Tech Support banner

Status
Not open for further replies.
1 - 4 of 4 Posts

·
Registered
Joined
·
2 Posts
Discussion Starter #1
Deckard's System Scanner v20071014.68
Run by Jochen on 2007-12-01 08:45:10
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as Jochen.exe) ----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 08:45:49, on 01.12.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\SYSTEM32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\AntiVir PersonalEdition Premium\sched.exe
C:\Programme\AntiVir PersonalEdition Premium\avguard.exe
C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programme\AntiVir PersonalEdition Premium\avesvc.exe
C:\WINDOWS\system32\bgsvcgen.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
c:\programme\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Programme\CyberLink\PowerDVD\PDVDServ.exe
C:\Programme\Microsoft IntelliType Pro\type32.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\Programme\Microsoft IntelliPoint\point32.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\Programme\AntiVir PersonalEdition Premium\avmailc.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Programme\Java\jre1.6.0_03\bin\jusched.exe
C:\Programme\AntiVir PersonalEdition Premium\avgnt.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Programme\Visagesoft\eXPert PDF\vspdfprsrv.exe
C:\Programme\Mindjet\MindManager 6\MMReminderService.exe
C:\Programme\ScanSoft\PaperPort\pptd40nt.exe
C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe
C:\Programme\iTunes\iTunesHelper.exe
C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Garmin\gStart.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Microsoft ActiveSync\wcescomm.exe
C:\PROGRA~1\SA269F~1.D\PHOENI~1\pbtray.exe
C:\Programme\Copernic Desktop Search 2\DesktopSearchService.exe
C:\PROGRA~1\MICROS~4\rapimgr.exe
C:\Programme\WEB.DE\WEB.DE SmartDrive Manager\DAVSRV.EXE
C:\Programme\Mobipocket.com\Mobipocket Reader\readernotify.exe
C:\WINDOWS\system32\dllhost.exe
C:\Programme\Audible\Bin\AudibleDownloadHelper.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\Programme\Stardock\ObjectDock\ObjectDock.exe
C:\Programme\XPwinExite\TrayExite2.exe
C:\Programme\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Mozilla Firefox\firefox.exe
C:\Dokumente und Einstellungen\Jochen\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Jochen.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.t-online.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.fujitsu-siemens.de/produkt/registrierung/
O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Programme\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programme\google\googletoolbar3.dll
O2 - BHO: CmjBrowserHelperObject Object - {AC41D38F-B56D-40AD-94E0-B493D130C959} - C:\Programme\Mindjet\MindManager 6\Mm6InternetExplorer.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Programme\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: guenstiger.de Toolbar - {E3CA7AE1-8733-4F54-A49E-03AF024CED01} - C:\WINDOWS\system32\gt_toolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programme\google\googletoolbar3.dll
O3 - Toolbar: Copernic Desktop Search 2 - {968631B6-4729-440D-9BF4-251F5593EC9A} - C:\Programme\Copernic Desktop Search 2\DesktopSearchBand2526.dll
O3 - Toolbar: Spb Wallet - {2913D3DD-9363-4C21-B205-C19A584A0674} - C:\Programme\Spb Wallet\SpbWalletToolbar.dll (file missing)
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [RemoteControl] C:\Programme\CyberLink\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [type32] "C:\Programme\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Programme\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [REGSHAVE] C:\Programme\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [avgnt] "C:\Programme\AntiVir PersonalEdition Premium\avgnt.exe" /min
O4 - HKLM\..\Run: [vspdfprsrv.exe] C:\Programme\Visagesoft\eXPert PDF\vspdfprsrv.exe --background
O4 - HKLM\..\Run: [MMReminderService] C:\Programme\Mindjet\MindManager 6\MMReminderService.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Programme\Gemeinsame Dateien\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] "C:\Programme\ScanSoft\PaperPort\pptd40nt.exe"
O4 - HKLM\..\Run: [IndexSearch] "C:\Programme\ScanSoft\PaperPort\IndexSearch.exe"
