\AMR\unins000.exe avast! Antivirus --> rundll32 C:\PROGRA~1\Avast4\Setup\setiface.dll,RunSetup AviSynth 2.5 --> "C:\Programme\AviSynth 2.5\Uninstall.exe" Azureus --> C:\Programme\Azureus\Uninstall.exe BlueSoleil --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{B9F499B8-D1F0-42FC-84BE-CC552123CCCB}\Setup.exe" -l0x7 BPM-Studio 4 Profi --> C:\WINDOWS\uninst.exe -f"C:\Programme\BPM-Studio Profi\DeIsL1.isu" -c"C:\Programme\BPM-Studio Profi\_ISREG32.DLL" CDDB MP3 Tool (remove only) --> "C:\Programme\CDDBMP3Tool\uninstall.exe" CDDRV_Installer --> MsiExec.exe /I{8CC990CD-87C8-475C-AC32-8A7984E2FCFA} CloneCD --> "C:\Programme\CloneCD\ccd-uninst.exe" /D="C:\Programme\CloneCD" Collectorz.com Movie Collector --> C:\PROGRA~1\MOVIEC~1\UNWISE.EXE C:\PROGRA~1\MOVIEC~1\install.log Copernic Desktop Search 2 --> C:\Programme\Copernic Desktop Search 2\uninst.exe Core Center --> C:\WINDOWS\IsUninst.exe -f"C:\Programme\MSI\Core Center\Uninst.isu" CorelDRAW Graphics Suite 12 --> MsiExec.exe /I{505AFDC0-5E72-4928-8368-5DEA385E3647} coverXP (remove only) --> "C:\Programme\coverXP\cxp-uninst.exe" D-Link AirPlus --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{CDC74FE6-5224-11D6-B27F-00E0181A6FA8}\Setup.exe" -l0x9 Deutsche Sprachdatei für Winamp 5.02 v14 --> C:\Programme\Winamp\WA502DeUnInst.exe DioneSS Playlist Editor v2.1 --> "C:\Programme\DioneSS Playlist Editor\unins000.exe" DivX Codec --> C:\Programme\DivX\DivXCodecUninstall.exe /CODEC DivX Content Uploader --> C:\Programme\DivX\DivXContentUploaderUninstall.exe /CUPLOADER DivX Converter --> C:\Programme\DivX\DivXConverterUninstall.exe /CONVERTER DivX Player --> C:\Programme\DivX\DivXPlayerUninstall.exe /PLAYER DivX Web Player --> C:\Programme\DivX\DivXWebPlayerUninstall.exe /PLUGIN Driver Cleaner 3 --> C:\Programme\Driver Cleaner\Uninst.exe Driverheaven Full PC Info 2 --> C:\Programme\DHFPCI\Uninst.exe EasyTools 1.1 Trial --> C:\WINDOWS\Algoui.exe AlgoPlug25.exe alsetup.exe eMule --> "C:\Programme\eMule\Uninstall.exe" FairStars Audio Converter 1.45 --> "C:\Programme\FairStars Audio Converter\unins000.exe" ffdshow (remove only) --> "C:\WINDOWS\system32\ffdshow\uninstall.exe" FILE and MP3 Renamer 2003 --> "C:\Programme\File and MP3 Renamer 2003\uninstall-fren.exe" File Renamer - Basic --> C:\WINDOWS\File Renamer - Basic Uninstaller.exe FLAC Installer 1.1.1a (remove only) --> C:\Programme\FLAC\uninstall.exe FlashPlayer8 8.0.500 --> C:\Programme\FlashPlayer8\uninstall.exe FLV-Media Player 1.1 --> C:\Programme\FLV-Media Player\uninst.exe FolderShare --> MsiExec.exe /I{0BFD81DC-1DF3-4674-9760-9853A6B4E8B2} FTP Explorer --> C:\Programme\FTP Explorer\ftpx.exe /uninstall GSpot Codec Information Appliance --> C:\Programme\GSpot\Uninstall.exe HijackThis 2.0.2 --> "C:\Programme\Trend Micro\HijackThis\HijackThis.exe" /uninstall Hotfix für Windows XP (KB914440) --> "C:\WINDOWS\$NtUninstallKB914440$\spuninst\spuninst.exe" Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe" Huffyuv AVI lossless video codec (Remove Only) --> rundll.exe setupx.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\HUFFYUV.INF ICQ --> C:\PROGRA~1\ICQ\ICQUninstall.EXE ICQ 5 --> C:\Programme\ICQLite\ICQLiteUninstall.EXE iPod for Windows 2006-01-10 --> C:\Programme\Gemeinsame Dateien\InstallShield\Driver\8\Intel 32\IDriver.exe /M{3D047C15-C859-45F7-81CE-F2681778069B} /l1031 IrfanView (remove only) --> C:\Programme\IrfanView\iv_uninstall.exe IsoBuster 1.9 --> "C:\Programme\IsoBuster\Uninst\unins000.exe" iTunes --> MsiExec.exe /I{B045B608-4A47-4C77-9EAD-06C394503306} iTunes Library Updater --> MsiExec.exe /I{D5C281BE-A8E8-4E28-B40B-B5524C219900} Java 2 Runtime Environment, SE v1.4.2_05 --> MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142050} Kaspersky Online Scanner --> C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe KhalInstallWrapper --> MsiExec.exe /I{56918C0C-0D87-4CA6-92BF-4975A43AC719} LineIn plugin for WinAMP v1.80 (remove only) --> "C:\Programme\Winamp\Plugins\uninstlinein.exe" Logitech Audio Echo Cancellation Component --> MsiExec.exe /X{BEF726DD-4037-4214-8C6A-E625C02D2870} Logitech Legacy USB Camera-Treiberpaket --> "C:\Programme\Gemeinsame Dateien\LogiShrd\LogiDriverStore\legacyqcam\11.10.2016\LgDrvInst.exe" -remove -instdir"C:\Programme\Gemeinsame Dateien\LogiShrd\LogiDriverStore\legacyqcam\" -enumdelay=2000 -enabledifx -forcedelete -usbhubsfirst -forceremove -cumulativeremove -promptuninstall -arpregkey"legacyqcam_11.10" /clone_wait /hide_progress Logitech QuickCam-Treiberpaket --> "C:\Programme\Gemeinsame Dateien\LogiShrd\LogiDriverStore\lvdrivers\11.50.1145\LgDrvInst.exe" -remove -instdir"C:\Programme\Gemeinsame Dateien\LogiShrd\LogiDriverStore\lvdrivers\" -enumdelay=2000 -enabledifx -forcedelete -usbhubsfirst -forceremove -cumulativeremove -promptuninstall -arpregkey"lvdrivers_11.50" /clone_wait /hide_progress Logitech QuickCam --> MsiExec.exe /X{945AC98B-3DC8-45BE-BAE0-22CEEE37A103} Logitech SetPoint --> C:\Programme\InstallShield Installation Information\{2E8EAC71-BFE4-417A-88F0-5A1BDFBCF5D3}\setup.exe -runfromtemp -l0x0007 -removeonly Logitech Video Enumerator --> MsiExec.exe /X{EA516024-D84D-41F1-814F-83175A6188F2} Magic Ball 2 --> C:\PROGRA~1\MAGICB~1\UNWISE.EXE /U C:\PROGRA~1\MAGICB~1\INSTALL.LOG Magic File Renamer --> C:\WINDOWS\iun6002.exe "C:\Programme\MFR\irunin.ini" Magic File Renamer 6.03 Professional Edition --> MsiExec.exe /I{54F578E9-8E69-4039-98E5-4AC3D709C7B8} mediaRECOVER --> C:\PROGRA~1\MEDIAR~2\UNWISE.EXE C:\PROGRA~1\MEDIAR~2\INSTALL.LOG Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe" Microsoft Kernel-Mode Driver Framework Feature Pack 1.5 --> "C:\WINDOWS\$NtUninstallWdf01005$\spuninst\spuninst.exe" Microsoft Office Professional Edition 2003 --> MsiExec.exe /I{90110407-6000-11D3-8CFE-0150048383C9} Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe" Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7} mIRC --> "C:\Programme\mIRC\mirc.exe" -uninstall MixMeister BPM Analyzer 1.0 --> "C:\Programme\MixMeister BPM Analyzer\unins000.exe" Mozilla Firefox (2.0.0.11) --> C:\Programme\Mozilla Firefox\uninstall\helper.exe MP3-Info extension V3.4.23 --> C:\Programme\MP3ext\unins000.exe MP3-Tool --> C:\WINDOWS\unvise32.exe C:\Programme\mp3tool\uninstal.log MP3 Hammer 4.2 --> "C:\Programme\MP3 Hammer\unins000.exe" mp3 RightName 1.27 --> C:\Programme\mp3RightName\unins000.exe MP3 Splitter & Joiner 3.02 (Build 5) Update Trial to Full --> "C:\Programme\MP3 Splitter & Joiner\unins001.exe" Mp3tag v2.36a --> C:\Programme\Mp3tag\Mp3tagUninstall.EXE MSI Live Update 3 --> C:\WINDOWS\IsUninst.exe -f"C:\Programme\MSI\Live Update 3\Uninst.isu" MVision --> MsiExec.exe /I{35725FBC-A136-4A46-9F29-091759D9BB93} myFairTunes6 v.0.5.7b --> "C:\Programme\myFairTunes6\unins000.exe" Nero 6 Ultra Edition --> C:\Programme\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL Nimo Codecs Pack v5.0 (Remove Only) --> "C:\Programme\NimoCodec Pack\uninstall.exe" NVIDIA Drivers --> C:\WINDOWS\system32\nvudisp.exe UninstallGUI Panda ActiveScan --> C:\WINDOWS\system32\ASUninst.exe Panda ActiveScan PowerDVD --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall PowerQuest PartitionMagic 8.0 --> C:\PROGRA~1\GEMEIN~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{6BE2A4A4-99FB-48ED-AE1E-4E850389F804} PS FileRenamer 2.33 --> "C:\Programme\PS FileRenamer\unins000.exe" QuickTime --> MsiExec.exe /I{95A890AA-B3B1-44B6-9C18-A8F7AB3EE7FC} R-Studio FAT v2.0 --> "C:\Programme\R-Studio FAT\unins000.exe" RealPlayer --> C:\Programme\Gemeinsame Dateien\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0 Registry Mechanic 6.0 --> "C:\Programme\Registry Mechanic\unins000.exe" Safari --> MsiExec.exe /I{3E719879-9914-4C56-843E-96D0C3FCC3FB} SafeGuard® Easy 4.11.0 --> MsiExec.exe /I{536521E3-389A-41B2-82E5-F61B95957CDF} Serials 2000 7.1+ --> "C:\Programme\Serials 2000 7.1 Plus\unins000.exe" Sicherheitsupdate für Windows XP (KB883939) --> "C:\WINDOWS\$NtUninstallKB883939$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB890046) --> "C:\WINDOWS\$NtUninstallKB890046$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB893756) --> "C:\WINDOWS\$NtUninstallKB893756$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB896358) --> "C:\WINDOWS\$NtUninstallKB896358$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB896422) --> "C:\WINDOWS\$NtUninstallKB896422$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB896423) --> "C:\WINDOWS\$NtUninstallKB896423$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB896424) --> "C:\WINDOWS\$NtUninstallKB896424$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB896428) --> "C:\WINDOWS\$NtUninstallKB896428$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB896688) --> "C:\WINDOWS\$NtUninstallKB896688$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB899587) --> "C:\WINDOWS\$NtUninstallKB899587$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB899588) --> "C:\WINDOWS\$NtUninstallKB899588$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB899589) --> "C:\WINDOWS\$NtUninstallKB899589$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB899591) --> "C:\WINDOWS\$NtUninstallKB899591$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB900725) --> "C:\WINDOWS\$NtUninstallKB900725$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB901017) --> "C:\WINDOWS\$NtUninstallKB901017$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB901190) --> "C:\WINDOWS\$NtUninstallKB901190$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB901214) --> "C:\WINDOWS\$NtUninstallKB901214$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB902400) --> "C:\WINDOWS\$NtUninstallKB902400$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB903235) --> "C:\WINDOWS\$NtUninstallKB903235$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB904706) --> "C:\WINDOWS\$NtUninstallKB904706$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB905414) --> "C:\WINDOWS\$NtUninstallKB905414$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB905749) --> "C:\WINDOWS\$NtUninstallKB905749$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB905915) --> "C:\WINDOWS\$NtUninstallKB905915$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB908519) --> "C:\WINDOWS\$NtUninstallKB908519$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB908531) --> "C:\WINDOWS\$NtUninstallKB908531$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB911562) --> "C:\WINDOWS\$NtUninstallKB911562$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB911567) --> "C:\WINDOWS\$NtUninstallKB911567$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB911927) --> "C:\WINDOWS\$NtUninstallKB911927$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB912812) --> "C:\WINDOWS\$NtUninstallKB912812$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB912919) --> "C:\WINDOWS\$NtUninstallKB912919$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB913446) --> "C:\WINDOWS\$NtUninstallKB913446$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB913580) --> "C:\WINDOWS\$NtUninstallKB913580$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB914388) --> "C:\WINDOWS\$NtUninstallKB914388$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB914389) --> "C:\WINDOWS\$NtUninstallKB914389$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB916281) --> "C:\WINDOWS\$NtUninstallKB916281$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB917159) --> "C:\WINDOWS\$NtUninstallKB917159$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB917344) --> "C:\WINDOWS\$NtUninstallKB917344$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB917422) --> "C:\WINDOWS\$NtUninstallKB917422$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB917953) --> "C:\WINDOWS\$NtUninstallKB917953$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB918118) --> "C:\WINDOWS\$NtUninstallKB918118$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB918439) --> "C:\WINDOWS\$NtUninstallKB918439$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB918899) --> "C:\WINDOWS\$NtUninstallKB918899$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB919007) --> "C:\WINDOWS\$NtUninstallKB919007$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB920213) --> "C:\WINDOWS\$NtUninstallKB920213$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB920214) --> "C:\WINDOWS\$NtUninstallKB920214$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB920670) --> "C:\WINDOWS\$NtUninstallKB920670$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB920683) --> "C:\WINDOWS\$NtUninstallKB920683$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB920685) --> "C:\WINDOWS\$NtUninstallKB920685$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB921398) --> "C:\WINDOWS\$NtUninstallKB921398$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB921503) --> "C:\WINDOWS\$NtUninstallKB921503$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB921883) --> "C:\WINDOWS\$NtUninstallKB921883$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB922616) --> "C:\WINDOWS\$NtUninstallKB922616$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB922760) --> "C:\WINDOWS\$NtUninstallKB922760$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB922819) --> "C:\WINDOWS\$NtUninstallKB922819$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB923191) --> "C:\WINDOWS\$NtUninstallKB923191$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB923414) --> "C:\WINDOWS\$NtUninstallKB923414$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB923689) --> "C:\WINDOWS\$NtUninstallKB923689$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB923694) --> "C:\WINDOWS\$NtUninstallKB923694$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB923980) --> "C:\WINDOWS\$NtUninstallKB923980$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB924191) --> "C:\WINDOWS\$NtUninstallKB924191$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB924270) --> "C:\WINDOWS\$NtUninstallKB924270$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB924496) --> "C:\WINDOWS\$NtUninstallKB924496$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB924667) --> "C:\WINDOWS\$NtUninstallKB924667$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB925454) --> "C:\WINDOWS\$NtUninstallKB925454$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB925486) --> "C:\WINDOWS\$NtUninstallKB925486$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB925902) --> "C:\WINDOWS\$NtUninstallKB925902$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB926255) --> "C:\WINDOWS\$NtUninstallKB926255$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB926436) --> "C:\WINDOWS\$NtUninstallKB926436$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB927779) --> "C:\WINDOWS\$NtUninstallKB927779$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB927802) --> "C:\WINDOWS\$NtUninstallKB927802$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB928255) --> "C:\WINDOWS\$NtUninstallKB928255$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB928843) --> "C:\WINDOWS\$NtUninstallKB928843$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB929123) --> "C:\WINDOWS\$NtUninstallKB929123$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB930178) --> "C:\WINDOWS\$NtUninstallKB930178$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB931261) --> "C:\WINDOWS\$NtUninstallKB931261$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB931784) --> "C:\WINDOWS\$NtUninstallKB931784$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB932168) --> "C:\WINDOWS\$NtUninstallKB932168$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB933729) --> "C:\WINDOWS\$NtUninstallKB933729$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB935839) --> "C:\WINDOWS\$NtUninstallKB935839$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB935840) --> "C:\WINDOWS\$NtUninstallKB935840$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB936021) --> "C:\WINDOWS\$NtUninstallKB936021$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB938829) --> "C:\WINDOWS\$NtUninstallKB938829$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB941202) --> "C:\WINDOWS\$NtUninstallKB941202$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB943460) --> "C:\WINDOWS\$NtUninstallKB943460$\spuninst\spuninst.exe" Skype™ 