| |
| |||||||
Log-Analyse und Auswertung: TR/Drooper.gen ProblemWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
12.03.2010, 16:15
| #1 |
| |  TR/Drooper.gen Problem Hallo, Ich möchte hier mein Problem reinschreiben,denn ich hab mir vor kurzem ein Programm runtergeladen und jetzt habe ich das Problem,dass bei mir immer die Meldung TR/Drooper.gen vom Antivirus erscheint.Ich habe mir auch schon Malwarebytes runtergeladen und alles gescannt und repariert,dennoch bekomme ich immer wieder diese Meldung.Nun habe ich HijackThis runtergeladen und einen logfile an euch und hoffe jemand kann mir helfen. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 03:48:24, on 10.03.2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.exe C:\WINDOWS\system32\spoolsv.exe C:\Programme\Avira\AntiVir Desktop\sched.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\RTHDCPL.EXE C:\Programme\Multimedia Card Reader\shwicon2k.exe C:\Programme\iTunes\iTunesHelper.exe C:\Programme\Avira\AntiVir Desktop\avgnt.exe C:\Programme\Java\jre6\bin\jusched.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\WINDOWS\system32\ctfmon.exe C:\Programme\Skype\Phone\Skype.exe C:\Programme\Avira\AntiVir Desktop\avguard.exe C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Programme\Bonjour\mDNSResponder.exe C:\WINDOWS\system32\svchost.exe C:\Programme\Java\jre6\bin\jqs.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Programme\NVIDIA Corporation\System Update\UpdateCenterService.exe C:\Programme\iPod\bin\iPodService.exe C:\WINDOWS\System32\alg.exe C:\Programme\Mozilla Firefox\firefox.exe C:\Programme\Adobe\Acrobat 6.0\Reader\AcroRd32.exe C:\Programme\Trend Micro\HijackThis\HijackThis.exe C:\Programme\Malwarebytes' Anti-Malware\mbam.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.web.de/home R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.web.de R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://go.web.de/suchbox/webdesuche?su=%s R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer R3 - URLSearchHook: Niooiee@Mail.Ru - {09900DE8-1DCA-443F-9243-26FF581438AF} - c:\programme\Mail.Ru\Sputnik\MailRuSputnik.dll R3 - URLSearchHook: (no name) - {83821C2B-32A8-4DD7-B6D4-44309A78E668} - (no file) R3 - URLSearchHook: (no name) - - (no file) F2 - REG:system.ini: Shell=Explorer.exe rundll32.exe hdpy.eio hvkwfto F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\sdra64.exe, O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file) O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Niooiee@Mail.Ru - {8984B388-A5BB-4DF7-B274-77B879E179DB} - c:\programme\Mail.Ru\Sputnik\MailRuSputnik.dll O2 - BHO: (no name) - {8A9D74F9-560B-4FE7-ABEB-3B2E638E5CD6} - (no file) O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programme\Windows Live Toolbar\msntb.dll O2 - BHO: WEB.DE Browser Configuration by mquadr.at - {D48FF4B4-E68F-47D1-8E25-81A0F0EEB341} - C:\WINDOWS\system32\ieconfig_1und1.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Programme\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Programme\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O3 - Toolbar: Niooiee@Mail.Ru - {09900DE8-1DCA-443F-9243-26FF581438AF} - c:\programme\Mail.Ru\Sputnik\MailRuSputnik.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programme\Windows Live Toolbar\msntb.dll O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [Sunkist2k] C:\Programme\Multimedia Card Reader\shwicon2k.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Programme\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [avgnt] "C:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [MAgent] C:\Programme\Mail.Ru\Agent\MAgent.exe -LM O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Skype] "C:\Programme\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\RunOnce: [Shockwave Updater] C:\WINDOWS\system32\Adobe\SHOCKW~1\SWHELP~1.EXE -Update -1103470 -"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; Mozilla/4.0 (compatible; MSIE 7.0; Win32; 1&1); Mozilla/4.0 (compatible; MSIE 8.0; Win32; WEB.DE); GTB6; MRSPUTNIK 2, 1, 0, 4 HW; MRA 5.5 (build 02842); Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) ; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)" -"http://sunn.ath.cx/client?shortcut=roomomatic" O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: &Windows Live Search - res://C:\Programme\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: Mail.Ru Aaaio - {7558B7E5-7B26-4201-BEDB-00D5FF534523} - C:\Programme\Mail.Ru\Agent\magent.exe O9 - Extra 'Tools' menuitem: Mail.Ru Aaaio - {7558B7E5-7B26-4201-BEDB-00D5FF534523} - C:\Programme\Mail.Ru\Agent\magent.exe O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O16 - DPF: {34DC6011-88B5-4EA9-BA7A-DC7B4F4437FE} (JordanUploader Class) - http://www.lidl-fotos.de/ips-opdata/layout/lidl02/objects/jordan-canvasx.cab O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase8942.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\avguard.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Bonjour-Dienst (Bonjour Service) - Apple Inc. - C:\Programme\Bonjour\mDNSResponder.exe O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Programme\Google\Update\GoogleUpdate.exe O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Programme\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programme\Java\jre6\bin\jqs.exe O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing) O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Update Center Service (UpdateCenterService) - NVIDIA - C:\Programme\NVIDIA Corporation\System Update\UpdateCenterService.exe -- End of file - 9071 bytes |
|
12.03.2010, 17:01
| #2 | |
| /// Winkelfunktion /// TB-Süch-Tiger™   | TR/Drooper.gen Problem Hallo,
__________________Zitat:
 Poste bitte auch RSIT Logfiles.
__________________ |
|
12.03.2010, 19:16
| #3 |
| | TR/Drooper.gen Problem Also ich hab das von Malwarebytes gelöscht ausversehen,ich starte jetzt aber einen neuen scan.Bei mir geht auch auf einmal keiner meiner Internet browser wie z.B. Firefox oder Internet Explorer.Also meine browser stürzen immer ab,sodass ich nicht mehr ins Internet kann.Außerdem habe ich meinen Avira antivirus alles überprüfen lassen und habe alle viruse gelöscht,jedoch erscheinen bei mir weiterhin Virusmeldungen!
__________________Logfile of random's system information tool 1.06 (written by random/random) Run by Ivan at 2010-03-10 06:43:23 Microsoft Windows XP Home Edition Service Pack 3 System drive C: has 197 GB (83%) free of 238 GB Total RAM: 2047 MB (68% free) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 06:43:27, on 10.03.2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Programme\Avira\AntiVir Desktop\sched.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\RTHDCPL.EXE C:\Programme\Multimedia Card Reader\shwicon2k.exe C:\Programme\iTunes\iTunesHelper.exe C:\Programme\Avira\AntiVir Desktop\avgnt.exe C:\Programme\Java\jre6\bin\jusched.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\WINDOWS\system32\ctfmon.exe C:\Programme\Skype\Phone\Skype.exe C:\Programme\Avira\AntiVir Desktop\avguard.exe C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Programme\Bonjour\mDNSResponder.exe C:\Programme\Java\jre6\bin\jqs.exe C:\WINDOWS\system32\svchost.exe C:\Programme\NVIDIA Corporation\System Update\UpdateCenterService.exe C:\WINDOWS\system32\wuauclt.exe C:\Programme\iPod\bin\iPodService.exe C:\Programme\Mozilla Firefox\firefox.exe C:\Programme\Malwarebytes' Anti-Malware\mbam.exe C:\Dokumente und Einstellungen\Ivan\Desktop\RSIT.exe C:\Programme\Trend Micro\HijackThis\Ivan.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = WEB.DE - E-Mail - Suche - DSL - Modem - Shopping - Entertainment R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = WEB.DE - E-Mail - Suche - DSL - Modem - Shopping - Entertainment R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN, Messenger und Hotmail sowie Nachrichten, Unterhaltung, Video, Sport, Lifestyle, Finanzen, Auto uvm. bei MSN R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN, Messenger und Hotmail sowie Nachrichten, Unterhaltung, Video, Sport, Lifestyle, Finanzen, Auto uvm. bei MSN R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = WEB.DE Suche - einfach, schnell und relevant! R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer R3 - URLSearchHook: Niooiee@Mail.Ru - {09900DE8-1DCA-443F-9243-26FF581438AF} - c:\programme\Mail.Ru\Sputnik\MailRuSputnik.dll R3 - URLSearchHook: (no name) - {83821C2B-32A8-4DD7-B6D4-44309A78E668} - (no file) R3 - URLSearchHook: (no name) - - (no file) O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file) O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Niooiee@Mail.Ru - {8984B388-A5BB-4DF7-B274-77B879E179DB} - c:\programme\Mail.Ru\Sputnik\MailRuSputnik.dll O2 - BHO: (no name) - {8A9D74F9-560B-4FE7-ABEB-3B2E638E5CD6} - (no file) O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programme\Windows Live Toolbar\msntb.dll O2 - BHO: WEB.DE Browser Configuration by mquadr.at - {D48FF4B4-E68F-47D1-8E25-81A0F0EEB341} - C:\WINDOWS\system32\ieconfig_1und1.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Programme\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Programme\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O3 - Toolbar: Niooiee@Mail.Ru - {09900DE8-1DCA-443F-9243-26FF581438AF} - c:\programme\Mail.Ru\Sputnik\MailRuSputnik.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programme\Windows Live Toolbar\msntb.dll O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [Sunkist2k] C:\Programme\Multimedia Card Reader\shwicon2k.