O4 - HKLM\..\Run: [PPort11reminder] "C:\Programme\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\GEMEIN~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ScanSoft OmniPage 16-reminder] "C:\Programme\ScanSoft\OmniPage16\Ereg\Ereg.exe" -r "C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ScanSoft\OmniPage 16\Ereg\Ereg.ini"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programme\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [swg] C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [gStart] C:\Garmin\gStart.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Personal Desktop] C:\PROGRA~1\SA269F~1.D\PERSON~1\pdesk.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Programme\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [Phoenix Backup] C:\PROGRA~1\SA269F~1.D\PHOENI~1\pbtray.exe
O4 - HKCU\..\Run: [Copernic Desktop Search 2] "C:\Programme\Copernic Desktop Search 2\DesktopSearchService.exe" /tray
O4 - HKCU\..\Run: [WEB.DE_WEB.DE SmartDrive Manager] "C:\Programme\WEB.DE\WEB.DE SmartDrive Manager\DAVSRV.EXE" /hide
O4 - HKCU\..\Run: [Mobipocket Reader Notifications] C:\Programme\Mobipocket.com\Mobipocket Reader\readernotify.exe
O4 - HKCU\..\Run: [OpAgent] "OpAgent.exe" /agent
O4 - HKCU\..\Run: [Performance Center] C:\Programme\Ascentive\Performance Center\APCMain.exe -m
O4 - HKCU\..\RunServices: [WinUpdate] C:\WINDOWS\system32\ansij.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\Run: [InfoCockpit] C:\Programme\T-Online\T-Online_Software_6\Info-Cockpit\IC_START.EXE /nosplash (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Stardock ObjectDock.lnk = C:\Programme\Stardock\ObjectDock\ObjectDock.exe
O4 - Startup: XPwinExit Edition.LNK = C:\Programme\XPwinExite\TrayExite2.exe
O4 - Global Startup: Audible Download Manager.lnk = C:\Programme\Audible\Bin\AudibleDownloadHelper.exe
O8 - Extra context menu item: guenstiger.de Suche - res://C:\WINDOWS\system32\gt_toolbar.dll/101
O8 - Extra context menu item: RF - Formular ausfüllen - file://C:\Programme\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: RF - Formular speichern - file://C:\Programme\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O8 - Extra context menu item: RF - Menü anpassen - file://C:\Programme\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra 'Tools' menuitem: Mobilen Favoriten erstellen... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: Ausfüllen - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Programme\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: RF - Formular ausfüllen - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Programme\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Speichern - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Programme\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: RF - Formular speichern - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Programme\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: Send to Mindjet MindManager - {531B9DC0-D8EE-4c76-A6EE-6C1E50569655} - C:\Programme\Mindjet\MindManager 6\Mm6InternetExplorer.dll
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Programme\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RF - RoboForm-Leiste ein/aus - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Programme\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O12 - Plugin for .UVR: C:\Programme\Internet Explorer\Plugins\NPUPano.dll
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{4E0888E2-12BB-4995-B932-175A36113361}: NameServer = 192.168.120.252,192.168.120.253
O23 - Service: AntiVir PersonalEdition Premium MailGuard (AntiVirMailService) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Premium\avmailc.exe
O23 - Service: AntiVir PersonalEdition Premium Planer (AntiVirScheduler) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Premium\sched.exe
O23 - Service: AntiVir PersonalEdition Premium Guard (AntiVirService) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Premium\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AntiVir PersonalEdition Premium MailGuard Hilfsdienst (AVEService) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Premium\avesvc.exe
O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe
O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: AVM FRITZ!web Routing Service (de_serv) - AVM Berlin - C:\Programme\Gemeinsame Dateien\AVM\de_serv.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Programme\iPod\bin\iPodService.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\programme\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe

