Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Possible trojan virus infection, please help me.

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Possible trojan virus infection, please help me.

Unread postby Maelyder » January 6th, 2009, 7:49 am

Hello,

since a couple of days I am getting alot of pop up windows and Avira goes crazy when starting my pc, warning me that there are a few files who are infected.

I tried several tools myself (Avira, Adaware, SuperAntivirus...) but they didn´t help.
I hope you can help me fix it.

Thanks


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:45, on 2009-01-06
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Programme\avmwlanstick\WlanNetService.exe
C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\oodag.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\oodtray.exe
C:\Programme\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBVE.EXE
C:\Programme\MSN Messenger\msnmsgr.exe
C:\Programme\Curse\CurseClient.exe
C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Programme\MSN Messenger\usnsvc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Programme\Winamp\winamp.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programme\Mozilla Firefox\firefox.exe
C:\Programme\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.icq.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {2a7a5971-cd65-4b42-a7a9-7057f2bdb162} - C:\WINDOWS\system32\hudefagi.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [AVMWlanClient] C:\Programme\avmwlanstick\wlangui.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\GEMEIN~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKLM\..\Run: [OODefragTray] C:\WINDOWS\system32\oodtray.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\JM\JMInsIDE.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [tenijusuba] Rundll32.exe "C:\WINDOWS\system32\powigipo.dll",s
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [CPMd38dba23] Rundll32.exe "c:\windows\system32\ligamosa.dll",a
O4 - HKLM\..\Run: [d0be89bf] rundll32.exe "C:\WINDOWS\system32\hapoyivu.dll",b
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [EPSON Stylus DX5000 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBVE.EXE /FU "C:\WINDOWS\TEMP\E_S1BB.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [msnmsgr] "C:\Programme\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [CurseClient] C:\Programme\Curse\CurseClient.exe -silent
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\Run: [tenijusuba] Rundll32.exe "C:\WINDOWS\system32\powigipo.dll",s (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows ... 1016297780
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.macromedia.com/pub/sho ... wflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: c:\windows\system32\femawiko.dll c:\windows\system32\pujosove.dll c:\windows\system32\fegezika.dll c:\windows\system32\silohuru.dll c:\windows\system32\tisenove.dll C:\WINDOWS\system32\letehume.dll c:\windows\system32\nomefitu.dll c:\windows\system32\ligamosa.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Programme\SUPERAntiSpyware\SASWINLO.DLL
O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\ligamosa.dll
O22 - SharedTaskScheduler: STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\ligamosa.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Programme\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - C:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Programme\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: AVM WLAN Connection Service - AVM Berlin - C:\Programme\avmwlanstick\WlanNetService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: SiSoftware Deployment Agent Service (SandraAgentSrv) - SiSoftware - C:\Programme\SiSoftware\SiSoftware Sandra Lite 2009\RpcAgentSrv.exe

--
End of file - 7416 bytes
Maelyder
Active Member
 
Posts: 11
Joined: January 6th, 2009, 7:44 am
Advertisement
Register to Remove

Re: Possible trojan virus infection, please help me.

Unread postby jmw3 » January 12th, 2009, 10:20 am

Welcome Maelyder

Apologies for the late reply. As you can appreciate the boards are quite busy. If you still require help with your computer problem could you do the following:

Random's System Information Tool (RSIT)
  • Download Random's System Information Tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run the tool
  • Click Continue at the disclaimer screen
  • Once it has finished, two logs will open, log.txt (<<will be maximized) and info.txt (<<will be minimized)
  • Copy & paste the contents of both logs in your next reply
User avatar
jmw3
MRU Emeritus
MRU Emeritus
 
Posts: 4621
Joined: February 12th, 2008, 2:36 am
Location: Port Hedland, Western Australia

Re: Possible trojan virus infection, please help me.

Unread postby Maelyder » January 12th, 2009, 1:31 pm

Logfile of random's system information tool 1.05 (written by random/random)
Run by MOEP at 2009-01-12 18:29:42
Microsoft Windows XP Professional Service Pack 2
System drive C: has 32 GB (42%) free of 76 GB
Total RAM: 2046 MB (63% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:29, on 2009-01-12
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Programme\avmwlanstick\WlanNetService.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Programme\avmwlanstick\wlangui.exe
C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\oodag.exe
C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\oodtray.exe
C:\Programme\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBVE.EXE
C:\Programme\MSN Messenger\msnmsgr.exe
C:\Programme\Curse\CurseClient.exe
C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\MSN Messenger\usnsvc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\Programme\ICQ6\ICQ.exe
C:\Programme\Winamp\winamp.exe
C:\Programme\Mozilla Firefox\firefox.exe
c:\programme\gemeinsame dateien\installshield\updateservice\isuspm.exe
C:\PROGRA~1\GEMEIN~1\INSTAL~1\UPDATE~1\agent.exe
C:\Programme\Adobe\Reader 8.0\Reader\AcroRd32.exe
C:\Dokumente und Einstellungen\MOEP\Desktop\RSIT.exe
C:\Programme\Trend Micro\HijackThis\MOEP.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.icq.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {2a7a5971-cd65-4b42-a7a9-7057f2bdb162} - C:\WINDOWS\system32\jadihuli.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [AVMWlanClient] C:\Programme\avmwlanstick\wlangui.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\GEMEIN~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKLM\..\Run: [OODefragTray] C:\WINDOWS\system32\oodtray.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\JM\JMInsIDE.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [d0be89bf] rundll32.exe "C:\WINDOWS\system32\jufuweko.dll",b
O4 - HKLM\..\Run: [tenijusuba] Rundll32.exe "C:\WINDOWS\system32\dobayovu.dll",s
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [EPSON Stylus DX5000 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBVE.EXE /FU "C:\WINDOWS\TEMP\E_S1BB.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [msnmsgr] "C:\Programme\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [CurseClient] C:\Programme\Curse\CurseClient.exe -silent
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows ... 1016297780
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: c:\windows\system32\femawiko.dll c:\windows\system32\pujosove.dll c:\windows\system32\fegezika.dll c:\windows\system32\silohuru.dll c:\windows\system32\tisenove.dll c:\windows\system32\nomefitu.dll C:\WINDOWS\system32\kamozunu.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Programme\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Programme\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - C:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Programme\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: AVM WLAN Connection Service - AVM Berlin - C:\Programme\avmwlanstick\WlanNetService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: SiSoftware Deployment Agent Service (SandraAgentSrv) - SiSoftware - C:\Programme\SiSoftware\SiSoftware Sandra Lite 2009\RpcAgentSrv.exe

--
End of file - 7136 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2a7a5971-cd65-4b42-a7a9-7057f2bdb162}]
C:\WINDOWS\system32\jadihuli.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Programme\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2007-07-05 16380416]
"Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2005-05-03 69632]
"AVMWlanClient"=C:\Programme\avmwlanstick\wlangui.exe [2006-12-28 1454080]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2008-05-02 13529088]
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2008-05-02 86016]
"nwiz"=nwiz.exe /install []
"ISUSScheduler"=C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe [2005-02-17 81920]
"ISUSPM Startup"=C:\PROGRA~1\GEMEIN~1\INSTAL~1\UPDATE~1\isuspm.exe [2005-02-17 221184]
"OODefragTray"=C:\WINDOWS\system32\oodtray.exe [2007-05-11 2512392]
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]
"SunJavaUpdateSched"=C:\Programme\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]
"JMB36X IDE Setup"=C:\WINDOWS\JM\JMInsIDE.exe [2006-10-30 36864]
"QuickTime Task"=C:\Programme\QuickTime\QTTask.exe [2008-09-06 413696]
"Adobe Reader Speed Launcher"=C:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-10-15 39792]
"d0be89bf"=C:\WINDOWS\system32\jufuweko.dll [2009-01-10 90305]
"tenijusuba"=C:\WINDOWS\system32\dobayovu.dll []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2004-08-04 15360]
"EPSON Stylus DX5000 Series"=C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBVE.EXE [2006-09-22 139264]
"msnmsgr"=C:\Programme\MSN Messenger\msnmsgr.exe [2007-01-19 5674352]
"CurseClient"=C:\Programme\Curse\CurseClient.exe [2008-10-10 4789760]
"SUPERAntiSpyware"=C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe [2009-01-05 1830128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="c:\windows\system32\femawiko.dll c:\windows\system32\pujosove.dll c:\windows\system32\fegezika.dll c:\windows\system32\silohuru.dll c:\windows\system32\tisenove.dll c:\windows\system32\nomefitu.dll C:\WINDOWS\system32\kamozunu.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Programme\SUPERAntiSpyware\SASWINLO.DLL [2009-01-05 356352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Programme\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages"=scecli
C:\WINDOWS\system32\kamozunu.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSEXESVC]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PSEXESVC]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=91000000