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Programme\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [avgnt] "C:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [MAgent] C:\Programme\Mail.Ru\Agent\MAgent.exe -LM O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Skype] "C:\Programme\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\RunOnce: [Shockwave Updater] C:\WINDOWS\system32\Adobe\SHOCKW~1\SWHELP~1.EXE -Update -1103470 -"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; Mozilla/4.0 (compatible; MSIE 7.0; Win32; 1&1); Mozilla/4.0 (compatible; MSIE 8.0; Win32; WEB.DE); GTB6; MRSPUTNIK 2, 1, 0, 4 HW; MRA 5.5 (build 02842); Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) ; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)" -"http://sunn.ath.cx/client?shortcut=roomomatic" O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: &Windows Live Search - res://C:\Programme\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: Add to Windows &Live Favorites - Welcome to Windows Live O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: Mail.Ru Aaaio - {7558B7E5-7B26-4201-BEDB-00D5FF534523} - C:\Programme\Mail.Ru\Agent\magent.exe O9 - Extra 'Tools' menuitem: Mail.Ru Aaaio - {7558B7E5-7B26-4201-BEDB-00D5FF534523} - C:\Programme\Mail.Ru\Agent\magent.exe O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O16 - DPF: {34DC6011-88B5-4EA9-BA7A-DC7B4F4437FE} (JordanUploader Class) - http://www.lidl-fotos.de/ips-opdata/...an-canvasx.cab O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/res...scbase8942.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\avguard.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Bonjour-Dienst (Bonjour Service) - Apple Inc. - C:\Programme\Bonjour\mDNSResponder.exe O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Programme\Google\Update\GoogleUpdate.exe O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Programme\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programme\Java\jre6\bin\jqs.exe O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing) O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Update Center Service (UpdateCenterService) - NVIDIA - C:\Programme\NVIDIA Corporation\System Update\UpdateCenterService.exe -- End of file - 8705 bytes ======Scheduled tasks folder====== C:\WINDOWS\tasks\AppleSoftwareUpdate.job C:\WINDOWS\tasks\Auf Updates fur Windows Live Toolbar prufen.job C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job C:\WINDOWS\tasks\User_Feed_Synchronization-{8E4B2039-D995-42E6-9246-548FA0F77CE9}.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}] AcroIEHlprObj Class - C:\Programme\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll [2003-11-03 54248] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8984B388-A5BB-4DF7-B274-77B879E179DB}] MailRuBHO Class - c:\programme\Mail.Ru\Sputnik\MailRuSputnik.dll [2009-11-02 826032] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8A9D74F9-560B-4FE7-ABEB-3B2E638E5CD6}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}] Windows Live Toolbar Helper - C:\Programme\Windows Live Toolbar\msntb.dll [2006-10-10 544032] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D48FF4B4-E68F-47D1-8E25-81A0F0EEB341}] WEB.DE Browser Configuration by mquadr.at - C:\WINDOWS\system32\ieconfig_1und1.dll [2010-02-16 1204096] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] Java(tm) Plug-In 2 SSV Helper - C:\Programme\Java\jre6\bin\jp2ssv.dll [2009-10-11 41760] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}] JQSIEStartDetectorImpl Class - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-10-11 73728] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E99421FB-68DD-40F0-B4AC-B7027CAE2F1A}] EpsonToolBandKicker Class - C:\Programme\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll [2005-02-21 368640] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - EPSON Web-To-Page - C:\Programme\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll [2005-02-21 368640] {09900DE8-1DCA-443F-9243-26FF581438AF} - Niooiee@Mail.Ru - c:\programme\Mail.Ru\Sputnik\MailRuSputnik.dll [2009-11-02 826032] {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - Windows Live Toolbar - C:\Programme\Windows Live Toolbar\msntb.dll [2006-10-10 544032] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2008-04-10 16861184] "Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2005-05-03 69632] "NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648] "Sunkist2k"=C:\Programme\Multimedia Card Reader\shwicon2k.exe [2005-02-25 131072] "QuickTime Task"=C:\Programme\QuickTime\qttask.exe [2009-01-05 413696] "iTunesHelper"=C:\Programme\iTunes\iTunesHelper.exe [2009-01-06 290088] "avgnt"=C:\Programme\Avira\AntiVir Desktop\avgnt.exe [2009-03-02 209153] "MAgent"=C:\Programme\Mail.Ru\Agent\MAgent.exe [2009-11-02 7975608] "SunJavaUpdateSched"=C:\Programme\Java\jre6\bin\jusched.exe [2009-10-11 149280] "BluetoothAuthenticationAgent"=bthprops.cpl,,BluetoothAuthenticationAgent [] "NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2010-01-11 13666408] "NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2010-01-11 110696] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360] "Skype"=C:\Programme\Skype\Phone\Skype.exe [2007-02-09 25388584] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce] "Shockwave Updater"=C:\WINDOWS\system32\Adobe\SHOCKW~1\SWHELP~1.EXE [2008-11-04 460216] C:\Dokumente und Einstellungen\All Users\Startmenu\Programme\Autostart Microsoft Office.lnk - C:\Programme\Microsoft Office\Office10\OSA.EXE [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mcmscsvc] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MpfService] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PEVSystemStart] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=145 "NoDriveAutoRun"=67108863 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "HonorAutoRunSetting"= "NoResolveSearch"= "NoDriveAutoRun"= "NoDriveTypeAutoRun"= [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\Programme\InternetCalls.com\InternetCalls\InternetCalls.exe"="C:\Programme\InternetCalls.com\InternetCalls\InternetCalls.exe:*:Enabled:InternetCal ls" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\WINDOWS\system32\usmt\migwiz.exe"="C:\WINDOWS\system32\usmt\migwiz.exe:*:Enabled:Assistent zum Ubertragen von Dateien und Einstellungen" "C:\Programme\Mail.Ru\Agent\magent.exe"="C:\Programme\Mail.Ru\Agent\magent.exe:*:Enabled:Mail.Ru Агент" "C:\Programme\Bonjour\mDNSResponder.exe"="C:\Programme\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour" "C:\Programme\iTunes\iTunes.exe"="C:\Programme\iTunes\iTunes.exe:*:Enabled:iTunes" "C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\NexonEU\NGM\NGM.exe"="C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\NexonEU\NGM\NGM.exe:*:Enabled:Nexon Game Manager" "C:\Programme\Windows Live\Messenger\wlcsdk.exe"="C:\Programme\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call" "C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\NexonUS\NGM\NGM.exe"="C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\NexonUS\NGM\NGM.exe:*:Enabled:Nexon Game Manager" "C:\Programme\WarRock\WRLauncher.exe"="C:\Programme\WarRock\WRLauncher.exe:*:Enabled:WRLauncher" "C:\Programme\WarRock\WRUpdater.exe"="C:\Programme\WarRock\WRUpdater.exe:*:Enabled:WRUpdater" "C:\Programme\Avira\AntiVir Desktop\avcenter.exe"="C:\Programme\Avira\AntiVir Desktop\avcenter.exe:*:Enabled:AntiVir starten" "C:\Nexon\NEXON_EU_Downloader\NEXON_EU_Downloader_Engine.exe"="C:\Nexon\NEXON_EU_Downloader\NEXON_EU_Downloader_Engine.exe:*:Enabled:NEXON_EU_Download er_Engine" "C:\Nexon\Combat Arms EU\CombatArms.exe"="C:\Nexon\Combat Arms EU\CombatArms.exe:*Enabled:CombatArms.exe" "C:\Nexon\Combat Arms EU\Engine.exe"="C:\Nexon\Combat Arms EU\Engine.exe:*Enabled:Engine.exe" "C:\Nexon\Combat Arms EU\NMService.exe"="C:\Nexon\Combat Arms EU\NMService.exe:*:Enabled:Nexon Messenger Core" "C:\WINDOWS\Downloaded Program Files\ijjiOptimizer.exe"="C:\WINDOWS\Downloaded Program Files\ijjiOptimizer.exe:*:Enabled:ijjiOptimizer.exe" "C:\ijji\ENGLISH\u_sf\soldierfront.exe"="C:\ijji\ENGLISH\u_sf\soldierfront.exe:*:Enabled:soldierfront" "C:\Program Files\Tencent\QQMiniDownloader\comm\QQDL.exe"="C:\Program Files\Tencent\QQMiniDownloader\comm\QQDL.exe:*:Enabled:MiniQQDL" "C:\Programme\Garena\Garena.exe"="C:\Programme\Garena\Garena.exe:*:Enabled:Garena" "C:\Programme\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe"="C:\Programme\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe:*:Enabled:Crysis_32" "C:\Programme\Electronic Arts\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe"="C:\Programme\Electronic Arts\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe:*:Enabled:CrysisDedicatedServer_32" "C:\WINDOWS\system32\PnkBstrA.exe"="C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA" "C:\WINDOWS\system32\PnkBstrB.exe"="C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB" "C:\Dokumente und Einstellungen\Ivan\Eigene Dateien\ICQ\471731268\ReceivedFiles\446299889 xX_KinG-MarLoN_Xx\TeamViewer.exe"="C:\Dokumente und Einstellungen\Ivan\Eigene Dateien\ICQ\471731268\ReceivedFiles\446299889 xX_KinG-MarLoN_Xx\TeamViewer.exe:*:Enabled:TeamViewer Remote Control Application" "C:\Programme\ijji\ijji REACTOR\REACTOR.exe"="C:\Programme\ijji\ijji REACTOR\REACTOR.exe:*:Enabled:Reactor Application" "C:\Programme\Skype\Phone\Skype.exe"="C:\Programme\Skype\Phone\Skype.exe:*:Enabled:Skype" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\Programme\Windows Live\Messenger\wlcsdk.exe"="C:\Programme\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call" "C:\Nexon\Combat Arms\CombatArms.exe"="C:\Nexon\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe" "C:\Nexon\Combat Arms\Engine.exe"="C:\Nexon\Combat Arms\Engine.exe:*Enabled:Engine.exe" "C:\Nexon\Combat Arms EU\CombatArms.exe"="C:\Nexon\Combat Arms EU\CombatArms.exe:*Enabled:CombatArms.exe" "C:\Nexon\Combat Arms EU\Engine.exe"="C:\Nexon\Combat Arms EU\Engine.exe:*Enabled:Engine.exe" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f4af9746-92c5-11dd-8d5d-001e904a7394}] shell\AutoRun\command - I:\LaunchU3.exe -a ======List of files/folders created in the last 1 months====== 2010-03-10 06:43:23 ----D---- C:\rsit 2010-03-10 06:31:23 ----D---- C:\Avenger 2010-03-10 03:25:21 ----D---- C:\Programme\Trend Micro 2010-03-10 01:44:32 ----RA---- C:\WINDOWS\system32\Tem1.exe 2010-03-09 09:27:40 ----HDC---- C:\WINDOWS\$NtUninstallKB975561$ 2010-03-09 08:02:21 ----D---- C:\Programme\Paint.NET 2010-03-09 07:56:20 ----D---- C:\Fraps 2010-03-04 10:26:04 ----A---- C:\WINDOWS\system32\frapsvid.dll 2010-03-01 18:32:30 ----D---- C:\pb 2010-02-26 19:17:14 ----D---- C:\Programme\Windows Live Safety Center 2010-02-26 12:58:27 ----HDC---- C:\WINDOWS\$NtUninstallKB979306$ 2010-02-26 12:58:21 ----A---- C:\WINDOWS\imsins.BAK 2010-02-26 12:58:14 ----HDC---- C:\WINDOWS\$NtUninstallKB977165$ 2010-02-25 16:22:49 ----D---- C:\Programme\CCleaner 2010-02-16 16:52:09 ----HDC---- C:\WINDOWS\$NtUninstallKB978262$ 2010-02-16 16:49:29 ----HDC---- C:\WINDOWS\$NtUninstallKB971468$ 2010-02-16 16:49:26 ----HDC---- C:\WINDOWS\$NtUninstallKB958869$ 2010-02-16 16:49:21 ----HDC---- C:\WINDOWS\$NtUninstallKB970430$ 2010-02-16 16:49:16 ----HDC---- C:\WINDOWS\$NtUninstallKB976098-v2$ 2010-02-16 16:49:12 ----HDC---- C:\WINDOWS\$NtUninstallKB955759$ 2010-02-16 16:49:08 ----HDC---- C:\WINDOWS\$NtUninstallKB974318$ 2010-02-16 16:49:03 ----HDC---- C:\WINDOWS\$NtUninstallKB969059$ 2010-02-16 16:48:59 ----HDC---- C:\WINDOWS\$NtUninstallKB978037$ 2010-02-16 16:48:55 ----HDC---- C:\WINDOWS\$NtUninstallKB975713$ 2010-02-16 16:48:51 ----HDC---- C:\WINDOWS\$NtUninstallKB954155_WM9$ 2010-02-16 16:48:47 ----HDC---- C:\WINDOWS\$NtUninstallKB972270$ 2010-02-16 16:48:43 ----HDC---- C:\WINDOWS\$NtUninstallKB974112$ 2010-02-16 16:48:39 ----HDC---- C:\WINDOWS\$NtUninstallKB978251$ 2010-02-16 16:48:33 ----HDC---- C:\WINDOWS\$NtUninstallKB975025$ 2010-02-16 16:48:29 ----HDC---- C:\WINDOWS\$NtUninstallKB974571$ 2010-02-16 16:48:25 ----HDC---- C:\WINDOWS\$NtUninstallKB975560$ 2010-02-16 16:48:19 ----HDC---- C:\WINDOWS\$NtUninstallKB973687$ 2010-02-16 16:48:14 ----HDC---- C:\WINDOWS\$NtUninstallKB973904$ 2010-02-16 16:48:08 ----HDC---- C:\WINDOWS\$NtUninstallKB974392$ 2010-02-16 16:48:04 ----HDC---- C:\WINDOWS\$NtUninstallKB971737$ 2010-02-16 16:47:53 ----HDC---- C:\WINDOWS\$NtUninstallKB977914$ 2010-02-16 16:47:41 ----HDC---- C:\WINDOWS\$NtUninstallKB971486$ 2010-02-16 16:47:29 ----HDC---- C:\WINDOWS\$NtUninstallKB975467$ 2010-02-16 16:47:21 ----HDC---- C:\WINDOWS\$NtUninstallKB969947$ 2010-02-16 14:25:37 ----HDC---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{BA53D93D-6DA8-41AA-AD03-9D07C35074A6} 2010-02-16 14:17:42 ----HDC---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{ACD22DA6-75BE-4B73-8FEE-D4717AEBEFA5} 2010-02-16 14:17:34 ----A---- C:\WINDOWS\system32\ieconfig_1und1.dll 2010-02-16 14:16:08 ----HDC---- C:\WINDOWS\ie8 2010-02-16 14:16:08 ----D---- C:\WINDOWS\system32\de-DE 2010-02-16 13:11:39 ----D---- C:\Dokumente und Einstellungen\Ivan\Anwendungsdaten\Malwarebytes 2010-02-16 13:11:34 ----D---- C:\Programme\Malwarebytes' Anti-Malware 2010-02-16 13:11:34 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes 2010-02-13 18:31:37 ----D---- C:\Programme\Opera 2010-02-13 15:50:50 ----HDC---- C:\WINDOWS\$NtUninstallKB915865$ 2010-02-12 20:41:52 ----A---- C:\Boot.bak 2010-02-12 20:41:41 ----D---- C:\cmdcons 2010-02-12 20:40:56 ----A---- C:\WINDOWS\zip.exe 2010-02-12 20:40:56 ----A---- C:\WINDOWS\SWXCACLS.exe 2010-02-12 20:40:56 ----A---- C:\WINDOWS\SWSC.exe 2010-02-12 20:40:56 ----A---- C:\WINDOWS\SWREG.exe 2010-02-12 20:40:56 ----A---- C:\WINDOWS\sed.exe 2010-02-12 20:40:56 ----A---- C:\WINDOWS\PEV.exe 2010-02-12 20:40:56 ----A---- C:\WINDOWS\NIRCMD.exe 2010-02-12 20:40:56 ----A---- C:\WINDOWS\MBR.exe 2010-02-12 20:40:56 ----A---- C:\WINDOWS\grep.exe 2010-02-12 20:40:50 ----D---- C:\WINDOWS\ERDNT 2010-02-12 20:40:11 ----D---- C:\Qoobox ======List of files/folders modified in the last 1 months====== 2010-03-10 06:42:19 ----D---- C:\WINDOWS\system32 2010-03-10 06:42:19 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI 2010-03-10 06:39:46 ----D---- C:\Dokumente und Einstellungen\Ivan\Anwendungsdaten\Skype 2010-03-10 06:39:01 ----D---- C:\Programme\Mozilla Firefox 2010-03-10 06:38:39 ----D---- C:\WINDOWS\Temp 2010-03-10 06:38:27 ----D---- C:\WINDOWS\system32\CatRoot2 2010-03-10 06:37:13 ----A---- C:\WINDOWS\SchedLgU.Txt 2010-03-10 06:35:15 ----D---- C:\WINDOWS\Prefetch 2010-03-10 06:31:23 ----D---- C:\WINDOWS\system32\drivers 2010-03-10 06:30:39 ----HDC---- C:\WINDOWS\$NtUninstallKB973507$ 2010-03-10 03:25:21 ----RD---- C:\Programme 2010-03-09 12:54:57 ----A---- C:\WINDOWS\NeroDigital.ini 2010-03-09 10:25:44 ----D---- C:\WINDOWS 2010-03-09 09:27:45 ----HD---- C:\WINDOWS\inf 2010-03-09 09:27:42 ----RSHDC---- C:\WINDOWS\system32\dllcache 2010-03-09 09:27:42 ----D---- C:\Programme\Movie Maker 2010-03-09 09:27:22 ----HD---- C:\WINDOWS\$hf_mig$ 2010-03-09 09:25:55 ----D---- C:\WINDOWS\Debug 2010-03-09 08:02:55 ----RSD---- C:\WINDOWS\assembly 2010-03-09 08:02:36 ----SHD---- C:\WINDOWS\Installer 2010-03-09 08:02:32 ----D---- C:\WINDOWS\WinSxS 2010-03-09 07:33:26 ----D---- C:\Programme\Z8Games 2010-03-03 00:31:57 ----D---- C:\Dokumente und Einstellungen\Ivan\Anwendungsdaten\AdobeUM 2010-03-02 06:30:12 ----A---- C:\WINDOWS\system32\MRT.exe 2010-02-26 21:23:38 ----SD---- C:\WINDOWS\Tasks 2010-02-26 19:17:15 ----SD---- C:\WINDOWS\Downloaded Program Files 2010-02-26 12:58:24 ----D---- C:\WINDOWS\ie8updates 2010-02-25 20:17:54 ----HD---- C:\Programme\InstallShield Installation Information 2010-02-25 20:17:54 ----D---- C:\Programme\NVIDIA Corporation 2010-02-25 20:14:20 ----D---- C:\Programme\IObit 2010-02-25 20:08:48 ----D---- C:\WINDOWS\system32\CatRoot 2010-02-25 20:07:28 ----D---- C:\NVIDIA 2010-02-25 20:02:40 ----D---- C:\WINDOWS\Help 2010-02-25 20:01:44 ----D---- C:\Programme\Gemeinsame Dateien\Wise Installation Wizard 2010-02-25 20:01:30 ----D---- C:\Programme\AGEIA Technologies 2010-02-25 20:00:21 ----D---- C:\WINDOWS\system32\ReinstallBackups 2010-02-25 19:41:35 ----D---- C:\Programme\Dr. Hardware 2010 2010-02-25 16:24:45 ----D---- C:\WINDOWS\Minidump 2010-02-16 22:43:45 ----D---- C:\WINDOWS\Microsoft.NET 2010-02-16 16:54:19 ----D---- C:\WINDOWS\AppPatch 2010-02-16 14:19:59 ----D---- C:\WINDOWS\Media 2010-02-16 14:19:59 ----D---- C:\Programme\Internet Explorer 2010-02-16 14:19:03 ----HD---- C:\WINDOWS\msdownld.tmp 2010-02-15 19:47:15 ----D---- C:\Dokumente und Einstellungen\Ivan\Anwendungsdaten\Mozilla 2010-02-14 22:03:19 ----D---- C:\Programme\Sun 2010-02-14 22:03:18 ----DC---- C:\WINDOWS\system32\DRVSTORE 2010-02-13 19:03:15 ----D---- C:\Programme\Google 2010-02-13 19:01:30 ----D---- C:\WINDOWS\network diagnostic 2010-02-13 17:39:34 ----D---- C:\Programme\Bonjour 2010-02-13 17:39:34 ----D---- C:\Programme\Avira 2010-02-13 17:37:21 ----D---- C:\WINDOWS\system32\dhcp 2010-02-13 17:37:19 ----D---- C:\WINDOWS\system32\Adobe 2010-02-13 15:52:36 ----D---- C:\WINDOWS\ie7updates 2010-02-13 13:44:04 ----D---- C:\Dokumente und Einstellungen\Ivan\Anwendungsdaten\Arario 2010-02-13 13:30:19 ----D---- C:\Downloads 2010-02-12 20:41:52 ----RASH---- C:\boot.ini ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 avgio;avgio; \??\C:\Programme\Avira\AntiVir Desktop\avgio.sys [] R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2009-05-15 96104] R1 kbdhid;Tastatur-HID-Treiber; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14720] R1 oreans32;oreans32; \??\C:\WINDOWS\system32\drivers\oreans32.sys [] R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2009-06-09 28520] R1 WmiAcpi;Microsoft Windows-Verwaltungsschnittstelle fur ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-13 8832] R2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\avgntflt.sys [2009-12-07 56816] R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2008-04-17 15464] R3 HDAudBus;Microsoft UAA-Bustreiber fur High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384] R3 hidusb;Microsoft HID Class-Treiber; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368] R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2008-04-17 4707328] R3 LVUSBSta;Logitech USB Monitor Filter; C:\WINDOWS\system32\DRIVERS\LVUSBSta.sys [2007-05-09 41888] R3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys [] R3 mouhid;Maus-HID-Treiber; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2004-08-04 12288] R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2010-01-12 10276768] R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2007-03-06 58752] R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2007-03-06 19968] R3 nvoclock;NVIDIA Enthusiasts Platform KDM; C:\WINDOWS\system32\DRIVERS\nvoclock.sys [2009-09-15 38248] R3 PID_PEPI;Logitech QuickCam IM(PID_PEPI); C:\WINDOWS\system32\DRIVERS\LV302V32.SYS [2007-05-09 1276832] R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2004-08-04 5888] R3 SunkFilt;Alcor Micro Corp Reader; \??\C:\WINDOWS\System32\Drivers\sunkfilt.sys [] R3 usbaudio;USB-Audiotreiber (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032] R3 usbccgp;Microsoft Standard-USB-Haupttreiber; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128] R3 usbehci;Miniporttreiber fur erweiterten Microsoft USB 2.0-Hostcontroller; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208] R3 usbhub;USB2-aktivierter Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520] R3 usbohci;Miniporttreiber fur Microsoft USB Open Host-Controller; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152] R3 USBSTOR;USB-Massenspeichertreiber; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368] S3 BthEnum;Bluetooth-Anforderungsblocktreiber; C:\WINDOWS\system32\DRIVERS\BthEnum.sys [2008-04-13 17024] S3 BTHMODEM;Serieller Kommunikationstreiber fur Bluetooth; C:\WINDOWS\system32\DRIVERS\bthmodem.sys [2008-04-13 37888] S3 BthPan;Bluetooth-Gerat (PAN); C:\WINDOWS\system32\DRIVERS\bthpan.sys [2008-04-13 101120] S3 BTHPORT;Bluetooth-Porttreiber; C:\WINDOWS\System32\Drivers\BTHport.sys [2008-06-14 273024] S3 BTHUSB;USB-Treiber fur Bluetooth-Funkgerat; C:\WINDOWS\System32\Drivers\BTHUSB.sys [2008-04-13 18944] S3 CCDECODE;Untertiteldecoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024] S3 cpuz130;cpuz130; \??