--
End of file - 14297 bytes

-- Files created between 2007-11-01 and 2007-12-01 -----------------------------

2007-12-01 08:45:32 0 d-------- C:\Programme\Trend Micro
2007-11-29 20:43:40 692569 --a------ C:\WINDOWS\unins000.exe <Not Verified; ; Inno Setup>
2007-11-29 20:43:40 5960 --a------ C:\WINDOWS\unins000.dat
2007-11-25 20:43:25 0 d-------- C:\Programme\Gemeinsame Dateien\Buhl Data Service
2007-11-25 20:43:24 0 d-------- C:\Programme\WISO
2007-11-18 21:50:47 20480 --a------ C:\WINDOWS\system32\SysRestore.dll <Not Verified; Ascentive LLC; prjSysRestore>
2007-11-18 21:50:47 143360 --a------ C:\WINDOWS\system32\ConTest.dll <Not Verified; Ascentive; ConnectionTester>
2007-11-18 21:50:47 0 d-------- C:\Programme\Ascentive
2007-11-17 17:19:03 0 d-------- C:\Programme\iPod


-- Find3M Report ---------------------------------------------------------------

2007-12-01 08:27:30 0 d-------- C:\Programme\S.A.D
2007-12-01 08:27:30 0 d--h----- C:\Programme\InstallShield Installation Information
2007-11-30 20:39:49 0 d-------- C:\Programme\AntiVir PersonalEdition Premium
2007-11-29 20:39:28 417500 --a------ C:\WINDOWS\system32\perfh007.dat
2007-11-29 20:39:28 76218 --a------ C:\WINDOWS\system32\perfc007.dat
2007-11-27 18:26:45 0 d-------- C:\Dokumente und Einstellungen\Jochen\Anwendungsdaten\Personal Desktop
2007-11-25 20:43:25 0 d-------- C:\Programme\Gemeinsame Dateien
2007-11-25 20:43:20 0 d-------- C:\Dokumente und Einstellungen\Jochen\Anwendungsdaten\InstallShield Installation Information
2007-11-25 13:35:06 0 d-------- C:\Dokumente und Einstellungen\Jochen\Anwendungsdaten\OpenOffice.org2
2007-11-23 16:33:46 2866 --a------ C:\Dokumente und Einstellungen\Jochen\Anwendungsdaten\wklnhst.dat
2007-11-18 22:44:36 0 d-------- C:\Programme\Gemeinsame Dateien\ACD Systems
2007-11-18 22:44:26 0 d-------- C:\Programme\ACD Systems
2007-11-17 23:36:48 0 d-------- C:\Dokumente und Einstellungen\Jochen\Anwendungsdaten\Apple Computer
2007-11-17 17:23:06 0 d-------- C:\Programme\Apple Software Update
2007-11-17 17:19:11 0 d-------- C:\Programme\iTunes
2007-11-17 17:18:13 0 d-------- C:\Programme\QuickTime
2007-11-14 21:25:10 0 d-------- C:\Programme\FinePixViewer
2007-11-04 09:26:11 0 d-------- C:\Dokumente und Einstellungen\Jochen\Anwendungsdaten\FUJIFILM
2007-10-28 18:16:06 0 d-------- C:\Programme\Gemeinsame Dateien\Teleca Shared
2007-10-28 18:14:33 0 d-------- C:\Programme\Gemeinsame Dateien\Wise Installation Wizard
2007-10-28 18:12:50 0 d-------- C:\Programme\POI-Warner MN5 Edition
2007-10-28 18:10:06 0 d-------- C:\Programme\Siber Systems
2007-10-28 18:08:56 0 d-------- C:\Programme\Canon
2007-10-28 18:06:10 0 d-------- C:\Programme\AvantGo
2007-10-27 19:02:51 0 d-------- C:\Programme\Java
2007-10-26 21:36:15 0 d-------- C:\Programme\locr
2007-10-26 20:36:57 0 d-------- C:\Dokumente und Einstellungen\Jochen\Anwendungsdaten\Google
2007-10-26 20:36:25 0 d-------- C:\Programme\Google
2007-10-26 20:32:30 0 d-------- C:\Programme\Qstarz
2007-10-16 20:22:09 0 d-------- C:\Programme\Microsoft ActiveSync
2007-10-07 21:03:05 0 d-------- C:\Programme\PC Counselor
2007-10-06 22:35:02 0 d-------- C:\Programme\SBSH
2007-10-06 17:52:38 0 d-------- C:\Programme\Opera Software
2007-10-06 07:30:11 0 d-------- C:\Programme\CodeWallet Pro 2006 Desktop