3.2 --> MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82} Spelling Dictionaries Support For Adobe Reader 8 --> MsiExec.exe /I{AC76BA86-7AD7-5464-3428-800000000003} Spybot - Search & Destroy --> "C:\Programme\Spybot - Search & Destroy\unins000.exe" SUPERAntiSpyware Free Edition --> MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA} Symantec Network Driver Update --> MsiExec.exe /X{6AF90EF6-F7F9-466C-99F4-1774826FBB40} Symantec Technical Support Web Controls --> MsiExec.exe /X{C4868E88-F5B5-4E45-9592-C7062BD97441} Tar98 --> C:\PROGRA~1\TAR98\UNWISE.EXE C:\PROGRA~1\TAR98\INSTALL.LOG TerraTec Home Cinema --> RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{63B9BAB5-F36A-4A3B-9E5C-68A7F212BFB9}\setup.exe" -l0x7 TextPad 4.7 --> MsiExec.exe /X{B510A987-487E-4C66-9F4F-D386AC275715} TransMac version 7.5 --> "C:\Programme\TransMac\unins000.exe" TrueCrypt --> C:\WINDOWS\TrueCrypt Setup.exe /u C:\Programme\TrueCrypt TVUPlayer 1.5.12 --> C:\Programme\TVU Player\uninst.exe Update für Windows XP (KB894391) --> "C:\WINDOWS\$NtUninstallKB894391$\spuninst\spuninst.exe" Update für Windows XP (KB896727) --> "C:\WINDOWS\$NtUninstallKB896727$\spuninst\spuninst.exe" Update für Windows XP (KB898461) --> "C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe" Update für Windows XP (KB900485) --> "C:\WINDOWS\$NtUninstallKB900485$\spuninst\spuninst.exe" Update für Windows XP (KB904942) --> "C:\WINDOWS\$NtUninstallKB904942$\spuninst\spuninst.exe" Update für Windows XP (KB910437) --> "C:\WINDOWS\$NtUninstallKB910437$\spuninst\spuninst.exe" Update für Windows XP (KB911280) --> "C:\WINDOWS\$NtUninstallKB911280$\spuninst\spuninst.exe" Update für Windows XP (KB916595) --> "C:\WINDOWS\$NtUninstallKB916595$\spuninst\spuninst.exe" Update für Windows XP (KB920872) --> "C:\WINDOWS\$NtUninstallKB920872$\spuninst\spuninst.exe" Update für Windows XP (KB922582) --> "C:\WINDOWS\$NtUninstallKB922582$\spuninst\spuninst.exe" Update für Windows XP (KB927891) --> "C:\WINDOWS\$NtUninstallKB927891$\spuninst\spuninst.exe" Update für Windows XP (KB929338) --> "C:\WINDOWS\$NtUninstallKB929338$\spuninst\spuninst.exe" Update für Windows XP (KB930916) --> "C:\WINDOWS\$NtUninstallKB930916$\spuninst\spuninst.exe" Update für Windows XP (KB931836) --> "C:\WINDOWS\$NtUninstallKB931836$\spuninst\spuninst.exe" Update für Windows XP (KB933360) --> "C:\WINDOWS\$NtUninstallKB933360$\spuninst\spuninst.exe" Update für Windows XP (KB938828) --> "C:\WINDOWS\$NtUninstallKB938828$\spuninst\spuninst.exe" User Profile Hive Cleanup Service --> MsiExec.exe /I{FF77941A-2BFA-4A18-BE2E-69B9498E4D55} VideoLAN VLC media player 0.7.0 --> "C:\Programme\VLC\uninstall.exe" WIDCOMM Bluetooth Software --> MsiExec.exe /X{84814E6B-2581-46EC-926A-823BD1C670F6} WinAce Archiver 2.0 --> C:\Programme\WinAce\SXUNINST.EXE C:\Programme\WinAce\SXUNINST.INI Winamp --> "C:\Programme\Winamp\UninstWA.exe" Windows Live Messenger --> MsiExec.exe /I{571700F0-DB9D-4B3A-B03D-35A14BB5939F} Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe" Windows XP-Hotfix - KB834707 --> C:\WINDOWS\$NtUninstallKB834707$\spuninst\spuninst.exe Windows XP-Hotfix - KB867282 --> C:\WINDOWS\$NtUninstallKB867282$\spuninst\spuninst.exe Windows XP-Hotfix - KB873333 --> C:\WINDOWS\$NtUninstallKB873333$\spuninst\spuninst.exe Windows XP-Hotfix - KB873339 --> C:\WINDOWS\$NtUninstallKB873339$\spuninst\spuninst.exe Windows XP-Hotfix - KB885250 --> C:\WINDOWS\$NtUninstallKB885250$\spuninst\spuninst.exe Windows XP-Hotfix - KB885835 --> C:\WINDOWS\$NtUninstallKB885835$\spuninst\spuninst.exe Windows XP-Hotfix - KB885836 --> C:\WINDOWS\$NtUninstallKB885836$\spuninst\spuninst.exe Windows XP-Hotfix - KB885884 --> C:\WINDOWS\$NtUninstallKB885884$\spuninst\spuninst.exe Windows XP-Hotfix - KB886185 --> C:\WINDOWS\$NtUninstallKB886185$\spuninst\spuninst.exe Windows XP-Hotfix - KB887472 --> C:\WINDOWS\$NtUninstallKB887472$\spuninst\spuninst.exe Windows XP-Hotfix - KB887742 --> C:\WINDOWS\$NtUninstallKB887742$\spuninst\spuninst.exe Windows XP-Hotfix - KB888113 --> C:\WINDOWS\$NtUninstallKB888113$\spuninst\spuninst.exe Windows XP-Hotfix - KB888302 --> C:\WINDOWS\$NtUninstallKB888302$\spuninst\spuninst.exe Windows XP-Hotfix - KB890047 --> C:\WINDOWS\$NtUninstallKB890047$\spuninst\spuninst.exe Windows XP-Hotfix - KB890175 --> C:\WINDOWS\$NtUninstallKB890175$\spuninst\spuninst.exe Windows XP-Hotfix - KB890859 --> "C:\WINDOWS\$NtUninstallKB890859$\spuninst\spuninst.exe" Windows XP-Hotfix - KB890923 --> "C:\WINDOWS\$NtUninstallKB890923$\spuninst\spuninst.exe" Windows XP-Hotfix - KB891781 --> C:\WINDOWS\$NtUninstallKB891781$\spuninst\spuninst.exe Windows XP-Hotfix - KB893066 --> "C:\WINDOWS\$NtUninstallKB893066$\spuninst\spuninst.exe" Windows XP-Hotfix - KB893086 --> "C:\WINDOWS\$NtUninstallKB893086$\spuninst\spuninst.exe" WinISO 5.3 --> C:\Programme\WinISO\unins000.exe WinRAR Archiver --> C:\Programme\WinRAR\uninstall.exe WinTasks 4 Professional --> C:\Programme\LIUtilities\WinTasks\unins000.exe WinZip --> "C:\Programme\WinZip\WINZIP32.EXE" /uninstall WM Recorder + RM Recorder 9.1 --> C:\WINDOWS\iun6002.exe "C:\Programme\WM Recorder\irunin.ini" XviD MPEG-4 Codec --> "C:\Programme\XviD\UninstXviD.exe" XviD MPEG-4 Video Codec --> C:\Programme\XviD\unins000.exe -- Application Event Log ------------------------------------------------------- Event Record #/Type14911 / Warning Event Submitted/Written: 12/06/2007 08:31:26 AM Event ID/Source: 1001 / MsiInstaller Event Description: Erkennung von Produkt "{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}" und Funktion "Phone" fehlgeschlagen beim Anfordern von Komponente "{57FF4446-590E-4894-AE39-D55928DBDE01}". Event Record #/Type14910 / Warning Event Submitted/Written: 12/06/2007 08:31:26 AM Event ID/Source: 1004 / MsiInstaller Event Description: Erkennung von Produkt "{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}", Funktion "Phone" und Komponente "{98916693-F0B5-4923-8BC6-1F0E6A883411}" fehlgeschlagen. Die Ressource "HKEY_CURRENT_USER\Software\Skype\Phone\FE_label" ist nicht vorhanden. Event Record #/Type14909 / Warning Event Submitted/Written: 12/06/2007 08:30:58 AM Event ID/Source: 1001 / MsiInstaller Event Description: Erkennung von Produkt "{945AC98B-3DC8-45BE-BAE0-22CEEE37A103}" und Funktion "QuickCam" fehlgeschlagen beim Anfordern von Komponente "{C207503F-9631-4AF6-8CD2-D11260DBA3C5}". Event Record #/Type14908 / Warning Event Submitted/Written: 12/06/2007 08:30:58 AM Event ID/Source: 1004 / MsiInstaller Event Description: Erkennung von Produkt "{945AC98B-3DC8-45BE-BAE0-22CEEE37A103}", Funktion "QuickCam" und Komponente "{B52C7B4D-F46F-438C-ADF2-05A138C57757}" fehlgeschlagen. Die Ressource "HKEY_CURRENT_USER\Software\Logitech\InstallerKeys\QCDesktopShortcutKey" ist nicht vorhanden. Event Record #/Type14907 / Warning Event Submitted/Written: 12/06/2007 08:30:58 AM Event ID/Source: 1001 / MsiInstaller Event Description: Erkennung von Produkt "{945AC98B-3DC8-45BE-BAE0-22CEEE37A103}" und Funktion "QuickCam" fehlgeschlagen beim Anfordern von Komponente "{C207503F-9631-4AF6-8CD2-D11260DBA3C5}". -- Security Event Log ---------------------------------------------------------- No Errors/Warnings found. -- System Event Log ------------------------------------------------------------ Event Record #/Type56318 / Error Event Submitted/Written: 12/06/2007 08:30:34 AM / 12/06/2007 08:30:38 AM Event ID/Source: 2 / ParVdm Event Description: Zeiger für Geräteobjekt lässt sich nicht für Anschlussobjekt ermitteln. Event Record #/Type56316 / Error Event Submitted/Written: 12/06/2007 08:30:08 AM / 12/06/2007 08:30:38 AM Event ID/Source: 4307 / NetBT Event Description: Initialisierung fehlgeschlagen, da die Transportschicht das Öffnen der Anfangsadressen verweigerte. Event Record #/Type56315 / Warning Event Submitted/Written: 12/06/2007 08:30:25 AM Event ID/Source: 1003 / Dhcp Event Description: Der Computer konnte die Netzwerkadresse, die durch den DHCP-Server für die Netzwerkkarte mit der Netzwerkadresse 0080C8B1B3DA zugeteilt wurde, nicht erneuern. Der folgende Fehler ist aufgetreten: %%1223. Es wird weiterhin im Hintergrund versucht, eine Adresse vom Netzwerkadressserver (DHCP) zu erhalten. Event Record #/Type56311 / Error Event Submitted/Written: 12/06/2007 08:28:55 AM Event ID/Source: 10005 / DCOM Event Description: Bei DCOM ist der Fehler "%%1084" aufgetreten, als der Dienst "EventSystem" mit den Argumenten "" gestartet wurde, um den folgenden Server zu verwenden: {1BE1F766-5536-11D1-B726-00C04FB926AF} Event Record #/Type56310 / Error Event Submitted/Written: 12/06/2007 08:28:23 AM Event ID/Source: 7026 / Service Control Manager Event Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: Aavmker4 AFD AmdK8 aswTdi Fips IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss SASDIFSV SASKUTIL Tcpip -- End of Deckard's System Scanner: finished at 2007-12-06 08:40:32 ------------ |
|
|
|
|
12-06-2007, 08:20 AM
|
#11 (permalink) |
|
Manager, Security Center, TSF Academy; Analyst, Security Team
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 35,158
OS: 2000 Pro; XP Pro; XP Home
|
Re: Adware-gen + Trojan-gen + Agent-LTS --- rmv.exe etc. -- Red Wallpaper
Before beginning the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding. Ensure that there aren't any opened browsers when you are carrying out the procedures below. Save the following instructions in Notepad as this webpage would not be available when you're carrying out the fix.
It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence. --------------------------------------------------------------------------------------------- Run DSS again, using these instructions: Click the Windows 'Start' button > Select 'Run' - then copy/paste this into the run box & click OK "%userprofile%\desktop\dss.exe" /daft Click on Scan. Tick the boxes which should appear for these entries: .reg - regfile then Click on Fix Click Scan again, you should get a message "All Associations OK!" Next, click Save Log, and post this log in your next reply. --------------------------------------------------------------------------------------------- Download SDFix and save it to your Desktop. Double click SDFix.exe and it will extract the files to %systemdrive% (Drive that contains the Windows Directory, typically C:\SDFix) Please then reboot your computer in Safe Mode by doing the following :
Open HijackThis and click on 'Do a System Scan Only'. Check the following entries if they exist (make sure you do not miss any) and click Fix Checked O4 - HKLM\..\Run: [SourcePath] syscfg32.exe O4 - HKLM\..\RunServices: [SourcePath] syscfg32.exe Close HijackThis now. ---------------------------------------------------------------------------------------------
--------------------------------------------------------------------------------------------- I see you said you've run SmitfraudFix already. It's updated frequently. If you still have it, please delete it, and get the latest version from the link below. Please download SmitfraudFix (by S!Ri) to your Desktop. Double-click smitfraudfix.exe to start the tool. Select option #1 - Search by typing 1 and press "Enter" and a text file will appear which lists infected files (if present). Please copy/paste the content of that report into your next reply. IMPORTANT: Do NOT run option #2 OR any other option until you are directed to do so! --------------------------------------------------------------------------------------------- Open HijackThis and click on 'Do a System Scan and save a Logfile'. Save the log file and post it here. ---------------------------------------------------------------------------------------------
__________________
Practice Safe Surfing Because what you don't know, CAN hurt you. Microsoft MVP - Consumer Security 2009
|
|
|
|
|
12-06-2007, 05:42 PM
|
#12 (permalink) |
|
Registered User
Join Date: Nov 2007
Posts: 15
OS: WIN XP SP2
|
Re: Adware-gen + Trojan-gen + Agent-LTS --- rmv.exe etc. -- Red Wallpaper
Thank you for your assistance so far.
