| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: TR/Dropper.gen wie bekämpfen?Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
22.02.2010, 22:08
| #1 |
| |  TR/Dropper.gen wie bekämpfen? Erstmal ein herzliches Hallo =), seid ein paar Tagen zeigt mir mein Antivir immer wieder den Virus TR/Dropper.gen an. Zuerst war er auf einem Ordner auf meinem Desktop anzufinden, nachdem ich ihn in Quarantäne war er wenig später in einem Spieleordner zu finden. Nach erneutem verschieben fand ich ihn heute dann in: C:\System Volume Information\ wieder. Hab jetzt erstmal ein Logfile mit Hijack This gemacht und hoffe das ihr mir weiter helfen könnt, wie ich meinen Freund denn nun entgültig loswerde. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 21:43:13, on 22.02.2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16981) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir Desktop\sched.exe C:\Program Files\Avira\AntiVir Desktop\avguard.exe C:\Program Files\ICQ6Toolbar\ICQ Service.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\O2Micro\o2flash.exe C:\WINDOWS\Explorer.EXE C:\Program Files\WEB.DE\WEB.DE SmartSurfer\SmurfService.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\RTHDCPL.EXE C:\WINDOWS\sm56hlpr.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Vestel\Vestel Mobile Utilities\Mobile Utility Button\Mobutil.exe C:\Program Files\Vestel\Vestel Mobile Utilities\On Screen Display\OSD.EXE C:\Program Files\RALINK\Common\RaUI.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\SpeedFan\speedfan.exe C:\Program Files\Avira\AntiVir Desktop\avscan.exe c:\program files\avira\antivir desktop\avcenter.exe C:\Documents and Settings\***\My Documents\Downloads\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://www.www.daemon-search.com/default R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = h**p://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = h**p://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = h**p://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R3 - URLSearchHook: (no name) - - (no file) R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll R3 - URLSearchHook: XfireXO Toolbar - {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Program Files\XfireXO\tbXfir.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: flashget2 urlcatch - {1F364306-AA45-47B5-9F9D-39A8B94E7EF1} - C:\Program Files\FlashGet Network\FlashGet universal\ComDlls\bhoCATCH.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: XfireXO Toolbar - {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Program Files\XfireXO\tbXfir.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O2 - BHO: (no name) - {ee1babcf-cbe2-4c07-8e18-dfe6fc08c30a} - (no file) O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll O3 - Toolbar: XfireXO Toolbar - {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Program Files\XfireXO\tbXfir.dll O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [WallPaper] C:\DOCUME~1\***\Desktop\ANWEND~1\WALLPA~1\WALLPA~1.EXE /h O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-21-606747145-1035525444-1801674531-1004\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'elephant') O4 - Global Startup: Anti-Theft Sensor.lnk = ? O4 - Global Startup: Mobile Utility Button.lnk = ? O4 - Global Startup: On Screen Display.lnk = ? O4 - Global Startup: Ralink Wireless Utility.lnk = C:\Program Files\RALINK\Common\RaUI.exe O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: &Download All by FlashGet - C:\Program Files\FlashGet Network\FlashGet universal\ComDlls\Bhoall.htm O8 - Extra context menu item: &Download by FlashGet - C:\Program Files\FlashGet Network\FlashGet universal\ComDlls\Bholink.htm O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: PartyCasino - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - C:\Program Files\PartyGaming\PartyCasino\RunApp.exe O9 - Extra 'Tools' menuitem: PartyCasino - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - C:\Program Files\PartyGaming\PartyCasino\RunApp.exe O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O17 - HKLM\System\CCS\Services\Tcpip\..\{B432245B-D462-41CA-AD77-32060D2A6C80}: NameServer = 141.30.207.2 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: Google Update Service (gupdate1ca144dad101992) (gupdate1ca144dad101992) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: ICQ Service - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: NVIDIA Performance Driver Service - Unknown owner - C:\Program Files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: O2Micro Flash Memory Card Service (o2flash) - O2Micro International - C:\Program Files\O2Micro\o2flash.exe O23 - Service: PostgreSQL Database Server 8.3 (pgsql-8.3) - PostgreSQL Global Development Group - C:\Program Files\PostgreSQL\8.3\bin\pg_ctl.exe O23 - Service: SmartSurfer Manager (SmartSurferManager) - United Internet AG - C:\Program Files\WEB.DE\WEB.DE SmartSurfer\SmurfService.exe -- End of file - 9111 bytes Bedanke mich schonmal im Vorraus für die kompetente Hilfe =) Grüße |
|
22.02.2010, 23:59
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | TR/Dropper.gen wie bekämpfen? Hallo und
__________________ Bitte diese Liste beachten und abarbeiten. Beim Scan mit MalwareBytes auch alle externen Speicher (ext. Platten, USB-Sticks, ... mit anklemmen!! ) Wichtig für Benutzer mit Windows Vista und Windows 7: Bitte alle Tools per Rechtsklick => Als Admin ausführen! Die Logfiles kannst Du zB alle in eine Datei zippen und auf File-Upload.net hochladen und hier verlinken, denn 1. sind manche Logfiles fürs Board nämlich zu groß und 2. kann ich mit einem Klick mir gleich alle auf einmal runterladen.
__________________ |
|
23.02.2010, 12:18
| #3 |
| | TR/Dropper.gen wie bekämpfen? Seltsamerweise findet Malwarebytes keine infizierte Datei mehr. Kann es sein, dass der Virus nach dem dritten mal in Quarantäne schieben verschwunden ist?
__________________Naja trotzdem noch mal die Scanberichte zur Sicherheit, wär nett wenn ihr mal drüber schaut (nochmal sorry das ich nich gleich die Hilfe gelesen habe). Malwarebytes sagt: Malwarebytes' Anti-Malware 1.44 Datenbank Version: 3779 Windows 5.1.2600 Service Pack 3 Internet Explorer 7.0.5730.13 23.02.2010 11:58:20 mbam-log-2010-02-23 (11-58-20).txt Scan-Methode: Vollständiger Scan (C:\|) Durchsuchte Objekte: 279053 Laufzeit: 1 hour(s), 43 minute(s), 31 second(s) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 0 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: (Keine bösartigen Objekte gefunden) Das sagt die info.txt von RSIT: info.txt logfile of random's system information tool 1.06 2010-02-23 12:01:14 ======Uninstall list====== -->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER -->C:\WINDOWS\system32\RunDll32.Exe C:\WINDOWS\system32\SetupAPI.Dll,InstallHinfSection DefaultUninstall.NTx86 4 C:\WINDOWS\INF\thdudf.Inf -->MsiExec /X{1C4551A6-4743-4093-91E4-1477CD655043} -->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf 7-Zip 4.42-->"C:\Program Files\7-Zip\Uninstall.exe" Acrobat.com-->C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Application Installer.exe -uninstall com.adobe.mauby 4875E02D9FB21EE389F73B8D1702B320485DF8CE.1 Acrobat.com-->MsiExec.exe /I{77DCDCE3-2DED-62F3-8154-05E745472D07} Adobe AIR-->C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Updater.exe -arp:uninstall Adobe AIR-->MsiExec.exe /I{00203668-8170-44A0-BE44-B632FA4D780F} Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe Adobe Reader 9.2 - Deutsch-->MsiExec.exe /I{AC76BA86-7AD7-1031-7B44-A92000000001} AnyDVD-->"C:\Program Files\SlySoft\AnyDVD\AnyDVD-uninst.exe" /D="C:\Program Files\SlySoft\AnyDVD" Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033} Ashampoo Burning Studio 6 Advanced-->"C:\Program Files\Ashampoo\Ashampoo Burning Studio 6 Advanced\unins000.exe" Ashampoo Music Studio 2008-->"C:\Program Files\Ashampoo\Ashampoo Music Studio 2008\Uninstall\0330_Uninstall.EXE" Ashampoo WinOptimizer 4.41-->"C:\Program Files\Ashampoo\Ashampoo WinOptimizer 4\unins000.exe" Avira AntiVir Personal - Free Antivirus-->C:\Program Files\Avira\AntiVir Desktop\setup.exe /REMOVE Battlefield 1942: The Road To Rome-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D057AA08-8CBF-42E3-9EAB-23B8FED1C279}\setup.exe" -l0x7 