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{E3CA7AE1-8733-4F54-A49E-03AF024CED01}"= C:\WINDOWS\system32\gt_toolbar.dll [27.03.2006 12:34 221184]
"{2913D3DD-9363-4C21-B205-C19A584A0674}"= C:\Programme\Spb Wallet\SpbWalletToolbar.dll [ ]

[-HKEY_CLASSES_ROOT\CLSID\{E3CA7AE1-8733-4F54-A49E-03AF024CED01}]
[HKEY_CLASSES_ROOT\guenstiger_Toolbar.CToolbar]
[HKEY_CLASSES_ROOT\TypeLib\{9BE62BF2-9773-41AF-8CB7-F61C15F84D99}]

[-HKEY_CLASSES_ROOT\CLSID\{2913D3DD-9363-4C21-B205-C19A584A0674}]
[HKEY_CLASSES_ROOT\SpbWalletToolbar.WalletToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{48210861-28ED-416C-A316-5906D5FC6698}]
[HKEY_CLASSES_ROOT\SpbWalletToolbar.WalletToolbar]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [27.02.2006 17:28 C:\WINDOWS\RTHDCPL.EXE]
"Alcmtr"="ALCMTR.EXE" [03.05.2005 18:43 C:\WINDOWS\ALCMTR.EXE]
"RemoteControl"="C:\Programme\CyberLink\PowerDVD\PDVDServ.exe" [15.04.2005 15:13]
"type32"="C:\Programme\Microsoft IntelliType Pro\type32.exe" [16.05.2003 00:45]
"IntelliPoint"="C:\Programme\Microsoft IntelliPoint\point32.exe" [16.05.2003 00:41]
"REGSHAVE"="C:\Programme\REGSHAVE\REGSHAVE.exe" [04.02.2002 22:32]
"MPFExe"="C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe" [11.11.2005 17:00]
"MCAgentExe"="c:\PROGRA~1\mcafee.com\agent\mcagent.exe" [22.09.2005 18:29]
"MCUpdateExe"="c:\PROGRA~1\mcafee.com\agent\mcupdate.exe" [11.01.2006 12:05]
"SunJavaUpdateSched"="C:\Programme\Java\jre1.6.0_03\bin\jusched.exe" [25.09.2007 00:11]
"Adobe Reader Speed Launcher"="C:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe" [10.10.2007 19:51]
"KernelFaultCheck"="C:\WINDOWS\system32\dumprep 0 -k" []
"avgnt"="C:\Programme\AntiVir PersonalEdition Premium\avgnt.exe" [12.10.2007 17:06]
"vspdfprsrv.exe"="C:\Programme\Visagesoft\eXPert PDF\vspdfprsrv.exe" [02.12.2005 17:45]
"MMReminderService"="C:\Programme\Mindjet\MindManager 6\MMReminderService.exe" [13.12.2006 23:16]
"SSBkgdUpdate"="C:\Programme\Gemeinsame Dateien\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [25.10.2006 08:03]
"PaperPort PTD"="C:\Programme\ScanSoft\PaperPort\pptd40nt.exe" [11.01.2007 12:01]
"IndexSearch"="C:\Programme\ScanSoft\PaperPort\IndexSearch.exe" [11.01.2007 11:58]
"PPort11reminder"="C:\Programme\ScanSoft\PaperPort\Ereg\Ereg.exe" [16.11.2006 10:01]
"ISUSPM Startup"="C:\PROGRA~1\GEMEIN~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [16.02.2005 15:15]
"ISUSScheduler"="C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe" [16.02.2005 15:15]
"ScanSoft OmniPage 16-reminder"="C:\Programme\ScanSoft\OmniPage16\Ereg\Ereg.exe" [20.07.2007 08:50]
"QuickTime Task"="C:\Programme\QuickTime\QTTask.exe" [14.11.2007 23:43]
"iTunesHelper"="C:\Programme\iTunes\iTunesHelper.exe" [15.11.2007 13:11]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [07.07.2007 07:46]
"gStart"="C:\Garmin\gStart.exe" [04.03.2007 22:08]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [10.08.2004 13:00]
"Personal Desktop"="C:\PROGRA~1\SA269F~1.D\PERSON~1\pdesk.exe" []
"H/PC Connection Agent"="C:\Programme\Microsoft ActiveSync\wcescomm.exe" [13.11.2006 13:50]
"Phoenix Backup"="C:\PROGRA~1\SA269F~1.D\PHOENI~1\pbtray.exe" [07.06.2005 00:00]
"Copernic Desktop Search 2"="C:\Programme\Copernic Desktop Search 2\DesktopSearchService.exe" [08.12.2006 16:58]
"WEB.DE_WEB.DE SmartDrive Manager"="C:\Programme\WEB.DE\WEB.DE SmartDrive Manager\DAVSRV.exe" [15.03.2007 17:38]
"Mobipocket Reader Notifications"="C:\Programme\Mobipocket.com\Mobipocket Reader\readernotify.exe" [20.06.2006 15:54]
"OpAgent"="OpAgent.exe" []
"Performance Center"="C:\Programme\Ascentive\Performance Center\APCMain.exe" [31.05.2007 17:17]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runservices]
"WinUpdate"=C:\WINDOWS\system32\ansij.exe