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Programme\GIGABYTE\@BIOS\gwflash.exe"="C:\Programme\GIGABYTE\@BIOS\gwflash.exe:*:Enabled:gwflash"
"C:\Programme\eMule\emule.exe"="C:\Programme\eMule\emule.exe:*:Enabled:eMule"
"C:\Programme\Azureus\Azureus.exe"="C:\Programme\Azureus\Azureus.exe:*:Enabled:Azureus"
"D:\Spiele\Warcraft III\war3.exe"="D:\Spiele\Warcraft III\war3.exe:*:Enabled:Warcraft III"
"C:\Programme\Messenger\msmsgs.exe"="C:\Programme\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Programme\MSN Messenger\msnmsgr.exe"="C:\Programme\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Programme\MSN Messenger\livecall.exe"="C:\Programme\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\Programme\Last.fm\LastFM.exe"="C:\Programme\Last.fm\LastFM.exe:*:Enabled:Last.fm"
"C:\Programme\QIP\qip.exe"="C:\Programme\QIP\qip.exe:*:Enabled:Quiet Internet Pager"
"D:\Spiele\Steam\steamapps\salatbaum\team fortress 2\hl2.exe"="D:\Spiele\Steam\steamapps\salatbaum\team fortress 2\hl2.exe:*:Enabled:hl2"
"C:\WINDOWS\system32\PnkBstrA.exe"="C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA"
"C:\WINDOWS\system32\PnkBstrB.exe"="C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB"
"D:\Spiele\Call of Duty 4 Modern Warfare\iw3mp.exe"="D:\Spiele\Call of Duty 4 Modern Warfare\iw3mp.exe:*:Enabled:Call of Duty(R) 4 - Modern Warfare(TM)"
"C:\Programme\ICQ6\ICQ.exe"="C:\Programme\ICQ6\ICQ.exe:*:Enabled:ICQ6"
"D:\Spiele\Steam\steamapps\superzahnstein\team fortress 2\hl2.exe"="D:\Spiele\Steam\steamapps\superzahnstein\team fortress 2\hl2.exe:*:Enabled:hl2"
"D:\Spiele\Quake\etqw.exe"="D:\Spiele\Quake\etqw.exe:*:Enabled:Enemy Territory - QUAKE Wars(TM)"
"D:\Spiele\Quake\etqwded.exe"="D:\Spiele\Quake\etqwded.exe:*:Enabled:etqwded.exe"
"D:\Spiele\Unreal Tournament III\Binaries\UT3.exe"="D:\Spiele\Unreal Tournament III\Binaries\UT3.exe:*:Enabled:Unreal Tournament 3"
"D:\Spiele\Firaxis Games\Sid Meier's Civilization 4\Civilization4.exe"="D:\Spiele\Firaxis Games\Sid Meier's Civilization 4\Civilization4.exe:*:Enabled:Sid Meier's Civilization 4"
"D:\Spiele\Firaxis Games\Sid Meier's Civilization 4\Beyond the Sword\Civ4BeyondSword.exe"="D:\Spiele\Firaxis Games\Sid Meier's Civilization 4\Beyond the Sword\Civ4BeyondSword.exe:*:Enabled:Sid Meier's Civilization 4 Beyond the Sword"
"D:\Spiele\Firaxis Games\Sid Meier's Civilization 4\Beyond the Sword\Civ4BeyondSword_PitBoss.exe"="D:\Spiele\Firaxis Games\Sid Meier's Civilization 4\Beyond the Sword\Civ4BeyondSword_PitBoss.exe:*:Enabled:Sid Meier's Civilization 4 Beyond the Sword Pitboss"
"C:\Programme\Veoh Networks\Veoh\VeohClient.exe"="C:\Programme\Veoh Networks\Veoh\VeohClient.exe:*:Enabled:Veoh Client"
"C:\Dokumente und Einstellungen\MOEP\Desktop\Diablo3-cinematictrailer_en-GB-downloader.exe"="C:\Dokumente und Einstellungen\MOEP\Desktop\Diablo3-cinematictrailer_en-GB-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\Dokumente und Einstellungen\MOEP\Desktop\Diablo3-gameplaytrailer_en-GB-downloader.exe"="C:\Dokumente und Einstellungen\MOEP\Desktop\Diablo3-gameplaytrailer_en-GB-downloader.exe:*:Enabled:Blizzard Downloader"
"D:\Spiele\Cs\hl.exe"="D:\Spiele\Cs\hl.exe:*:Enabled:Half-Life Launcher"
"D:\Spiele\DiabloII\D2Loader-1.11b.exe"="D:\Spiele\DiabloII\D2Loader-1.11b.exe:*:Enabled:Diablo II"
"D:\Spiele\BROOD an familie\starcraft.exe"="D:\Spiele\BROOD an familie\starcraft.exe:*:Enabled:Starcraft"
"C:\cryptload\RouterClient.exe"="C:\cryptload\RouterClient.exe:*:Enabled:RouterClient"
"C:\Programme\GIGABYTE\@BIOS\update.exe"="C:\Programme\GIGABYTE\@BIOS\update.exe:*:Enabled:update"
"C:\Programme\gwflash.exe"="C:\Programme\gwflash.exe:*:Enabled:gwflash"
"C:\Programme\Tortun\gui.exe"="C:\Programme\Tortun\gui.exe:*:Enabled:gui"
"D:\Spiele\Wrath of the Lich King Beta\WoW-3.0.2.8962-to-3.0.2.8970-enGB-downloader.exe"="D:\Spiele\Wrath of the Lich King Beta\WoW-3.0.2.8962-to-3.0.2.8970-enGB-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\Programme\Electronic Arts\Command & Conquer 3\RetailExe\1.0\cnc3game.dat"="C:\Programme\Electronic Arts\Command & Conquer 3\RetailExe\1.0\cnc3game.dat:*:Enabled:Command & Conquer 3 Tiberium Wars"
"C:\Programme\SiSoftware\SiSoftware Sandra Lite 2009\RpcAgentSrv.exe"="C:\Programme\SiSoftware\SiSoftware Sandra Lite 2009\RpcAgentSrv.exe:*:Enabled:SiSoftware Deployment Agent Service"
"C:\Programme\SiSoftware\SiSoftware Sandra Lite 2009\WNt500x86\RpcSandraSrv.exe"="C:\Programme\SiSoftware\SiSoftware Sandra Lite 2009\WNt500x86\RpcSandraSrv.exe:*:Enabled:SiSoftware Sandra Agent Service"
"C:\Programme\Curse\CurseClient.exe"="C:\Programme\Curse\CurseClient.exe:*:Enabled:Curse Client"
"C:\Programme\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe"="C:\Programme\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe:*:Enabled:Crysis_32"
"C:\Programme\Electronic Arts\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe"="C:\Programme\Electronic Arts\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe:*:Enabled:CrysisDedicatedServer_32"
"C:\Programme\Mozilla Firefox\firefox.exe"="C:\Programme\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"
"C:\WINDOWS\system32\dpvsetup.exe"="C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\WINDOWS\system32\rundll32.exe"="C:\WINDOWS\system32\rundll32.exe:*:Enabled:Eine DLL-Datei als Anwendung ausführen"
"C:\WINDOWS\explorer.exe"="C:\WINDOWS\explorer.exe:*:Enabled:Explorer"
"C:\WINDOWS\system32\winlogon.exe"="C:\WINDOWS\system32\winlogon.exe:*:Enabled:winlogon"
"C:\WINDOWS\system32\nvsvc32.exe"="C:\WINDOWS\system32\nvsvc32.exe:*:Enabled:nvsvc32"
"C:\WINDOWS\system32\oodag.exe"="C:\WINDOWS\system32\oodag.exe:*:Enabled:oodag"
"C:\Programme\Avira\AntiVir PersonalEdition Classic\guardgui.exe"="C:\Programme\Avira\AntiVir PersonalEdition Classic\guardgui.exe:*:Enabled:GUARDGUI"
"C:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe"="C:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe:*:Enabled:sched"
"C:\Programme\Skype\Phone\Skype.exe"="C:\Programme\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Programme\MSN Messenger\msnmsgr.exe"="C:\Programme\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Programme\MSN Messenger\livecall.exe"="C:\Programme\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