Battlefield 1942-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{698D7E61-E4BF-4CA6-8A09-CF6BDBFDEF65}\setup.exe" -l0x7 Call of Duty Modern Warfare 2(CREATED BY XEONKING©)-->"C:\Program Files\Call of Duty Modern Warfare 2\unins000.exe" Call of Duty(R) - World at War(TM) 1.2 Patch-->C:\Program Files\InstallShield Installation Information\{2BF0AE92-C3BC-4112-9066-1546342B1FAE}\setup.exe -runfromtemp -l0x0409 Call of Duty(R) - World at War(TM) 1.4 Patch-->C:\Program Files\InstallShield Installation Information\{CC862A04-B2B0-4A79-ADD2-4B76D6CF4DCD}\setup.exe -runfromtemp -l0x0409 CCleaner-->"C:\Program Files\CCleaner\uninst.exe" Critical Update for Windows Media Player 11 (KB959772)-->"C:\WINDOWS\$NtUninstallKB959772_WM11$\spuninst\spuninst.exe" DER HERR DER RINGE ONLINE: Schatten von Angmar v07.12.30.70-->"C:\Program Files\Codemasters\Der Herr der Ringe Online\unins000.exe" DivX Codec-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC DivX Converter-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER DivX Player-->C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER DivX Plus DirectShow Filters-->C:\Program Files\DivX\DivXDSFiltersUninstall.exe /DSFILTERS DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN EA Download Manager-->C:\Program Files\Electronic Arts\EADM\Uninstall.exe EAX4 Unified Redist-->MsiExec.exe /X{89661B04-C646-4412-B6D3-5E19F02F1F37} Empire: Total War - Multiplayer Beta-->"C:\Program Files\Steam\steam.exe" steam://uninstall/10605 Empire: Total War-->"C:\Program Files\Steam\steam.exe" steam://uninstall/10500 Europa Universalis III-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{59C80C5E-8C92-40FF-B910-2BB5C7281F61}\setup.exe" -l0x7 EVEREST Home Edition v2.20-->"C:\Program Files\Lavalys\EVEREST Home Edition\unins000.exe" Fallout Mod Manager 0.9.15-->"C:\Program Files\Bethesda Softworks\Fallout 3\fomm\uninstall\unins000.exe" FlashGet 2.0-->C:\Program Files\FlashGet Network\FlashGet universal\uninst.exe FLV Player 2.0 (build 25)-->C:\Program Files\FLV Player\uninst.exe Free Window Registry Repair-->C:\PROGRA~1\FREEWI~1\UNWISE.EXE C:\PROGRA~1\FREEWI~1\INSTALL.LOG Google Earth-->MsiExec.exe /X{2EAF7E61-068E-11DF-953C-005056806466} Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2} Google Updater-->"C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -uninstall Hamachi 1.0.3.0-->C:\Program Files\Hamachi\uninstall.exe HijackThis 2.0.2-->"C:\Documents and Settings\***\My Documents\Downloads\HijackThis.exe" /uninstall Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT="" Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT="" Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe" Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe" Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe" Hotfix for Windows XP (KB961118)-->"C:\WINDOWS\$NtUninstallKB961118$\spuninst\spuninst.exe" Hotfix for Windows XP (KB970653-v3)-->"C:\WINDOWS\$NtUninstallKB970653-v3$\spuninst\spuninst.exe" Hotfix for Windows XP (KB976098-v2)-->"C:\WINDOWS\$NtUninstallKB976098-v2$\spuninst\spuninst.exe" ICM Trainer Light-->MsiExec.exe /I{2F8BE683-EF69-4D18-9974-DB0C1832A516} ICM Trainer-->MsiExec.exe /I{47EA4DDF-FD99-46B3-846C-9F3F315268AD} ICQ Toolbar-->C:\Program Files\ICQ6Toolbar\ICQUnToolbar.exe ICQ6.5-->"C:\Program Files\InstallShield Installation Information\{60DE4033-9503-48D1-A483-7846BD217CA9}\setup.exe" -runfromtemp -l0x0009 -removeonly In Nomine 3.2-->"C:\Program Files\Paradox Interactive\Europa Universalis III\unins000.exe" Internet Chess-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{70D9854A-CEF5-4BCF-B37A-0AA1AB0A83CF}\setup.exe" -l0x7 Java(TM) 6 Update 16-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216016FF} Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe" Microsoft .NET Framework 1.1 Security Update (KB953297)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M953297\M953297Uninstall.msp" Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} Microsoft .NET Framework 2.0 Language Pack - DEU-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0 Language Pack - DEU\install.exe Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} Microsoft .NET Framework 3.0 German Language Pack-->c:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0 German Language Pack\setup.exe Microsoft .NET Framework 3.0 German Language Pack-->MsiExec.exe /X{F2A7F421-1679-48D5-B918-96999014ED53} Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7} Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe" Microsoft Games for Windows - LIVE -->MsiExec.exe /X{4AA3D64E-9EC3-4B0F-AB91-5885AC55641F} Microsoft Games for Windows - LIVE Redistributable-->MsiExec.exe /X{FD052FB9-FE90-4438-B355-15EDC89D8FB1} Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe" Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe" Microsoft Office Professional Edition 2003-->MsiExec.exe /I{90110407-6000-11D3-8CFE-0150048383C9} Microsoft Office Project MUI (German) 2007-->MsiExec.exe /X{90120000-00B4-0407-0000-0000000FF1CE} Microsoft Office Project Professional 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall PRJPRO /dll OSETUP.DLL Microsoft Office Project Professional 2007-->MsiExec.exe /X{90120000-003B-0000-0000-0000000FF1CE} Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE} Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE} Microsoft Office Proof (German) 2007-->MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE} Microsoft Office Proof (Italian) 2007-->MsiExec.exe /X{90120000-001F-0410-0000-0000000FF1CE} Microsoft Office Proofing (German) 2007-->MsiExec.exe /X{90120000-002C-0407-0000-0000000FF1CE} Microsoft Office Shared MUI (German) 2007-->MsiExec.exe /X{90120000-006E-0407-0000-0000000FF1CE} Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe" Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d} Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7} Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475} Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729-->MsiExec.exe /X{6AFCA4E1-9B78-3640-8F72-A7BF33448200} Microsoft WSE 3.0 Runtime-->MsiExec.exe /X{E3E71D07-CD27-46CB-8448-16D4FB29AA13} Mobile Partner-->C:\Program Files\Mobile Partner\uninst.exe Motorola SM56 Data Fax Modem-->rundll32.exe sm56co.dll,SM56UnInstaller Mozilla Firefox (3.6)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71} MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC} MSXML 6.0 Parser (KB925673)-->MsiExec.exe /I{FE9126DB-5F84-495A-BB46-3C724F1C2D08} MSXML4 Parser-->MsiExec.exe /I{01501EBA-EC35-4F9F-8889-3BE346E5DA13} MUI Help Package - DEU-->C:\WINDOWS\$NtUninstallKB841625_DEU$\spuninst\spuninst.exe NVIDIA Drivers-->C:\WINDOWS\system32\nvuninst.exe UninstallGUI NVIDIA Performance Drivers-->MsiExec.exe /I{4C0A8D65-4286-4B58-87FE-18AD24289285} NVIDIA PhysX-->MsiExec.exe /X{1C4551A6-4743-4093-91E4-1477CD655043} NVIDIA PhysX-->MsiExec.exe /X{5DB65884-C963-4454-AABA-4CA3089281FA} O2Micro Flash Memory Card Reader Driver Installer(x86)-->MsiExec.exe /X{E45B30C1-AE47-41E0-83C4-E3EB82688917} OpenAL-->"C:\Program Files\OpenAL\oalinst.exe" /U OpenOffice.org 3.0-->MsiExec.exe /I{04B45310-A5FE-4425-BFCA-1A6D8920DE74} PartyCasino-->"C:\Program Files\PartyGaming\PartyCasino\Uninstall.exe" "C:\Program Files\PartyGaming\PartyCasino\install.log" PartyPoker-->"C:\Program Files\PartyGaming\PartyPoker\Uninstall.exe" "C:\Program Files\PartyGaming\PartyPoker\install.log" PokerStrategy Elephant-->MsiExec.exe /I{A27CAF84-656A-4D4D-9D95-D5B1368074C7} PokerStrategy Equilator-->MsiExec.exe /I{D4EB3763-9586-405D-B376-DE98C8C9285E} PostgreSQL 8.3-->MsiExec.exe /I{B823632F-3B72-4514-8861-B961CE263224} Prototype(TM)-->C:\Program Files\InstallShield Installation Information\{9322A850-9091-4D0E-B252-3E82EDA3D94A}\setup.exe -runfromtemp -l0x0409 QuickTime-->MsiExec.exe /I{216AB108-2AE1-4130-B3D5-20B2C4C80F8F} Ralink Wireless LAN-->C:\Program Files\InstallShield Installation Information\{E91E8912-769D-42F0-8408-0E329443BABC}\setup.exe -runfromtemp -l0x0009 -removeonly RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|12.0 Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0x9 -removeonly SecureW2 EAP Suite 1.1.1 for Windows-->C:\Program Files\SecureW2\Uninstall.exe Security Update for Windows Internet