Here are the logs DSS daft DAFT Log saved on 2007-12-06 20:41:59 ----------------------------------------------------------------------- All associations okay! SDFix Log SDFix: Version 1.117 Run by Iven Engert on 06.12.2007 at 20:49 Microsoft Windows XP [Version 5.1.2600] Running From: C:\SDFix\SDFix Safe Mode: Checking Services: Restoring Windows Registry Values Restoring Windows Default Hosts File Rebooting... Normal Mode: Checking Files: Trojan Files Found: C:\WINDOWS\nethop.exe - Deleted C:\WINDOWS\rmvgor.dll - Deleted Removing Temp Files... ADS Check: C:\WINDOWS No streams found. C:\WINDOWS\system32 No streams found. C:\WINDOWS\system32\svchost.exe No streams found. C:\WINDOWS\system32\ntoskrnl.exe No streams found. Final Check: catchme 0.3.1262.1 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-12-07 01:28:38 Windows 5.1.2600 Service Pack 2 FAT NTAPI scanning hidden processes ... scanning hidden services ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 0 Remaining Services: ------------------ Authorized Application Key Export: [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "C:\\Programme\\iTunes\\iTunes.exe"="C:\\Programme\\iTunes\\iTunes.exe:*:Enabled:iTunes" "C:\\Programme\\eMule\\emule.exe"="C:\\Programme\\eMule\\emule.exe:*:Enabled:eMule" "C:\\Programme\\Skype\\Phone\\Skype.exe"="C:\\Programme\\Skype\\Phone\\Skype.exe:*:Enabled:Skype. Take a deep breath " [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] Remaining Files: --------------- File Backups: - C:\SDFix\SDFix\backups\backups.zip Files with Hidden Attributes: Mon 18 Apr 2005 14,964 A.SH. --- "C:\WINDOWS\system32\KGyGaAvL.sys" Wed 22 Sep 2004 4,348 A.SH. --- "C:\Dokumente und Einstellungen\All Users\DRM\DRMv1.bak" Thu 29 Nov 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\11ff9edcc14d824e43781892eb21a97b\BIT6.tmp" Fri 5 Jan 2007 0 A.SH. --- "C:\Dokumente und Einstellungen\All Users\DRM\Cache\Indiv01.tmp" Wed 28 Nov 2007 388,090 A..H. --- "C:\Deckard\System Scanner\20071206082757\backup\WINDOWS\temp\BIT16F.tmp" Thu 29 Nov 2007 0 A..H. --- "C:\Deckard\System Scanner\20071206082757\backup\WINDOWS\temp\BIT332.tmp" Wed 28 Nov 2007 0 A..H. --- "C:\Deckard\System Scanner\20071206082757\backup\WINDOWS\temp\BIT170.tmp" Wed 28 Nov 2007 0 A..H. --- "C:\Deckard\System Scanner\20071206082757\backup\WINDOWS\temp\BIT171.tmp" Wed 28 Nov 2007 0 A..H. --- "C:\Deckard\System Scanner\20071206082757\backup\WINDOWS\temp\BIT172.tmp" Wed 28 Nov 2007 0 A..H. --- "C:\Deckard\System Scanner\20071206082757\backup\WINDOWS\temp\BIT173.tmp" Wed 28 Nov 2007 0 A..H. --- "C:\Deckard\System Scanner\20071206082757\backup\WINDOWS\temp\BIT174.tmp" Wed 28 Nov 2007 0 A..H. --- "C:\Deckard\System Scanner\20071206082757\backup\WINDOWS\temp\BIT175.tmp" Wed 28 Nov 2007 0 A..H. --- "C:\Deckard\System Scanner\20071206082757\backup\WINDOWS\temp\BIT176.tmp" Wed 28 Nov 2007 388,090 A..H. --- "C:\Deckard\System Scanner\20071206082757\backup\WINDOWS\temp\BIT177.tmp" Wed 28 Nov 2007 0 A..H. --- "C:\Deckard\System Scanner\20071206082757\backup\WINDOWS\temp\BIT178.tmp" Wed 28 Nov 2007 0 A..H. --- "C:\Deckard\System Scanner\20071206082757\backup\WINDOWS\temp\BIT179.tmp" Wed 28 Nov 2007 0 A..H. --- "C:\Deckard\System Scanner\20071206082757\backup\WINDOWS\temp\BIT17A.tmp" Wed 28 Nov 2007 388,090 A..H. --- "C:\Deckard\System Scanner\20071206082757\backup\WINDOWS\temp\BIT17B.tmp" Wed 28 Nov 2007 0 A..H. --- "C:\Deckard\System Scanner\20071206082757\backup\WINDOWS\temp\BIT17C.tmp" Wed 28 Nov 2007 0 A..H. --- "C:\Deckard\System Scanner\20071206082757\backup\WINDOWS\temp\BIT17D.tmp" Wed 28 Nov 2007 0 A..H. --- "C:\Deckard\System Scanner\20071206082757\backup\WINDOWS\temp\BIT17E.tmp" Wed 28 Nov 2007 388,090 A..H. --- "C:\Deckard\System Scanner\20071206082757\backup\WINDOWS\temp\BIT17F.tmp" Wed 28 Nov 2007 0 A..H. --- "C:\Deckard\System Scanner\20071206082757\backup\WINDOWS\temp\BIT180.tmp" Wed 28 Nov 2007 388,090 A..H. --- "C:\Deckard\System Scanner\20071206082757\backup\WINDOWS\temp\BIT181.tmp" Wed 28 Nov 2007 388,090 A..H. --- "C:\Deckard\System Scanner\20071206082757\backup\WINDOWS\temp\BIT182.tmp" Wed 28 Nov 2007 0 A..H. --- "C:\Deckard\System Scanner\20071206082757\backup\WINDOWS\temp\BIT183.tmp" Wed 28 Nov 2007 0 A..H. --- "C:\Deckard\System Scanner\20071206082757\backup\WINDOWS\temp\BIT184.tmp" Mon 26 Nov 2007 0 A..H. --- "C:\Deckard\System Scanner\20071206082757\backup\WINDOWS\temp\BIT3A.tmp" Wed 28 Nov 2007 0 A..H. --- "C:\Deckard\System Scanner\20071206082757\backup\WINDOWS\temp\BIT185.tmp" Wed 28 Nov 2007 0 A..H. --- "C:\Deckard\System Scanner\20071206082757\backup\WINDOWS\temp\BIT186.tmp" Wed 28 Nov 2007 0 A..H. --- "C:\Deckard\System Scanner\20071206082757\backup\WINDOWS\temp\BIT187.tmp" Wed 28 Nov 2007 0 A..H. --- "C:\Deckard\System Scanner\20071206082757\backup\WINDOWS\temp\BIT188.tmp" Wed 28 Nov 2007 0 A..H. --- "C:\Deckard\System Scanner\20071206082757\backup\WINDOWS\temp\BIT189.tmp" Wed 28 Nov 2007 0 A..H. --- "C:\Deckard\System Scanner\20071206082757\backup\WINDOWS\temp\BIT18A.tmp" Wed 28 Nov 2007 388,090 A..H. --- "C:\Deckard\System Scanner\20071206082757\backup\WINDOWS\temp\BIT18B.tmp" Wed 28 Nov 2007 388,090 A..H. --- "C:\Deckard\System Scanner\20071206082757\backup\WINDOWS\temp\BIT18C.tmp" Wed 28 Nov 2007 0 A..H. --- "C:\Deckard\System Scanner\20071206082757\backup\WINDOWS\temp\BIT18D.tmp" Wed 28 Nov 2007 0 A..H. --- "C:\Deckard\System Scanner\20071206082757\backup\WINDOWS\temp\BIT18E.tmp" Wed 28 Nov 2007 388,090 A..H. --- "C:\Deckard\System Scanner\20071206082757\backup\WINDOWS\temp\BIT18F.tmp" Wed 28 Nov 2007 0 A..H. --- "C:\Deckard\System Scanner\20071206082757\backup\WINDOWS\temp\BIT190.tmp" Wed 28 Nov 2007 0 A..H. --- "C:\Deckard\System Scanner\20071206082757\backup\WINDOWS\temp\BIT191.tmp" Wed 28 Nov 2007 0 A..H. --- "C:\Deckard\System Scanner\20071206082757\backup\WINDOWS\temp\BIT192.tmp" Tue 27 Nov 2007 0 A..H. --- "C:\Deckard\System Scanner\20071206082757\backup\WINDOWS\temp\BIT96.tmp" Tue 27 Nov 2007 0 A..H. --- "C:\Deckard\System Scanner\20071206082757\backup\WINDOWS\temp\BIT97.tmp" Tue 27 Nov 2007 388,090 A..H. --- "C:\Deckard\System Scanner\20071206082757\backup\WINDOWS\temp\BIT98.tmp" Tue 27 Nov 2007 0 A..H. --- "C:\Deckard\System Scanner\20071206082757\backup\WINDOWS\temp\BIT99.tmp" Wed 28 Nov 2007 0 A..H. --- "C:\Deckard\System Scanner\20071206082757\backup\WINDOWS\temp\BIT9A.tmp" Wed 28 Nov 2007 0 A..H. --- "C:\Deckard\System Scanner\20071206082757\backup\WINDOWS\temp\BIT9B.tmp" Tue 27 Nov 2007 0 A..H. --- "C:\Deckard\System Scanner\20071206082757\backup\WINDOWS\temp\BIT9C.tmp" Tue 27 Nov 2007 0 A..H. --- "C:\Deckard\System Scanner\20071206082757\backup\WINDOWS\temp\BIT9D.tmp" Wed 28 Nov 2007 388,090 A..H. --- "C:\Deckard\System Scanner\20071206082757\backup\WINDOWS\temp\BIT9E.tmp" Tue 27 Nov 2007 0 A..H. --- "C:\Deckard\System Scanner\20071206082757\backup\WINDOWS\temp\BIT9F.tmp" Tue 27 Nov 2007 0 A..H. --- "C:\Deckard\System Scanner\20071206082757\backup\WINDOWS\temp\BITA0.tmp" Wed 28 Nov 2007 0 A..H. --- "C:\Deckard\System Scanner\20071206082757\backup\WINDOWS\temp\BITA1.tmp" Tue 27 Nov 2007 0 A..H. --- "C:\Deckard\System Scanner\20071206082757\backup\WINDOWS\temp\BITA2.tmp" Tue 27 Nov 2007 0 A..H. --- "C:\Deckard\System Scanner\20071206082757\backup\WINDOWS\temp\BITA3.tmp" Tue 27 Nov 2007 0 A..H. --- "C:\Deckard\System Scanner\20071206082757\backup\WINDOWS\temp\BITA4.tmp" Wed 28 Nov 2007 0 A..H. --- "C:\Deckard\System Scanner\20071206082757\backup\WINDOWS\temp\BITA5.tmp" Wed 28 Nov 2007 0 A..H. --- "C:\Deckard\System Scanner\20071206082757\backup\WINDOWS\temp\BITA6.tmp" Wed 28 Nov 2007 0 A..H. --- "C:\Deckard\System Scanner\20071206082757\backup\WINDOWS\temp\BITA7.tmp" Wed 28 Nov 2007 0 A..H. --- "C:\Deckard\System Scanner\20071206082757\backup\WINDOWS\temp\BITA8.tmp" Tue 27 Nov 2007 0 A..H. --- "C:\Deckard\System Scanner\20071206082757\backup\WINDOWS\temp\BITA9.tmp" Wed 28 Nov 2007 0 A..H. --- "C:\Deckard\System Scanner\20071206082757\backup\WINDOWS\temp\BITAA.tmp" Wed 28 Nov 2007 0 A..H. --- "C:\Deckard\System Scanner\20071206082757\backup\WINDOWS\temp\BITAB.tmp" Tue 27 Nov 2007 0 A..H. --- "C:\Deckard\System Scanner\20071206082757\backup\WINDOWS\temp\BITAC.tmp" Tue 27 Nov 2007 0 A..H. --- "C:\Deckard\System Scanner\20071206082757\backup\WINDOWS\temp\BITAD.tmp" Wed 28 Nov 2007 388,090 A..H. --- "C:\Deckard\System Scanner\20071206082757\backup\WINDOWS\temp\BITAE.tmp" Wed 28 Nov 2007 0 A..H. --- "C:\Deckard\System Scanner\20071206082757\backup\WINDOWS\temp\BITAF.tmp" Tue 27 Nov 2007 0 A..H. --- "C:\Deckard\System Scanner\20071206082757\backup\WINDOWS\temp\BITB0.tmp" Wed 28 Nov 2007 0 A..H. --- "C:\Deckard\System Scanner\20071206082757\backup\WINDOWS\temp\BIT193.tmp" Wed 28 Nov 2007 0 A..H. --- "C:\Deckard\System Scanner\20071206082757\backup\WINDOWS\temp\BIT194.tmp" Wed 28 Nov 2007 0 A..H. --- "C:\Deckard\System Scanner\20071206082757\backup\WINDOWS\temp\BIT195.tmp" Wed 28 Nov 2007 0 A..H. --- "C:\Deckard\System Scanner\20071206082757\backup\WINDOWS\temp\BIT196.tmp" Thu 29 Nov 2007 388,090 A..H. --- "C:\Deckard\System Scanner\20071206082757\backup\WINDOWS\temp\BIT197.tmp" Wed 28 Nov 2007 0 A..H. --- "C:\Deckard\System Scanner\20071206082757\backup\WINDOWS\temp\BIT198.tmp" Wed 28 Nov 2007 388,090 A..H. --- "C:\Deckard\System Scanner\20071206082757\backup\WINDOWS\temp\BIT199.tmp" Wed 28 Nov 2007 0 A..H. --- "C:\Deckard\System Scanner\20071206082757\backup\WINDOWS\temp\BIT19A.tmp" Wed 28 Nov 2007 0 A..H. --- "C:\Deckard\System Scanner\20071206082757\backup\WINDOWS\temp\BIT19B.tmp" Wed 28 Nov 2007 0 A..H. --- "C:\Deckard\System Scanner\20071206082757\backup\WINDOWS\temp\BIT19C.tmp" Wed 28 Nov 2007 0 A..H. --- "C:\Deckard\System Scanner\20071206082757\backup\WINDOWS\temp\BIT19D.tmp" Wed 28 Nov 2007 0 A..H. --- "C:\Deckard\System Scanner\20071206082757\backup\WINDOWS\temp\BIT19F.tmp" Wed 28 Nov 2007 0 A..H. --- "C:\Deckard\System Scanner\20071206082757\backup\WINDOWS\temp\BIT19E.tmp" Wed 28 Nov 2007 0 A..H. --- "C:\Deckard\System Scanner\20071206082757\backup\WINDOWS\temp\BIT1A0.tmp" Wed 28 Nov 2007 0 A..H. --- "C:\Deckard\System Scanner\20071206082757\backup\WINDOWS\temp\BIT1A1.tmp" Wed 28 Nov 2007 0 A..H. --- "C:\Deckard\System Scanner\20071206082757\backup\WINDOWS\temp\BIT1A2.tmp" Wed 28 Nov 2007 0 A..H. --- "C:\Deckard\System Scanner\20071206082757\backup\WINDOWS\temp\BIT1A3.tmp" Wed 28 Nov 2007 0 A..H. --- "C:\Deckard\System Scanner\20071206082757\backup\WINDOWS\temp\BIT1A4.tmp" Wed 28 Nov 2007 0 A..H. --- "C:\Deckard\System Scanner\20071206082757\backup\WINDOWS\temp\BIT1A5.tmp" Wed 28 Nov 2007 388,090 A..H. --- "C:\Deckard\System Scanner\20071206082757\backup\WINDOWS\temp\BIT1A6.tmp" Thu 29 Nov 2007 0 A..H. --- "C:\Deckard\System Scanner\20071206082757\backup\WINDOWS\temp\BITC8.tmp" Wed 28 Nov 2007 0 A..H. --- "C:\Deckard\System Scanner\20071206082757\backup\WINDOWS\temp\BIT1A7.tmp" Wed 28 Nov 2007 388,090 A..H. --- "C:\Deckard\System Scanner\20071206082757\backup\WINDOWS\temp\BIT1A8.tmp" Wed 28 Nov 2007 0 A..H. --- "C:\Deckard\System Scanner\20071206082757\backup\WINDOWS\temp\BIT1A9.tmp" Wed 28 Nov 2007 388,090 A..H. --- "C:\Deckard\System Scanner\20071206082757\backup\WINDOWS\temp\BIT1AA.tmp" Wed 28 Nov 2007 388,090 A..H. --- "C:\Deckard\System Scanner\20071206082757\backup\WINDOWS\temp\BIT1AB.tmp" Wed 28 Nov 2007 0 A..H. --- "C:\Deckard\System Scanner\20071206082757\backup\WINDOWS\temp\BIT1AC.tmp" Wed 28 Nov 2007 0 A..H. --- "C:\Deckard\System Scanner\20071206082757\backup\WINDOWS\temp\BIT1AD.tmp" Thu 29 Nov 2007 0 A..H. --- "C:\Deckard\System Scanner\20071206082757\backup\WINDOWS\temp\BIT1AE.tmp" Wed 28 Nov 2007 0 A..H. --- "C:\Deckard\System Scanner\20071206082757\backup\WINDOWS\temp\BIT160.tmp" Wed 28 Nov 2007 0 A..H. --- "C:\Deckard\System Scanner\20071206082757\backup\WINDOWS\temp\BIT161.tmp" Wed 28 Nov 2007 0 A..H. --- "C:\Deckard\System Scanner\20071206082757\backup\WINDOWS\temp\BIT162.tmp" Wed 28 Nov 2007 0 A..H. --- "C:\Deckard\System Scanner\20071206082757\backup\WINDOWS\temp\BIT163.tmp" Wed 28 Nov 2007 0 A..H. --- "C:\Deckard\System Scanner\20071206082757\backup\WINDOWS\temp\BIT164.tmp" Wed 28 Nov 2007 0 A..H. --- "C:\Deckard\System Scanner\20071206082757\backup\WINDOWS\temp\BIT165.tmp" Wed 28 Nov 2007 0 A..H. --- "C:\Deckard\System Scanner\20071206082757\backup\WINDOWS\temp\BIT166.tmp" Wed 28 Nov 2007 388,090 A..H. --- "C:\Deckard\System Scanner\20071206082757\backup\WINDOWS\temp\BIT167.tmp" Wed 28 Nov 2007 388,090 A..H. --- "C:\Deckard\System Scanner\20071206082757\backup\WINDOWS\temp\BIT168.tmp" Wed 28 Nov 2007 0 A..H. --- "C:\Deckard\System Scanner\20071206082757\backup\WINDOWS\temp\BIT169.tmp" Wed 28 Nov 2007 0 A..H. --- "C:\Deckard\System Scanner\20071206082757\backup\WINDOWS\temp\BIT16A.tmp" Wed 28 Nov 2007 0 A..H. --- "C:\Deckard\System Scanner\20071206082757\backup\WINDOWS\temp\BIT16B.tmp" Wed 