======List of files/folders created in the last 1 months======

2009-01-12 18:29:42 ----D---- C:\rsit
2009-01-11 23:24:56 ----D---- C:\Programme\Larva Mortus
2009-01-10 03:29:04 ----SH---- C:\WINDOWS\system32\okewufuj.ini
2009-01-09 15:29:00 ----SH---- C:\WINDOWS\system32\ifipoweh.ini
2009-01-09 03:28:56 ----SH---- C:\WINDOWS\system32\uvupeduy.ini
2009-01-08 15:28:54 ----SH---- C:\WINDOWS\system32\esawavij.ini
2009-01-08 03:28:52 ----SH---- C:\WINDOWS\system32\edisodut.ini
2009-01-07 15:28:49 ----SH---- C:\WINDOWS\system32\okayelas.ini
2009-01-07 03:28:48 ----SH---- C:\WINDOWS\system32\ogawibep.ini
2009-01-07 02:29:00 ----SH---- C:\WINDOWS\system32\awuwobuw.ini
2009-01-06 14:28:40 ----SH---- C:\WINDOWS\system32\akorizaz.ini
2009-01-06 02:29:02 ----SH---- C:\WINDOWS\system32\uviyopah.ini
2009-01-05 19:08:10 ----D---- C:\Programme\Adobe
2009-01-05 14:28:04 ----SH---- C:\WINDOWS\system32\aruzuyaj.ini
2009-01-05 02:28:02 ----SH---- C:\WINDOWS\system32\oripoves.ini
2009-01-04 14:27:46 ----SH---- C:\WINDOWS\system32\inuvesew.ini
2009-01-04 02:27:45 ----SH---- C:\WINDOWS\system32\anivosof.ini
2009-01-03 14:27:44 ----SH---- C:\WINDOWS\system32\anafilok.ini
2009-01-03 02:27:42 ----SH---- C:\WINDOWS\system32\emuzilek.ini
2009-01-02 14:27:40 ----SH---- C:\WINDOWS\system32\orovoyom.ini
2009-01-02 02:27:38 ----SH---- C:\WINDOWS\system32\ipuwuzog.ini
2009-01-01 14:27:37 ----SH---- C:\WINDOWS\system32\esukodug.ini
2009-01-01 02:27:34 ----SH---- C:\WINDOWS\system32\uyihidab.ini
2008-12-31 14:27:32 ----SH---- C:\WINDOWS\system32\otayafeb.ini
2008-12-31 02:27:29 ----SH---- C:\WINDOWS\system32\opinuziw.ini
2008-12-30 14:27:27 ----SH---- C:\WINDOWS\system32\asumafil.ini
2008-12-30 02:27:17 ----SH---- C:\WINDOWS\system32\odujubip.ini
2008-12-29 17:40:20 ----D---- C:\VundoFix Backups
2008-12-29 17:40:20 ----A---- C:\VundoFix.txt
2008-12-29 14:27:11 ----SH---- C:\WINDOWS\system32\onabubew.ini
2008-12-28 10:02:24 ----D---- C:\32788R22FWJFW
2008-12-28 02:26:16 ----SH---- C:\WINDOWS\system32\ekujilow.ini
2008-12-28 01:53:56 ----A---- C:\Bug.txt
2008-12-28 01:53:54 ----A---- C:\WINDOWS\system32\cmd.execf
2008-12-28 01:48:33 ----A---- C:\WINDOWS\zip.exe
2008-12-28 01:48:33 ----A---- C:\WINDOWS\VFIND.exe
2008-12-28 01:48:33 ----A---- C:\WINDOWS\SWXCACLS.exe
2008-12-28 01:48:33 ----A---- C:\WINDOWS\SWSC.exe
2008-12-28 01:48:33 ----A---- C:\WINDOWS\SWREG.exe
2008-12-28 01:48:33 ----A---- C:\WINDOWS\sed.exe
2008-12-28 01:48:33 ----A---- C:\WINDOWS\NIRCMD.exe
2008-12-28 01:48:33 ----A---- C:\WINDOWS\grep.exe
2008-12-28 01:48:33 ----A---- C:\WINDOWS\fdsv.exe
2008-12-28 01:48:28 ----D---- C:\WINDOWS\ERDNT
2008-12-28 01:48:28 ----D---- C:\Qoobox
2008-12-28 01:48:28 ----D---- C:\ComboFix
2008-12-28 01:48:27 ----A---- C:\WINDOWS\system32\CF6426.exe
2008-12-27 03:41:05 ----SH---- C:\WINDOWS\system32\eluniwow.ini
2008-12-26 14:45:11 ----SH---- C:\WINDOWS\system32\epitoruv.ini
2008-12-26 14:05:17 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SUPERAntiSpyware.com
2008-12-26 14:05:01 ----D---- C:\Programme\SUPERAntiSpyware
2008-12-26 14:05:01 ----D---- C:\Dokumente und Einstellungen\MOEP\Anwendungsdaten\SUPERAntiSpyware.com
2008-12-24 10:35:44 ----SH---- C:\WINDOWS\system32\okoruzan.ini
2008-12-23 22:02:46 ----SH---- C:\WINDOWS\system32\abedihes.ini
2008-12-22 16:41:43 ----SH---- C:\WINDOWS\system32\izasenaf.ini
2008-12-22 13:45:49 ----D---- C:\Programme\Lavasoft
2008-12-22 13:45:47 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Lavasoft
2008-12-22 13:43:03 ----D---- C:\Programme\Trend Micro
2008-12-21 16:44:21 ----SH---- C:\WINDOWS\system32\idoduhop.ini
2008-12-20 21:08:15 ----SH---- C:\WINDOWS\system32\elojimif.ini
2008-12-19 03:00:35 ----HDC---- C:\WINDOWS\$NtUninstallKB960714$