Explorer 7 (KB938127-v2)-->"C:\WINDOWS\ie7updates\KB938127-v2-IE7\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 7 (KB961260)-->"C:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 7 (KB963027)-->"C:\WINDOWS\ie7updates\KB963027-IE7\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 7 (KB969897)-->"C:\WINDOWS\ie7updates\KB969897-IE7\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 7 (KB972260)-->"C:\WINDOWS\ie7updates\KB972260-IE7\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 7 (KB974455)-->"C:\WINDOWS\ie7updates\KB974455-IE7\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 7 (KB976325)-->"C:\WINDOWS\ie7updates\KB976325-IE7\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 7 (KB978207)-->"C:\WINDOWS\ie7updates\KB978207-IE7\spuninst\spuninst.exe" Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe" Security Update for Windows Media Player (KB954155)-->"C:\WINDOWS\$NtUninstallKB954155_WM9$\spuninst\spuninst.exe" Security Update for Windows Media Player (KB968816)-->"C:\WINDOWS\$NtUninstallKB968816_WM9$\spuninst\spuninst.exe" Security Update for Windows Media Player (KB973540)-->"C:\WINDOWS\$NtUninstallKB973540_WM9$\spuninst\spuninst.exe" Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe" Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe" Security Update for Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe" Security Update for Windows XP (KB923789)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe" Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe" Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe" Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe" Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe" Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe" Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe" Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe" Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe" Security Update for Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe" Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe" Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe" Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe" Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe" Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe" Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe" Security Update for Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe" Security Update for Windows XP (KB956744)-->"C:\WINDOWS\$NtUninstallKB956744$\spuninst\spuninst.exe" Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe" Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe" Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe" Security Update for Windows XP (KB956844)-->"C:\WINDOWS\$NtUninstallKB956844$\spuninst\spuninst.exe" Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe" Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe" Security Update for Windows XP (KB958215)-->"C:\WINDOWS\$NtUninstallKB958215$\spuninst\spuninst.exe" Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe" Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe" Security Update for Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe" Security Update for Windows XP (KB958869)-->"C:\WINDOWS\$NtUninstallKB958869$\spuninst\spuninst.exe" Security Update for Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe" Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe" Security Update for Windows XP (KB960714)-->"C:\WINDOWS\$NtUninstallKB960714$\spuninst\spuninst.exe" Security Update for Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe" Security Update for Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe" Security Update for Windows XP (KB960859)-->"C:\WINDOWS\$NtUninstallKB960859$\spuninst\spuninst.exe" Security Update for Windows XP (KB961371)-->"C:\WINDOWS\$NtUninstallKB961371$\spuninst\spuninst.exe" Security Update for Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe" Security Update for Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe" Security Update for Windows XP (KB968537)-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe" Security Update for Windows XP (KB969059)-->"C:\WINDOWS\$NtUninstallKB969059$\spuninst\spuninst.exe" Security Update for Windows XP (KB969898)-->"C:\WINDOWS\$NtUninstallKB969898$\spuninst\spuninst.exe" Security Update for Windows XP (KB969947)-->"C:\WINDOWS\$NtUninstallKB969947$\spuninst\spuninst.exe" Security Update for Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe" Security Update for Windows XP (KB970430)-->"C:\WINDOWS\$NtUninstallKB970430$\spuninst\spuninst.exe" Security Update for Windows XP (KB971468)-->"C:\WINDOWS\$NtUninstallKB971468$\spuninst\spuninst.exe" Security Update for Windows XP (KB971486)-->"C:\WINDOWS\$NtUninstallKB971486$\spuninst\spuninst.exe" Security Update for Windows XP (KB971557)-->"C:\WINDOWS\$NtUninstallKB971557$\spuninst\spuninst.exe" Security Update for Windows XP (KB971633)-->"C:\WINDOWS\$NtUninstallKB971633$\spuninst\spuninst.exe" Security Update for Windows XP (KB971657)-->"C:\WINDOWS\$NtUninstallKB971657$\spuninst\spuninst.exe" Security Update for Windows XP (KB971961)-->"C:\WINDOWS\$NtUninstallKB971961$\spuninst\spuninst.exe" Security Update for Windows XP (KB972270)-->"C:\WINDOWS\$NtUninstallKB972270$\spuninst\spuninst.exe" Security Update for Windows XP (KB973346)-->"C:\WINDOWS\$NtUninstallKB973346$\spuninst\spuninst.exe" Security Update for Windows XP (KB973354)-->"C:\WINDOWS\$NtUninstallKB973354$\spuninst\spuninst.exe" Security Update for Windows XP (KB973507)-->"C:\WINDOWS\$NtUninstallKB973507$\spuninst\spuninst.exe" Security Update for Windows XP (KB973525)-->"C:\WINDOWS\$NtUninstallKB973525$\spuninst\spuninst.exe" Security Update for Windows XP (KB973869)-->"C:\WINDOWS\$NtUninstallKB973869$\spuninst\spuninst.exe" Security Update for Windows XP (KB973904)-->"C:\WINDOWS\$NtUninstallKB973904$\spuninst\spuninst.exe" Security Update for Windows XP (KB974112)-->"C:\WINDOWS\$NtUninstallKB974112$\spuninst\spuninst.exe" Security Update for Windows XP (KB974318)-->"C:\WINDOWS\$NtUninstallKB974318$\spuninst\spuninst.exe" Security Update for Windows XP (KB974392)-->"C:\WINDOWS\$NtUninstallKB974392$\spuninst\spuninst.exe" Security Update for Windows XP (KB974571)-->"C:\WINDOWS\$NtUninstallKB974571$\spuninst\spuninst.exe" Security Update for Windows XP (KB975025)-->"C:\WINDOWS\$NtUninstallKB975025$\spuninst\spuninst.exe" Security Update for Windows XP (KB975467)-->"C:\WINDOWS\$NtUninstallKB975467$\spuninst\spuninst.exe" Security Update for Windows XP (KB975560)-->"C:\WINDOWS\$NtUninstallKB975560$\spuninst\spuninst.exe" Security Update for Windows XP (KB975713)-->"C:\WINDOWS\$NtUninstallKB975713$\spuninst\spuninst.exe" Security Update for Windows XP (KB977165)-->"C:\WINDOWS\$NtUninstallKB977165$\spuninst\spuninst.exe" Security Update for Windows XP (KB977914)-->"C:\WINDOWS\$NtUninstallKB977914$\spuninst\spuninst.exe" Security Update for Windows XP (KB978037)-->"C:\WINDOWS\$NtUninstallKB978037$\spuninst\spuninst.exe" Security Update for Windows XP (KB978251)-->"C:\WINDOWS\$NtUninstallKB978251$\spuninst\spuninst.exe" Security Update for Windows XP (KB978262)-->"C:\WINDOWS\$NtUninstallKB978262$\spuninst\spuninst.exe" Security Update for Windows XP (KB978706)-->"C:\WINDOWS\$NtUninstallKB978706$\spuninst\spuninst.exe" Sins of a Solar Empire-->C:\Documents and Settings\All Users\Application Data\{0E8E33D8-193A-414A-A909-0F101A142D26}\setup.exe Skype web features-->MsiExec.exe /I{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748} Skype™ 4.1-->MsiExec.exe /X{D103C4BA-F905-437A-8049-DB24763BBE36} SpeedFan (remove only)-->"C:\Program Files\SpeedFan\uninstall.exe" Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe" Steam-->MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3} Synaptics Pointing Device Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall TeamSpeak 2 RC2-->"C:\Program Files\Teamspeak2_RC2\unins000.exe" Titan Quest Immortal Throne-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B5C5C17E-FEF6-4062-8151-A427AE8AF9D7}\setup.exe" -l0x7 -removeonly Titan Quest-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{412B69AF-C352-4F6F-A318-B92B3CB9ACC6}\setup.exe" -l0x7 -removeonly Tropico 3 1.00-->"C:\Program Files\Kalypso\Tropico 