\C:\DOKUME~1\Ivan\LOKALE~1\Temp\cpuz130\cpuz_x32.sys [] S3 EagleNT;EagleNT; \??\C:\WINDOWS\system32\drivers\EagleNT.sys [] S3 ENTECH;ENTECH; \??\C:\WINDOWS\system32\DRIVERS\ENTECH.sys [] S3 FWLANUSB;AVM FRITZ!WLAN; C:\WINDOWS\system32\DRIVERS\fwlanusb.sys [2006-04-06 264704] S3 HidBth;Microsoft Bluetooth-HID-Miniport; C:\WINDOWS\system32\DRIVERS\hidbth.sys [2008-04-14 25856] S3 kill_mm_0105;kill_mm_0105; \??\C:\DOKUME~1\Ivan\LOKALE~1\Temp\Rar$EX00.234\killmm.dll [] S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink-Konvertierung; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504] S3 NABTSFEC;NABTS/FEC VBI-Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248] S3 NdisIP;Microsoft TV-/Videoverbindung; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880] S3 RFCOMM;Bluetooth-Gerat (RFCOMM-Protokoll-TDI); C:\WINDOWS\system32\DRIVERS\rfcomm.sys [2008-04-13 59136] S3 se59bus;Sony Ericsson Device 089 driver (WDM); C:\WINDOWS\system32\DRIVERS\se59bus.sys [2006-09-05 61536] S3 se59mdfl;Sony Ericsson Device 089 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\se59mdfl.sys [2006-09-05 9360] S3 se59mdm;Sony Ericsson Device 089 USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\se59mdm.sys [2006-09-05 97088] S3 se59mgmt;Sony Ericsson Device 089 USB WMC Device Management Drivers (WDM); C:\WINDOWS\system32\DRIVERS\se59mgmt.sys [2006-09-05 88624] S3 se59nd5;Sony Ericsson Device 089 USB Ethernet Emulation SEMC59 (NDIS); C:\WINDOWS\system32\DRIVERS\se59nd5.sys [2006-09-05 18704] S3 se59obex;Sony Ericsson Device 089 USB WMC OBEX Interface; C:\WINDOWS\system32\DRIVERS\se59obex.sys [2006-09-05 86432] S3 se59unic;Sony Ericsson Device 089 USB Ethernet Emulation SEMC59 (WDM); C:\WINDOWS\system32\DRIVERS\se59unic.sys [2006-09-05 90800] S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136] S3 streamip;BDA-IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232] S3 usbprint;Microsoft USB-Druckerklasse; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856] S3 usbscan;USB-Scannertreiber; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104] S3 vtany;vtany; \??\C:\WINDOWS\vtany.sys [] S3 WSTCODEC;World Standard Teletext-Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200] S3 XDva310;XDva310; \??\C:\WINDOWS\system32\XDva310.sys [] S3 XDva315;XDva315; \??\C:\WINDOWS\system32\XDva315.sys [] S3 XDva316;XDva316; \??\C:\WINDOWS\system32\XDva316.sys [] S3 XDva317;XDva317; \??\C:\WINDOWS\system32\XDva317.sys [] S3 XDva321;XDva321; \??\C:\WINDOWS\system32\XDva321.sys [] S3 XDva323;XDva323; \??\C:\WINDOWS\system32\XDva323.sys [] S3 XDva326;XDva326; \??\C:\WINDOWS\system32\XDva326.sys [] S3 XDva327;XDva327; \??\C:\WINDOWS\system32\XDva327.sys [] S3 XDva332;XDva332; \??\C:\WINDOWS\system32\XDva332.sys [] S3 XDva336;XDva336; \??\C:\WINDOWS\system32\XDva336.sys [] S3 XDva337;XDva337; \??\C:\WINDOWS\system32\XDva337.sys [] S3 xhunter1;xhunter1; \??\C:\WINDOWS\xhunter1.sys [] S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys [] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 AntiVirSchedulerService;Avira AntiVir Planer; C:\Programme\Avira\AntiVir Desktop\sched.exe [2009-06-09 108289] R2 AntiVirService;Avira AntiVir Guard; C:\Programme\Avira\AntiVir Desktop\avguard.exe [2009-08-05 185089] R2 Apple Mobile Device;Apple Mobile Device; C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-11-07 132424] R2 Bonjour Service;Bonjour-Dienst; C:\Programme\Bonjour\mDNSResponder.exe [2008-08-29 238888] R2 BthServ;Bluetooth Support Service; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336] R2 JavaQuickStarterService;Java Quick Starter; C:\Programme\Java\jre6\bin\jqs.exe [2009-10-11 153376] R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2010-01-11 154216] R2 UpdateCenterService;Update Center Service; C:\Programme\NVIDIA Corporation\System Update\UpdateCenterService.exe [2009-11-06 195176] R3 iPod Service;iPod-Dienst; C:\Programme\iPod\bin\iPodService.exe [2009-01-06 536872] S2 gupdate;Google Update Service (gupdate); C:\Programme\Google\Update\GoogleUpdate.exe [2009-12-30 135664] S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312] S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632] S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104] S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664] S3 npggsvc;nProtect GameGuard Service; C:\WINDOWS\system32\GameMon.des [2010-01-06 3482384] S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096] -----------------EOF----------------- info.txt logfile of random's system information tool 1.06 2010-03-10 06:43:28 ======Uninstall list====== -->C:\Programme\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL -->MsiExec /X{E10DB5DA-E576-40EA-A7FC-1CB2A7B283A6} -->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe Adobe Reader 6.0.1 - Deutsch-->MsiExec.exe /I{AC76BA86-7AD7-1031-7B44-A00000000001} Adobe Shockwave Player-->C:\WINDOWS\system32\Adobe\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Adobe\SHOCKW~1\Install.log Apple Mobile Device Support-->MsiExec.exe /I{EC4455AB-F155-4CC1-A4C5-88F3777F9886} Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033} Avira AntiVir Personal - Free Antivirus-->C:\Programme\Avira\AntiVir Desktop\setup.exe /REMOVE Bonjour-->MsiExec.exe /I{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959} Browsen mit Registerkarten (Windows Live Toolbar)-->MsiExec.exe /X{DA2C339B-A405-439B-AD24-07765EF9F233} CCleaner-->"C:\Programme\CCleaner\uninst.exe" Cross Fire En-->"C:\Programme\Z8Games\CrossFire\unins000.exe" Crysis(R)-->MsiExec.exe /I{000E79B7-E725-4F01-870A-C12942B7F8E4} EPSON Attach To Email-->C:\Programme\Gemeinsame Dateien\InstallShield\Driver\8\Intel 32\IDriver.exe /M{20C45B32-5AB6-46A4-94EF-58950CAF05E5} /l1033 ADDREMOVEDLG EPSON Copy Utility 3-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{67EDD823-135A-4D59-87BD-950616D6E857}\SETUP.EXE" -l0x19 -UnInstall EPSON Easy Photo Print-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{5DA7BC15-18D3-41A0-9F59-838DA3EAEF17}\SETUP.EXE" -l0x19 UNINST EPSON File Manager-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{E86BC406-944E-41F6-ADE6-2C136734C96B}\Setup.exe" -l0x7 UNINST EPSON Image Clip Palette-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{314F6D08-A8B7-11D8-8446-0050BA1D384D}\Setup.exe" -l0x19 -u EPSON Scan Assistant-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{2A88F1BF-7041-4E42-84B1-6B4ACB83AC64}\Setup.exe" -l0x19 -u EPSON Scan-->C:\Programme\epson\escndv\setup\setup.exe /r EPSON Web-To-Page-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{7F14F68C-17FA-4F88-B3FD-7F449C1EBF32}\SETUP.EXE" -l0x7 -anything EPSON-Drucker-Software-->C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EPUPDATE.EXE /R ESDX3800 Benutzerhandbuch-->C:\Programme\EPSON\TPMANUAL\ESDX3800\USE_G\DOCUNINS.EXE EVEREST Home Edition v2.20-->"C:\Programme\Lavalys\EVEREST Home Edition\unins000.exe" Feederkennung (Windows Live Toolbar)-->MsiExec.exe /X{3A75BDE6-418E-4DB9-8601-C9E5225E0059} Firefox 3.6 WEB.DE Edition-->"C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{BA53D93D-6DA8-41AA-AD03-9D07C35074A6}\Firefox-3.6-WEB.DE-Edition.exe" REMOVE=TRUE MODIFY=FALSE Firefox 3.6 WEB.DE Edition-->C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{BA53D93D-6DA8-41AA-AD03-9D07C35074A6}\Firefox-3.6-WEB.DE-Edition.exe Fraps-->"C:\Fraps\uninstall.exe" Futuremark SystemInfo-->"C:\Programme\InstallShield Installation Information\{BEE64C14-BEF1-4610-8A68-A16EAA47B882}\setup.exe" -runfromtemp -l0x0009 -removeonly Game Booster-->"C:\Programme\IObit\Game Booster\unins000.exe" Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2} Google Планета Земля-->MsiExec.exe /X{2EAF7E61-068E-11DF-953C-005056806466} HijackThis 2.0.2-->"C:\Programme\Trend Micro\HijackThis\HijackThis.exe" /uninstall Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT="" Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT="" Hotfix for Windows XP (KB915865)-->"C:\WINDOWS\$NtUninstallKB915865$\spuninst\spuninst.exe" Hotfix fьr Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe" Hotfix fьr Windows XP (KB961118)-->"C:\WINDOWS\$NtUninstallKB961118$\spuninst\spuninst.exe" Hotfix fьr Windows XP (KB970653-v3)-->"C:\WINDOWS\$NtUninstallKB970653-v3$\spuninst\spuninst.exe" Hotfix fьr Windows XP (KB976098-v2)-->"C:\WINDOWS\$NtUninstallKB976098-v2$\spuninst\spuninst.exe" Hotfix fьr Windows XP (KB979306)-->"C:\WINDOWS\$NtUninstallKB979306$\spuninst\spuninst.exe" InternetExplorer-WEB.DE-Addon-->"C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{ACD22DA6-75BE-4B73-8FEE-D4717AEBEFA5}\InternetExplorer-WEB.DE-addon.exe" REMOVE=TRUE MODIFY=FALSE InternetExplorer-WEB.DE-Addon-->C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{ACD22DA6-75BE-4B73-8FEE-D4717AEBEFA5}\InternetExplorer-WEB.DE-addon.exe iTunes-->MsiExec.exe /I{F5C63795-2708-4D15-BF18-5ABBFF7DFFC8} J2SE Runtime Environment 5.0-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150000} Java(TM) 6 Update 17-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF} Java(TM) 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070} Mail.Ru Агент 5.5 (сборка 2842, для всех пользователей)-->C:\Programme\Mail.Ru\Agent\magentsetup.exe -uninstalllm Mail.Ru Спутник 2.1.0.4-->c:\programme\mail.ru\sputnik\SputnikInstaller.exe -uninstall Malwarebytes' Anti-Malware-->"C:\Programme\Malwarebytes' Anti-Malware\unins000.exe" Microsoft .NET Framework 1.1 German Language Pack-->MsiExec.exe /X{E78BFA60-5393-4C38-82AB-E8019E464EB4} Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp" Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7} Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} Microsoft Choice Guard-->MsiExec.exe /X{F0E12BBA-AD66-4022-A453-A1C8A0C4D570} Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe" Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe" Microsoft Office XP Professional mit FrontPage-->MsiExec.exe /I{90280407-6000-11D3-8CFE-0050048383C9} Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118} Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d} Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148-->MsiExec.exe /X{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C} Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475} Mozilla Firefox (3.0.3)-->C:\Programme\Mozilla Firefox\uninstall\helper.exe MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94} Multimedia Card Reader-->C:\Programme\Gemeinsame Dateien\InstallShield\Driver\8\Intel 32\IDriver.exe /M{CA529363-D0F2-41EA-B44B-D7515A254645} Nero Suite-->C:\Programme\Gemeinsame Dateien\Nero\Uninstall\Setupx.exe /uninstall ExtraUninstallID="" NVIDIA Display Control Panel-->C:\Programme\NVIDIA Corporation\Uninstall\nvuninst.exe DisplayControlPanel NVIDIA Drivers-->C:\Programme\NVIDIA Corporation\Uninstall\nvuninst.exe UninstallGUI NVIDIA nView Desktop Manager-->C:\Programme\NVIDIA Corporation\nView\nViewSetup.exe -uninstall NVIDIA PhysX-->MsiExec.exe /X{E10DB5DA-E576-40EA-A7FC-1CB2A7B283A6} NVIDIA System Monitor-->"C:\Programme\InstallShield Installation Information\{E9CFBE78-ED91-4FCF-9E6F-210E477E527D}\setup.exe" -runfromtemp -l0x0419 -removeonly NVIDIA System Monitor-->MsiExec.exe /I{E9CFBE78-ED91-4FCF-9E6F-210E477E527D} NVIDIA System Update-->"C:\Programme\InstallShield Installation Information\{65A92AAA-3D05-4C94-9F70-731C05E60C16}\setup.exe" -runfromtemp -l0x0419 -removeonly NVIDIA System Update-->MsiExec.exe /I{65A92AAA-3D05-4C94-9F70-731C05E60C16} OneCare Advisor (Windows Live Toolbar)-->MsiExec.exe /X{135D3939-F9CD-4520-A008-9C4B852A2DBC} OpenOffice.org Installer 1.0-->MsiExec.exe /X{E728E952-DD4F-4BCD-A5C8-40FBFEFF91FE} Paint.NET v3.5.4-->MsiExec.exe /X{053B3DA8-91B5-4682-A130-715412A1A252} PIF DESIGNER-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{B90450DF-E781-46FD-B1F1-0C86DA40E443}\SETUP.EXE" -l0x7 anything Popupblocker (Windows Live Toolbar)-->MsiExec.exe /X{151ACDE2-C3AC-43AA-A77E-12A5D8B2A934} QuickTime-->MsiExec.exe /I{216AB108-2AE1-4130-B3D5-20B2C4C80F8F} Realtek High Definition Audio Driver-->RtlUpd.exe -r -m -nrg2709 Segoe UI-->MsiExec.exe /I{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7} Sicherheitsupdate fьr Windows Internet Explorer 7 (KB938127-v2)-->"C:\WINDOWS\ie7updates\KB938127-v2-IE7\spuninst\spuninst.exe" Sicherheitsupdate fьr Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe" Sicherheitsupdate fьr Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe" Sicherheitsupdate fьr Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe" Sicherheitsupdate fьr Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe" Sicherheitsupdate fьr Windows Internet Explorer 7 (KB961260)-->"C:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe" Sicherheitsupdate fьr Windows Internet Explorer 7 (KB976325)-->"C:\WINDOWS\ie7updates\KB976325-IE7\spuninst\spuninst.exe" Sicherheitsupdate fьr Windows Internet Explorer 7 (KB978207)-->"C:\WINDOWS\ie7updates\KB978207-IE7\spuninst\spuninst.exe" Sicherheitsupdate fьr Windows Internet Explorer 8 (KB971961)-->"C:\WINDOWS\ie8updates\KB971961-IE8\spuninst\spuninst.exe" Sicherheitsupdate fьr Windows Internet Explorer 8 (KB976325)-->"C:\WINDOWS\ie8updates\KB976325-IE8\spuninst\spuninst.exe" Sicherheitsupdate fьr Windows Internet Explorer 8 (KB978207)-->"C:\WINDOWS\ie8updates\KB978207-IE8\spuninst\spuninst.exe" Sicherheitsupdate fьr Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe" Sicherheitsupdate fьr Windows Media Player (KB954155)-->"C:\WINDOWS\$NtUninstallKB954155_WM9$\spuninst\spuninst.exe" Sicherheitsupdate fьr Windows Media Player (KB968816)-->"C:\WINDOWS\$NtUninstallKB968816_WM9$\spuninst\spuninst.exe" Sicherheitsupdate fьr Windows Media Player (KB973540)-->"C:\WINDOWS\$NtUninstallKB973540_WM9$\spuninst\spuninst.exe" Sicherheitsupdate fьr Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe" Sicherheitsupdate fьr Windows XP (KB923789)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf Sicherheitsupdate fьr Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe" Sicherheitsupdate fьr Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe" Sicherheitsupdate fьr Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe" Sicherheitsupdate fьr Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe" Sicherheitsupdate fьr Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe" Sicherheitsupdate fьr Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe" Sicherheitsupdate fьr Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe" Sicherheitsupdate fьr Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe" Sicherheitsupdate fьr Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe" Sicherheitsupdate fьr Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe" Sicherheitsupdate fьr Windows XP (KB953838)-->"C:\WINDOWS\$NtUninstallKB953838$\spuninst\spuninst.exe" Sicherheitsupdate fьr Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe" Sicherheitsupdate fьr Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe" Sicherheitsupdate fьr Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe" Sicherheitsupdate fьr Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe" Sicherheitsupdate fьr Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe" Sicherheitsupdate fьr Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe" Sicherheitsupdate fьr Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe" Sicherheitsupdate fьr Windows XP (KB956744)-->"C:\WINDOWS\$NtUninstallKB956744$\spuninst\spuninst.exe" Sicherheitsupdate fьr Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe" Sicherheitsupdate fьr Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe" Sicherheitsupdate fьr Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe" Sicherheitsupdate fьr Windows XP (KB956844)-->"C:\WINDOWS\$NtUninstallKB956844$\spuninst\spuninst.exe" Sicherheitsupdate fьr Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe" Sicherheitsupdate fьr Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe" Sicherheitsupdate fьr Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe" Sicherheitsupdate fьr Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe" Sicherheitsupdate fьr Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe" Sicherheitsupdate fьr Windows XP (KB958869)-->"C:\WINDOWS\$NtUninstallKB958869$\spuninst\spuninst.exe" Sicherheitsupdate fьr Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe" Sicherheitsupdate fьr Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe" Sicherheitsupdate fьr Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe" Sicherheitsupdate fьr Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe" Sicherheitsupdate fьr Windows XP (KB960859)-->"C:\WINDOWS\$NtUninstallKB960859$\spuninst\spuninst.exe" Sicherheitsupdate fьr Windows XP (KB961371)-->"C:\WINDOWS\$NtUninstallKB961371$\spuninst\spuninst.exe" Sicherheitsupdate fьr Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe" Sicherheitsupdate fьr Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe" Sicherheitsupdate fьr Windows XP (KB968537)-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe" Sicherheitsupdate fьr Windows XP (KB969059)-->"C:\WINDOWS\$NtUninstallKB969059$\spuninst\spuninst.exe" Sicherheitsupdate fьr Windows XP (KB969898)-->"C:\WINDOWS\$NtUninstallKB969898$\spuninst\spuninst.exe" Sicherheitsupdate fьr Windows XP (KB969947)-->"C:\WINDOWS\$NtUninstallKB969947$\spuninst\spuninst.exe" Sicherheitsupdate fьr Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe" Sicherheitsupdate fьr Windows XP (KB970430)-->"C:\WINDOWS\$NtUninstallKB970430$\spuninst\spuninst.exe" Sicherheitsupdate fьr Windows XP (KB971468)-->"C:\WINDOWS\$NtUninstallKB971468$\spuninst\spuninst.exe" Sicherheitsupdate fьr Windows XP (KB971486)-->"C:\WINDOWS\$NtUninstallKB971486$\spuninst\spuninst.exe" Sicherheitsupdate fьr Windows XP (KB971557)-->"C:\WINDOWS\$NtUninstallKB971557$\spuninst\spuninst.exe" Sicherheitsupdate fьr Windows XP (KB971633)-->"C:\WINDOWS\$NtUninstallKB971633$\spuninst\spuninst.exe" Sicherheitsupdate fьr Windows XP (KB971657)-->"C:\WINDOWS\$NtUninstallKB971657$\spuninst\spuninst.exe" Sicherheitsupdate fьr Windows XP (KB972270)-->"C:\WINDOWS\$NtUninstallKB972270$\spuninst\spuninst.exe" Sicherheitsupdate fьr Windows XP (KB973346)-->"C:\WINDOWS\$NtUninstallKB973346$\spuninst\spuninst.exe" Sicherheitsupdate fьr Windows XP (KB973354)-->"C:\WINDOWS\$NtUninstallKB973354$\spuninst\spuninst.exe" Sicherheitsupdate fьr Windows XP (KB973507)-->"C:\WINDOWS\$NtUninstallKB973507$\spuninst\spuninst.exe" Sicherheitsupdate fьr Windows XP (KB973869)-->"C:\WINDOWS\$NtUninstallKB973869$\spuninst\spuninst.exe" Sicherheitsupdate fьr Windows XP (KB973904)-->"C:\WINDOWS\$NtUninstallKB973904$\spuninst\spuninst.exe" Sicherheitsupdate fьr Windows XP (KB974112)-->"C:\WINDOWS\$NtUninstallKB974112$\spuninst\spuninst.exe" Sicherheitsupdate fьr Windows XP (KB974318)-->"C:\WINDOWS\$NtUninstallKB974318$\spuninst\spuninst.exe" Sicherheitsupdate fьr Windows XP (KB974392)-->"C:\WINDOWS\$NtUninstallKB974392$\spuninst\spuninst.exe" Sicherheitsupdate fьr Windows XP (KB974571)-->"C:\WINDOWS\$NtUninstallKB974571$\spuninst\spuninst.exe" Sicherheitsupdate fьr Windows XP (KB975025)-->"C:\WINDOWS\$NtUninstallKB975025$\spuninst\spuninst.exe" Sicherheitsupdate fьr Windows XP (KB975467)-->"C:\WINDOWS\$NtUninstallKB975467$\spuninst\spuninst.exe" Sicherheitsupdate fьr Windows XP (KB975560)-->"C:\WINDOWS\$NtUninstallKB975560$\spuninst\spuninst.exe" Sicherheitsupdate fьr Windows XP (KB975561)-->"C:\WINDOWS\$NtUninstallKB975561$\spuninst\spuninst.exe" Sicherheitsupdate fьr Windows XP (KB975713)-->"C:\WINDOWS\$NtUninstallKB975713$\spuninst\spuninst.exe" Sicherheitsupdate fьr Windows XP (KB977165)-->"C:\WINDOWS\$NtUninstallKB977165$\spuninst\spuninst.exe" Sicherheitsupdate fьr Windows XP (KB977914)-->"C:\WINDOWS\$NtUninstallKB977914$\spuninst\spuninst.exe" Sicherheitsupdate fьr Windows XP (KB978037)-->"C:\WINDOWS\$NtUninstallKB978037$\spuninst\spuninst.exe" Sicherheitsupdate fьr Windows XP (KB978251)-->"C:\WINDOWS\$NtUninstallKB978251$\spuninst\spuninst.exe" Sicherheitsupdate fьr Windows XP (KB978262)-->"C:\WINDOWS\$NtUninstallKB978262$\spuninst\spuninst.exe" Skype 3.0-->"C:\Programme\Skype\Phone\unins000.exe" Skype Plugin Manager-->MsiExec.exe /I{3D5E5C0A-5B36-4F98-99A7-287F7DBDCE03} Skype™ 4.0-->MsiExec.exe /X{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D} Smart Menus (Windows Live Toolbar)-->MsiExec.exe /X{13AD0F5B-FF8C-4625-851D-A83D4BE74716} System Requirements Lab-->C:\Programme\SystemRequirementsLab\Uninstall.exe System Requirements Lab-->MsiExec.exe /I{1E99F5D7-4262-4C7C-9135-F066E7485811} Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT="" Update fьr Windows Internet Explorer 8 (KB976662)-->"C:\WINDOWS\ie8updates\KB976662-IE8\spuninst\spuninst.exe" Update fьr Windows Internet Explorer 8 (KB978506)-->"C:\WINDOWS\ie8updates\KB978506-IE8\spuninst\spuninst.exe" Update fьr Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe" Update fьr Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe" Update fьr Windows XP (KB955759)-->"C:\WINDOWS\$NtUninstallKB955759$\spuninst\spuninst.exe" Update fьr Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe" Update fьr Windows XP (KB961503)-->"C:\WINDOWS\$NtUninstallKB961503$\spuninst\spuninst.exe" Update fьr Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe" Update fьr Windows XP (KB968389)-->"C:\WINDOWS\$NtUninstallKB968389$\spuninst\spuninst.exe" Update fьr Windows XP (KB971737)-->"C:\WINDOWS\$NtUninstallKB971737$\spuninst\spuninst.exe" Update fьr Windows XP (KB973687)-->"C:\WINDOWS\$NtUninstallKB973687$\spuninst\spuninst.exe" Update fьr Windows XP (KB973815)-->"C:\WINDOWS\$NtUninstallKB973815$\spuninst\spuninst.exe" Windows Internet Explorer 8-->"C:\WINDOWS\ie8\spuninst\spuninst.exe" Windows Live Call-->MsiExec.exe /I{5FC68772-6D56-41C6-9DF1-24E868198AE6} Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52} Windows Live Essentials-->C:\Programme\Windows Live\Installer\wlarp.exe Windows Live Essentials-->MsiExec.exe /I{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F} Windows Live Favorites fur Windows Live Toolbar-->MsiExec.exe /X{DCE65B11-710D-4C54-9DE5-1A6A0BD2186B} Windows Live OneCare safety scanner-->RunDll32.exe "C:\Programme\Windows Live Safety Center\wlscCore.dll",UninstallFunction WLSC_SCANNER_PRODUCT Windows Live Outlook-Toolbar (Windows Live Toolbar)-->MsiExec.exe /X{22B099A6-55E1-4605-8401-05564320101C} Windows Live Toolbar-->"C:\Programme\Windows Live Toolbar\UnInstall.exe" {E6E2912A-F584-4694-A04B-0C944588772C} Windows Live Toolbar-->MsiExec.exe /X{E6E2912A-F584-4694-A04B-0C944588772C} Windows Live Toolbar-Erweiterung (Windows Live Toolbar)-->MsiExec.exe /X{6266BA75-45FA-4B1A-B21F-E04A90C273E5} Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe" WinRAR-->C:\Programme\WinRAR\uninstall.exe ======Security center information====== AV: AntiVir Desktop ======System event log====== Computer Name: IVAN-5DD2731761 Event Code: 4226 Message: TCP/IP hat das Sicherheitslimit erreicht, das fur die Anzahl gleichzeitiger TCP-Verbindungsversuche festgelegt wurde. Record Number: 57560 Source Name: Tcpip Time Written: 20100228162440.000000+060 Event Type: warning User: Computer Name: IVAN-5DD2731761 Event Code: 4226 Message: TCP/IP hat das Sicherheitslimit erreicht, das fur die Anzahl gleichzeitiger TCP-Verbindungsversuche festgelegt wurde. Record Number: 57119 Source Name: Tcpip Time Written: 20100226201651.000000+060 Event Type: warning User: Computer Name: IVAN-5DD2731761 Event Code: 4226 Message: TCP/IP hat das Sicherheitslimit erreicht, das fur die Anzahl gleichzeitiger TCP-Verbindungsversuche festgelegt wurde. Record Number: 56700 Source Name: Tcpip Time Written: 20100225185637.000000+060 Event Type: warning User: Computer Name: IVAN-5DD2731761 Event Code: 18 Message: TIMEOUT<svchost.exe> C:\...e Toolbar\MSNTBUP.EXE Record Number: 56699 Source Name: avgntflt Time Written: 20100225183325.000000+060 Event Type: warning User: Computer Name: IVAN-5DD2731761 Event Code: 4226 Message: TCP/IP hat das Sicherheitslimit erreicht, das fur die Anzahl gleichzeitiger TCP-Verbindungsversuche festgelegt wurde. Record Number: 56466 Source Name: Tcpip Time Written: 20100222210404.000000+060 Event Type: warning User: =====Application event log===== Computer Name: IVAN-5DD2731761 Event Code: 1000 Message: Fehlgeschlagene Anwendung crossfire.exe, Version 1.0.45.0, fehlgeschlagenes Modul crossfirepublic.dll, Version 0.0.0.0, Fehleradresse 0x00005114. Record Number: 16704 Source Name: Application Error Time Written: 20091223155514.000000+060 Event Type: error User: Computer Name: IVAN-5DD2731761 Event Code: 1000 Message: Fehlgeschlagene Anwendung crossfire.exe, Version 1.0.45.0, fehlgeschlagenes Modul crossfirepublic.dll, Version 0.0.0.0, Fehleradresse 0x00005114. Record Number: 16703 Source Name: Application Error Time Written: 20091223155449.000000+060 Event Type: error User: Computer Name: IVAN-5DD2731761 Event Code: 1000 Message: Fehlgeschlagene Anwendung crossfire.exe, Version 1.0.45.0, fehlgeschlagenes Modul crossfirepublic.dll, Version 0.0.0.0, Fehleradresse 0x00005114. Record Number: 16702 Source Name: Application Error Time Written: 20091223155323.000000+060 Event Type: error User: Computer Name: IVAN-5DD2731761 Event Code: 1000 Message: Fehlgeschlagene Anwendung crossfire.exe, Version 1.0.45.0, fehlgeschlagenes Modul crossfirepublic.dll, Version 0.0.0.0, Fehleradresse 0x00005114. Record Number: 16701 Source Name: Application Error Time Written: 20091223145531.000000+060 Event Type: error User: Computer Name: IVAN-5DD2731761 Event Code: 1000 Message: Fehlgeschlagene Anwendung crossfire.exe, Version 1.0.45.0, fehlgeschlagenes Modul crossfirepublic.dll, Version 0.0.0.0, Fehleradresse 0x00005114. Record Number: 16700 Source Name: Application Error Time Written: 20091223145437.000000+060 Event Type: error User: ======Environment variables====== "ComSpec"=%SystemRoot%\system32\cmd.exe "Path"=C:\Programme\NVIDIA Corporation\PhysX\Common;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\system32\wbem;C:\Programme\QuickTime\QTSystem "windir"=%SystemRoot% "FP_NO_HOST_CHECK"=NO "OS"=Windows_NT "PROCESSOR_ARCHITECTURE"=x86 "PROCESSOR_LEVEL"=15 "PROCESSOR_IDENTIFIER"=x86 Family 15 Model 107 Stepping 2, AuthenticAMD "PROCESSOR_REVISION"=6b02 "NUMBER_OF_PROCESSORS"=2 "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH "TEMP"=%SystemRoot%\TEMP "TMP"=%SystemRoot%\TEMP "CLASSPATH"=.;C:\Programme\Java\jre1.6.0_07\lib\ext\QTJava.zip "QTJAVA"=C:\Programme\Java\jre1.6.0_07\lib\ext\QTJava.zip -----------------EOF----------------- |
|
12.03.2010, 19:29
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | TR/Drooper.gen Problem Gelöscht? Das findest Du im Programm selbst in der Rubrik (oben der Tab) Scan-Berichte. Ich brauch das Log schon.
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
12.03.2010, 19:37
| #5 |
| | TR/Drooper.gen Problem Tut mir leid aber ich finde nur einige alte Berichte.Vielleicht hat es was damit zu tun,da ich nach dem Scan den pc gleich neugestartet habe.Ich kann dir den Bericht einfügen,den ich grad mache. |
|
12.03.2010, 19:53
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | TR/Drooper.gen Problem Nein, eigentlich nicht. Malwarebytes legt da alle Berichte ab.
__________________ --> TR/Drooper.gen Problem |
|
12.03.2010, 20:20
| #7 |
| | TR/Drooper.gen Problem Ach ich habe es nur übersehen,hier bitte: Malwarebytes' Anti-Malware 1.44 Datenbank Version: 3795 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 10.03.2010 06:30:34 mbam-log-2010-03-10 (06-30-34).txt Scan-Methode: Vollstдndiger Scan (C:\|) Durchsuchte Objekte: 210476 Laufzeit: 1 hour(s), 59 minute(s), 22 second(s) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlьssel: 9 Infizierte Registrierungswerte: 1 Infizierte Dateiobjekte der Registrierung: 4 Infizierte Verzeichnisse: 1 Infizierte Dateien: 4 Infizierte Speicherprozesse: (Keine bцsartigen Objekte gefunden) Infizierte Speichermodule: (Keine bцsartigen Objekte gefunden) Infizierte Registrierungsschlьssel: HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> Quarantined and deleted successfully. HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> Quarantined and deleted successfully. HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{494e6cec-7483-a4ee-0938-895519a84bc7} (Backdoor.Bot) -> Quarantined and deleted successfully. HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> Quarantined and deleted successfully. HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> Quarantined and deleted successfully. HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{494e6cec-7483-a4ee-0938-895519a84bc7} (Backdoor.Bot) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\idid (Trojan.Sasfix) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\TOY5KNQ8OC (Trojan.FakeAlert) -> Quarantined and deleted successfully. Infizierte Registrierungswerte: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Network\uid (Malware.Trace) -> Quarantined and deleted successfully. Infizierte Dateiobjekte der Registrierung: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Spyware.Zbot) -> Data: c:\windows\system32\sdra64.exe -> Delete on reboot. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Spyware.Zbot) -> Data: system32\sdra64.exe -> Delete on reboot. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Hijack.Shell) -> Bad: (Explorer.exe rundll32.exe hdpy.eio hvkwfto) Good: (Explorer.exe) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Hijack.Userinit) -> Bad: (C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\sdra64.exe,) Good: (Userinit.exe) -> Quarantined and deleted successfully. Infizierte Verzeichnisse: C:\WINDOWS\system32\lowsec (Stolen.data) -> Delete on reboot. Infizierte Dateien: C:\pb\PerX.exe (Backdoor.Bot) -> Quarantined and deleted successfully. C:\WINDOWS\system32\lowsec\local.ds (Stolen.data) -> Delete on reboot. C:\WINDOWS\system32\lowsec\user.ds (Stolen.data) -> Delete on reboot. C:\WINDOWS\system32\sdra64.exe (Spyware.Zbot) -> Delete on reboot. |