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"InfoCockpit"=C:\Programme\T-Online\T-Online_Software_6\Info-Cockpit\IC_START.EXE /nosplash

C:\Dokumente und Einstellungen\Jochen\Startmen�\Programme\Autostart\
Stardock ObjectDock.lnk - C:\Programme\Stardock\ObjectDock\ObjectDock.exe [29.04.2007 11:00:51]
XPwinExit Edition.LNK - C:\Programme\XPwinExite\TrayExite2.exe [30.12.2006 17:49:24]

C:\Dokumente und Einstellungen\All Users\Startmen�\Programme\Autostart\
Audible Download Manager.lnk - C:\Programme\Audible\Bin\AudibleDownloadHelper.exe [21.11.2006 11:49:10]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"FoFileAssociate"=0 (0x0)
"StartMenuLogoff"=0 (0x0)
"NoShellSearchButton"=0 (0x0)
"NoLowDiskSpaceChecks"=0 (0x0)
"HideClock"=0 (0x0)
"NoUserNameInStartMenu"=0 (0x0)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"WinUpdate"= C:\WINDOWS\system32\ansij.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Mobipocket Reader Notifications"=C:\Programme\Mobipocket.com\Mobipocket Reader\readernotify.exe
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe
"MSMSGS"="C:\Programme\Messenger\MSMSGS.EXE" /background

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Device Detector"=DevDetect.exe -autorun
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe
"QuickTime Task"="C:\Programme\QuickTime\qttask.exe" -atboottime
"ATICCC"="C:\Programme\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
"Verknüpfung mit der High Definition Audio-Eigenschaftenseite"=HDAShCut.exe
"ehTray"=C:\WINDOWS\ehome\ehtray.exe
"SMSERIAL"=sm56hlpr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs BthServ

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp




-- End of Deckard's System Scanner: finished at 2007-12-01 08:46:25 ------------
 

Attachments

·
Registered
Joined
·
40 Posts
Re: Malware Problem

Hello jo_schafer,

Welcome to the Tech Support Forums :)

Sorry about the delay.:( If you still need help, please post a new HijackThis log to make sure nothing has changed, and I'll be happy to look at it for you.

Thanks,
tea
 

·
Registered
Joined
·
2 Posts
Discussion Starter #3
Re: Malware Problem

Hello

Thank You for the reply to my thread.
Fortunately, yesterday I was successful do delete the Malware Program completely.

Thank You.
 
1 - 4 of 4 Posts
Status
Not open for further replies.
Top