28 Nov 2007 0 A..H. --- "C:\Deckard\System Scanner\20071206082757\backup\WINDOWS\temp\BIT16C.tmp" Wed 28 Nov 2007 388,090 A..H. --- "C:\Deckard\System Scanner\20071206082757\backup\WINDOWS\temp\BIT16D.tmp" Wed 28 Nov 2007 0 A..H. --- "C:\Deckard\System Scanner\20071206082757\backup\WINDOWS\temp\BIT16E.tmp" Wed 28 Nov 2007 0 A..H. --- "C:\Deckard\System Scanner\20071206082757\backup\WINDOWS\temp\BIT1AF.tmp" Wed 28 Nov 2007 0 A..H. --- "C:\Deckard\System Scanner\20071206082757\backup\WINDOWS\temp\BIT1B0.tmp" Thu 29 Nov 2007 0 A..H. --- "C:\Deckard\System Scanner\20071206082757\backup\WINDOWS\temp\BIT1B1.tmp" Wed 28 Nov 2007 0 A..H. --- "C:\Deckard\System Scanner\20071206082757\backup\WINDOWS\temp\BIT1B2.tmp" Wed 28 Nov 2007 0 A..H. --- "C:\Deckard\System Scanner\20071206082757\backup\WINDOWS\temp\BIT1B3.tmp" Thu 29 Nov 2007 0 A..H. --- "C:\Deckard\System Scanner\20071206082757\backup\WINDOWS\temp\BIT1B4.tmp" Thu 29 Nov 2007 0 A..H. --- "C:\Deckard\System Scanner\20071206082757\backup\WINDOWS\temp\BIT4D6.tmp" Thu 29 Nov 2007 0 A..H. --- "C:\Deckard\System Scanner\20071206082757\backup\WINDOWS\temp\BIT526.tmp" Thu 29 Nov 2007 0 A..H. --- "C:\Deckard\System Scanner\20071206082757\backup\WINDOWS\temp\BIT54B.tmp" Thu 29 Nov 2007 0 A..H. --- "C:\Deckard\System Scanner\20071206082757\backup\WINDOWS\temp\BIT55D.tmp" Thu 29 Nov 2007 388,090 A..H. --- "C:\Deckard\System Scanner\20071206082757\backup\WINDOWS\temp\BIT55E.tmp" Thu 29 Nov 2007 0 A..H. --- "C:\Deckard\System Scanner\20071206082757\backup\WINDOWS\temp\BIT55B.tmp" Thu 29 Nov 2007 0 A..H. --- "C:\Deckard\System Scanner\20071206082757\backup\WINDOWS\temp\BIT4E6.tmp" Thu 29 Nov 2007 0 A..H. --- "C:\Deckard\System Scanner\20071206082757\backup\WINDOWS\temp\BIT500.tmp" Thu 29 Nov 2007 0 A..H. --- "C:\Deckard\System Scanner\20071206082757\backup\WINDOWS\temp\BIT5A3.tmp" Thu 29 Nov 2007 0 A..H. --- "C:\Deckard\System Scanner\20071206082757\backup\WINDOWS\temp\BIT603.tmp" Thu 29 Nov 2007 0 A..H. --- "C:\Deckard\System Scanner\20071206082757\backup\WINDOWS\temp\BIT609.tmp" Thu 29 Nov 2007 0 A..H. --- "C:\Deckard\System Scanner\20071206082757\backup\WINDOWS\temp\BIT60A.tmp" Wed 8 Aug 2007 85,946 A..H. --- "C:\Deckard\System Scanner\20071206082757\backup\WINDOWS\temp\BIT60E.tmp" Thu 29 Nov 2007 0 A..H. --- "C:\Deckard\System Scanner\20071206082757\backup\WINDOWS\temp\BIT60F.tmp" Thu 29 Nov 2007 0 A..H. --- "C:\Deckard\System Scanner\20071206082757\backup\WINDOWS\temp\BIT610.tmp" Thu 29 Nov 2007 0 A..H. --- "C:\Deckard\System Scanner\20071206082757\backup\WINDOWS\temp\BIT611.tmp" Thu 29 Nov 2007 0 A..H. --- "C:\Deckard\System Scanner\20071206082757\backup\WINDOWS\temp\BIT612.tmp" Thu 29 Nov 2007 0 A..H. --- "C:\Deckard\System Scanner\20071206082757\backup\WINDOWS\temp\BIT60C.tmp" Thu 29 Nov 2007 0 A..H. --- "C:\Deckard\System Scanner\20071206082757\backup\WINDOWS\temp\BIT606.tmp" Thu 29 Nov 2007 0 A..H. --- "C:\Deckard\System Scanner\20071206082757\backup\WINDOWS\temp\BIT613.tmp" Thu 29 Nov 2007 388,090 A..H. --- "C:\Deckard\System Scanner\20071206082757\backup\WINDOWS\temp\BIT614.tmp" Thu 29 Nov 2007 0 A..H. --- "C:\Deckard\System Scanner\20071206082757\backup\WINDOWS\temp\BIT61F.tmp" Thu 29 Nov 2007 0 A..H. --- "C:\Deckard\System Scanner\20071206082757\backup\WINDOWS\temp\BIT623.tmp" Thu 29 Nov 2007 0 A..H. --- "C:\Deckard\System Scanner\20071206082757\backup\WINDOWS\temp\BIT626.tmp" Thu 29 Nov 2007 0 A..H. --- "C:\Deckard\System Scanner\20071206082757\backup\WINDOWS\temp\BIT619.tmp" Fri 30 Nov 2007 0 A..H. --- "C:\Deckard\System Scanner\20071206082757\backup\WINDOWS\temp\BIT630.tmp" Fri 30 Nov 2007 388,090 A..H. --- "C:\Deckard\System Scanner\20071206082757\backup\WINDOWS\temp\BIT631.tmp" Fri 30 Nov 2007 0 A..H. --- "C:\Deckard\System Scanner\20071206082757\backup\WINDOWS\temp\BIT632.tmp" Fri 30 Nov 2007 388,090 A..H. --- "C:\Deckard\System Scanner\20071206082757\backup\WINDOWS\temp\BIT633.tmp" Fri 30 Nov 2007 0 A..H. --- "C:\Deckard\System Scanner\20071206082757\backup\WINDOWS\temp\BIT62E.tmp" Fri 30 Nov 2007 85,946 A..H. --- "C:\Deckard\System Scanner\20071206082757\backup\WINDOWS\temp\BIT41.tmp" Thu 29 Nov 2007 0 A..H. --- "C:\Deckard\System Scanner\20071206082757\backup\WINDOWS\temp\BIT42.tmp" Thu 29 Nov 2007 0 A..H. --- "C:\Deckard\System Scanner\20071206082757\backup\WINDOWS\temp\BIT43.tmp" Thu 29 Nov 2007 0 A..H. --- "C:\Deckard\System Scanner\20071206082757\backup\WINDOWS\temp\BIT44.tmp" Thu 29 Nov 2007 0 A..H. --- "C:\Deckard\System Scanner\20071206082757\backup\WINDOWS\temp\BIT45.tmp" Thu 29 Nov 2007 0 A..H. --- "C:\Deckard\System Scanner\20071206082757\backup\WINDOWS\temp\BIT46.tmp" Thu 29 Nov 2007 0 A..H. --- "C:\Deckard\System Scanner\20071206082757\backup\WINDOWS\temp\BIT47.tmp" Thu 29 Nov 2007 0 A..H. --- "C:\Deckard\System Scanner\20071206082757\backup\WINDOWS\temp\BIT48.tmp" Thu 29 Nov 2007 0 A..H. --- "C:\Deckard\System Scanner\20071206082757\backup\WINDOWS\temp\BIT49.tmp" Thu 29 Nov 2007 388,090 A..H. --- "C:\Deckard\System Scanner\20071206082757\backup\WINDOWS\temp\BIT4A.tmp" Thu 29 Nov 2007 0 A..H. --- "C:\Deckard\System Scanner\20071206082757\backup\WINDOWS\temp\BIT4C.tmp" Thu 29 Nov 2007 388,090 A..H. --- "C:\Deckard\System Scanner\20071206082757\backup\WINDOWS\temp\BIT50.tmp" Thu 29 Nov 2007 0 A..H. --- "C:\Deckard\System Scanner\20071206082757\backup\WINDOWS\temp\BIT54.tmp" Thu 29 Nov 2007 388,090 A..H. --- "C:\Deckard\System Scanner\20071206082757\backup\WINDOWS\temp\BIT55.tmp" Thu 29 Nov 2007 0 A..H. --- "C:\Deckard\System Scanner\20071206082757\backup\WINDOWS\temp\BIT56.tmp" Thu 29 Nov 2007 0 A..H. --- "C:\Deckard\System Scanner\20071206082757\backup\WINDOWS\temp\BIT57.tmp" Thu 29 Nov 2007 0 A..H. --- "C:\Deckard\System Scanner\20071206082757\backup\WINDOWS\temp\BIT5A.tmp" Thu 29 Nov 2007 0 A..H. --- "C:\Deckard\System Scanner\20071206082757\backup\WINDOWS\temp\BIT62.tmp" Thu 29 Nov 2007 0 A..H. --- "C:\Deckard\System Scanner\20071206082757\backup\WINDOWS\temp\BIT63.tmp" Thu 29 Nov 2007 388,090 A..H. --- "C:\Deckard\System Scanner\20071206082757\backup\WINDOWS\temp\BIT64.tmp" Thu 29 Nov 2007 0 A..H. --- "C:\Deckard\System Scanner\20071206082757\backup\WINDOWS\temp\BIT65.tmp" Wed 8 Aug 2007 85,946 A..H. --- "C:\Deckard\System Scanner\20071206204119\backup\WINDOWS\temp\BIT62E.tmp" Wed 8 Aug 2007 85,946 A..H. --- "C:\Deckard\System Scanner\20071206204119\backup\WINDOWS\temp\BIT630.tmp" Wed 8 Aug 2007 85,946 A..H. --- "C:\Deckard\System Scanner\20071206204119\backup\WINDOWS\temp\BIT41.tmp" Wed 8 Aug 2007 85,946 A..H. --- "C:\Deckard\System Scanner\20071206204119\backup\WINDOWS\temp\BITA8.tmp" Wed 8 Aug 2007 85,946 A..H. --- "C:\Deckard\System Scanner\20071206204119\backup\WINDOWS\temp\BIT3B.tmp" Sat 1 Dec 2007 388,090 A..H. --- "C:\Deckard\System Scanner\20071206204119\backup\WINDOWS\temp\BIT3C.tmp" Sat 1 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\20071206204119\backup\WINDOWS\temp\BIT3D.tmp" Sat 1 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\20071206204119\backup\WINDOWS\temp\BIT40.tmp" Sat 1 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\20071206204119\backup\WINDOWS\temp\BIT42.tmp" Sat 1 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\20071206204119\backup\WINDOWS\temp\BIT43.tmp" Sat 1 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\20071206204119\backup\WINDOWS\temp\BIT44.tmp" Sat 1 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\20071206204119\backup\WINDOWS\temp\BIT45.tmp" Sat 1 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\20071206204119\backup\WINDOWS\temp\BIT59.tmp" Sat 1 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\20071206204119\backup\WINDOWS\temp\BIT88.tmp" Sat 1 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\20071206204119\backup\WINDOWS\temp\BIT8D.tmp" Sat 1 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\20071206204119\backup\WINDOWS\temp\BIT8B.tmp" Wed 8 Aug 2007 85,946 A..H. --- "C:\Deckard\System Scanner\20071206204119\backup\WINDOWS\temp\BITA3.tmp" Sat 1 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\20071206204119\backup\WINDOWS\temp\BITA4.tmp" Wed 8 Aug 2007 85,946 A..H. --- "C:\Deckard\System Scanner\20071206204119\backup\WINDOWS\temp\BITA6.tmp" Sat 1 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\20071206204119\backup\WINDOWS\temp\BIT95.tmp" Sat 1 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\20071206204119\backup\WINDOWS\temp\BIT96.tmp" Sat 1 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\20071206204119\backup\WINDOWS\temp\BIT97.tmp" Sat 1 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\20071206204119\backup\WINDOWS\temp\BIT98.tmp" Sat 1 Dec 2007 388,090 A..H. --- "C:\Deckard\System Scanner\20071206204119\backup\WINDOWS\temp\BIT9C.tmp" Sat 1 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\20071206204119\backup\WINDOWS\temp\BIT9D.tmp" Sat 1 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\20071206204119\backup\WINDOWS\temp\BIT9E.tmp" Sat 1 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\20071206204119\backup\WINDOWS\temp\BIT9A.tmp" Sat 1 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\20071206204119\backup\WINDOWS\temp\BIT9F.tmp" Sat 1 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\20071206204119\backup\WINDOWS\temp\BITA5.tmp" Sat 1 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\20071206204119\backup\WINDOWS\temp\BITA7.tmp" Sat 1 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\20071206204119\backup\WINDOWS\temp\BITA9.tmp" Sat 1 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\20071206204119\backup\WINDOWS\temp\BITAA.tmp" Sat 1 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\20071206204119\backup\WINDOWS\temp\BITAB.tmp" Sat 1 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\20071206204119\backup\WINDOWS\temp\BITA1.tmp" Sat 1 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\20071206204119\backup\WINDOWS\temp\BITAC.tmp" Sat 1 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\20071206204119\backup\WINDOWS\temp\BITAD.tmp" Sat 1 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\20071206204119\backup\WINDOWS\temp\BITAE.tmp" Sat 1 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\20071206204119\backup\WINDOWS\temp\BITAF.tmp" Sat 1 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\20071206204119\backup\WINDOWS\temp\BITB0.tmp" Sat 1 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\20071206204119\backup\WINDOWS\temp\BITB4.tmp" Wed 8 Aug 2007 85,946 A..H. --- "C:\Deckard\System Scanner\20071206204119\backup\WINDOWS\temp\BITD3.tmp" Sat 1 Dec 2007 388,090 A..H. --- "C:\Deckard\System Scanner\20071206204119\backup\WINDOWS\temp\BITD4.tmp" Wed 8 Aug 2007 85,946 A..H. --- "C:\Deckard\System Scanner\20071206204119\backup\WINDOWS\temp\BITD5.tmp" Sat 1 Dec 2007 388,090 A..H. --- "C:\Deckard\System Scanner\20071206204119\backup\WINDOWS\temp\BITB3.tmp" Sat 1 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\20071206204119\backup\WINDOWS\temp\BITB8.tmp" Sat 1 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\20071206204119\backup\WINDOWS\temp\BITB9.tmp" Sat 1 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\20071206204119\backup\WINDOWS\temp\BITBA.tmp" Sat 1 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\20071206204119\backup\WINDOWS\temp\BITBB.tmp" Sat 1 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\20071206204119\backup\WINDOWS\temp\BITB7.tmp" Sat 1 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\20071206204119\backup\WINDOWS\temp\BITBC.tmp" Sat 1 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\20071206204119\backup\WINDOWS\temp\BITBD.tmp" Sat 1 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\20071206204119\backup\WINDOWS\temp\BITC1.tmp" Sat 1 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\20071206204119\backup\WINDOWS\temp\BITC4.tmp" Sat 1 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\20071206204119\backup\WINDOWS\temp\BITC5.tmp" Sat 1 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\20071206204119\backup\WINDOWS\temp\BITC8.tmp" Sat 1 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\20071206204119\backup\WINDOWS\temp\BITC0.tmp" Sat 1 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\20071206204119\backup\WINDOWS\temp\BITC9.tmp" Sat 1 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\20071206204119\backup\WINDOWS\temp\BITCA.tmp" Sat 1 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\20071206204119\backup\WINDOWS\temp\BITCB.tmp" Sat 1 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\20071206204119\backup\WINDOWS\temp\BITCC.tmp" Sat 1 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\20071206204119\backup\WINDOWS\temp\BITCD.tmp" Sat 1 Dec 2007 388,090 A..H. --- "C:\Deckard\System Scanner\20071206204119\backup\WINDOWS\temp\BITCE.tmp" Sat 1 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\20071206204119\backup\WINDOWS\temp\BITCF.tmp" Sat 1 