|
12.03.2010, 20:25
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | TR/Drooper.gen Problem Igitt, da waren ein paar eklige Sachen dabei. Wie ich sehe hast Du auch schon Combofix mal ausgeführt, davon bitte das Log posten. Müsste eigentlich c:\combofix.txt sein.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
12.03.2010, 21:06
| #9 |
| | TR/Drooper.gen Problem Sorry,dass es so lange dauerte aber ich musste es noch installieren,naja hier ist es:ComboFix 10-03-11.06 - Ivan 10.03.2010 20:27:00.1.2 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1251.7.1031.18.2047.1642 [GMT 1:00] Running from: c:\dokumente und einstellungen\Ivan\Desktop\ComboFix.exe AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7} . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\d.bat c:\dokumente und einstellungen\Ivan\Anwendungsdaten\Desktopicon c:\dokumente und einstellungen\Ivan\Anwendungsdaten\Desktopicon\config.ini c:\dokumente und einstellungen\Ivan\Favoriten\Games.url c:\dokumente und einstellungen\Ivan\Lokale Einstellungen\Anwendungsdaten\buqkx.dat c:\dokumente und einstellungen\Ivan\Lokale Einstellungen\Anwendungsdaten\buqkx_nav.dat c:\dokumente und einstellungen\Ivan\Lokale Einstellungen\Anwendungsdaten\buqkx_navps.dat C:\LOG2.tmp C:\LOG21.tmp C:\LOG3.tmp C:\LOG3B.tmp C:\LOGB.tmp C:\LOGB9.tmp c:\windows\system32\hdpy.eio Infected copy of c:\windows\system32\DRIVERS\atapi.sys was found and disinfected Restored copy from - Kitty ate it  . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_OREANS32 -------\Legacy_SSHNAS -------\Service_oreans32 ((((((((((((((((((((((((( Files Created from 2010-02-10 to 2010-03-10 ))))))))))))))))))))))))))))))) . 2010-03-10 05:43 . 2010-03-10 05:43 -------- d-----w- C:\rsit 2010-03-10 02:25 . 2010-03-10 02:25 -------- d-----w- c:\programme\Trend Micro 2010-03-10 00:44 . 2009-02-09 10:51 247808 ----a-r- c:\windows\system32\Tem1.exe 2010-03-09 07:04 . 2009-10-23 15:28 3558912 -c----w- c:\windows\system32\dllcache\moviemk.exe 2010-03-09 07:02 . 2010-03-09 07:02 -------- d-----w- c:\programme\Paint.NET 2010-03-09 07:02 . 2010-03-10 19:09 -------- d-----w- c:\dokumente und einstellungen\Ivan\Lokale Einstellungen\Anwendungsdaten\Paint.NET 2010-03-09 06:56 . 2010-03-09 06:59 -------- d-----w- C:\Fraps 2010-03-04 09:26 . 2010-03-04 09:26 86016 ----a-w- c:\windows\system32\frapsvid.dll 2010-03-01 17:32 . 2010-03-10 05:30 -------- d-----w- C:\pb 2010-02-26 18:17 . 2010-02-26 18:19 -------- d-----w- c:\programme\Windows Live Safety Center 2010-02-25 19:08 . 2010-02-25 19:08 -------- d-----w- c:\dokumente und einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\NVIDIA Corporation 2010-02-25 15:22 . 2010-02-25 15:22 -------- d-----w- c:\programme\CCleaner 2010-02-16 20:41 . 2010-01-21 16:22 52224 ----a-w- c:\dokumente und einstellungen\Ivan\Anwendungsdaten\Mozilla\Firefox\Profiles\vtr963i8.default\extensions\{f1ae9383-9442-4e9c-ab8c-d441fd0021cf}\components\FFExternalAlert.dll 2010-02-16 20:41 . 2010-01-21 16:22 101376 ----a-w- c:\dokumente und einstellungen\Ivan\Anwendungsdaten\Mozilla\Firefox\Profiles\vtr963i8.default\extensions\{f1ae9383-9442-4e9c-ab8c-d441fd0021cf}\components\RadioWMPCore.dll 2010-02-16 13:26 . 2009-11-21 15:54 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll 2010-02-16 13:25 . 2010-02-16 13:25 -------- dc-h--w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\{BA53D93D-6DA8-41AA-AD03-9D07C35074A6} 2010-02-16 13:25 . 2010-01-26 10:33 2812439 -c--a-w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\{BA53D93D-6DA8-41AA-AD03-9D07C35074A6}\Firefox-3.6-WEB.DE-Edition.exe 2010-02-16 13:17 . 2010-02-16 13:17 -------- dc-h--w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\{ACD22DA6-75BE-4B73-8FEE-D4717AEBEFA5} 2010-02-16 13:17 . 2009-11-26 09:45 2775333 -c--a-w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\{ACD22DA6-75BE-4B73-8FEE-D4717AEBEFA5}\InternetExplorer-WEB.DE-addon.exe 2010-02-16 13:17 . 2010-02-16 13:17 1204096 ----a-w- c:\windows\system32\ieconfig_1und1.dll 2010-02-16 13:16 . 2010-02-16 13:17 -------- dc-h--w- c:\windows\ie8 2010-02-16 13:16 . 2010-02-16 13:17 -------- d-----w- c:\windows\system32\de-DE 2010-02-16 12:11 . 2010-02-16 12:11 -------- d-----w- c:\dokumente und einstellungen\Ivan\Anwendungsdaten\Malwarebytes 2010-02-16 12:11 . 2010-01-07 15:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-02-16 12:11 . 2010-02-16 12:11 -------- d-----w- c:\programme\Malwarebytes' Anti-Malware 2010-02-16 12:11 . 2010-02-16 12:11 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Malwarebytes 2010-02-16 12:11 . 2010-01-07 15:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-02-15 15:50 . 2010-02-27 00:35 664 ----a-w- c:\windows\system32\d3d9caps.dat 2010-02-14 21:01 . 2010-02-12 19:34 41680 ----a-w- c:\windows\system32\drivers\VBoxUSBMon.sys 2010-02-13 17:31 . 2010-02-13 18:04 -------- d-----w- c:\programme\Opera 2010-02-13 11:00 . 2010-02-13 11:00 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-03-10 19:35 . 2009-03-20 20:26 -------- d-----w- c:\dokumente und einstellungen\Ivan\Anwendungsdaten\Skype 2010-03-10 19:30 . 2004-08-04 12:00 84322 ----a-w- c:\windows\system32\perfc007.dat 2010-03-10 19:30 . 2004-08-04 12:00 458782 ----a-w- c:\windows\system32\perfh007.dat 2010-03-09 06:33 . 2009-10-19 17:12 -------- d-----w- c:\programme\Z8Games 2010-03-02 23:31 . 2009-11-17 20:03 -------- d-----w- c:\dokumente und einstellungen\Ivan\Anwendungsdaten\AdobeUM 2010-02-25 19:17 . 2009-10-18 17:14 -------- d-----w- c:\programme\NVIDIA Corporation 2010-02-25 19:17 . 2008-10-13 16:41 -------- d--h--w- c:\programme\InstallShield Installation Information 2010-02-25 19:14 . 2009-10-10 20:54 -------- d-----w- c:\programme\IObit 2010-02-25 19:01 . 2009-12-24 11:40 -------- d-----w- c:\programme\Gemeinsame Dateien\Wise Installation Wizard 2010-02-25 19:01 . 2009-12-24 11:41 -------- d-----w- c:\programme\AGEIA Technologies 2010-02-25 18:41 . 2009-12-15 07:20 -------- d-----w- c:\programme\Dr. Hardware 2010 2010-02-16 13:10 . 2008-10-02 16:25 19656 ----a-w- c:\dokumente und einstellungen\Ivan\Lokale Einstellungen\Anwendungsdaten\GDIPFONTCACHEV1.DAT 2010-02-14 21:03 . 2008-11-04 13:00 -------- d-----w- c:\programme\Sun 2010-02-13 18:03 . 2009-01-20 19:20 -------- d-----w- c:\programme\Google 2010-02-13 16:39 . 2009-05-15 21:43 -------- d-----w- c:\programme\Avira 2010-02-13 16:39 . 2009-02-14 20:41 -------- d-----w- c:\programme\Bonjour 2010-02-13 12:44 . 2010-01-31 14:11 -------- d-----w- c:\dokumente und einstellungen\Ivan\Anwendungsdaten\Arario 2010-01-31 14:08 . 2010-01-31 14:08 -------- d-----w- c:\programme\Arario 2010-01-30 10:28 . 2008-11-12 14:09 -------- d-----w- c:\programme\EA GAMES 2010-01-18 15:23 . 2010-01-17 13:47 1804553488 ----a-w- c:\dokumente und einstellungen\Ivan\Anwendungsdaten\ijjigame\U_AVA_Setup.exe 2010-01-17 15:14 . 2009-12-05 22:45 -------- d--h--w- c:\dokumente und einstellungen\Ivan\Anwendungsdaten\ijjigame 2010-01-12 04:03 . 2009-12-10 19:57 61440 ----a-w- c:\windows\system32\OpenCL.dll 2010-01-12 04:03 . 2009-12-10 19:57 4077672 ----a-w- c:\windows\system32\nvcuvenc.dll 2010-01-12 04:03 . 2009-12-10 19:57 11632640 ----a-w- c:\windows\system32\nvcompiler.dll 2010-01-12 04:03 . 2009-08-16 22:57 2283526 ----a-w- c:\windows\system32\nvdata.bin 2010-01-12 04:03 . 2009-03-27 02:03 4104192 ----a-w- c:\windows\system32\nvcuda.dll 2010-01-12 04:03 . 2009-03-27 02:03 2259560 ----a-w- c:\windows\system32\nvcuvid.dll 2010-01-12 04:03 . 2009-03-27 02:03 182888 ----a-w- c:\windows\system32\nvcodins.dll 2010-01-12 04:03 . 2009-03-27 02:03 14458880 ----a-w- c:\windows\system32\nvoglnt.dll 2010-01-12 04:03 . 2009-03-27 02:03 1081344 ----a-w- c:\windows\system32\nvapi.dll 2010-01-12 04:03 . 2007-04-20 13:32 6359168 ----a-w- c:\windows\system32\nv4_disp.dll 2010-01-12 04:03 . 2007-04-20 13:32 10276768 ----a-w- c:\windows\system32\drivers\nv4_mini.sys 2010-01-03 22:12 . 2009-05-21 08:44 98304 ----a-w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\NexonEU\NGM\nxgameeu.dll 2010-01-03 22:12 . 2009-05-21 08:44 81920 ----a-w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\NexonEU\NGM\npNxGameeu.dll 2010-01-03 22:12 . 2009-05-21 08:44 532480 ----a-w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\NexonEU\NGM\NGMDll.dll 2010-01-03 22:12 . 2009-05-21 08:44 331776 ----a-w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\NexonEU\NGM\NGMResource.dll 2010-01-03 22:12 . 2009-05-21 08:44 258352 ----a-w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\NexonEU\NGM\unicows.dll 2010-01-03 22:12 . 2009-05-21 08:44 155648 ----a-w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\NexonEU\NGM\NGM.exe 2010-01-03 21:44 . 2009-10-17 16:39 421888 ----a-w- c:\windows\NEXON_EU_DownloaderUpdater.exe 2009-12-31 16:50 . 2004-08-04 12:00 353792 ----a-w- c:\windows\system32\drivers\srv.sys 2009-12-21 19:05 . 