======List of files/folders modified in the last 1 months======

2009-01-12 18:06:23 ----D---- C:\WINDOWS\Prefetch
2009-01-12 14:26:34 ----D---- C:\Programme\Mozilla Firefox
2009-01-12 14:18:18 ----D---- C:\WINDOWS\Temp
2009-01-11 23:28:33 ----D---- C:\WINDOWS
2009-01-11 23:24:56 ----RD---- C:\Programme
2009-01-11 19:39:38 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-01-11 18:30:17 ----D---- C:\Dokumente und Einstellungen\MOEP\Anwendungsdaten\teamspeak2
2009-01-10 14:28:27 ----A---- C:\WINDOWS\NeroDigital.ini
2009-01-10 14:16:41 ----D---- C:\WINDOWS\system32\CatRoot2
2009-01-10 11:32:34 ----D---- C:\Dokumente und Einstellungen\MOEP\Anwendungsdaten\Skype
2009-01-10 03:34:04 ----D---- C:\WINDOWS\system32
2009-01-10 03:29:03 ----ASH---- C:\WINDOWS\system32\kajepajo.dll
2009-01-10 03:29:03 ----ASH---- C:\WINDOWS\system32\jufuweko.dll
2009-01-10 03:29:03 ----ASH---- C:\WINDOWS\system32\beyewuzi.dll
2009-01-09 15:29:00 ----N---- C:\WINDOWS\system32\hewopifi.dll
2009-01-09 15:29:00 ----ASH---- C:\WINDOWS\system32\sufanape.dll
2009-01-09 03:28:56 ----N---- C:\WINDOWS\system32\yudepuvu.dll
2009-01-09 03:28:56 ----ASH---- C:\WINDOWS\system32\purifahi.dll
2009-01-08 15:28:54 ----ASH---- C:\WINDOWS\system32\hubunoye.dll
2009-01-08 15:28:53 ----N---- C:\WINDOWS\system32\jivawase.dll
2009-01-08 03:28:52 ----ASH---- C:\WINDOWS\system32\vadurafi.dll
2009-01-08 03:28:51 ----N---- C:\WINDOWS\system32\tudoside.dll
2009-01-07 19:41:01 ----D---- C:\WINDOWS\system32\oodag
2009-01-07 15:28:49 ----N---- C:\WINDOWS\system32\saleyako.dll
2009-01-07 15:28:49 ----ASH---- C:\WINDOWS\system32\gutakila.dll
2009-01-07 03:28:47 ----N---- C:\WINDOWS\system32\pebiwago.dll
2009-01-07 03:28:47 ----ASH---- C:\WINDOWS\system32\pasebite.dll
2009-01-07 02:28:36 ----N---- C:\WINDOWS\system32\wubowuwa.dll
2009-01-07 02:28:35 ----ASH---- C:\WINDOWS\system32\wowegape.dll
2009-01-06 14:28:34 ----N---- C:\WINDOWS\system32\zaziroka.dll
2009-01-06 14:28:34 ----ASH---- C:\WINDOWS\system32\zabeyuse.dll
2009-01-06 12:41:17 ----D---- C:\Programme\eMule
2009-01-06 12:30:13 ----D---- C:\Programme\Azureus
2009-01-06 02:28:32 ----ASH---- C:\WINDOWS\system32\ligamosa.dll
2009-01-06 02:28:31 ----N---- C:\WINDOWS\system32\hapoyivu.dll
2009-01-05 19:38:11 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-01-05 19:09:04 ----SHD---- C:\WINDOWS\Installer
2009-01-05 19:09:04 ----SHD---- C:\Config.Msi
2009-01-05 19:08:37 ----D---- C:\Programme\Gemeinsame Dateien\Adobe
2009-01-05 19:08:29 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Adobe
2009-01-05 18:41:47 ----D---- C:\Dokumente und Einstellungen\MOEP\Anwendungsdaten\Azureus
2009-01-05 14:28:04 ----ASH---- C:\WINDOWS\system32\jayuzura.dll
2009-01-05 14:28:04 ----A---- C:\WINDOWS\WININIT.INI
2009-01-05 02:28:02 ----N---- C:\WINDOWS\system32\sevopiro.dll
2009-01-05 02:28:01 ----ASH---- C:\WINDOWS\system32\sajakola.dll
2009-01-04 14:27:46 ----N---- C:\WINDOWS\system32\wesevuni.dll
2009-01-04 14:27:46 ----ASH---- C:\WINDOWS\system32\vihiduma.dll
2009-01-04 02:27:45 ----N---- C:\WINDOWS\system32\fosovina.dll
2009-01-04 02:27:45 ----ASH---- C:\WINDOWS\system32\detovina.dll
2009-01-03 14:27:44 ----N---- C:\WINDOWS\system32\kolifana.dll
2009-01-03 14:27:44 ----ASH---- C:\WINDOWS\system32\newilovu.dll
2009-01-03 02:27:42 ----N---- C:\WINDOWS\system32\kelizume.dll
2009-01-03 02:27:42 ----ASH---- C:\WINDOWS\system32\kiniyafu.dll
2009-01-02 14:27:40 ----N---- C:\WINDOWS\system32\moyovoro.dll
2009-01-02 14:27:40 ----ASH---- C:\WINDOWS\system32\jivulifu.dll
2009-01-02 14:27:39 ----ASH---- C:\WINDOWS\system32\sakurubu.dll
2009-01-02 02:27:38 ----N---- C:\WINDOWS\system32\gozuwupi.dll
2009-01-02 02:27:38 ----ASH---- C:\WINDOWS\system32\pibosuse.dll
2009-01-01 14:27:37 ----ASH---- C:\WINDOWS\system32\melotoso.dll
2009-01-01 14:27:36 ----N---- C:\WINDOWS\system32\gudokuse.dll
2009-01-01 02:27:35 ----ASH---- C:\WINDOWS\system32\jawehuvi.dll
2009-01-01 02:27:34 ----N---- C:\WINDOWS\system32\badihiyu.dll
2008-12-31 14:27:32 ----N---- C:\WINDOWS\system32\befayato.dll
2008-12-31 14:27:32 ----ASH---- C:\WINDOWS\system32\jamazote.dll
2008-12-31 02:27:29 ----N---- C:\WINDOWS\system32\wizunipo.dll
2008-12-31 02:27:29 ----ASH---- C:\WINDOWS\system32\sipaneya.dll
2008-12-30 14:27:27 ----ASH---- C:\WINDOWS\system32\jojogude.dll
2008-12-30 02:27:15 ----N---- C:\WINDOWS\system32\pibujudo.dll
2008-12-30 02:27:15 ----ASH---- C:\WINDOWS\system32\zahutova.dll
2008-12-30 02:27:15 ----ASH---- C:\WINDOWS\system32\nirepuna.dll
2008-12-29 14:27:11 ----N---- C:\WINDOWS\system32\webubano.dll
2008-12-29 02:27:05 ----ASH---- C:\WINDOWS\system32\vuwizodi.dll
2008-12-29 02:27:04 ----ASH---- C:\WINDOWS\system32\mutelupo.dll
2008-12-28 01:34:48 ----A---- C:\WINDOWS\avisplitter.ini
2008-12-28 01:26:10 ----ASH---- C:\WINDOWS\system32\jurumoku.dll
2008-12-28 01:26:10 ----ASH---- C:\WINDOWS\system32\jawotiwi.dll
2008-12-26 14:29:37 ----ASH---- C:\WINDOWS\system32\vurotipe.dll
2008-12-26 14:02:09 ----D---- C:\Programme\Gemeinsame Dateien\Wise Installation Wizard
2008-12-23 22:02:44 ----ASH---- C:\WINDOWS\system32\sehideba.dll
2008-12-23 21:01:39 ----ASH---- C:\WINDOWS\system32\febasuvo.dll
2008-12-22 14:33:51 ----D---- C:\Dokumente und Einstellungen\MOEP\Anwendungsdaten\OpenOffice.org2
2008-12-22 13:49:52 ----D---- C:\WINDOWS\Debug
2008-12-22 13:45:49 ----D---- C:\WINDOWS\system32\drivers
2008-12-22 04:41:13 ----ASH---- C:\WINDOWS\system32\wotunivo.dll
2008-12-21 16:40:57 ----ASH---- C:\WINDOWS\system32\yilefaju.dll
2008-12-19 10:48:24 ----HD---- C:\WINDOWS\inf
2008-12-19 03:00:38 ----RSHDC---- C:\WINDOWS\system32\dllcache
2008-12-19 03:00:26 ----HD---- C:\WINDOWS\$hf_mig$