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\20071206204119\backup\WINDOWS\temp\BITD6.tmp" Sat 1 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\20071206204119\backup\WINDOWS\temp\BITD2.tmp" Wed 8 Aug 2007 85,946 A..H. --- "C:\Deckard\System Scanner\20071206204119\backup\WINDOWS\temp\BITE3.tmp" Sat 1 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\20071206204119\backup\WINDOWS\temp\BITE4.tmp" Sat 1 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\20071206204119\backup\WINDOWS\temp\BITE5.tmp" Sat 1 Dec 2007 388,090 A..H. --- "C:\Deckard\System Scanner\20071206204119\backup\WINDOWS\temp\BITD7.tmp" Sat 1 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\20071206204119\backup\WINDOWS\temp\BITD8.tmp" Sat 1 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\20071206204119\backup\WINDOWS\temp\BITD9.tmp" Sat 1 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\20071206204119\backup\WINDOWS\temp\BITDA.tmp" Sat 1 Dec 2007 388,090 A..H. --- "C:\Deckard\System Scanner\20071206204119\backup\WINDOWS\temp\BITDE.tmp" Sat 1 Dec 2007 388,090 A..H. --- "C:\Deckard\System Scanner\20071206204119\backup\WINDOWS\temp\BITE8.tmp" Sat 1 Dec 2007 388,090 A..H. --- "C:\Deckard\System Scanner\20071206204119\backup\WINDOWS\temp\BITE2.tmp" Sat 1 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\20071206204119\backup\WINDOWS\temp\BITE1.tmp" Sat 1 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\20071206204119\backup\WINDOWS\temp\BITDD.tmp" Sat 1 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\20071206204119\backup\WINDOWS\temp\BITF0.tmp" Wed 8 Aug 2007 85,946 A..H. --- "C:\Deckard\System Scanner\20071206204119\backup\WINDOWS\temp\BITF2.tmp" Sat 1 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\20071206204119\backup\WINDOWS\temp\BITEF.tmp" Sat 1 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\20071206204119\backup\WINDOWS\temp\BITEB.tmp" Sat 1 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\20071206204119\backup\WINDOWS\temp\BITF1.tmp" Sat 1 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\20071206204119\backup\WINDOWS\temp\BITF9.tmp" Sat 1 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\20071206204119\backup\WINDOWS\temp\BITFA.tmp" Wed 8 Aug 2007 85,946 A..H. --- "C:\Deckard\System Scanner\20071206204119\backup\WINDOWS\temp\BITFC.tmp" Sat 1 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\20071206204119\backup\WINDOWS\temp\BITFB.tmp" Sat 1 Dec 2007 388,090 A..H. --- "C:\Deckard\System Scanner\20071206204119\backup\WINDOWS\temp\BITFE.tmp" Sat 1 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\20071206204119\backup\WINDOWS\temp\BIT12F.tmp" Sat 1 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\20071206204119\backup\WINDOWS\temp\BIT10C.tmp" Sat 1 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\20071206204119\backup\WINDOWS\temp\BIT10D.tmp" Sat 1 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\20071206204119\backup\WINDOWS\temp\BIT10E.tmp" Sat 1 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\20071206204119\backup\WINDOWS\temp\BIT10F.tmp" Sat 1 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\20071206204119\backup\WINDOWS\temp\BIT110.tmp" Sat 1 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\20071206204119\backup\WINDOWS\temp\BIT111.tmp" Sat 1 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\20071206204119\backup\WINDOWS\temp\BIT112.tmp" Sat 1 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\20071206204119\backup\WINDOWS\temp\BIT113.tmp" Sat 1 Dec 2007 388,090 A..H. --- "C:\Deckard\System Scanner\20071206204119\backup\WINDOWS\temp\BIT114.tmp" Sat 1 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\20071206204119\backup\WINDOWS\temp\BIT118.tmp" Sat 1 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\20071206204119\backup\WINDOWS\temp\BIT119.tmp" Sat 1 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\20071206204119\backup\WINDOWS\temp\BIT11A.tmp" Sat 1 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\20071206204119\backup\WINDOWS\temp\BIT11E.tmp" Sat 1 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\20071206204119\backup\WINDOWS\temp\BIT117.tmp" Sat 1 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\20071206204119\backup\WINDOWS\temp\BIT11F.tmp" Sat 1 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\20071206204119\backup\WINDOWS\temp\BIT120.tmp" Sat 1 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\20071206204119\backup\WINDOWS\temp\BIT121.tmp" Sat 1 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\20071206204119\backup\WINDOWS\temp\BIT122.tmp" Sat 1 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\20071206204119\backup\WINDOWS\temp\BIT123.tmp" Sat 1 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\20071206204119\backup\WINDOWS\temp\BIT124.tmp" Sat 1 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\20071206204119\backup\WINDOWS\temp\BIT125.tmp" Sat 1 Dec 2007 388,090 A..H. --- "C:\Deckard\System Scanner\20071206204119\backup\WINDOWS\temp\BIT126.tmp" Sat 1 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\20071206204119\backup\WINDOWS\temp\BIT127.tmp" Sat 1 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\20071206204119\backup\WINDOWS\temp\BIT12B.tmp" Sun 2 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\20071206204119\backup\WINDOWS\temp\BIT133.tmp" Fri 30 Nov 2007 0 A..H. --- "C:\Deckard\System Scanner\20071206082757\backup\DOKUME~1\IVENEN~1\LOKALE~1\Temp\BIT1.tmp" Wed 8 Aug 2007 85,946 A..H. --- "C:\Deckard\System Scanner\20071206082757\backup\DOKUME~1\IVENEN~1\LOKALE~1\Temp\BIT5.tmp" Thu 29 Nov 2007 0 A..H. --- "C:\Deckard\System Scanner\20071206082757\backup\DOKUME~1\IVENEN~1\LOKALE~1\Temp\BIT7.tmp" Wed 28 Nov 2007 0 A..H. --- "C:\Deckard\System Scanner\20071206082757\backup\DOKUME~1\IVENEN~1\LOKALE~1\Temp\BIT4.tmp" Thu 29 Nov 2007 0 A..H. --- "C:\Deckard\System Scanner\20071206082757\backup\DOKUME~1\IVENEN~1\LOKALE~1\Temp\BITA.tmp" Wed 28 Nov 2007 0 A..H. --- "C:\Deckard\System Scanner\20071206082757\backup\DOKUME~1\IVENEN~1\LOKALE~1\Temp\BITB3.tmp" Fri 30 Nov 2007 334,836 A..H. --- "C:\Deckard\System Scanner\20071206082757\backup\DOKUME~1\IVENEN~1\LOKALE~1\Temp\BIT5B.tmp" Wed 28 Nov 2007 0 A..H. --- "C:\Deckard\System Scanner\20071206082757\backup\DOKUME~1\IVENEN~1\LOKALE~1\Temp\BIT90.tmp" Wed 28 Nov 2007 0 A..H. --- "C:\Deckard\System Scanner\20071206082757\backup\DOKUME~1\IVENEN~1\LOKALE~1\Temp\BIT8.tmp" Wed 28 Nov 2007 0 A..H. --- "C:\Deckard\System Scanner\20071206082757\backup\DOKUME~1\IVENEN~1\LOKALE~1\Temp\BIT9.tmp" Wed 28 Nov 2007 0 A..H. --- "C:\Deckard\System Scanner\20071206082757\backup\DOKUME~1\IVENEN~1\LOKALE~1\Temp\BITE.tmp" Wed 28 Nov 2007 0 A..H. --- "C:\Deckard\System Scanner\20071206082757\backup\DOKUME~1\IVENEN~1\LOKALE~1\Temp\BITF.tmp" Wed 28 Nov 2007 0 A..H. --- "C:\Deckard\System Scanner\20071206082757\backup\DOKUME~1\IVENEN~1\LOKALE~1\Temp\BITC8.tmp" Wed 28 Nov 2007 0 A..H. --- "C:\Deckard\System Scanner\20071206082757\backup\DOKUME~1\IVENEN~1\LOKALE~1\Temp\BITCA.tmp" Wed 28 Nov 2007 0 A..H. --- "C:\Deckard\System Scanner\20071206082757\backup\DOKUME~1\IVENEN~1\LOKALE~1\Temp\BITCB.tmp" Wed 28 Nov 2007 0 A..H. --- "C:\Deckard\System Scanner\20071206082757\backup\DOKUME~1\IVENEN~1\LOKALE~1\Temp\BITD0.tmp" Wed 28 Nov 2007 0 A..H. --- "C:\Deckard\System Scanner\20071206082757\backup\DOKUME~1\IVENEN~1\LOKALE~1\Temp\BITD1.tmp" Wed 28 Nov 2007 0 A..H. --- "C:\Deckard\System Scanner\20071206082757\backup\DOKUME~1\IVENEN~1\LOKALE~1\Temp\BITCC.tmp" Wed 28 Nov 2007 0 A..H. --- "C:\Deckard\System Scanner\20071206082757\backup\DOKUME~1\IVENEN~1\LOKALE~1\Temp\BITCD.tmp" Wed 28 Nov 2007 0 A..H. --- "C:\Deckard\System Scanner\20071206082757\backup\DOKUME~1\IVENEN~1\LOKALE~1\Temp\BITCE.tmp" Wed 28 Nov 2007 0 A..H. --- "C:\Deckard\System Scanner\20071206082757\backup\DOKUME~1\IVENEN~1\LOKALE~1\Temp\BITD2.tmp" Wed 28 Nov 2007 0 A..H. --- "C:\Deckard\System Scanner\20071206082757\backup\DOKUME~1\IVENEN~1\LOKALE~1\Temp\BITD3.tmp" Wed 28 Nov 2007 0 A..H. --- "C:\Deckard\System Scanner\20071206082757\backup\DOKUME~1\IVENEN~1\LOKALE~1\Temp\BITD4.tmp" Wed 28 Nov 2007 0 A..H. --- "C:\Deckard\System Scanner\20071206082757\backup\DOKUME~1\IVENEN~1\LOKALE~1\Temp\BITD5.tmp" Wed 28 Nov 2007 388,090 A..H. --- "C:\Deckard\System Scanner\20071206082757\backup\DOKUME~1\IVENEN~1\LOKALE~1\Temp\BITD6.tmp" Wed 28 Nov 2007 0 A..H. --- "C:\Deckard\System Scanner\20071206082757\backup\DOKUME~1\IVENEN~1\LOKALE~1\Temp\BITD7.tmp" Wed 28 Nov 2007 0 A..H. --- "C:\Deckard\System Scanner\20071206082757\backup\DOKUME~1\IVENEN~1\LOKALE~1\Temp\BITD8.tmp" Wed 28 Nov 2007 0 A..H. --- "C:\Deckard\System Scanner\20071206082757\backup\DOKUME~1\IVENEN~1\LOKALE~1\Temp\BITD9.tmp" Wed 28 Nov 2007 0 A..H. --- "C:\Deckard\System Scanner\20071206082757\backup\DOKUME~1\IVENEN~1\LOKALE~1\Temp\BITDA.tmp" Wed 28 Nov 2007 0 A..H. --- "C:\Deckard\System Scanner\20071206082757\backup\DOKUME~1\IVENEN~1\LOKALE~1\Temp\BITDB.tmp" Wed 28 Nov 2007 0 A..H. --- "C:\Deckard\System Scanner\20071206082757\backup\DOKUME~1\IVENEN~1\LOKALE~1\Temp\BITDC.tmp" Wed 28 Nov 2007 0 A..H. --- "C:\Deckard\System Scanner\20071206082757\backup\DOKUME~1\IVENEN~1\LOKALE~1\Temp\BITDD.tmp" Wed 28 Nov 2007 0 A..H. --- "C:\Deckard\System Scanner\20071206082757\backup\DOKUME~1\IVENEN~1\LOKALE~1\Temp\BITDE.tmp" Wed 28 Nov 2007 0 A..H. --- "C:\Deckard\System Scanner\20071206082757\backup\DOKUME~1\IVENEN~1\LOKALE~1\Temp\BITDF.tmp" Wed 28 Nov 2007 0 A..H. --- "C:\Deckard\System Scanner\20071206082757\backup\DOKUME~1\IVENEN~1\LOKALE~1\Temp\BITE0.tmp" Wed 28 Nov 2007 0 A..H. --- "C:\Deckard\System Scanner\20071206082757\backup\DOKUME~1\IVENEN~1\LOKALE~1\Temp\BITEC.tmp" Wed 28 Nov 2007 0 A..H. --- "C:\Deckard\System Scanner\20071206082757\backup\DOKUME~1\IVENEN~1\LOKALE~1\Temp\BITED.tmp" Wed 28 Nov 2007 0 A..H. --- "C:\Deckard\System Scanner\20071206082757\backup\DOKUME~1\IVENEN~1\LOKALE~1\Temp\BITE3.tmp" Wed 28 Nov 2007 0 A..H. --- "C:\Deckard\System Scanner\20071206082757\backup\DOKUME~1\IVENEN~1\LOKALE~1\Temp\BITE4.tmp" Wed 28 Nov 2007 0 A..H. --- "C:\Deckard\System Scanner\20071206082757\backup\DOKUME~1\IVENEN~1\LOKALE~1\Temp\BITE5.tmp" Wed 28 Nov 2007 0 A..H. --- "C:\Deckard\System Scanner\20071206082757\backup\DOKUME~1\IVENEN~1\LOKALE~1\Temp\BITE6.tmp" Wed 28 Nov 2007 0 A..H. --- "C:\Deckard\System Scanner\20071206082757\backup\DOKUME~1\IVENEN~1\LOKALE~1\Temp\BITE7.tmp" Wed 28 Nov 2007 0 A..H. --- "C:\Deckard\System Scanner\20071206082757\backup\DOKUME~1\IVENEN~1\LOKALE~1\Temp\BITE8.tmp" Wed 28 Nov 2007 388,090 A..H. --- "C:\Deckard\System Scanner\20071206082757\backup\DOKUME~1\IVENEN~1\LOKALE~1\Temp\BITE9.tmp" Wed 28 Nov 2007 0 A..H. --- "C:\Deckard\System Scanner\20071206082757\backup\DOKUME~1\IVENEN~1\LOKALE~1\Temp\BITEA.tmp" Wed 28 Nov 2007 0 A..H. --- "C:\Deckard\System Scanner\20071206082757\backup\DOKUME~1\IVENEN~1\LOKALE~1\Temp\BITEB.tmp" Wed 28 Nov 2007 0 A..H. --- "C:\Deckard\System Scanner\20071206082757\backup\DOKUME~1\IVENEN~1\LOKALE~1\Temp\BITEE.tmp" Fri 30 Nov 2007 0 A..H. --- "C:\Deckard\System Scanner\20071206082757\backup\DOKUME~1\IVENEN~1\LOKALE~1\Temp\BIT13.tmp" Fri 30 Nov 2007 0 A..H. --- "C:\Deckard\System Scanner\20071206082757\backup\DOKUME~1\IVENEN~1\LOKALE~1\Temp\BIT15.tmp" Thu 29 Nov 2007 0 A..H. --- "C:\Deckard\System Scanner\20071206082757\backup\DOKUME~1\IVENEN~1\LOKALE~1\Temp\BITB.tmp" Wed 28 Nov 2007 0 A..H. --- "C:\Deckard\System Scanner\20071206082757\backup\DOKUME~1\IVENEN~1\LOKALE~1\Temp\BITF0.tmp" Wed 28 Nov 2007 0 A..H. --- "C:\Deckard\System Scanner\20071206082757\backup\DOKUME~1\IVENEN~1\LOKALE~1\Temp\BITF9.tmp" Thu 29 Nov 2007 0 A..H. --- "C:\Deckard\System Scanner\20071206082757\backup\DOKUME~1\IVENEN~1\LOKALE~1\Temp\BITC.tmp" Wed 28 Nov 2007 0 A..H. --- "C:\Deckard\System Scanner\20071206082757\backup\DOKUME~1\IVENEN~1\LOKALE~1\Temp\BITFD.tmp" Wed 28 Nov 2007 388,090 A..H. --- "C:\Deckard\System Scanner\20071206082757\backup\DOKUME~1\IVENEN~1\LOKALE~1\Temp\BITFE.tmp" Wed 28 Nov 2007 0 A..H. --- "C:\Deckard\System Scanner\20071206082757\backup\DOKUME~1\IVENEN~1\LOKALE~1\Temp\BITFF.tmp" Wed 28 Nov 2007 0 A..H. --- "C:\Deckard\System Scanner\20071206082757\backup\DOKUME~1\IVENEN~1\LOKALE~1\Temp\BIT103.tmp" Wed 28 Nov 2007 0 A..H. --- "C:\Deckard\System Scanner\20071206082757\backup\DOKUME~1\IVENEN~1\LOKALE~1\Temp\BIT104.tmp" Wed 28 Nov 2007 0 A..H. --- "C:\Deckard\System Scanner\20071206082757\backup\DOKUME~1\IVENEN~1\LOKALE~1\Temp\BIT105.tmp" Wed 28 Nov 2007 0 A..H. --- "C:\Deckard\System Scanner\20071206082757\backup\DOKUME~1\IVENEN~1\LOKALE~1\Temp\BIT106.tmp" Wed 28 Nov 2007 0 A..H. --- "C:\Deckard\System Scanner\20071206082757\backup\DOKUME~1\IVENEN~1\LOKALE~1\Temp\BIT107.tmp" Wed 28 Nov 2007 0 A..H. --- "C:\Deckard\System Scanner\20071206082757\backup\DOKUME~1\IVENEN~1\LOKALE~1\Temp\BIT108.tmp" Thu 29 Nov 2007 0 A..H. --- "C:\Deckard\System