2004-09-29 18:47 916480 ----a-w- c:\windows\system32\wininet.dll 2009-12-15 16:21 . 2009-12-15 16:21 427008 ----a-w- c:\windows\system32\uc_wepic_launching.dll 2009-12-14 07:08 . 2004-08-04 12:00 33280 ----a-w- c:\windows\system32\csrsrv.dll 2009-12-12 17:11 . 2008-11-08 09:45 11312 ---ha-w- c:\windows\system32\mlfcache.dat 2004-07-22 09:51 . 2004-07-22 09:51 3432656 ----a-w- c:\programme\ManagedDX.CAB 2004-07-19 21:58 . 2004-07-19 21:58 1156363 ----a-w- c:\programme\BDANT.cab 2004-07-19 21:53 . 2004-07-19 21:53 976020 ----a-w- c:\programme\BDAXP.cab 2004-07-09 13:17 . 2004-07-09 13:17 13265040 ----a-w- c:\programme\dxnt.cab 2004-07-09 08:13 . 2004-07-09 08:13 15493481 ----a-w- c:\programme\DirectX.cab 2004-07-09 08:13 . 2004-07-09 08:13 703080 ----a-w- c:\programme\BDA.cab 2004-07-09 03:08 . 2004-07-09 03:08 472576 ----a-w- c:\programme\dxsetup.exe 2004-07-09 03:08 . 2004-07-09 03:08 2242560 ----a-w- c:\programme\dsetup32.dll 2004-07-09 02:03 . 2004-07-09 02:03 62976 ----a-w- c:\programme\DSETUP.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Skype"="c:\programme\Skype\Phone\Skype.exe" [2007-02-09 25388584] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RTHDCPL"="RTHDCPL.EXE" [2008-04-10 16861184] "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648] "Sunkist2k"="c:\programme\Multimedia Card Reader\shwicon2k.exe" [2005-02-25 131072] "QuickTime Task"="c:\programme\QuickTime\qttask.exe" [2009-01-05 413696] "iTunesHelper"="c:\programme\iTunes\iTunesHelper.exe" [2009-01-06 290088] "avgnt"="c:\programme\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153] "MAgent"="c:\programme\Mail.Ru\Agent\MAgent.exe" [2009-11-02 7975608] "SunJavaUpdateSched"="c:\programme\Java\jre6\bin\jusched.exe" [2009-10-11 149280] "BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-01-11 13666408] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-01-11 110696] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager\appcertdlls] odbcrate REG_SZ c:\windows\system32\clipnet.dll [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\WINDOWS\\system32\\usmt\\migwiz.exe"= "c:\\Programme\\Mail.Ru\\Agent\\magent.exe"= "c:\\Programme\\Bonjour\\mDNSResponder.exe"= "c:\\Programme\\iTunes\\iTunes.exe"= "c:\\Dokumente und Einstellungen\\All Users\\Anwendungsdaten\\NexonEU\\NGM\\NGM.exe"= "c:\\Programme\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Dokumente und Einstellungen\\All Users\\Anwendungsdaten\\NexonUS\\NGM\\NGM.exe"= "c:\\Programme\\Avira\\AntiVir Desktop\\avcenter.exe"= "c:\\Nexon\\NEXON_EU_Downloader\\NEXON_EU_Downloader_Engine.exe"= "c:\\WINDOWS\\Downloaded Program Files\\ijjiOptimizer.exe"= "c:\\Program Files\\Tencent\\QQMiniDownloader\\comm\\QQDL.exe"= "c:\\Programme\\Electronic Arts\\Crytek\\Crysis\\Bin32\\Crysis.exe"= "c:\\Programme\\Electronic Arts\\Crytek\\Crysis\\Bin32\\CrysisDedicatedServer.exe"= "c:\\Dokumente und Einstellungen\\Ivan\\Eigene Dateien\\ICQ\\471731268\\ReceivedFiles\\446299889 xX_KinG-MarLoN_Xx\\TeamViewer.exe"= "c:\\Programme\\Skype\\Phone\\Skype.exe"= R2 AntiVirSchedulerService;Avira AntiVir Planer;c:\programme\Avira\AntiVir Desktop\sched.exe [15.05.2009 22:43 108289] R3 nvoclock;NVIDIA Enthusiasts Platform KDM;c:\windows\system32\drivers\nvoclock.sys [15.09.2009 13:59 38248] S2 gupdate;Google Update Service (gupdate);c:\programme\Google\Update\GoogleUpdate.exe [30.12.2009 19:40 135664] S3 cpuz130;cpuz130;\??\c:\dokume~1\Ivan\LOKALE~1\Temp\cpuz130\cpuz_x32.sys --> c:\dokume~1\Ivan\LOKALE~1\Temp\cpuz130\cpuz_x32.sys [?] S3 FWLANUSB;AVM FRITZ!WLAN;c:\windows\system32\drivers\fwlanusb.sys [05.11.2008 08:03 264704] S3 kill_mm_0105;kill_mm_0105;\??\c:\dokume~1\Ivan\LOKALE~1\Temp\Rar$EX00.234\killmm.dll --> c:\dokume~1\Ivan\LOKALE~1\Temp\Rar$EX00.234\killmm.dll [?] S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?] S3 vtany;vtany;\??\c:\windows\vtany.sys --> c:\windows\vtany.sys [?] S3 XDva310;XDva310;\??\c:\windows\system32\XDva310.sys --> c:\windows\system32\XDva310.sys [?] S3 XDva315;XDva315;\??\c:\windows\system32\XDva315.sys --> c:\windows\system32\XDva315.sys [?] S3 XDva316;XDva316;\??\c:\windows\system32\XDva316.sys --> c:\windows\system32\XDva316.sys [?] S3 XDva317;XDva317;\??\c:\windows\system32\XDva317.sys --> c:\windows\system32\XDva317.sys [?] S3 XDva321;XDva321;\??\c:\windows\system32\XDva321.sys --> c:\windows\system32\XDva321.sys [?] S3 XDva323;XDva323;\??\c:\windows\system32\XDva323.sys --> c:\windows\system32\XDva323.sys [?] S3 XDva326;XDva326;\??\c:\windows\system32\XDva326.sys --> c:\windows\system32\XDva326.sys [?] S3 XDva327;XDva327;\??\c:\windows\system32\XDva327.sys --> c:\windows\system32\XDva327.sys [?] S3 XDva332;XDva332;\??\c:\windows\system32\XDva332.sys --> c:\windows\system32\XDva332.sys [?] S3 XDva336;XDva336;\??\c:\windows\system32\XDva336.sys --> c:\windows\system32\XDva336.sys [?] S3 XDva337;XDva337;\??\c:\windows\system32\XDva337.sys --> c:\windows\system32\XDva337.sys [?] S3 xhunter1;xhunter1;\??\c:\windows\xhunter1.sys --> c:\windows\xhunter1.sys [?] . Contents of the 'Scheduled Tasks' folder 2009-12-31 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\programme\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34] 2010-03-10 c:\windows\Tasks\Auf Updates f?r Windows Live Toolbar pr?fen.job - c:\programme\Windows Live Toolbar\MSNTBUP.EXE [2006-10-10 22:25] 2010-03-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\programme\Google\Update\GoogleUpdate.exe [2009-12-30 18:40] 2010-03-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\programme\Google\Update\GoogleUpdate.exe [2009-12-30 18:40] 2010-03-10 c:\windows\Tasks\User_Feed_Synchronization-{8E4B2039-D995-42E6-9246-548FA0F77CE9}.job - c:\windows\system32\msfeedssync.exe [2007-08-13 03:31] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.web.de uInternet Connection Wizard,ShellNext = iexplore uInternet Settings,ProxyOverride = <local> uSearchURL,(Default) = hxxp://go.web.de/suchbox/webdesuche?su=%s IE: &Windows Live Search - c:\programme\Windows Live Toolbar\msntb.dll/search.htm IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx IE: In neuer Registerkarte im Hintergrund offnen - c:\programme\Windows Live Toolbar\Components\de-de\msntabres.dll.mui/229?c5f482c237df480d8e6ca7a1f5258413 IE: In neuer Registerkarte im Vordergrund offnen - c:\programme\Windows Live Toolbar\Components\de-de\msntabres.dll.mui/230?c5f482c237df480d8e6ca7a1f5258413 IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000 IE: Iaeoe a eioa?iaoa - c:\programme\Mail.Ru\Sputnik\MailRuSputnik.dll/282 IE: Iaeoe a neiaa?yo - c:\programme\Mail.Ru\Sputnik\MailRuSputnik.dll/283 IE: Iiene@Mail.Ru - c:\programme\Mail.Ru\Sputnik\MailRuSputnik.dll/282 IE: Neiaa?e@Mail.Ru - c:\programme\Mail.Ru\Sputnik\MailRuSputnik.dll/283 IE: {{7558B7E5-7B26-4201-BEDB-00D5FF534523} - c:\programme\Mail.Ru\Agent\magent.exe DPF: {34DC6011-88B5-4EA9-BA7A-DC7B4F4437FE} - hxxp://www.lidl-fotos.de/ips-opdata/layout/lidl02/objects/jordan-canvasx.cab FF - ProfilePath - c:\dokumente und einstellungen\Ivan\Anwendungsdaten\Mozilla\Firefox\Profiles\vtr963i8.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2040433&SearchSource=3&q= FF - prefs.js: browser.search.selectedEngine - ICQ Search FF - prefs.js: browser.startup.homepage - www.web.de FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q= FF - component: c:\dokumente und einstellungen\Ivan\Anwendungsdaten\Mozilla\Firefox\Profiles\vtr963i8.default\extensions\{f1ae9383-9442-4e9c-ab8c-d441fd0021cf}\components\FFExternalAlert.dll FF - component: c:\dokumente und einstellungen\Ivan\Anwendungsdaten\Mozilla\Firefox\Profiles\vtr963i8.default\extensions\{f1ae9383-9442-4e9c-ab8c-d441fd0021cf}\components\RadioWMPCore.dll FF - plugin: c:\dokumente und einstellungen\All Users\Anwendungsdaten\NexonEU\NGM\npNxGameeu.dll FF - plugin: c:\dokumente und einstellungen\All Users\Anwendungsdaten\NexonUS\NGM\npNxGameUS.dll FF - plugin: c:\programme\Google\Google Earth\plugin\npgeplugin.dll FF - plugin: c:\programme\Google\Update\1.2.183.17\npGoogleOneClick8.dll FF - plugin: c:\programme\Mozilla Firefox\plugins\NPOP7PlugIn.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ . - - - - ORPHANS REMOVED - - - - WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file) SafeBoot-mcmscsvc SafeBoot-MCODS ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-03-10 20:34 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc] "ImagePath"="c:\windows\system32\GameMon.des -service" . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'explorer.exe'(2300) c:\windows\system32\webcheck.dll . ------------------------ Other Running Processes ------------------------ . c:\windows\system32\nvsvc32.exe c:\programme\Avira\AntiVir Desktop\avguard.exe c:\windows\RTHDCPL.EXE c:\programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\windows\system32\rundll32.exe c:\windows\system32\RUNDLL32.EXE c:\programme\Bonjour\mDNSResponder.exe c:\programme\Java\jre6\bin\jqs.exe c:\programme\NVIDIA Corporation\System Update\UpdateCenterService.exe c:\programme\iPod\bin\iPodService.exe . ************************************************************************** . Completion time: 2010-03-10 20:38:10 - machine was rebooted ComboFix-quarantined-files.txt 2010-03-10 19:38 Pre-Run: 17 Verzeichnis(se), 206.130.991.104 Bytes frei Post-Run: 16 Verzeichnis(se), 206.347.960.320 Bytes frei - - End Of File - - 09586A8BC417551F9C84A2AF8AAF7E2D |
|
| Themen zu TR/Drooper.gen Problem |
| 1.exe, antivir guard, antivirus, avg, avira, bho, bonjour, browser, desktop, excel, firefox, google, gupdate, hijack, hijackthis, hkus\s-1-5-18, internet, internet explorer, kis, logfile, malwarebytes' anti-malware, mozilla, plug-in, problem, programm, rundll, shortcut, software, system, userinit.exe, windows, windows internet, windows xp |
Linear-Darstellung