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 avgio;avgio; \??\C:\Programme\Avira\AntiVir PersonalEdition Classic\avgio.sys []
R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2008-11-11 75072]
R1 intelppm;Intel-Prozessortreiber; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2004-08-04 40192]
R1 kbdhid;Tastatur-HID-Treiber; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-04 14848]
R1 SASDIFSV;SASDIFSV; \??\C:\Programme\SUPERAntiSpyware\SASDIFSV.SYS []
R1 SASKUTIL;SASKUTIL; \??\C:\Programme\SUPERAntiSpyware\SASKUTIL.sys []
R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2008-05-10 21248]
R2 Aspi32;Aspi32; C:\WINDOWS\System32\drivers\aspi32.sys [2002-07-17 16877]
R2 atksgt;atksgt; C:\WINDOWS\system32\DRIVERS\atksgt.sys [2007-11-24 278984]
R2 lirsgt;lirsgt; C:\WINDOWS\system32\DRIVERS\lirsgt.sys [2007-11-24 25416]
R2 NwlnkIpx;NWLink IPX/SPX/NetBIOS-kompatibles Transportprotokoll; C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys [2004-08-04 88448]
R2 NwlnkNb;NWLink-NetBIOS; C:\WINDOWS\system32\DRIVERS\nwlnknb.sys [2001-08-23 63232]
R2 NwlnkSpx;NWLink SPX/SPXII-Protokoll; C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys [2001-08-23 55936]
R3 avgntflt;avgntflt; \??\C:\Programme\Avira\AntiVir PersonalEdition Classic\avgntflt.sys []
R3 FWLANUSB;AVM FRITZ!WLAN; C:\WINDOWS\system32\DRIVERS\fwlanusb.sys [2006-12-28 265088]
R3 hamachi;Hamachi Network Interface; C:\WINDOWS\system32\DRIVERS\hamachi.sys [2007-10-27 25280]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2005-01-07 138752]
R3 hidusb;Microsoft HID Class-Treiber; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2001-08-23 9600]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2007-07-18 4547584]
R3 mouhid;Maus-HID-Treiber; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-23 12288]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2008-05-02 6554496]
R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:\WINDOWS\System32\DRIVERS\Rtenicxp.sys [2007-03-01 90496]
R3 SASENUM;SASENUM; \??\C:\Programme\SUPERAntiSpyware\SASENUM.SYS []
R3 usbccgp;Microsoft Standard-USB-Haupttreiber; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-04 31616]
R3 usbehci;Miniporttreiber für erweiterten Microsoft USB 2.0-Hostcontroller; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-04 26624]
R3 usbhub;Microsoft USB-Standardhubtreiber; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2004-08-04 57600]
R3 USBSTOR;USB-Massenspeichertreiber; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 26496]
R3 usbuhci;Miniporttreiber für universellen Microsoft USB-Hostcontroller; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2004-08-04 20480]
S3 Arp1394;1394-ARP-Clientprotokoll; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2004-08-04 60800]
S3 auakf0wb;auakf0wb; C:\WINDOWS\system32\drivers\auakf0wb.sys []
S3 avmeject;AVM Eject; C:\WINDOWS\system32\drivers\avmeject.sys [2006-12-28 4352]
S3 dtwmnic5;Telekom Eumex 504PC SE; C:\WINDOWS\system32\DRIVERS\dtwmnic5.sys []
S3 ET5Drv;ET5Drv; \??\C:\WINDOWS\system32\Drivers\ET5Drv.sys []
S3 gdrv;gdrv; \??\C:\WINDOWS\gdrv.sys []
S3 NIC1394;1394-Netzwerktreiber; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2004-08-04 61824]
S3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2001-08-23 5888]
S3 SANDRA;SANDRA; \??\C:\Programme\SiSoftware\SiSoftware Sandra Lite 2009\WNt500x86\Sandra.sys []
S3 ulisa;Telekom ISDN-Adapter (USB); C:\WINDOWS\System32\Drivers\ulisa.sys []
S3 US122;US122 Driver; C:\WINDOWS\System32\Drivers\US122.sys [2007-08-29 131968]
S3 US122DL;US122 Firmware Downloader; C:\WINDOWS\System32\Drivers\US122DL.sys [2007-08-29 18304]
S3 Us122WdmService;US122 Wdm Audio; C:\WINDOWS\System32\Drivers\US122Wdm.sys [2007-08-29 39168]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys []
S3 usbaudio;USB-Audiotreiber (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2004-08-04 59264]
S3 usbprint;Microsoft USB-Druckerklasse; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-04 25856]
S3 usbscan;USB-Scannertreiber; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-04 15104]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aawservice;Lavasoft Ad-Aware Service; C:\Programme\Lavasoft\Ad-Aware\aawservice.exe [2008-09-10 611664]
R2 AntiVirScheduler;AntiVir PersonalEdition Classic Planer; C:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe [2008-10-26 68865]
R2 AntiVirService;AntiVir PersonalEdition Classic Guard; C:\Programme\Avira\AntiVir PersonalEdition Classic\avguard.exe [2008-10-26 151297]
R2 AVM WLAN Connection Service;AVM WLAN Connection Service; C:\Programme\avmwlanstick\WlanNetService.exe [2006-12-28 356352]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe [2005-06-20 53248]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2008-05-02 159812]
R2 O&O Defrag;O&O Defrag; C:\WINDOWS\system32\oodag.exe [2007-05-11 1050120]
R3 usnjsvc;Messenger USN Journal Reader-Service für freigegebene Ordner; C:\Programme\MSN Messenger\usnsvc.exe [2007-01-19 97136]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 IDriverT;InstallDriver Table Manager; C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 SandraAgentSrv;SiSoftware Deployment Agent Service; C:\Programme\SiSoftware\SiSoftware Sandra Lite 2009\RpcAgentSrv.exe [2008-09-08 98488]
S3 WMPNetworkSvc;Windows Media Player-Netzwerkfreigabedienst; C:\Programme\Windows Media Player\WMPNetwk.exe [2006-11-03 920576]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336]
S4 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2008-11-04 66872]