3\uninst.exe" Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT="" Update for Windows Internet Explorer 7 (KB976749)-->"C:\WINDOWS\ie7updates\KB976749-IE7\spuninst\spuninst.exe" Update for Windows XP (KB898461)-->"C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe" Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe" Update for Windows XP (KB955759)-->"C:\WINDOWS\$NtUninstallKB955759$\spuninst\spuninst.exe" Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe" Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe" Update for Windows XP (KB968389)-->"C:\WINDOWS\$NtUninstallKB968389$\spuninst\spuninst.exe" Update for Windows XP (KB971737)-->"C:\WINDOWS\$NtUninstallKB971737$\spuninst\spuninst.exe" Update for Windows XP (KB973687)-->"C:\WINDOWS\$NtUninstallKB973687$\spuninst\spuninst.exe" Update for Windows XP (KB973815)-->"C:\WINDOWS\$NtUninstallKB973815$\spuninst\spuninst.exe" VC80CRTRedist - 8.0.50727.762-->MsiExec.exe /I{767CC44C-9BBC-438D-BAD3-FD4595DD148B} Vestel Installer Suite-->C:\Program Files\InstallShield Installation Information\{121A64FD-6D62-40A1-BDE3-F9A590A2B96B}\setup.exe -runfromtemp -l0x0009 -removeonly VLC media player 1.0.1-->C:\Program Files\VideoLAN\VLC\uninstall.exe WEB.DE SmartSurfer AutoUpdate 5.2-->C:\Program Files\WEB.DE\WEB.DE SmartSurfer\SmurfUpd.exe /r WEB.DE SmartSurfer-->C:\Program Files\WEB.DE\WEB.DE SmartSurfer\Uninstall.exe Winamp-->"C:\Program Files\Winamp\UninstWA.exe" Windows Driver Package - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0)-->C:\PROGRA~1\DIFX\7B44739871F4D539FA473F57A832EA4B6A59EF06\DPInst.exe /d /u C:\WINDOWS\system32\DRVSTORE\amdk8_C074F64CC74B03BC354BB5DC973CCF768D5A7194\amdk8.inf Windows Driver Package - D-MAX, (STK-1135) (StkCMini) Image (05/30/2007 6.10.70.007)-->C:\PROGRA~1\DIFX\7B44739871F4D539FA473F57A832EA4B6A59EF06\DPInst.exe /u C:\WINDOWS\system32\DRVSTORE\stk1135_5C4310A795B084864F38260D702D016D28C4A457\stk1135.inf Windows Internet Explorer 7-->"C:\WINDOWS\ie7\spuninst\spuninst.exe" Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe" Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe" Windows Presentation Foundation Language Pack (DEU)-->MsiExec.exe /X{92DF2F1B-F63C-4D9A-B3E1-B2D11AE29790} Windows Presentation Foundation-->MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840} Windows Workflow Foundation DE Language Pack-->MsiExec.exe /I{7228FD8C-3B9E-4204-AE36-8A466107685B} WinRAR-->C:\Program Files\WinRAR\uninstall.exe Wolfenstein(TM) 1.1 Patch-->C:\Program Files\InstallShield Installation Information\{E03B44A3-9237-4B55-B7A5-DB1DD46920D3}\setup.exe -runfromtemp -l0x0409 X Plugin Manager 2.20 BETA 6-->'C:\Program Files\X Plugin Manager\Uninstall.exe' Xfire (remove only)-->"C:\Program Files\Xfire\uninst.exe" XfireXO Toolbar-->C:\PROGRA~1\XfireXO\UNWISE.EXE /U C:\PROGRA~1\XfireXO\INSTALL.LOG Xilisoft DVD Ripper Platinum 5-->C:\Program Files\Xilisoft\DVD Ripper Platinum 5\Uninstall.exe XML Paper Specification Shared Components Language Pack 1.0-->"C:\WINDOWS\$NtUninstallXPSEPSCLP$\spuninst\spuninst.exe" ======Security center information====== AV: AntiVir Desktop ======System event log====== Computer Name: ***-PC Event Code: 1 Message: \Device\ACPIEC: The embedded controller (EC) hardware didn't respond within the timeout period. This may indicate an error in the EC hardware or firmware, or possibly a poorly designed BIOS which accesses the EC in an unsafe manner. The EC driver will retry the failed transaction if possible. Record Number: 46837 Source Name: ACPIEC Time Written: 20100213123926.000000+060 Event Type: error User: Computer Name: ***-PC Event Code: 36 Message: The time service has not been able to synchronize the system time for 49152 seconds because none of the time providers has been able to provide a usable time stamp. The system clock is unsynchronized. Record Number: 46698 Source Name: W32Time Time Written: 20100212021010.000000+060 Event Type: warning User: Computer Name: ***-PC Event Code: 9 Message: The device, \Device\Ide\IdePort0, did not respond within the timeout period. Record Number: 46428 Source Name: atapi Time Written: 20100209211747.000000+060 Event Type: error User: Computer Name: ***-PC Event Code: 8021 Message: The browser was unable to retrieve a list of servers from the browser master \\KHALEDREZA-PC on the network \Device\NetBT_Tcpip_{B432245B-D462-41CA-AD77-32060D2A6C80}. The data is the error code. Record Number: 46048 Source Name: BROWSER Time Written: 20100207031433.000000+060 Event Type: warning User: Computer Name: ***-PC Event Code: 36 Message: The time service has not been able to synchronize the system time for 49152 seconds because none of the time providers has been able to provide a usable time stamp. The system clock is unsynchronized. Record Number: 46042 Source Name: W32Time Time Written: 20100207012857.000000+060 Event Type: warning User: =====Application event log===== Computer Name: ***-PC Event Code: 20 Message: Record Number: 10637 Source Name: Google Update Time Written: 20091228204227.000000+060 Event Type: error User: NT AUTHORITY\SYSTEM Computer Name: ***-PC Event Code: 20 Message: Record Number: 10602 Source Name: Google Update Time Written: 20091228014226.000000+060 Event Type: error User: NT AUTHORITY\SYSTEM Computer Name: ***-PC Event Code: 20 Message: Record Number: 10601 Source Name: Google Update Time Written: 20091228004228.000000+060 Event Type: error User: NT AUTHORITY\SYSTEM Computer Name: ***-PC Event Code: 20 Message: Record Number: 10600 Source Name: Google Update Time Written: 20091227234228.000000+060 Event Type: error User: NT AUTHORITY\SYSTEM Computer Name: ***-PC Event Code: 1000 Message: Faulting application lotroclient.exe, version 3.0.5.8019, faulting module dinput8.dll, version 5.3.2600.5512, fault address 0x000168be. Record Number: 10582 Source Name: Application Error Time Written: 20091227175612.000000+060 Event Type: error User: ======Environment variables====== "ComSpec"=%SystemRoot%\system32\cmd.exe "Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\QuickTime\QTSystem\;C:\Program Files\Common Files\DivX Shared\ "windir"=%SystemRoot% "FP_NO_HOST_CHECK"=NO "OS"=Windows_NT "PROCESSOR_ARCHITECTURE"=x86 "PROCESSOR_LEVEL"=6 "PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 13, GenuineIntel "PROCESSOR_REVISION"=0f0d "NUMBER_OF_PROCESSORS"=2 "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH "TEMP"=%SystemRoot%\TEMP "TMP"=%SystemRoot%\TEMP "CLASSPATH"=.;C:\Program Files\QuickTime\QTSystem\QTJava.zip "QTJAVA"=C:\Program Files\QuickTime\QTSystem\QTJava.zip -----------------EOF----------------- Danke und Grüße |
|
23.02.2010, 12:19
| #4 |
| | TR/Dropper.gen wie bekämpfen? Hier noch das log.txt. Logfile of random's system information tool 1.06 (written by random/random) Run by David at 2010-02-23 12:01:05 Microsoft Windows XP Professional Service Pack 3 System drive C: has 23 GB (10%) free of 238 GB Total RAM: 2046 MB (75% free) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:01:12, on 23.02.2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16981) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir Desktop\sched.exe C:\Program Files\Avira\AntiVir Desktop\avguard.exe C:\Program Files\ICQ6Toolbar\ICQ Service.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\O2Micro\o2flash.exe C:\Program Files\WEB.DE\WEB.DE SmartSurfer\SmurfService.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\RTHDCPL.EXE C:\WINDOWS\sm56hlpr.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Vestel\Vestel Mobile Utilities\On Screen Display\OSD.EXE C:\Program Files\RALINK\Common\RaUI.exe C:\Documents and Settings\***\My Documents\Downloads\RSIT.exe C:\Documents and Settings\***\My Documents\Downloads\***.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://www.www.daemon-search.com/default R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = h**p://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = h**p://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = h**p://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R3 - URLSearchHook: (no name) - - (no file) R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll R3 - URLSearchHook: XfireXO Toolbar - {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Program Files\XfireXO\tbXfir.