Scanner\20071206082757\backup\DOKUME~1\IVENEN~1\LOKALE~1\Temp\BITD.tmp" Wed 28 Nov 2007 0 A..H. --- "C:\Deckard\System Scanner\20071206082757\backup\DOKUME~1\IVENEN~1\LOKALE~1\Temp\BIT10A.tmp" Wed 28 Nov 2007 0 A..H. --- "C:\Deckard\System Scanner\20071206082757\backup\DOKUME~1\IVENEN~1\LOKALE~1\Temp\BIT10B.tmp" Wed 28 Nov 2007 0 A..H. --- "C:\Deckard\System Scanner\20071206082757\backup\DOKUME~1\IVENEN~1\LOKALE~1\Temp\BIT10C.tmp" Wed 28 Nov 2007 0 A..H. --- "C:\Deckard\System Scanner\20071206082757\backup\DOKUME~1\IVENEN~1\LOKALE~1\Temp\BIT10D.tmp" Wed 28 Nov 2007 0 A..H. --- "C:\Deckard\System Scanner\20071206082757\backup\DOKUME~1\IVENEN~1\LOKALE~1\Temp\BIT10E.tmp" Wed 28 Nov 2007 388,090 A..H. --- "C:\Deckard\System Scanner\20071206082757\backup\DOKUME~1\IVENEN~1\LOKALE~1\Temp\BIT10F.tmp" Wed 28 Nov 2007 388,090 A..H. --- "C:\Deckard\System Scanner\20071206082757\backup\DOKUME~1\IVENEN~1\LOKALE~1\Temp\BIT110.tmp" Wed 28 Nov 2007 0 A..H. --- "C:\Deckard\System Scanner\20071206082757\backup\DOKUME~1\IVENEN~1\LOKALE~1\Temp\BIT111.tmp" Wed 28 Nov 2007 0 A..H. --- "C:\Deckard\System Scanner\20071206082757\backup\DOKUME~1\IVENEN~1\LOKALE~1\Temp\BIT115.tmp" Wed 28 Nov 2007 0 A..H. --- "C:\Deckard\System Scanner\20071206082757\backup\DOKUME~1\IVENEN~1\LOKALE~1\Temp\BIT11E.tmp" Wed 28 Nov 2007 0 A..H. --- "C:\Deckard\System Scanner\20071206082757\backup\DOKUME~1\IVENEN~1\LOKALE~1\Temp\BIT127.tmp" Wed 28 Nov 2007 0 A..H. --- "C:\Deckard\System Scanner\20071206082757\backup\DOKUME~1\IVENEN~1\LOKALE~1\Temp\BIT13C.tmp" Wed 28 Nov 2007 0 A..H. --- "C:\Deckard\System Scanner\20071206082757\backup\DOKUME~1\IVENEN~1\LOKALE~1\Temp\BIT141.tmp" Wed 28 Nov 2007 0 A..H. --- "C:\Deckard\System Scanner\20071206082757\backup\DOKUME~1\IVENEN~1\LOKALE~1\Temp\BIT146.tmp" Thu 29 Nov 2007 0 A..H. --- "C:\Deckard\System Scanner\20071206082757\backup\DOKUME~1\IVENEN~1\LOKALE~1\Temp\BIT10.tmp" Wed 28 Nov 2007 388,090 A..H. --- "C:\Deckard\System Scanner\20071206082757\backup\DOKUME~1\IVENEN~1\LOKALE~1\Temp\BIT15F.tmp" Thu 29 Nov 2007 0 A..H. --- "C:\Deckard\System Scanner\20071206082757\backup\DOKUME~1\IVENEN~1\LOKALE~1\Temp\BIT11.tmp" Thu 29 Nov 2007 0 A..H. --- "C:\Deckard\System Scanner\20071206082757\backup\DOKUME~1\IVENEN~1\LOKALE~1\Temp\BIT12.tmp" Thu 29 Nov 2007 0 A..H. --- "C:\Deckard\System Scanner\20071206082757\backup\DOKUME~1\IVENEN~1\LOKALE~1\Temp\BIT17.tmp" Thu 29 Nov 2007 0 A..H. --- "C:\Deckard\System Scanner\20071206082757\backup\DOKUME~1\IVENEN~1\LOKALE~1\Temp\BIT18.tmp" Thu 29 Nov 2007 0 A..H. --- "C:\Deckard\System Scanner\20071206082757\backup\DOKUME~1\IVENEN~1\LOKALE~1\Temp\BIT1C.tmp" Thu 29 Nov 2007 0 A..H. --- "C:\Deckard\System Scanner\20071206082757\backup\DOKUME~1\IVENEN~1\LOKALE~1\Temp\BIT14.tmp" Thu 29 Nov 2007 0 A..H. --- "C:\Deckard\System Scanner\20071206082757\backup\DOKUME~1\IVENEN~1\LOKALE~1\Temp\BIT1D.tmp" Thu 29 Nov 2007 388,090 A..H. --- "C:\Deckard\System Scanner\20071206082757\backup\DOKUME~1\IVENEN~1\LOKALE~1\Temp\BIT1E.tmp" Thu 29 Nov 2007 0 A..H. --- "C:\Deckard\System Scanner\20071206082757\backup\DOKUME~1\IVENEN~1\LOKALE~1\Temp\BIT1B.tmp" Thu 29 Nov 2007 0 A..H. --- "C:\Deckard\System Scanner\20071206082757\backup\DOKUME~1\IVENEN~1\LOKALE~1\Temp\BIT1F.tmp" Thu 29 Nov 2007 388,090 A..H. --- "C:\Deckard\System Scanner\20071206082757\backup\DOKUME~1\IVENEN~1\LOKALE~1\Temp\BIT20.tmp" Thu 29 Nov 2007 0 A..H. --- "C:\Deckard\System Scanner\20071206082757\backup\DOKUME~1\IVENEN~1\LOKALE~1\Temp\BIT21.tmp" Fri 30 Nov 2007 0 A..H. --- "C:\Deckard\System Scanner\20071206082757\backup\DOKUME~1\IVENEN~1\LOKALE~1\Temp\BIT16.tmp" Thu 29 Nov 2007 0 A..H. --- "C:\Deckard\System Scanner\20071206082757\backup\DOKUME~1\IVENEN~1\LOKALE~1\Temp\BIT23.tmp" Fri 30 Nov 2007 0 A..H. --- "C:\Deckard\System Scanner\20071206082757\backup\DOKUME~1\IVENEN~1\LOKALE~1\Temp\BIT19.tmp" Fri 30 Nov 2007 0 A..H. --- "C:\Deckard\System Scanner\20071206082757\backup\DOKUME~1\IVENEN~1\LOKALE~1\Temp\BIT1A.tmp" Fri 30 Nov 2007 0 A..H. --- "C:\Deckard\System Scanner\20071206082757\backup\DOKUME~1\IVENEN~1\LOKALE~1\Temp\BIT22.tmp" Fri 30 Nov 2007 0 A..H. --- "C:\Deckard\System Scanner\20071206082757\backup\DOKUME~1\IVENEN~1\LOKALE~1\Temp\BIT24.tmp" Thu 29 Nov 2007 0 A..H. --- "C:\Deckard\System Scanner\20071206082757\backup\DOKUME~1\IVENEN~1\LOKALE~1\Temp\BIT25.tmp" Thu 29 Nov 2007 388,090 A..H. --- "C:\Deckard\System Scanner\20071206082757\backup\DOKUME~1\IVENEN~1\LOKALE~1\Temp\BIT26.tmp" Thu 29 Nov 2007 388,090 A..H. --- "C:\Deckard\System Scanner\20071206082757\backup\DOKUME~1\IVENEN~1\LOKALE~1\Temp\BIT27.tmp" Thu 29 Nov 2007 0 A..H. --- "C:\Deckard\System Scanner\20071206082757\backup\DOKUME~1\IVENEN~1\LOKALE~1\Temp\BIT2A.tmp" Thu 29 Nov 2007 0 A..H. --- "C:\Deckard\System Scanner\20071206082757\backup\DOKUME~1\IVENEN~1\LOKALE~1\Temp\BIT2B.tmp" Thu 29 Nov 2007 0 A..H. --- "C:\Deckard\System Scanner\20071206082757\backup\DOKUME~1\IVENEN~1\LOKALE~1\Temp\BIT2C.tmp" Thu 29 Nov 2007 388,090 A..H. --- "C:\Deckard\System Scanner\20071206082757\backup\DOKUME~1\IVENEN~1\LOKALE~1\Temp\BIT2D.tmp" Thu 29 Nov 2007 0 A..H. --- "C:\Deckard\System Scanner\20071206082757\backup\DOKUME~1\IVENEN~1\LOKALE~1\Temp\BIT2F.tmp" Thu 29 Nov 2007 0 A..H. --- "C:\Deckard\System Scanner\20071206082757\backup\DOKUME~1\IVENEN~1\LOKALE~1\Temp\BIT31.tmp" Thu 29 Nov 2007 388,090 A..H. --- "C:\Deckard\System Scanner\20071206082757\backup\DOKUME~1\IVENEN~1\LOKALE~1\Temp\BIT32.tmp" Thu 29 Nov 2007 0 A..H. --- "C:\Deckard\System Scanner\20071206082757\backup\DOKUME~1\IVENEN~1\LOKALE~1\Temp\BIT33.tmp" Thu 29 Nov 2007 388,090 A..H. --- "C:\Deckard\System Scanner\20071206082757\backup\DOKUME~1\IVENEN~1\LOKALE~1\Temp\BIT34.tmp" Thu 29 Nov 2007 388,090 A..H. --- "C:\Deckard\System Scanner\20071206082757\backup\DOKUME~1\IVENEN~1\LOKALE~1\Temp\BIT35.tmp" Thu 29 Nov 2007 0 A..H. --- "C:\Deckard\System Scanner\20071206082757\backup\DOKUME~1\IVENEN~1\LOKALE~1\Temp\BIT38.tmp" Thu 29 Nov 2007 388,090 A..H. --- "C:\Deckard\System Scanner\20071206082757\backup\DOKUME~1\IVENEN~1\LOKALE~1\Temp\BIT39.tmp" Thu 29 Nov 2007 0 A..H. --- "C:\Deckard\System Scanner\20071206082757\backup\DOKUME~1\IVENEN~1\LOKALE~1\Temp\BIT3A.tmp" Thu 29 Nov 2007 388,090 A..H. --- "C:\Deckard\System Scanner\20071206082757\backup\DOKUME~1\IVENEN~1\LOKALE~1\Temp\BIT3B.tmp" Thu 29 Nov 2007 0 A..H. --- "C:\Deckard\System Scanner\20071206082757\backup\DOKUME~1\IVENEN~1\LOKALE~1\Temp\BIT3C.tmp" Thu 29 Nov 2007 388,090 A..H. --- "C:\Deckard\System Scanner\20071206082757\backup\DOKUME~1\IVENEN~1\LOKALE~1\Temp\BIT3E.tmp" Fri 30 Nov 2007 0 A..H. --- "C:\Deckard\System Scanner\20071206204119\backup\DOKUME~1\IVENEN~1\LOKALE~1\Temp\BIT40.tmp" Wed 8 Aug 2007 85,946 A..H. --- "C:\Deckard\System Scanner\20071206204119\backup\DOKUME~1\IVENEN~1\LOKALE~1\Temp\BIT1.tmp" Fri 30 Nov 2007 388,090 A..H. --- "C:\Deckard\System Scanner\20071206204119\backup\DOKUME~1\IVENEN~1\LOKALE~1\Temp\BIT4A.tmp" Fri 30 Nov 2007 0 A..H. --- "C:\Deckard\System Scanner\20071206204119\backup\DOKUME~1\IVENEN~1\LOKALE~1\Temp\BIT13.tmp" Fri 30 Nov 2007 0 A..H. --- "C:\Deckard\System Scanner\20071206204119\backup\DOKUME~1\IVENEN~1\LOKALE~1\Temp\BIT47.tmp" Fri 30 Nov 2007 0 A..H. --- "C:\Deckard\System Scanner\20071206204119\backup\DOKUME~1\IVENEN~1\LOKALE~1\Temp\BIT15.tmp" Fri 30 Nov 2007 0 A..H. --- "C:\Deckard\System Scanner\20071206204119\backup\DOKUME~1\IVENEN~1\LOKALE~1\Temp\BIT4B.tmp" Fri 30 Nov 2007 0 A..H. --- "C:\Deckard\System Scanner\20071206204119\backup\DOKUME~1\IVENEN~1\LOKALE~1\Temp\BIT4C.tmp" Thu 6 Dec 2007 334,836 A..H. --- "C:\Deckard\System Scanner\20071206204119\backup\DOKUME~1\IVENEN~1\LOKALE~1\Temp\BIT5B.tmp" Fri 30 Nov 2007 0 A..H. --- "C:\Deckard\System Scanner\20071206204119\backup\DOKUME~1\IVENEN~1\LOKALE~1\Temp\BIT19.tmp" Fri 30 Nov 2007 388,090 A..H. --- "C:\Deckard\System Scanner\20071206204119\backup\DOKUME~1\IVENEN~1\LOKALE~1\Temp\BIT4D.tmp" Fri 30 Nov 2007 0 A..H. --- "C:\Deckard\System Scanner\20071206204119\backup\DOKUME~1\IVENEN~1\LOKALE~1\Temp\BIT1A.tmp" Fri 30 Nov 2007 0 A..H. --- "C:\Deckard\System Scanner\20071206204119\backup\DOKUME~1\IVENEN~1\LOKALE~1\Temp\BIT4E.tmp" Fri 30 Nov 2007 0 A..H. --- "C:\Deckard\System Scanner\20071206204119\backup\DOKUME~1\IVENEN~1\LOKALE~1\Temp\BIT24.tmp" Fri 30 Nov 2007 0 A..H. --- "C:\Deckard\System Scanner\20071206204119\backup\DOKUME~1\IVENEN~1\LOKALE~1\Temp\BIT53.tmp" Fri 30 Nov 2007 0 A..H. --- "C:\Deckard\System Scanner\20071206204119\backup\DOKUME~1\IVENEN~1\LOKALE~1\Temp\BIT54.tmp" Fri 30 Nov 2007 0 A..H. --- "C:\Deckard\System Scanner\20071206204119\backup\DOKUME~1\IVENEN~1\LOKALE~1\Temp\BIT55.tmp" Fri 30 Nov 2007 0 A..H. --- "C:\Deckard\System Scanner\20071206204119\backup\DOKUME~1\IVENEN~1\LOKALE~1\Temp\BIT52.tmp" Wed 8 Aug 2007 85,946 A..H. --- "C:\Deckard\System Scanner\20071206204119\backup\DOKUME~1\IVENEN~1\LOKALE~1\Temp\BIT2.tmp" Wed 8 Aug 2007 85,946 A..H. --- "C:\Deckard\System Scanner\20071206204119\backup\DOKUME~1\IVENEN~1\LOKALE~1\Temp\BIT3.tmp" Sat 1 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\20071206204119\backup\DOKUME~1\IVENEN~1\LOKALE~1\Temp\BIT7.tmp" Sat 1 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\20071206204119\backup\DOKUME~1\IVENEN~1\LOKALE~1\Temp\BITF.tmp" Fri 30 Nov 2007 0 A..H. --- "C:\Deckard\System Scanner\20071206204119\backup\DOKUME~1\IVENEN~1\LOKALE~1\Temp\BIT8.tmp" Fri 30 Nov 2007 0 A..H. --- "C:\Deckard\System Scanner\20071206204119\backup\DOKUME~1\IVENEN~1\LOKALE~1\Temp\BIT9.tmp" Fri 30 Nov 2007 0 A..H. --- "C:\Deckard\System Scanner\20071206204119\backup\DOKUME~1\IVENEN~1\LOKALE~1\Temp\BITA.tmp" Fri 30 Nov 2007 0 A..H. --- "C:\Deckard\System Scanner\20071206204119\backup\DOKUME~1\IVENEN~1\LOKALE~1\Temp\BITB.tmp" Fri 30 Nov 2007 0 A..H. --- "C:\Deckard\System Scanner\20071206204119\backup\DOKUME~1\IVENEN~1\LOKALE~1\Temp\BITC.tmp" Fri 30 Nov 2007 388,090 A..H. --- "C:\Deckard\System Scanner\20071206204119\backup\DOKUME~1\IVENEN~1\LOKALE~1\Temp\BITD.tmp" Fri 30 Nov 2007 0 A..H. --- "C:\Deckard\System Scanner\20071206204119\backup\DOKUME~1\IVENEN~1\LOKALE~1\Temp\BITE.tmp" Fri 30 Nov 2007 0 A..H. --- "C:\Deckard\System Scanner\20071206204119\backup\DOKUME~1\IVENEN~1\LOKALE~1\Temp\BIT18.tmp" Fri 30 Nov 2007 0 A..H. --- "C:\Deckard\System Scanner\20071206204119\backup\DOKUME~1\IVENEN~1\LOKALE~1\Temp\BIT1F.tmp" Fri 30 Nov 2007 0 A..H. --- "C:\Deckard\System Scanner\20071206204119\backup\DOKUME~1\IVENEN~1\LOKALE~1\Temp\BIT1B.tmp" Fri 30 Nov 2007 0 A..H. --- "C:\Deckard\System Scanner\20071206204119\backup\DOKUME~1\IVENEN~1\LOKALE~1\Temp\BIT14.tmp" Fri 30 Nov 2007 0 A..H. --- "C:\Deckard\System Scanner\20071206204119\backup\DOKUME~1\IVENEN~1\LOKALE~1\Temp\BIT17.tmp" Fri 30 Nov 2007 0 A..H. --- "C:\Deckard\System Scanner\20071206204119\backup\DOKUME~1\IVENEN~1\LOKALE~1\Temp\BIT1C.tmp" Fri 30 Nov 2007 0 A..H. --- "C:\Deckard\System Scanner\20071206204119\backup\DOKUME~1\IVENEN~1\LOKALE~1\Temp\BIT1D.tmp" Fri 30 Nov 2007 0 A..H. --- "C:\Deckard\System Scanner\20071206204119\backup\DOKUME~1\IVENEN~1\LOKALE~1\Temp\BIT1E.tmp" Sat 1 Dec 2007 388,090 A..H. --- "C:\Deckard\System Scanner\20071206204119\backup\DOKUME~1\IVENEN~1\LOKALE~1\Temp\BIT25.tmp" Fri 30 Nov 2007 0 A..H. --- "C:\Deckard\System Scanner\20071206204119\backup\DOKUME~1\IVENEN~1\LOKALE~1\Temp\BIT98.tmp" Fri 30 Nov 2007 0 A..H. --- "C:\Deckard\System Scanner\20071206204119\backup\DOKUME~1\IVENEN~1\LOKALE~1\Temp\BIT99.tmp" Fri 30 Nov 2007 0 A..H. --- "C:\Deckard\System Scanner\20071206204119\backup\DOKUME~1\IVENEN~1\LOKALE~1\Temp\BIT9A.tmp" Fri 30 Nov 2007 388,090 A..H. --- "C:\Deckard\System Scanner\20071206204119\backup\DOKUME~1\IVENEN~1\LOKALE~1\Temp\BIT9B.tmp" Fri 30 Nov 2007 0 A..H. --- "C:\Deckard\System Scanner\20071206204119\backup\DOKUME~1\IVENEN~1\LOKALE~1\Temp\BIT9F.tmp" Fri 30 Nov 2007 0 A..H. --- "C:\Deckard\System Scanner\20071206204119\backup\DOKUME~1\IVENEN~1\LOKALE~1\Temp\BITA0.tmp" Fri 30 Nov 2007 0 A..H. --- "C:\Deckard\System Scanner\20071206204119\backup\DOKUME~1\IVENEN~1\LOKALE~1\Temp\BITA1.tmp" Fri 30 Nov 2007 388,090 A..H. --- "C:\Deckard\System Scanner\20071206204119\backup\DOKUME~1\IVENEN~1\LOKALE~1\Temp\BITA2.tmp" Fri 30 Nov 2007 0 A..H. --- "C:\Deckard\System Scanner\20071206204119\backup\DOKUME~1\IVENEN~1\LOKALE~1\Temp\BIT9D.tmp" Fri 30 Nov 2007 0 A..H. --- "C:\Deckard\System Scanner\20071206204119\backup\DOKUME~1\IVENEN~1\LOKALE~1\Temp\BITA3.tmp" Sat 1 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\20071206204119\backup\DOKUME~1\IVENEN~1\LOKALE~1\Temp\BIT16.tmp" Sat 1 Dec 2007 388,090 A..H. --- "C:\Deckard\System Scanner\20071206204119\backup\DOKUME~1\IVENEN~1\LOKALE~1\Temp\BIT20.tmp" Sat 1 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\20071206204119\backup\DOKUME~1\IVENEN~1\LOKALE~1\Temp\BIT21.tmp" Sat 1 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\20071206204119\backup\DOKUME~1\IVENEN~1\LOKALE~1\Temp\BIT22.tmp" Sat 1 