-----------------EOF-----------------



info.txt :

info.txt logfile of random's system information tool 1.05 2009-01-12 18:29:49

======Uninstall list======

@BIOS -->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{B2DC3F08-2EB2-49A5-AA24-15DFC8B1CB83}\setup.exe" -l0x9 -removeonly
-->C:\Programme\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
-->C:\Programme\DivX\DivXConverterUninstall.exe /CONVERTER
-->MsiExec /X{45235788-142C-44BE-8A4D-DDE9A84492E5}
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Ad-Aware-->MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 8.1.3 - Deutsch-->MsiExec.exe /I{AC76BA86-7AD7-1031-7B44-A81300000003}
AGEIA PhysX v7.09.13-->MsiExec.exe /X{45235788-142C-44BE-8A4D-DDE9A84492E5}
Avira AntiVir Personal - Free Antivirus-->C:\Programme\Avira\AntiVir PersonalEdition Classic\SETUP.EXE /REMOVE
AVM FRITZ!WLAN-->C:\Programme\avmwlanstick\instwcli.exe -d1
Call of Duty(R) 4 - Modern Warfare(TM)-->C:\Programme\InstallShield Installation Information\{E48469CC-635E-4FD5-A122-1497C286D217}\setup.exe -runfromtemp -l0x0409
CCleaner (remove only)-->"C:\Programme\CCleaner\uninst.exe"
Command & Conquer 3-->MsiExec.exe /I{B0C30E93-D3D9-4F04-A2AC-54749B573275}
Counter-Strike 1.6-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\09\00\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{13B792AA-C078-43A4-8A3A-8B12D629940D}\Setup.exe" -l0x19
Crysis(R)-->MsiExec.exe /I{000E79B7-E725-4F01-870A-C12942B7F8E4}
Curse Client-->C:\Programme\Curse\uninstall.exe
DivX Content Uploader-->C:\Programme\DivX\DivXContentUploaderUninstall.exe /CUPLOADER
DivX Converter-->C:\Programme\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player-->C:\Programme\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player-->C:\Programme\DivX\DivXWebPlayerUninstall.exe /PLUGIN
Enemy Territory - QUAKE Wars(TM)-->C:\Programme\InstallShield Installation Information\{B7A585C8-CE4E-4150-84C6-A13C3CB1379F}\setup.exe -runfromtemp -l0x0409
EPSON Printer Software-->C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EPUPDATE.EXE /R
EPSON Scan-->C:\Programme\epson\escndv\setup\setup.exe /r
ETC B07.0509.01-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{9C6105B4-2A33-4ADB-89A0-F423D562F3B9}\setup.exe" -l0x9 -removeonly
Fraps (remove only)-->"C:\Fraps\uninstall.exe"
Gigabyte Raid Configurer-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}\SETUP.EXE" -l0x7 -removeonly
Half-Life 2: Episode One-->"D:\Spiele\Steam\steam.exe" steam://uninstall/380
Hamachi 1.0.2.5-->C:\Programme\Hamachi\uninstall.exe
High Definition Audio Driver Package - KB888111-->"C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"
HijackThis 2.0.2-->"C:\Programme\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB926239)-->"C:\WINDOWS\$NtUninstallKB926239$\spuninst\spuninst.exe"
Hotfix für Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix für Windows XP (KB935448)-->"C:\WINDOWS\$NtUninstallKB935448$\spuninst\spuninst.exe"
Hotfix für Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
ICQ6-->"C:\Programme\InstallShield Installation Information\{60DE4033-9503-48D1-A483-7846BD217CA9}\setup.exe" -runfromtemp -l0x0009 -removeonly
Java(TM) 6 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java(TM) 6 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Java(TM) 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
K-Lite Codec Pack 4.1.7 (Full)-->"C:\Programme\K-Lite Codec Pack\unins000.exe"
Larva Mortus 1.02-->C:\Programme\Larva Mortus\uninst.exe
Last.fm 1.5.1.30182-->"C:\Programme\Last.fm\unins000.exe"
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Mozilla Firefox (3.0.5)-->C:\Programme\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
Nero Suite-->C:\Programme\Gemeinsame Dateien\Nero\Uninstall\Setupx.exe /uninstall ExtraUninstallID=""
NVIDIA Drivers-->C:\WINDOWS\system32\nvuninst.exe UninstallGUI
O&O Defrag Professional Edition-->MsiExec.exe /I{53480330-E1D1-41CA-B8F8-7F78644F7F50}
OpenOffice.org 2.3-->MsiExec.exe /I{DD5B65F7-7CA5-4DE4-AEE7-7E8F26BF78F5}
Paragon Partition Manager 8.5 Professional-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{49CC1A6A-3A1A-4EE7-913F-8106B51B59D1}\Setup.exe" -l0x9
Peggle Extreme-->"D:\Spiele\Steam\steam.exe" steam://uninstall/3483
PunkBuster Services-->C:\WINDOWS\system32\pbsvc.exe -u
QIP 2005 Uninstall-->"C:\Programme\QIP\unqip.exe"
QuickTime-->MsiExec.exe /I{8DC42D05-680B-41B0-8878-6C14D24602DB}
REALTEK GbE & FE Ethernet PCI-E NIC Driver-->C:\Programme\InstallShield Installation Information\{C9BED750-1211-4480-B1A5-718A3BE15525}\SETUP.EXE -runfromtemp -l0x0007 -removeonly
Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0x7 -removeonly
Sicherheitsupdate für Windows Media Player (KB911564)-->"C:\WINDOWS\$NtUninstallKB911564$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Media Player 10 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP10$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Media Player 6.4 (KB925398)-->"C:\WINDOWS\$NtUninstallKB925398_WMP64$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB890046)-->"C:\WINDOWS\$NtUninstallKB890046$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB893756)-->"C:\WINDOWS\$NtUninstallKB893756$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB896358)-->"C:\WINDOWS\$NtUninstallKB896358$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB896423)-->"C:\WINDOWS\$NtUninstallKB896423$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB896428)-->"C:\WINDOWS\$NtUninstallKB896428$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB899587)-->"C:\WINDOWS\$NtUninstallKB899587$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB899591)-->"C:\WINDOWS\$NtUninstallKB899591$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB900725)-->"C:\WINDOWS\$NtUninstallKB900725$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB901017)-->"C:\WINDOWS\$NtUninstallKB901017$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB901214)-->"C:\WINDOWS\$NtUninstallKB901214$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB902400)-->"C:\WINDOWS\$NtUninstallKB902400$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB904706)-->"C:\WINDOWS\$NtUninstallKB904706$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB905414)-->"C:\WINDOWS\$NtUninstallKB905414$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB905749)-->"C:\WINDOWS\$NtUninstallKB905749$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB908519)-->"C:\WINDOWS\$NtUninstallKB908519$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB911562)-->"C:\WINDOWS\$NtUninstallKB911562$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB911927)-->"C:\WINDOWS\$NtUninstallKB911927$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB913580)-->"C:\WINDOWS\$NtUninstallKB913580$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB914388)-->"C:\WINDOWS\$NtUninstallKB914388$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB914389)-->"C:\WINDOWS\$NtUninstallKB914389$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB917344)-->"C:\WINDOWS\$NtUninstallKB917344$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB917953)-->"C:\WINDOWS\$NtUninstallKB917953$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB918118)-->"C:\WINDOWS\$NtUninstallKB918118$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB918439)-->"C:\WINDOWS\$NtUninstallKB918439$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB919007)-->"C:\WINDOWS\$NtUninstallKB919007$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB920213)-->"C:\WINDOWS\$NtUninstallKB920213$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB920670)-->"C:\WINDOWS\$NtUninstallKB920670$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB920683)-->"C:\WINDOWS\$NtUninstallKB920683$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB920685)-->"C:\WINDOWS\$NtUninstallKB920685$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB921503)-->"C:\WINDOWS\$NtUninstallKB921503$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB922819)-->"C:\WINDOWS\$NtUninstallKB922819$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB923191)-->"C:\WINDOWS\$NtUninstallKB923191$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB923414)-->"C:\WINDOWS\$NtUninstallKB923414$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB923689)-->"C:\WINDOWS\$NtUninstallKB923689$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB923980)-->"C:\WINDOWS\$NtUninstallKB923980$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB924270)-->"C:\WINDOWS\$NtUninstallKB924270$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB924496)-->"C:\WINDOWS\$NtUninstallKB924496$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB924667)-->