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: flashget2 urlcatch - {1F364306-AA45-47B5-9F9D-39A8B94E7EF1} - C:\Program Files\FlashGet Network\FlashGet universal\ComDlls\bhoCATCH.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: XfireXO Toolbar - {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Program Files\XfireXO\tbXfir.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O2 - BHO: (no name) - {ee1babcf-cbe2-4c07-8e18-dfe6fc08c30a} - (no file) O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll O3 - Toolbar: XfireXO Toolbar - {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Program Files\XfireXO\tbXfir.dll O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [WallPaper] C:\DOCUME~1\***\Desktop\ANWEND~1\WALLPA~1\WALLPA~1.EXE /h O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - Global Startup: Anti-Theft Sensor.lnk = ? O4 - Global Startup: Mobile Utility Button.lnk = ? O4 - Global Startup: On Screen Display.lnk = ? O4 - Global Startup: Ralink Wireless Utility.lnk = C:\Program Files\RALINK\Common\RaUI.exe O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: &Download All by FlashGet - C:\Program Files\FlashGet Network\FlashGet universal\ComDlls\Bhoall.htm O8 - Extra context menu item: &Download by FlashGet - C:\Program Files\FlashGet Network\FlashGet universal\ComDlls\Bholink.htm O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: PartyCasino - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - C:\Program Files\PartyGaming\PartyCasino\RunApp.exe O9 - Extra 'Tools' menuitem: PartyCasino - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - C:\Program Files\PartyGaming\PartyCasino\RunApp.exe O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O17 - HKLM\System\CCS\Services\Tcpip\..\{B432245B-D462-41CA-AD77-32060D2A6C80}: NameServer = 141.30.207.2 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: Google Update Service (gupdate1ca144dad101992) (gupdate1ca144dad101992) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: ICQ Service - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: NVIDIA Performance Driver Service - Unknown owner - C:\Program Files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: O2Micro Flash Memory Card Service (o2flash) - O2Micro International - C:\Program Files\O2Micro\o2flash.exe O23 - Service: PostgreSQL Database Server 8.3 (pgsql-8.3) - PostgreSQL Global Development Group - C:\Program Files\PostgreSQL\8.3\bin\pg_ctl.exe O23 - Service: SmartSurfer Manager (SmartSurferManager) - United Internet AG - C:\Program Files\WEB.DE\WEB.DE SmartSurfer\SmurfService.exe -- End of file - 8896 bytes ======Scheduled tasks folder====== C:\WINDOWS\tasks\Google Software Updater.job C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job C:\WINDOWS\tasks\WGASetup.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}] Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1F364306-AA45-47B5-9F9D-39A8B94E7EF1}] FG2CatchUrl - C:\Program Files\FlashGet Network\FlashGet universal\ComDlls\bhoCATCH.dll [2008-08-19 104016] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}] RealPlayer Download and Record Plugin for Internet Explorer - c:\program files\real\realplayer\rpbrowserrecordplugin.dll [2009-10-07 329312] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}] Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}] XfireXO Toolbar - C:\Program Files\XfireXO\tbXfir.dll [2009-12-31 2349080] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}] Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll [2009-08-03 668656] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-09-17 41760] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}] JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-09-17 73728] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ee1babcf-cbe2-4c07-8e18-dfe6fc08c30a} ] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {855F3B16-6D32-4fe6-8A56-BBB695989046} - ICQToolBar - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll [2008-12-09 958200] {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - XfireXO Toolbar - C:\Program Files\XfireXO\tbXfir.dll [2009-12-31 2349080] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2007-09-27 16844800] "Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2007-09-27 69632] "SMSERIAL"=C:\WINDOWS\sm56hlpr.exe [2007-10-25 557056] "SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2007-10-25 774233] "nwiz"=nwiz.exe /install [] "avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2009-03-02 209153] "SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-09-17 149280] "NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2008-12-25 13680640] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce] "Malwarebytes' Anti-Malware"=C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [2010-01-07 429392] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360] "WallPaper"=C:\DOCUME~1\***\Desktop\ANWEND~1\WALLPA~1\WALLPA~1.EXE [2002-07-28 343040] C:\Documents and Settings\All Users\Start Menu\Programs\Startup Anti-Theft Sensor.lnk - C:\Program Files\Vestel\Vestel Mobile Utilities\Anti-Theft Sensor\atapp.exe Mobile Utility Button.lnk - C:\Program Files\Vestel\Vestel Mobile Utilities\Mobile Utility Button\Mobutil.exe On Screen Display.lnk - C:\Program Files\Vestel\Vestel Mobile Utilities\On Screen Display\OSD.EXE Ralink Wireless Utility.lnk - C:\Program Files\RALINK\Common\RaUI.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon] C:\WINDOWS\system32\WgaLogon.dll [2008-09-06 241704] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-19 133632] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "undockwithoutlogon"=1 "ShutdownWithoutLogon"=1 "NoDispCPL"=0 "NoDispSettingsPage"=0 "NoDispScrSavPage"=0 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=145 "HideClock"=0 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "HonorAutoRunSetting"= "NoResolveTrack"= "NoViewContextMenu"= "NoFileAssociate"= "NoFind"= "NoRun"= "NoClose"= "StartMenuLogoff"= [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\Program Files\ICQ6.5\ICQ.exe"="C:\Program Files\ICQ6.5\ICQ.exe:*:Enabled:ICQ6" "C:\Documents and Settings\***\Desktop\Heroes of Might and Magic V - Tribes of the East\bin\H5_Game.exe"="C:\Documents and Settings\***\Desktop\Heroes of Might and Magic V - Tribes of the East\bin\H5_Game.exe:*:Enabled:Heroes of Might and Magic V" "C:\Documents and Settings\***\Desktop\games\Heroes of Might and Magic V - Tribes of the East\bin\H5_Game.exe"="C:\Documents and Settings\***\Desktop\games\Heroes of Might and Magic V - Tribes of the East\bin\H5_Game.exe:*:Enabled:Heroes of Might and Magic V" "C:\Documents and Settings\***\Desktop\left4dead on Main\left4dead.exe"="C:\Documents and Settings\***\Desktop\left4dead on Main\left4dead.exe:*:Enabled:left4dead" "C:\WINDOWS\system32\PnkBstrA.exe"="C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA" "C:\WINDOWS\system32\PnkBstrB.exe"="C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB" "C:\Documents and Settings\***\Desktop\Spielezubehör\Spieleordner\Heroes of Might and Magic V - Tribes of the East\bin\H5_Game.exe"="C:\Documents and Settings\***\Desktop\Spielezubehör\Spieleordner\Heroes of Might and Magic V - Tribes of the East\bin\H5_Game.exe:*:Enabled:Heroes of Might and Magic V" "C:\Documents and Settings\***\Desktop\ewi09_lv1_win\bin\jre\bin\javaw.exe"="C:\Documents and Settings\***\Desktop\ewi09_lv1_win\bin\jre\bin\javaw.exe:*:Enabled:Java(TM) 2 Platform Standard Edition binary" "C:\Program Files\Electronic Arts\Aufstieg des Hexenkönigs\game.dat"="C:\Program Files\Electronic Arts\Aufstieg des Hexenkönigs\game.dat:*:Enabled  er Herr der Ringe™, Aufstieg des Hexenkönigs™""C:\Program Files\FlashGet Network\FlashGet universal\FlashGet.exe"="C:\Program Files\FlashGet Network\FlashGet universal\FlashGet.exe:*:Enabled:Flashget2" "C:\Program Files\FlashGet Network\FlashGet universal\LiveUpdate.exe"="C:\Program Files\FlashGet Network\FlashGet universal\LiveUpdate.exe:*:Enabled:FGLiveUpdate" "C:\Program Files\FlashGet Network\FlashGet universal\LiveUpdateEx.exe"="C:\Program Files\FlashGet Network\FlashGet universal\LiveUpdateEx.exe:*:Enabled:FGLiveUpdateEx" "C:\Documents and Settings\***\Desktop\Studium\Wirtschaftsinformatik\E-Learning\Informationsmanagement 