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\20071206204119\backup\DOKUME~1\IVENEN~1\LOKALE~1\Temp\BIT23.tmp" Sat 1 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\20071206204119\backup\DOKUME~1\IVENEN~1\LOKALE~1\Temp\BIT28.tmp" Sat 1 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\20071206204119\backup\DOKUME~1\IVENEN~1\LOKALE~1\Temp\BIT26.tmp" Sat 1 Dec 2007 388,090 A..H. --- "C:\Deckard\System Scanner\20071206204119\backup\DOKUME~1\IVENEN~1\LOKALE~1\Temp\BIT2C.tmp" Sat 1 Dec 2007 388,090 A..H. --- "C:\Deckard\System Scanner\20071206204119\backup\DOKUME~1\IVENEN~1\LOKALE~1\Temp\BIT31.tmp" Sat 1 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\20071206204119\backup\DOKUME~1\IVENEN~1\LOKALE~1\Temp\BIT32.tmp" Sat 1 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\20071206204119\backup\DOKUME~1\IVENEN~1\LOKALE~1\Temp\BIT33.tmp" Sat 1 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\20071206204119\backup\DOKUME~1\IVENEN~1\LOKALE~1\Temp\BIT34.tmp" Sat 1 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\20071206204119\backup\DOKUME~1\IVENEN~1\LOKALE~1\Temp\BIT2E.tmp" Sat 1 Dec 2007 388,090 A..H. --- "C:\Deckard\System Scanner\20071206204119\backup\DOKUME~1\IVENEN~1\LOKALE~1\Temp\BIT35.tmp" Sat 1 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\20071206204119\backup\DOKUME~1\IVENEN~1\LOKALE~1\Temp\BIT39.tmp" Sat 1 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\20071206204119\backup\DOKUME~1\IVENEN~1\LOKALE~1\Temp\BIT37.tmp" Sat 1 Dec 2007 0 A..H. --- "C:\Deckard\System Scanner\20071206204119\backup\DOKUME~1\IVENEN~1\LOKALE~1\Temp\BIT3A.tmp" Fri 30 Nov 2007 0 A..H. --- "C:\Deckard\System Scanner\20071206204119\backup\DOKUME~1\IVENEN~1\LOKALE~1\Temp\BIT3F.tmp" Finished! SmitFraudFix Log SmitFraudFix v2.258 Scan done at 1:38:04,10, 07.12.2007 Run from C:\Dokumente und Einstellungen\Iven Engert\Desktop\SmitfraudFix OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT The filesystem type is FAT32 Fix run in normal mode »»»»»»»»»»»»»»»»»»»»»»»» Process C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Programme\WIDCOMM\Bluetooth Software\bin\btwdins.exe C:\Programme\Gemeinsame Dateien\Logitech\Bluetooth\LBTSERV.EXE C:\WINDOWS\Explorer.EXE C:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\symlcsvc.exe C:\Programme\Avast4\aswUpdSv.exe C:\Programme\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\Programme\Gemeinsame Dateien\LogiShrd\LVMVFM\LVPrcSrv.exe C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Programme\Gemeinsame Dateien\LogiShrd\LVCOMSER\LVComSer.exe C:\WINDOWS\system32\nvsvc32.exe C:\Programme\Utimaco\SafeGuard Easy\SgeCtl.exe C:\WINDOWS\system32\SgLogPlayer.exe C:\WINDOWS\System32\svchost.exe C:\Programme\UPHClean\uphclean.exe C:\Programme\Utimaco\SafeGuard Easy\WksCfgSrv.exe C:\Programme\Avast4\ashMaiSv.exe C:\Programme\Avast4\ashWebSv.exe C:\Programme\Gemeinsame Dateien\LogiShrd\LVCOMSER\LVComSer.exe C:\WINDOWS\system32\taskmgr.exe C:\Programme\Logitech\SetPoint\LBTWiz.exe C:\PROGRA~1\Avast4\ashDisp.exe C:\Programme\Acronis\TrueImageHome\TrueImageMonitor.exe C:\Programme\Acronis\TrueImageHome\TimounterMonitor.exe C:\Programme\Utimaco\SafeGuard Easy\Ecview.exe C:\Programme\iTunes\iTunesHelper.exe C:\Programme\Gemeinsame Dateien\LogiShrd\LComMgr\Communications_Helper.exe C:\Programme\Skype\Phone\Skype.exe C:\WINDOWS\System32\svchost.exe C:\Programme\TrueCrypt\TrueCrypt.exe C:\Programme\Copernic Desktop Search 2\DesktopSearchService.exe C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Programme\Spybot - Search & Destroy\TeaTimer.exe C:\Programme\MSI\Core Center\CoreCenter.exe C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe C:\Programme\Logitech\SetPoint\SetPoint.exe C:\Programme\Skype\Plugin Manager\SkypePM.exe C:\Programme\Gemeinsame Dateien\Logitech\KhalShared\KHALMNPR.EXE C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE C:\Programme\iPod\bin\iPodService.exe C:\WINDOWS\system32\cmd.exe C:\WINDOWS\system32\SNDVOL32.EXE »»»»»»»»»»»»»»»»»»»»»»»» hosts »»»»»»»»»»»»»»»»»»»»»»»» C:\ »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32 »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles »»»»»»»»»»»»»»»»»»»»»»»» C:\Dokumente und Einstellungen\Iven Engert »»»»»»»»»»»»»»»»»»»»»»»» C:\Dokumente und Einstellungen\Iven Engert\Application Data »»»»»»»»»»»»»»»»»»»»»»»» Start Menu »»»»»»»»»»»»»»»»»»»»»»»» C:\DOKUME~1\IVENEN~1\FAVORI~1 »»»»»»»»»»»»»»»»»»»»»»»» Desktop »»»»»»»»»»»»»»»»»»»»»»»» C:\Programme »»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys »»»»»»»»»»»»»»»»»»»»»»»» Desktop Components »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler !!!Attention, following keys are not inevitably infected!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs !!!Attention, following keys are not inevitably infected!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"="" »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System !!!Attention, following keys are not inevitably infected!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] "System"="" »»»»»»»»»»»»»»»»»»»»»»»» Rustock »»»»»»»»»»»»»»»»»»»»»»»» DNS Description: D-Link AirPlus DWL-520+ Wireless PCI Adapter #3 DNS Server Search Order: 192.168.0.1 Description: D-Link AirPlus DWL-520+ Wireless PCI Adapter #3 DNS Server Search Order: 195.50.140.178 DNS Server Search Order: 192.168.0.1 HKLM\SYSTEM\CCS\Services\Tcpip\..\{DED29E72-3071-4CA3-A580-123EF586936A}: DhcpNameServer=195.50.140.178 192.168.0.1 HKLM\SYSTEM\CCS\Services\Tcpip\..\{F62B00EF-F53D-45FE-84BE-AC0989E2DC40}: DhcpNameServer=192.168.0.1 HKLM\SYSTEM\CS1\Services\Tcpip\..\{E491C0E9-9C9A-457E-89F5-19766E237704}: NameServer=62.27.27.62 195.247.247.195 HKLM\SYSTEM\CS2\Services\Tcpip\..\{DED29E72-3071-4CA3-A580-123EF586936A}: DhcpNameServer=195.50.140.178 192.168.0.1 HKLM\SYSTEM\CS2\Services\Tcpip\..\{F62B00EF-F53D-45FE-84BE-AC0989E2DC40}: DhcpNameServer=192.168.0.1 HKLM\SYSTEM\CS3\Services\Tcpip\..\{DED29E72-3071-4CA3-A580-123EF586936A}: DhcpNameServer=195.50.140.178 192.168.0.1 HKLM\SYSTEM\CS3\Services\Tcpip\..\{F62B00EF-F53D-45FE-84BE-AC0989E2DC40}: DhcpNameServer=192.168.0.1 HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=195.50.140.178 192.168.0.1 HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=195.50.140.178 192.168.0.1 HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=195.50.140.178 192.168.0.1 »»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection »»»»»»»»»»»»»»»»»»»»»»»» End New HJT log Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 01:39:01, on 07.12.2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16544) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Programme\WIDCOMM\Bluetooth Software\bin\btwdins.exe C:\Programme\Gemeinsame Dateien\Logitech\Bluetooth\LBTSERV.EXE C:\WINDOWS\Explorer.EXE C:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\symlcsvc.exe C:\Programme\Avast4\aswUpdSv.exe C:\Programme\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\Programme\Gemeinsame Dateien\LogiShrd\LVMVFM\LVPrcSrv.exe C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Programme\Gemeinsame Dateien\LogiShrd\LVCOMSER\LVComSer.exe C:\WINDOWS\system32\nvsvc32.exe C:\Programme\Utimaco\SafeGuard Easy\SgeCtl.exe C:\WINDOWS\system32\SgLogPlayer.exe C:\WINDOWS\System32\svchost.exe C:\Programme\UPHClean\uphclean.exe C:\Programme\Utimaco\SafeGuard Easy\WksCfgSrv.exe C:\Programme\Avast4\ashMaiSv.exe C:\Programme\Avast4\ashWebSv.exe C:\Programme\Gemeinsame Dateien\LogiShrd\LVCOMSER\LVComSer.exe C:\WINDOWS\system32\taskmgr.exe C:\Programme\Logitech\SetPoint\LBTWiz.exe C:\PROGRA~1\Avast4\ashDisp.exe C:\Programme\Acronis\TrueImageHome\TrueImageMonitor.exe C:\Programme\Acronis\TrueImageHome\TimounterMonitor.exe C:\Programme\Utimaco\SafeGuard Easy\Ecview.exe C:\Programme\iTunes\iTunesHelper.exe C:\Programme\Gemeinsame Dateien\LogiShrd\LComMgr\Communications_Helper.exe C:\Programme\Skype\Phone\Skype.exe C:\WINDOWS\System32\svchost.exe C:\Programme\TrueCrypt\TrueCrypt.exe C:\Programme\Copernic Desktop Search 2\DesktopSearchService.exe C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Programme\Spybot - Search & Destroy\TeaTimer.exe C:\Programme\MSI\Core Center\CoreCenter.exe C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe C:\Programme\Logitech\SetPoint\SetPoint.exe C:\Programme\Skype\Plugin Manager\SkypePM.exe C:\Programme\Gemeinsame Dateien\Logitech\KhalShared\KHALMNPR.EXE C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE C:\Programme\iPod\bin\iPodService.exe C:\Programme\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O3 - Toolbar: Copernic Desktop Search 2 - {968631B6-4729-440D-9BF4-251F5593EC9A} - C:\Programme\Copernic Desktop Search 2\DesktopSearchBand201013011.dll O4 - HKLM\..\Run: [wtadd_taskmgr.exe] C:\WINDOWS\system32\taskmgr.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [Logitech BT Wizard] LBTWiz.exe -silent O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Programme\Acronis\TrueImageHome\TrueImageMonitor.exe O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Programme\Acronis\TrueImageHome\TimounterMonitor.exe O4 - HKLM\..\Run: [SgeEcView] C:\Programme\Utimaco\SafeGuard Easy\Ecview.exe O4 - HKLM\..\Run: [EdWizard] C:\Programme\Utimaco\SafeGuard Easy\EdWizard.exe as O4 - HKLM\..\Run: [iTunesHelper] "C:\Programme\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Programme\Gemeinsame Dateien\LogiShrd\LComMgr\Communications_Helper.exe" O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKCU\..\Run: [Skype] "C:\Programme\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [TrueCrypt] "C:\Programme\TrueCrypt\TrueCrypt.exe" /q preferences /a favorites O4 - HKCU\..\Run: [Copernic Desktop Search 2] "C:\Programme\Copernic Desktop Search 2\DesktopSearchService.exe" /tray O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETZWERKDIENST') O4 - S-1-5-18 Startup: Verknüpfung mit startcopy.bat.lnk = C:\Dokumente und Einstellungen\Iven Engert\startcopy.bat (User 'SYSTEM') O4 - .DEFAULT Startup: Verknüpfung mit startcopy.bat.lnk = C:\Dokumente und Einstellungen\Iven Engert\startcopy.bat (User 'Default user') O4 - Startup: Verknüpfung mit startcopy.bat.lnk = C:\Dokumente und Einstellungen\Iven Engert\startcopy.bat O4 - Global Startup: CoreCenter.lnk = C:\Programme\MSI\Core Center\CoreCenter.exe O4 - Global Startup: BTTray.lnk = ? O4 - Global Startup: Logitech SetPoint.lnk = C:\Programme\Logitech\SetPoint\SetPoint.exe O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Senden an &Bluetooth-Gerät... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/par...an_unicode.cab O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/reso...an8/oscan8.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab O18 - Protocol: Festoon - (no CLSID) - (no file) O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL O18 - Protocol: vskype - (no CLSID) - (no file) O20 - Winlogon Notify: !SASWinLogon - C:\Programme\SUPERAntiSpyware\SASWINLO.dll O20 - Winlogon Notify: NotLog - C:\WINDOWS\SYSTEM32\SGLogEx.dll O20 - Winlogon Notify: SGLogNotification - C:\WINDOWS\SYSTEM32\SGLogNotification.dll O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe O23 - Service: Adobe LM Service - Adobe Systems - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programme\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Programme\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programme\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programme\Avast4\ashWebSv.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Programme\WIDCOMM\Bluetooth Software\bin\btwdins.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Programme\iPod\bin\iPodService.exe O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech Inc. - C:\Programme\Gemeinsame Dateien\Logitech\Bluetooth\LBTSERV.EXE O23 - Service: LVCOMSer - Logitech Inc. - C:\Programme\Gemeinsame Dateien\LogiShrd\LVCOMSER\LVComSer.exe O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Programme\Gemeinsame Dateien\LogiShrd\LVMVFM\LVPrcSrv.exe O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Programme\Gemeinsame Dateien\LogiShrd\SrvLnch\SrvLnch.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: SafeGuard Easy Control (SgeCtl) - Utimaco Safeware AG - C:\Programme\Utimaco\SafeGuard Easy\SgeCtl.exe O23 - Service: SafeGuard SGLOG Player (SgLogPlayer) - Utimaco Safeware AG - C:\WINDOWS\system32\SgLogPlayer.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: SafeGuard Easy Workstation Server (WksCfgSrv) - Utimaco Safeware AG - C:\Programme\Utimaco\SafeGuard Easy\WksCfgSrv.exe -- End of file - 10976 bytes |
|
|
|
|
12-06-2007, 06:18 PM
|
#13 (permalink) |
|
Manager, Security Center, TSF Academy; Analyst, Security Team
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 35,158
OS: 2000 Pro; XP Pro; XP Home
|
Re: Adware-gen + Trojan-gen + Agent-LTS --- rmv.exe etc. -- Red Wallpaper
Just checking...