"C:\WINDOWS\$NtUninstallKB924667$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB925902)-->"C:\WINDOWS\$NtUninstallKB925902$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB926255)-->"C:\WINDOWS\$NtUninstallKB926255$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB926436)-->"C:\WINDOWS\$NtUninstallKB926436$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB927779)-->"C:\WINDOWS\$NtUninstallKB927779$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB927802)-->"C:\WINDOWS\$NtUninstallKB927802$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB928255)-->"C:\WINDOWS\$NtUninstallKB928255$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB928843)-->"C:\WINDOWS\$NtUninstallKB928843$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB929123)-->"C:\WINDOWS\$NtUninstallKB929123$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB930178)-->"C:\WINDOWS\$NtUninstallKB930178$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB931261)-->"C:\WINDOWS\$NtUninstallKB931261$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB931784)-->"C:\WINDOWS\$NtUninstallKB931784$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB932168)-->"C:\WINDOWS\$NtUninstallKB932168$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB933729)-->"C:\WINDOWS\$NtUninstallKB933729$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB935839)-->"C:\WINDOWS\$NtUninstallKB935839$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB935840)-->"C:\WINDOWS\$NtUninstallKB935840$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB936021)-->"C:\WINDOWS\$NtUninstallKB936021$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB937143)-->"C:\WINDOWS\$NtUninstallKB937143$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB937894)-->"C:\WINDOWS\$NtUninstallKB937894$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB938127)-->"C:\WINDOWS\$NtUninstallKB938127$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB938829)-->"C:\WINDOWS\$NtUninstallKB938829$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB939653)-->"C:\WINDOWS\$NtUninstallKB939653$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB941202)-->"C:\WINDOWS\$NtUninstallKB941202$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB941568)-->"C:\WINDOWS\$NtUninstallKB941568$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB941644)-->"C:\WINDOWS\$NtUninstallKB941644$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB941693)-->"C:\WINDOWS\$NtUninstallKB941693$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB942615)-->"C:\WINDOWS\$NtUninstallKB942615$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB943055)-->"C:\WINDOWS\$NtUninstallKB943055$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB943460)-->"C:\WINDOWS\$NtUninstallKB943460$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB943485)-->"C:\WINDOWS\$NtUninstallKB943485$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB944338)-->"C:\WINDOWS\$NtUninstallKB944338$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB944533)-->"C:\WINDOWS\$NtUninstallKB944533$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB944653)-->"C:\WINDOWS\$NtUninstallKB944653$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB945553)-->"C:\WINDOWS\$NtUninstallKB945553$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB946026)-->"C:\WINDOWS\$NtUninstallKB946026$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB947864)-->"C:\WINDOWS\$NtUninstallKB947864$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB948590)-->"C:\WINDOWS\$NtUninstallKB948590$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB948881)-->"C:\WINDOWS\$NtUninstallKB948881$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB950749)-->"C:\WINDOWS\$NtUninstallKB950749$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB950759)-->"C:\WINDOWS\$NtUninstallKB950759$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB953838)-->"C:\WINDOWS\$NtUninstallKB953838$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB956390)-->"C:\WINDOWS\$NtUninstallKB956390$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB958215)-->"C:\WINDOWS\$NtUninstallKB958215$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB960714)-->"C:\WINDOWS\$NtUninstallKB960714$\spuninst\spuninst.exe"
Sid Meier's Civilization 4 - Beyond the Sword-->C:\Programme\InstallShield Installation Information\{32E4F0D2-C135-475E-A841-1D59A0D22989}\setup.exe -runfromtemp -l0x0007 -removeonly
Sid Meier's Civilization 4-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{CFBCE791-2D53-4FCE-B3FB-D6E01F4112E8}\setup.exe" -l0x7 -removeonly
SiSoftware Sandra Lite 2009-->"C:\Programme\SiSoftware\SiSoftware Sandra Lite 2009\unins000.exe"
Skype™ 3.5-->MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
Steam-->MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3}
SUPERAntiSpyware Free Edition-->MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
Team Fortress 2-->"D:\Spiele\Steam\steam.exe" steam://uninstall/440
Tortun 0.8-->"C:\Programme\Tortun\unins000.exe"
Unreal Tournament 3-->MsiExec.exe /X{BFA90209-7AFF-4DB6-8E4B-E57305751AD7}
Update für Windows XP (KB894391)-->"C:\WINDOWS\$NtUninstallKB894391$\spuninst\spuninst.exe"
Update für Windows XP (KB898461)-->"C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
Update für Windows XP (KB900485)-->"C:\WINDOWS\$NtUninstallKB900485$\spuninst\spuninst.exe"
Update für Windows XP (KB908531)-->"C:\WINDOWS\$NtUninstallKB908531$\spuninst\spuninst.exe"
Update für Windows XP (KB910437)-->"C:\WINDOWS\$NtUninstallKB910437$\spuninst\spuninst.exe"
Update für Windows XP (KB911280)-->"C:\WINDOWS\$NtUninstallKB911280$\spuninst\spuninst.exe"
Update für Windows XP (KB916595)-->"C:\WINDOWS\$NtUninstallKB916595$\spuninst\spuninst.exe"
Update für Windows XP (KB920872)-->"C:\WINDOWS\$NtUninstallKB920872$\spuninst\spuninst.exe"
Update für Windows XP (KB922582)-->"C:\WINDOWS\$NtUninstallKB922582$\spuninst\spuninst.exe"
Update für Windows XP (KB927891)-->"C:\WINDOWS\$NtUninstallKB927891$\spuninst\spuninst.exe"
Update für Windows XP (KB930916)-->"C:\WINDOWS\$NtUninstallKB930916$\spuninst\spuninst.exe"
Update für Windows XP (KB933360)-->"C:\WINDOWS\$NtUninstallKB933360$\spuninst\spuninst.exe"
Update für Windows XP (KB936357)-->"C:\WINDOWS\$NtUninstallKB936357$\spuninst\spuninst.exe"
Update für Windows XP (KB938828)-->"C:\WINDOWS\$NtUninstallKB938828$\spuninst\spuninst.exe"
Update für Windows XP (KB942763)-->"C:\WINDOWS\$NtUninstallKB942763$\spuninst\spuninst.exe"
Update für Windows XP (KB942840)-->"C:\WINDOWS\$NtUninstallKB942840$\spuninst\spuninst.exe"
Update für Windows XP (KB946627)-->"C:\WINDOWS\$NtUninstallKB946627$\spuninst\spuninst.exe"
Update für Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update für Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
US122 Driver 3.40-->"C:\Programme\US122\unins000.exe"
Ventrilo Client-->MsiExec.exe /I{789289CA-F73A-4A16-A331-54D498CE069F}
VentriloMIX-->C:\Program Files\VentriloMIX\Uninstal.exe
VideoLAN VLC media player 0.8.6c-->C:\Programme\VideoLAN\VLC\uninstall.exe
WinAce Archiver-->"C:\Programme\WinAce\SXUNINST.EXE" "C:\Programme\WinAce\SXUNINST.INI"
Winamp-->"C:\Programme\Winamp\UninstWA.exe"
Windows Installer 3.1 (KB893803)-->"C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe"
Windows Live Messenger-->MsiExec.exe /I{279DB581-239C-4E13-97F8-0F48E40BE75C}
Windows Media Format 11 runtime-->"C:\Programme\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Programme\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows XP Service Pack 2-->C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe
Windows XP-Hotfix - KB873339-->C:\WINDOWS\$NtUninstallKB873339$\spuninst\spuninst.exe
Windows XP-Hotfix - KB885835-->C:\WINDOWS\$NtUninstallKB885835$\spuninst\spuninst.exe
Windows XP-Hotfix - KB885836-->C:\WINDOWS\$NtUninstallKB885836$\spuninst\spuninst.exe
Windows XP-Hotfix - KB886185-->C:\WINDOWS\$NtUninstallKB886185$\spuninst\spuninst.exe
Windows XP-Hotfix - KB887472-->C:\WINDOWS\$NtUninstallKB887472$\spuninst\spuninst.exe
Windows XP-Hotfix - KB888302-->C:\WINDOWS\$NtUninstallKB888302$\spuninst\spuninst.exe
Windows XP-Hotfix - KB890859-->"C:\WINDOWS\$NtUninstallKB890859$\spuninst\spuninst.exe"
Windows XP-Hotfix - KB891781-->C:\WINDOWS\$NtUninstallKB891781$\spuninst\spuninst.exe
WinRAR-->C:\Programme\WinRAR\uninstall.exe
World of Warcraft Public Test-->C:\Programme\Gemeinsame Dateien\Blizzard Entertainment\Burning Crusade-PTR\Uninstall.exe
World of Warcraft-->C:\Programme\Gemeinsame Dateien\Blizzard Entertainment\Wrath of the Lich King (2)\Uninstall.exe
Wrath of the Lich King Beta-->C:\Programme\Gemeinsame Dateien\Blizzard Entertainment\Wrath of the Lich King\Uninstall.exe