2\bin\jre\bin\javaw.exe"="C:\Documents and Settings\***\Desktop\Studium\Wirtschaftsinformatik\E-Learning\Informationsmanagement 2\bin\jre\bin\javaw.exe:*:Enabled:Java(TM) 2 Platform Standard Edition binary" "C:\Program Files\Anno 1701\Anno1701.exe"="C:\Program Files\Anno 1701\Anno1701.exe:*:Enabled:Anno 1701" "C:\Program Files\Touchstone\Turok\Binaries\TurokGame.exe"="C:\Program Files\Touchstone\Turok\Binaries\TurokGame.exe:*:Enabled:Turok" "C:\Program Files\TeamViewer\Version4\TeamViewer.exe"="C:\Program Files\TeamViewer\Version4\TeamViewer.exe:*:Enabled:TeamViewer Remote Control Application" "C:\Program Files\PokerStrategy\PokerStrategy Elephant\PokerStrategy Elephant.exe"="C:\Program Files\PokerStrategy\PokerStrategy Elephant\PokerStrategy Elephant.exe:*:Enabled:PokerStrategy Elephant" "C:\Program Files\PokerStrategy\PokerStrategy Equilator\Equilator.exe"="C:\Program Files\PokerStrategy\PokerStrategy Equilator\Equilator.exe:*:Enabled:PokerStrategy Equilator" "C:\Program Files\Steam\steam.exe"="C:\Program Files\Steam\steam.exe:*:Enabled:Steam" "C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox" "C:\Program Files\Hamachi\hamachi.exe"="C:\Program Files\Hamachi\hamachi.exe:*:Enabled:Hamachi Client" "C:\Documents and Settings\***\Desktop\Spielezubehör\Spieleordner\Europa Universalis 3 + In Nomine full patched\eu3game.exe"="C:\Documents and Settings\***\Desktop\Spielezubehör\Spieleordner\Europa Universalis 3 + In Nomine full patched\eu3game.exe:*:Enabled:eu3game" "H:\Games\geckrackte Games\Activision\Call of Duty - World at War\CoDWaW.exe"="H:\Games\geckrackte Games\Activision\Call of Duty - World at War\CoDWaW.exe:*:Enabled:Call of Duty(R): World at War Campaign/Coop" "C:\Program Files\Atari\Neverwinter Nights 2\nwn2main.exe"="C:\Program Files\Atari\Neverwinter Nights 2\nwn2main.exe:*:Enabled:Neverwinter Nights 2 Main" "C:\Program Files\Atari\Neverwinter Nights 2\nwn2main_amdxp.exe"="C:\Program Files\Atari\Neverwinter Nights 2\nwn2main_amdxp.exe:*:Enabled:Neverwinter Nights 2 AMD" "C:\Program Files\Atari\Neverwinter Nights 2\nwupdate.exe"="C:\Program Files\Atari\Neverwinter Nights 2\nwupdate.exe:*:Enabled:Neverwinter Nights 2 Updater" "C:\Program Files\Atari\Neverwinter Nights 2\nwn2server.exe"="C:\Program Files\Atari\Neverwinter Nights 2\nwn2server.exe:*:Enabled:Neverwinter Nights 2 Server" "C:\Program Files\THQ\Titan Quest\Titan Quest.exe"="C:\Program Files\THQ\Titan Quest\Titan Quest.exe:*:Enabled:Titan Quest" "C:\Program Files\Ubisoft\Tom Clancy's Splinter Cell Double Agent\SCDA-Offline\System\SplinterCell4.exe"="C:\Program Files\Ubisoft\Tom Clancy's Splinter Cell Double Agent\SCDA-Offline\System\SplinterCell4.exe:*:Enabled:SplinterCell4" "C:\Program Files\Electronic Arts\EADM\Core.exe"="C:\Program Files\Electronic Arts\EADM\Core.exe:*:Enabled:EA Download Manager" "C:\Program Files\THQ\Titan Quest Immortal Throne\Tqit.exe"="C:\Program Files\THQ\Titan Quest Immortal Throne\Tqit.exe:*:Enabled:Tqit" "C:\Program Files\Stardock Games\Sins of a Solar Empire\Sins of a Solar Empire.exe"="C:\Program Files\Stardock Games\Sins of a Solar Empire\Sins of a Solar Empire.exe:*:Enabled:Sins of a Solar Empire" "C:\Program Files\JoWooD\Die Gilde 2 - King Edition\GuildII.exe"="C:\Program Files\JoWooD\Die Gilde 2 - King Edition\GuildII.exe:*:Enabled:GuildII" "C:\Program Files\Sierra\Homeworld2\Bin\Release\Homeworld2.exe"="C:\Program Files\Sierra\Homeworld2\Bin\Release\Homeworld2.exe:*:Enabled:Homeworld2" "C:\WINDOWS\system32\dpnsvr.exe"="C:\WINDOWS\system32\dpnsvr.exe:*:Enabled:Microsoft DirectPlay8 Server" "C:\Documents and Settings\***\Desktop\Call of Duty 5 - World at War\CoDWaW.exe"="C:\Documents and Settings\***\Desktop\Call of Duty 5 - World at War\CoDWaW.exe:*:Enabled:Call of Duty(R): World at War Campaign/Coop" "C:0\Games\geckrackte Games\Left4Dead\left4dead.exe"="C:0\Games\geckrackte Games\Left4Dead\left4dead.exe:*:Enabled:left4dead.exe" "C:\Program Files\Java\jre6\bin\javaw.exe"="C:\Program Files\Java\jre6\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary" "C:\Program Files\Java\jre6\bin\java.exe"="C:\Program Files\Java\jre6\bin\java.exe:*:Enabled:Java(TM) Platform SE binary" "C:\Documents and Settings\***\Desktop\Spielezubehör\Spieleordner\Left4Dead\left4dead.exe"="C:\Documents and Settings\***\Desktop\Spielezubehör\Spieleordner\Left4Dead\left4dead.exe:*:Enabled:left4dead" "C:\Program Files\Team JPN\Resident Evil 5\RE5DX9.EXE"="C:\Program Files\Team JPN\Resident Evil 5\RE5DX9.EXE:*:Enabled:RESIDENT EVIL 5" "C:\Documents and Settings\***\Desktop\Spielezubehör\Spieleordner\Europa Universalis 3 on Main\eu3game.exe"="C:\Documents and Settings\***\Desktop\Spielezubehör\Spieleordner\Europa Universalis 3 on Main\eu3game.exe:*:Enabled:eu3game" "C:\Program Files\Codemasters\Der Herr der Ringe Online\lotroclient.exe"="C:\Program Files\Codemasters\Der Herr der Ringe Online\lotroclient.exe:*:Enabled:lotroclient" "C:\WINDOWS\system32\rundll32.exe"="C:\WINDOWS\system32\rundll32.exe:* isabled:Run a DLL as an App""C:\Program Files\Electronic Arts\Dead Space\Dead Space.exe"="C:\Program Files\Electronic Arts\Dead Space\Dead Space.exe:*:Enabled ead Space ™""C:\Program Files\Activision\Prototype\prototypef.exe"="C:\Program Files\Activision\Prototype\prototypef.exe:*:Enabled:Prototype(TM)" "C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager" "C:\WINDOWS\system32\dpvsetup.exe"="C:\WINDOWS\system32\dpvsetup.exe:* isabled:Microsoft DirectPlay Voice Test""C:\Program Files\Steam\SteamApps\common\empire total war\Empire.exe"="C:\Program Files\Steam\SteamApps\common\empire total war\Empire.exe:*:Enabled:Empire: Total War" "C:\Program Files\2K Games\Gearbox Software\Borderlands\Binaries\Borderlands.exe"="C:\Program Files\2K Games\Gearbox Software\Borderlands\Binaries\Borderlands.exe:*:Enabled:Borderlands" "C:\Program Files\505games\1C\Men of War\mow.exe"="C:\Program Files\505games\1C\Men of War\mow.exe:*:Enabled:Main executable" "C:\Program Files\Paradox Interactive\Europa Universalis III\eu3game.exe"="C:\Program Files\Paradox Interactive\Europa Universalis III\eu3game.exe:*:Enabled:eu3game" "C:\Program Files\Xfire\Xfire.exe"="C:\Program Files\Xfire\Xfire.exe:*:Enabled:Xfire" "C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{06f941c0-76cf-11de-9d31-000df04a9bc6}] shell\AutoRun\command - G:\AutoRun.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{06f941c1-76cf-11de-9d31-000df04a9bc6}] shell\AutoRun\command - G:\AutoRun.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2949d9da-e141-11dd-9b97-be1b401789c4}] shell\AutoRun\command - F:\AutoRun.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2c7d5d91-75fe-11de-9d2f-000df04a9bc6}] shell\AutoRun\command - G:\AutoRun.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2c7d5d92-75fe-11de-9d2f-000df04a9bc6}] shell\AutoRun\command - G:\AutoRun.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2f48ba38-c6dc-11de-9dde-000df04a9bc6}] shell\AutoRun\command - H:\AutoRun.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{33fb7675-7202-11de-9d20-000df04a9bc6}] shell\AutoRun\command - G:\AutoRun.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{33fb7676-7202-11de-9d20-000df04a9bc6}] shell\AutoRun\command - G:\AutoRun.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{33fb7677-7202-11de-9d20-000df04a9bc6}] shell\AutoRun\command - G:\AutoRun.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{48439d36-7456-11de-9d27-000df04a9bc6}] shell\AutoRun\command - G:\AutoRun.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4a5e42b6-3643-11de-9c92-000df04a9bc6}] shell\AutoRun\command - H:\AutoRun.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4a5e42bd-3643-11de-9c92-000df04a9bc6}] shell\AutoRun\command - H:\AutoRun.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4a5e42c0-3643-11de-9c92-000df04a9bc6}] shell\AutoRun\command - F:\AutoRun.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4a5e42c1-3643-11de-9c92-000df04a9bc6}] shell\AutoRun\command - F:\AutoRun.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4a5e42c4-3643-11de-9c92-000df04a9bc6}] shell\AutoRun\command - F:\AutoRun.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4a5e42c5-3643-11de-9c92-000df04a9bc6}] shell\AutoRun\command - G:\AutoRun.