Is this a custom entry created by you to run TaskManager at Startup? O4 - HKLM\..\Run: [wtadd_taskmgr.exe] C:\WINDOWS\system32\taskmgr.exe
__________________
Practice Safe Surfing Because what you don't know, CAN hurt you. Microsoft MVP - Consumer Security 2009
|
|
|
|
|
12-07-2007, 03:10 AM
|
#14 (permalink) |
|
Registered User
Join Date: Nov 2007
Posts: 15
OS: WIN XP SP2
|
Re: Adware-gen + Trojan-gen + Agent-LTS --- rmv.exe etc. -- Red Wallpaper
Yes, I created that entry myself because it's good to monitor processes and performance from time to time. However, sometimes it doesn't show up in the icon taskbar.
Another custom start-up entry which might be odd is startcopy.bat. It's a custom batch file I created myslef which justs starts a textfile containing a password in order to copy&paste that password for a encrypted external hard drive. Last edited by lachs99; 12-07-2007 at 03:17 AM. |
|
|
|
|
12-07-2007, 07:36 AM
|
#15 (permalink) |
|
Manager, Security Center, TSF Academy; Analyst, Security Team
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 35,158
OS: 2000 Pro; XP Pro; XP Home
|
Re: Adware-gen + Trojan-gen + Agent-LTS --- rmv.exe etc. -- Red Wallpaper
OK, thanks. The entry pointed to the legit location of taskmgr, but I wanted to be sure.
Please delete this folder: C:\Deckard Please download ATF Cleaner by Atribune. This program is for XP and Windows 2000 only
For Technical Support, double-click the e-mail address located at the bottom of each menu. --------------------------------------------------------------------------------------------- Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update. Updating Java:
--------------------------------------------------------------------------------------------- Please run this online scan. First, Go to Start>Control Panel>Add/Remove Programs and remove Kaspersky online scanner if present prior to downloading the most up-to-date one. Next, establish an internet connection & perform an online scan using Internet Explorer at Kaspersky Online Scanner Answer Yes, when prompted to install an ActiveX component.
Note for Internet Explorer 7 users: If at any time you have trouble viewing the accept button of the license, click on the Zoom tool located at the bottom right of the IE window and set the zoom to 75 %. Once the license accepted, reset to 100%. --------------------------------------------------------------------------------------------- Open HijackThis and click on 'Do a System Scan and save a Logfile'. Save the log file and post it here. ---------------------------------------------------------------------------------------------
__________________
Practice Safe Surfing Because what you don't know, CAN hurt you. Microsoft MVP - Consumer Security 2009
|
|
|
|
|
12-10-2007, 03:30 PM
|
#16 (permalink) |
|
Registered User
Join Date: Nov 2007
Posts: 15
OS: WIN XP SP2
|
Re: Adware-gen + Trojan-gen + Agent-LTS --- rmv.exe etc. -- Red Wallpaper
Hi, sorry for the delay.
- I deleted C:\Deckard - I ran the newest version of ATF cleaner - Uninstall all java versions and kasperky online scanner - I installed the newest java version - I ran Kaspersky Online tool, see attachment for results (looks like it found a lot of deleted mails and files) and here is a fresh HJT log: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 23:24:49, on 10.12.2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16544) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Programme\WIDCOMM\Bluetooth Software\bin\btwdins.exe C:\Programme\Gemeinsame Dateien\Logitech\Bluetooth\LBTSERV.EXE C:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\symlcsvc.exe C:\WINDOWS\Explorer.EXE C:\Programme\Avast4\aswUpdSv.exe C:\Programme\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\Programme\Gemeinsame Dateien\LogiShrd\LVMVFM\LVPrcSrv.exe C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Programme\Gemeinsame Dateien\LogiShrd\LVCOMSER\LVComSer.exe C:\WINDOWS\system32\nvsvc32.exe C:\Programme\Utimaco\SafeGuard Easy\SgeCtl.exe C:\WINDOWS\system32\SgLogPlayer.exe C:\WINDOWS\System32\svchost.exe C:\Programme\UPHClean\uphclean.exe C:\Programme\Utimaco\SafeGuard Easy\WksCfgSrv.exe C:\Programme\Avast4\ashMaiSv.exe C:\Programme\Avast4\ashWebSv.exe C:\Programme\Gemeinsame Dateien\LogiShrd\LVCOMSER\LVComSer.exe C:\WINDOWS\system32\taskmgr.exe C:\Programme\Logitech\SetPoint\LBTWiz.exe C:\PROGRA~1\Avast4\ashDisp.exe C:\Programme\Acronis\TrueImageHome\TrueImageMonitor.exe C:\Programme\Acronis\TrueImageHome\TimounterMonitor.exe C:\Programme\Utimaco\SafeGuard Easy\Ecview.exe C:\Programme\iTunes\iTunesHelper.exe C:\Programme\Gemeinsame Dateien\LogiShrd\LComMgr\Communications_Helper.exe C:\WINDOWS\System32\svchost.exe C:\Programme\Skype\Phone\Skype.exe C:\Programme\TrueCrypt\TrueCrypt.exe C:\Programme\Copernic Desktop Search 2\DesktopSearchService.exe C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Programme\MSI\Core Center\CoreCenter.exe C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe C:\Programme\Logitech\SetPoint\SetPoint.exe C:\Programme\Gemeinsame Dateien\Logitech\KhalShared\KHALMNPR.EXE C:\Programme\iPod\bin\iPodService.exe C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE C:\Programme\Skype\Plugin Manager\SkypePM.exe C:\Programme\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_03\bin\ssv.dll O3 - Toolbar: Copernic Desktop Search 2 - {968631B6-4729-440D-9BF4-251F5593EC9A} - C:\Programme\Copernic Desktop Search 2\DesktopSearchBand201013011.dll O4 - HKLM\..\Run: [wtadd_taskmgr.exe] C:\WINDOWS\system32\taskmgr.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [Logitech BT Wizard] LBTWiz.exe -silent O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Programme\Acronis\TrueImageHome\TrueImageMonitor.exe O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Programme\Acronis\TrueImageHome\TimounterMonitor.exe O4 - HKLM\..\Run: [SgeEcView] C:\Programme\Utimaco\SafeGuard Easy\Ecview.exe O4 - HKLM\..\Run: [EdWizard] C:\Programme\Utimaco\SafeGuard Easy\EdWizard.exe as O4 - HKLM\..\Run: [iTunesHelper] "C:\Programme\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Programme\Gemeinsame Dateien\LogiShrd\LComMgr\Communications_Helper.exe" O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKCU\..\Run: [Skype] "C:\Programme\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [TrueCrypt] "C:\Programme\TrueCrypt\TrueCrypt.exe" /q preferences /a favorites O4 - HKCU\..\Run: [Copernic Desktop Search 2] "C:\Programme\Copernic Desktop Search 2\DesktopSearchService.exe" /tray O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETZWERKDIENST') O4 - S-1-5-18 Startup: Verknüpfung mit startcopy.bat.lnk = C:\Dokumente und Einstellungen\Iven Engert\startcopy.bat (User 'SYSTEM') O4 - .DEFAULT Startup: Verknüpfung mit startcopy.bat.lnk = C:\Dokumente und Einstellungen\Iven Engert\startcopy.bat (User 'Default user') O4 - Startup: Verknüpfung mit startcopy.bat.lnk = C:\Dokumente und Einstellungen\Iven Engert\startcopy.bat O4 - Global Startup: CoreCenter.lnk = C:\Programme\MSI\Core Center\CoreCenter.exe O4 - Global Startup: BTTray.lnk = ? O4 - Global Startup: Logitech SetPoint.lnk = C:\Programme\Logitech\SetPoint\SetPoint.exe O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Senden an &Bluetooth-Gerät... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/par...an_unicode.cab O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/reso...an8/oscan8.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab O18 - Protocol: Festoon - (no CLSID) - (no file) O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL O18 - Protocol: vskype - (no CLSID) - (no file) O20 - Winlogon Notify: !SASWinLogon - C:\Programme\SUPERAntiSpyware\SASWINLO.dll O20 - Winlogon Notify: NotLog - C:\WINDOWS\SYSTEM32\SGLogEx.dll O20 - Winlogon Notify: SGLogNotification - C:\WINDOWS\SYSTEM32\SGLogNotification.dll O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe O23 - Service: Adobe LM Service - Adobe Systems - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programme\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Programme\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programme\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programme\Avast4\ashWebSv.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Programme\WIDCOMM\Bluetooth Software\bin\btwdins.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Programme\iPod\bin\iPodService.exe O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech Inc. - C:\Programme\Gemeinsame Dateien\Logitech\Bluetooth\LBTSERV.EXE O23 - Service: LVCOMSer - Logitech Inc. - C:\Programme\Gemeinsame Dateien\LogiShrd\LVCOMSER\LVComSer.exe O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Programme\Gemeinsame Dateien\LogiShrd\LVMVFM\LVPrcSrv.exe O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Programme\Gemeinsame Dateien\LogiShrd\SrvLnch\SrvLnch.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: SafeGuard Easy Control (SgeCtl) - Utimaco Safeware AG - C:\Programme\Utimaco\SafeGuard Easy\SgeCtl.exe O23 - Service: SafeGuard SGLOG Player (SgLogPlayer) - Utimaco Safeware AG - C:\WINDOWS\system32\SgLogPlayer.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: SafeGuard Easy Workstation Server (WksCfgSrv) - Utimaco Safeware AG - C:\Programme\Utimaco\SafeGuard Easy\WksCfgSrv.exe -- End of file - 11057 bytes |
|
|
|
|
12-10-2007, 04:19 PM
|
#17 (permalink) |
|
Manager, Security Center, TSF Academy; Analyst, Security Team
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 35,158
OS: 2000 Pro; XP Pro; XP Home
|
Re: Adware-gen + Trojan-gen + Agent-LTS --- rmv.exe etc. -- Red Wallpaper
As I don't read German (?), I'll take your word for the location of the mails. It's possible new definitions have decided those are exploits. In any case, if there are any you don't need, I'd clear out the deleted items folder.
The other items are in C:\Recycled, and should be deleted finally, and in System Restore points, which will be addressed by our next steps. Your logs appear clean.You should be good to go. We still have a few items to address. Go to  -> Run -> copy/paste in the following single line command & click OKcombofix /u  This will uninstall ComboFix. It will also implement some cleanup procedures and reset System Restore points. Now that your system is clean, to help protect your computer in the future I recommend that you follow these steps and use the following free programs:
Scan here http://secunia.com/software_inspector/ for out of date & vulnerable common applications on your computer Here are some additional utilities that will further enhance your safety.
In light of your recent troubles, I'm sure you'll like to avoid any future infections. Please take a look at these well written articles If you want to fight back the Malware Writers that have made your life a misery, please take a look here and read what you can do against it. Please respond to this thread one more time so we can mark this thread as resolved.
__________________
Practice Safe Surfing Because what you don't know, CAN hurt you. Microsoft MVP - Consumer Security 2009
|
|
|
|
|
12-11-2007, 03:48 AM
|
#18 (permalink) |
|
Registered User
Join Date: Nov 2007
Posts: 15
OS: WIN XP SP2
|
Re: Adware-gen + Trojan-gen + Agent-LTS --- rmv.exe etc. -- Red Wallpaper
Okay thanks, it looks like the system is clean - for now. I did the remainig steps and deleted most of the mails and other archives found by Kaspersky.
Sorry for the language trouble, here some translations, might be helpful in the future: C:\Dokumente und Einstellungen = C:\Documents & Settings Lokale Einstellungen = Local Settings Verlauf = History Anwendungsdaten = Application Data Gelschte Objekte.dbx = Deleted Files Folder of Outlook Express C:\Programme = C:\Program Files C:\Programme\Gemeinsame Dateien = C:\Program Files\Common Files As I understand, this thread will be marked solved. So if the problem comes up again (hopefully not, believe me, I've been dealing with this for 3 weeks) I'd need to open up a new thread. Thanks for all your support that I highly appreciated !! |
|
|
|
|
12-11-2007, 08:37 AM
|
#19 (permalink) |
|
Manager, Security Center, TSF Academy; Analyst, Security Team
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 35,158
OS: 2000 Pro; XP Pro; XP Home
|
Re: Adware-gen + Trojan-gen + Agent-LTS --- rmv.exe etc. -- Red Wallpaper
Thanks for the translations. Much appreciated.
The one I had most trouble with was Deleted Items. I tried a few online translators, and they mucked it up pretty badly (none would actually translate Gelschte) I figured from your previous statement that Gelschte Objekte.dbx was Deleted Items. You're welcome for the help. Hopefully, you'll not need further malware removal assistance, but should you, please create a new topic as this one will be archived.
__________________
Practice Safe Surfing Because what you don't know, CAN hurt you. Microsoft MVP - Consumer Security 2009
|
|
|
|
| Thread Tools | |
|
|