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4a5e42c7-3643-11de-9c92-000df04a9bc6}] shell\AutoRun\command - F:\AutoRun.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{55251c38-c7fc-11de-9de5-000df04a9bc6}] shell\AutoRun\command - G:\AutoRun.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{55251c39-c7fc-11de-9de5-000df04a9bc6}] shell\AutoRun\command - G:\AutoRun.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5a2234c6-238a-11de-9c60-000df04a9bc6}] shell\AutoRun\command - F:\AutoRun.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5a2234c7-238a-11de-9c60-000df04a9bc6}] shell\AutoRun\command - F:\AutoRun.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{600c9989-72c9-11de-9d21-000df04a9bc6}] shell\AutoRun\command - H:\AutoRun.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6df76917-7589-11de-9d2d-000df04a9bc6}] shell\AutoRun\command - G:\AutoRun.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6df76918-7589-11de-9d2d-000df04a9bc6}] shell\AutoRun\command - G:\AutoRun.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{727b9188-3b28-11de-9c9c-000df04a9bc6}] shell\AutoRun\command - H:\AutoRun.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7953d719-eaf6-11dd-9bc8-0009df808f57}] shell\AutoRun\command - F:\AutoRun.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7ef87761-d885-11de-9e14-000df04a9bc6}] shell\AutoRun\command - G:\AutoRun.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8ce8d810-7781-11de-9d33-000df04a9bc6}] shell\AutoRun\command - G:\AutoRun.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8ce8d811-7781-11de-9d33-000df04a9bc6}] shell\AutoRun\command - G:\AutoRun.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8ce8d815-7781-11de-9d33-000df04a9bc6}] shell\AutoRun\command - G:\AutoRun.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8ce8d816-7781-11de-9d33-000df04a9bc6}] shell\AutoRun\command - G:\AutoRun.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9498accc-72ca-11de-9d22-000df04a9bc6}] shell\AutoRun\command - G:\AutoRun.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9498acce-72ca-11de-9d22-000df04a9bc6}] shell\AutoRun\command - G:\AutoRun.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9498acd2-72ca-11de-9d22-000df04a9bc6}] shell\AutoRun\command - H:\AutoRun.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{97aed3b8-514c-11de-9cca-000df04a9bc6}] shell\AutoRun\command - F:\AutoRun.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a3510fa6-e149-11dd-9b9a-000df04a9bc6}] shell\AutoRun\command - E:\AutoRun.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a3510fa9-e149-11dd-9b9a-000df04a9bc6}] shell\AutoRun\command - E:\AutoRun.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a3510faa-e149-11dd-9b9a-000df04a9bc6}] shell\AutoRun\command - F:\AutoRun.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a84d2a8c-3a20-11de-9c9a-000df04a9bc6}] shell\AutoRun\command - F:\AutoRun.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a84d2a8f-3a20-11de-9c9a-000df04a9bc6}] shell\AutoRun\command - G:\AutoRun.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{aa3f3b9d-e3b2-11dd-9bab-000df04a9bc6}] shell\AutoRun\command - E:\AutoRun.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b53ca5e2-787a-11de-9d35-000df04a9bc6}] shell\AutoRun\command - G:\AutoRun.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b53ca5e3-787a-11de-9d35-000df04a9bc6}] shell\AutoRun\command - G:\AutoRun.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b5a5b078-3291-11de-9c89-000df04a9bc6}] shell\AutoRun\command - F:\AutoRun.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bbebec66-3969-11de-9c98-000df04a9bc6}] shell\AutoRun\command - H:\AutoRun.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bc184d8a-7c29-11de-9d3e-0009df808f57}] shell\AutoRun\command - G:\AutoRun.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bc184d8b-7c29-11de-9d3e-0009df808f57}] shell\AutoRun\command - G:\AutoRun.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bc184d8c-7c29-11de-9d3e-0009df808f57}] shell\AutoRun\command - G:\AutoRun.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bc184d92-7c29-11de-9d3e-0009df808f57}] shell\AutoRun\command - H:\AutoRun.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bc184d93-7c29-11de-9d3e-0009df808f57}] shell\AutoRun\command - G:\AutoRun.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bc887fe2-e43a-11dd-9bac-000df04a9bc6}] shell\AutoRun\command - E:\AutoRun.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bc887fe3-e43a-11dd-9bac-000df04a9bc6}] shell\AutoRun\command - F:\AutoRun.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c422eea1-34a7-11de-9c8d-000df04a9bc6}] shell\AutoRun\command - F:\AutoRun.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cb14cf39-85a0-11de-9d51-000df04a9bc6}] shell\AutoRun\command - G:\AutoRun.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cb14cf3a-85a0-11de-9d51-000df04a9bc6}] shell\AutoRun\command - G:\AutoRun.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d0926e4e-e1d0-11dd-9ba0-000df04a9bc6}] shell\AutoRun\command - E:\AutoRun.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f0ddaa56-2e9a-11de-9c7f-000df04a9bc6}] shell\AutoRun\command - F:\AutoRun.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f8822886-3818-11de-9c96-000df04a9bc6}] shell\AutoRun\command - F:\AutoRun.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f8822887-3818-11de-9c96-000df04a9bc6}] shell\AutoRun\command - F:\AutoRun.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f8822888-3818-11de-9c96-000df04a9bc6}] shell\AutoRun\command - F:\AutoRun.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f8822889-3818-11de-9c96-000df04a9bc6}] shell\AutoRun\command - F:\AutoRun.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fb36dddb-790d-11de-9d38-000df04a9bc6}] shell\AutoRun\command - G:\AutoRun.exe ======List of files/folders created in the last 1 months====== 2010-02-23 12:01:05 ----D---- C:\rsit 2010-02-23 10:13:52 ----D---- C:\Documents and Settings\***\Application Data\Malwarebytes 2010-02-23 10:13:45 ----D---- C:\Program Files\Malwarebytes' Anti-Malware 2010-02-23 10:13:45 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes 2010-02-23 10:08:59 ----D---- C:\Program Files\CCleaner 2010-02-20 16:14:21 ----D---- C:\Program Files\Spybot - Search & Destroy 2010-02-20 16:14:21 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2010-02-16 01:10:52 ----D---- C:\Program Files\Call of Duty Modern Warfare 2 2010-02-12 07:41:15 ----D---- C:\Program Files\XfireXO 2010-02-12 07:41:15 ----D---- C:\Program Files\Conduit 2010-02-12 07:41:07 ----D---- C:\Documents and Settings\***\Application Data\Xfire 2010-02-12 07:41:03 ----D---- C:\Program Files\Xfire 2010-02-11 04:16:10 ----A---- C:\WINDOWS\system32\xfcodec.dll 2010-02-11 03:02:28 ----HDC---- C:\WINDOWS\$NtUninstallKB978262$ 2010-02-11 03:02:24 ----HDC---- C:\WINDOWS\$NtUninstallKB971468$ 2010-02-11 02:59:43 ----HDC---- C:\WINDOWS\$NtUninstallKB978037$ 2010-02-11 02:59:39 ----HDC---- C:\WINDOWS\$NtUninstallKB975713$ 2010-02-11 02:59:34 ----HDC---- C:\WINDOWS\$NtUninstallKB978251$ 2010-02-11 02:59:28 ----HDC---- C:\WINDOWS\$NtUninstallKB975560$ 2010-02-11 02:59:21 ----HDC---- C:\WINDOWS\$NtUninstallKB977914$ 2010-02-11 02:59:09 ----HDC---- C:\WINDOWS\$NtUninstallKB978706$ 2010-02-11 02:58:50 ----HDC---- C:\WINDOWS\$NtUninstallKB977165$ ======List of files/folders modified in the last 1 months====== 2010-02-23 12:01:12 ----D---- C:\WINDOWS\Prefetch 2010-02-23 10:13:47 ----D---- C:\WINDOWS\system32\drivers 2010-02-23 10:13:45 ----D---- C:\Program Files 2010-02-23 10:11:05 ----D---- C:\WINDOWS\Debug 2010-02-23 10:11:05 ----AD---- C:\WINDOWS 2010-02-23 10:03:38 ----D---- C:\WINDOWS\Temp 2010-02-23 10:03:25 ----D---- C:\WINDOWS\system32\CatRoot2 2010-02-23 10:03:24 ----SD---- C:\WINDOWS\Tasks 2010-02-23 00:51:59 ----N---- C:\WINDOWS\SchedLgU.Txt 2010-02-23 00:51:47 ----D---- C:\Documents and Settings\***\Application Data\ICQ 2010-02-22 20:32:23 ----D---- C:\Program Files\SpeedFan 2010-02-21 17:35:01 ----D---- C:\Documents and Settings\***\Application Data\vlc 2010-02-21 17:30:21 ----D---- C:\Documents and Settings\***\Application Data\dvdcss 2010-02-20 17:19:56 ----D---- C:\WINDOWS\system32 2010-02-20 17:06:58 ----HD---- C:\Program Files\InstallShield Installation Information 2010-02-20 15:03:43 ----D---- C:\Documents and Settings\***\Application Data\Skype 2010-02-20 13:26:39 ----D---- C:\Documents and Settings\***\Application Data\skypePM 2010-02-19 17:19:58 ----HD---- C:\WINDOWS\inf 2010-02-18 18:45:16 ----D---- C:\Program Files\Mozilla Firefox 2010-02-15 20:14:20 ----D---- C:\Program Files\Steam 2010-02-11 03:02:28 ----HD---- C:\WINDOWS\$hf_mig$ 2010-02-11 03:02:26 ----RSHDC---- C:\WINDOWS\system32\dllcache 2010-02-06 22:44:36 ----SHD---- C:\WINDOWS\Installer 2010-02-06 22:44:13 ----D---- C:\Program Files\Google 2010-02-01 20:26:20 ----A---- C:\WINDOWS\system32\MRT.exe 2010-01-31 01:25:08 ----A---- C:\WINDOWS\ModemLog_HUAWEI Mobile Connect - 3G Modem.txt 2010-01-30 17:01:52 ----D---- C:\Program Files\DivX 2010-01-30 16:52:59 ----D---- C:\WINDOWS\system32\DirectX 2010-01-30 16:44:02 ----D---- C:\Program Files\ICQ6Toolbar 2010-01-30 16:19:37 ----RSD---- C:\WINDOWS\assembly 2010-01-29 02:34:43 ----D---- C:\Documents and Settings\***\Application Data\BITS 2010-01-28 13:03:16 ----D---- C:\Program Files\Mobile Partner 2010-01-28 13:03:15 ----D---- C:\Program Files\Messenger ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 ATDrv;Antitheft Driver; C:\WINDOWS\system32\DRIVERS\ATDrv.sys [2007-03-26 14600] R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys [] R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2009-04-27 96104] R1 ElbyCDIO;ElbyCDIO Driver; C:\WINDOWS\System32\Drivers\ElbyCDIO.sys [2009-02-17 24232] R1 HPSenMgr;HP Sensor Management Driver; C:\WINDOWS\system32\DRIVERS\HPSenMgr.sys [2007-02-15 15624] R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 36352] R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592] R1 MLowCtl;Low Control Driver; C:\WINDOWS\system32\DRIVERS\MLowCtl.sys [2007-08-30 15608] R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2009-06-10 28520] R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.5.3.0; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2009-01-13 21419] R2 ASPI32;ASPI32; C:\WINDOWS\System32\drivers\aspi32.sys [2008-05-06 16512] R2 atksgt;atksgt; C:\WINDOWS\system32\DRIVERS\atksgt.sys [2009-08-03 281760] R2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\avgntflt.sys [2009-12-07 56816] R2 lirsgt;lirsgt; C:\WINDOWS\system32\DRIVERS\lirsgt.sys [2009-08-03 25888] R2 thdudf;TOSHIBA UDF2.5 Reader File System Driver; C:\WINDOWS\system32\DRIVERS\thdudf.sys [2006-11-11 66944] R3 acpihid;Intel ACPI-to-HID Mapper Driver; C:\WINDOWS\system32\DRIVERS\acpihid.sys [2007-05-31 22912] R3 AnyDVD;AnyDVD; C:\WINDOWS\System32\Drivers\AnyDVD.sys [2009-03-10 103744] R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-14 60800] R3 CmBatt;Microsoft AC Adapter Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-14 13952] R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-14 144384] R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368] R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2007-09-27 4617728] R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2008-04-14 12160] R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-14 61824] R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2008-12-25 6301344] R3 O2SDRDR;O2SDRDR; C:\WINDOWS\system32\DRIVERS\o2sd.sys [2006-12-20 35968] R3 RT73;RT73 USB Wireless LAN Card Driver; C:\WINDOWS\system32\DRIVERS\rt73.sys [2007-07-29 451456] R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys [2007-12-06 104064] R3 smserial;smserial; C:\WINDOWS\system32\DRIVERS\smserial.sys [2007-10-25 854404] R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2007-10-25 193088] R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128] R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-14 30208] R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-14 59520] R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608] R3 usbvideo;USB Video Device (WDM); C:\WINDOWS\System32\Drivers\usbvideo.sys [2008-04-14 121984] S3 aegtjghr;aegtjghr; C:\WINDOWS\system32\drivers\aegtjghr.sys [] S3 BrScnUsb;Brother USB Still Image driver; C:\WINDOWS\system32\DRIVERS\BrScnUsb.sys [2004-10-15 15295] S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-14 17024] S3 EverestDriver;Lavalys EVEREST Kernel Driver; \??\C:\Program Files\Lavalys\EVEREST Home Edition\kerneld.wnt [] S3 hamachi;Hamachi Network Interface; C:\WINDOWS\system32\DRIVERS\hamachi.sys [2009-11-06 25280] S3 hwdatacard;Huawei DataCard USB Modem and USB Serial; C:\WINDOWS\system32\DRIVERS\ewusbmdm.sys [2008-03-17 101376] S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-14 5504] S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-14 85248] S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-14 10880] S3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2008-04-14 79232] S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-14 11136] S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-14 15232] S3 tap0901t;TAP-Win32 Adapter V9 (Tunngle); C:\WINDOWS\system32\DRIVERS\tap0901t.sys [2008-09-18 25600] S3 teamviewervpn;TeamViewer VPN Adapter; C:\WINDOWS\system32\DRIVERS\teamviewervpn.sys [2008-01-07 25088] S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-14 25856] S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368] S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-14 19200] S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-29 77568] S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-29 82944] S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys [] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 AntiVirSchedulerService;Avira AntiVir Planer; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2009-06-10 108289] R2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2009-08-06 185089] R2 ICQ Service;ICQ Service; C:\Program Files\ICQ6Toolbar\ICQ Service.exe [2008-10-19 222456] R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-09-17 153376] R2 NVIDIA Performance Driver Service;NVIDIA Performance Driver Service; C:\Program Files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe [2008-12-11 3575808] R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2008-12-25 163908] R2 o2flash;O2Micro Flash Memory Card Service; C:\Program Files\O2Micro\o2flash.exe [2006-10-19 65536] R2 SmartSurferManager;SmartSurfer Manager; C:\Program Files\WEB.DE\WEB.DE SmartSurfer\SmurfService.exe [2008-10-02 132560] S2 gupdate1ca144dad101992;Google Update Service (gupdate1ca144dad101992); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-08-03 133104] S2 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-08-03 190448] S2 pgsql-8.3;PostgreSQL Database Server 8.3; C:\Program Files\PostgreSQL\8.3\bin\pg_ctl.exe [2008-02-01 65536] S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312] S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632] S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104] S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632] S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664] S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-27 441136] S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184] S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408] S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336] S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096] -----------------EOF----------------- |
|
23.02.2010, 12:39
| #5 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | TR/Dropper.gen wie bekämpfen?Zitat:
 Die (Be)nutzung von Cracks, Serials und Keygens ist illegal, somit gibt es im Trojaner-Board keinen weiteren Support mehr. Für Dich geht es hier weiter => Neuaufsetzen des Systems Bitte auch alle Passwörter abändern (für E-Mail-Konten, StudiVZ, Ebay...einfach alles!) da nicht selten in dieser dubiosen Software auch Keylogger und Backdoorfunktionen stecken. Danach nie wieder sowas anrühren!
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
| Themen zu TR/Dropper.gen wie bekämpfen? |
| 1.exe, adobe, antivir, antivir guard, avira, bho, desktop, excel, firefox, google, gupdate, hijack, hijack this, hijackthis, internet, internet explorer, logfile, mozilla, performance, plug-in, rundll, software, system, tr/dropper.gen, virus, web.de, windows, windows xp |
Linear-Darstellung