=====HijackThis Backups=====

O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

======Security center information======

AV: Avira AntiVir PersonalEdition (disabled)

System event log

Computer Name: ROFL
Event Code: 7035
Message: Der Steuerbefehl "starten" wurde erfolgreich an den Dienst "IMAPI-CD-Brenn-COM-Dienste" gesendet.

Record Number: 6913
Source Name: Service Control Manager
Time Written: 20081020191328.000000+120
Event Type: Informationen
User: NT-AUTORITÄT\SYSTEM

Computer Name: ROFL
Event Code: 7036
Message: Dienst "Kompatibilität für schnelle Benutzerumschaltung" befindet sich jetzt im Status "Ausgeführt".

Record Number: 6912
Source Name: Service Control Manager
Time Written: 20081020191308.000000+120
Event Type: Informationen
User:

Computer Name: ROFL
Event Code: 7035
Message: Der Steuerbefehl "starten" wurde erfolgreich an den Dienst "Kompatibilität für schnelle Benutzerumschaltung" gesendet.

Record Number: 6911
Source Name: Service Control Manager
Time Written: 20081020191308.000000+120
Event Type: Informationen
User: NT-AUTORITÄT\SYSTEM

Computer Name: ROFL
Event Code: 7036
Message: Dienst "Terminaldienste" befindet sich jetzt im Status "Ausgeführt".

Record Number: 6910
Source Name: Service Control Manager
Time Written: 20081020191239.000000+120
Event Type: Informationen
User:

Computer Name: ROFL
Event Code: 7035
Message: Der Steuerbefehl "starten" wurde erfolgreich an den Dienst "Terminaldienste" gesendet.

Record Number: 6909
Source Name: Service Control Manager
Time Written: 20081020191239.000000+120
Event Type: Informationen
User: NT-AUTORITÄT\SYSTEM

Application event log

Computer Name: ROFL
Event Code: 1800
Message: Der Windows-Sicherheitscenterdienst wurde gestartet.

Record Number: 3811
Source Name: SecurityCenter
Time Written: 20081210135121.000000+060
Event Type: Informationen
User:

Computer Name: ROFL
Event Code: 4
Message: The LightScribe Service started successfully.

Record Number: 3810
Source Name: LightScribeService
Time Written: 20081210135103.000000+060
Event Type: Informationen
User:

Computer Name: ROFL
Event Code: 4096
Message:
Record Number: 3809
Source Name: Avira AntiVir
Time Written: 20081210135055.000000+060
Event Type: Informationen
User: NT-AUTORITÄT\SYSTEM

Computer Name: ROFL
Event Code: 302
Message: msnmsgr (2116) \\.\C:\Dokumente und Einstellungen\MOEP\Lokale Einstellungen\Anwendungsdaten\Microsoft\Messenger\volkerkobold@lycos.de\SharingMetadata\Working\database_18D0_BEA5_D0BE_8910\dfsr.db: Das Datenbankmodul hat erfolgreich die Schritte zur Wiederherstellung abgeschlossen.

Record Number: 3808
Source Name: ESENT
Time Written: 20081210134306.000000+060
Event Type: Informationen
User:

Computer Name: ROFL
Event Code: 301
Message: msnmsgr (2116) \\.\C:\Dokumente und Einstellungen\MOEP\Lokale Einstellungen\Anwendungsdaten\Microsoft\Messenger\volkerkobold@lycos.de\SharingMetadata\Working\database_18D0_BEA5_D0BE_8910\dfsr.db: Das Datenbankmodul gibt die Protokolldatei \\.\C:\Dokumente und Einstellungen\MOEP\Lokale Einstellungen\Anwendungsdaten\Microsoft\Messenger\volkerkobold@lycos.de\SharingMetadata\Working\database_18D0_BEA5_D0BE_8910\fsr.log wieder.

Record Number: 3807
Source Name: ESENT
Time Written: 20081210134305.000000+060
Event Type: Informationen
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;C:\Programme\ATI Technologies\ATI.ACE\Core-Static;C:\Programme\QuickTime\QTSystem
"windir"=%SystemRoot%
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 11, GenuineIntel
"PROCESSOR_REVISION"=0f0b
"NUMBER_OF_PROCESSORS"=4
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"FP_NO_HOST_CHECK"=NO
"SAN_DIR"=C:\Programme\SiSoftware\SiSoftware Sandra Lite 2009
"CLASSPATH"=.;C:\Programme\Java\jre1.6.0_07\lib\ext\QTJava.zip
"QTJAVA"=C:\Programme\Java\jre1.6.0_07\lib\ext\QTJava.zip

-----------------EOF-----------------
Maelyder
Active Member
 
Posts: 11
Joined: January 6th, 2009, 7:44 am

Re: Possible trojan virus infection, please help me.

Unread postby jmw3 » January 16th, 2009, 10:02 pm

Hello Maelyder

It appears I missed your last reply. Please accept my apologies.

Could you let me know if you still need help with your computer problem & I'll get right on to it.

Thanks
User avatar
jmw3
MRU Emeritus
MRU Emeritus
 
Posts: 4621
Joined: February 12th, 2008, 2:36 am
Location: Port Hedland, Western Australia

Re: Possible trojan virus infection, please help me.

Unread postby Maelyder » January 17th, 2009, 8:49 am

Hello,

yes I still need some help :).
Maelyder
Active Member
 
Posts: 11
Joined: January 6th, 2009, 7:44 am

Re: Possible trojan virus infection, please help me.

Unread postby jmw3 » January 17th, 2009, 10:55 am

ATF Cleaner
Download ATF Cleaner here by Atribune.
    Double-click ATF-Cleaner.exe to run the program
    Under Main choose: Select All
    Click the Empty Selected button
If you use Firefox browser
    Click Firefox at the top and choose: Select All
    Click the Empty Selected button
    NOTE: If you would like to keep your saved passwords, please click No at the prompt
If you use Opera browser
    Click Opera at the top and choose: Select All
    Click the Empty Selected button
    NOTE: If you would like to keep your saved passwords, please click No at the prompt
Click Exit on the Main menu to close the program.

Delete the copy of Combofix you have then follow the instructions below.

Combofix
Download ComboFix from one of these locations:
Link 1
Link 2
Link 3

**IMPORTANT !!! Save ComboFix.exe to your Desktop**

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
  • Double click on ComboFix.exe & follow the prompts
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
Image

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
Image

  • Click on Yes, to continue scanning for malware.
  • When finished, it shall produce a log for you. Please include the contents of C:\ComboFix.txt in your next reply along with a new HijackThis log.
A word of warning: Neither I nor sUBs are responsible for any damage you may cause to your machine by running ComboFix on your own. This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper


To post in next reply:
Combofix log
New HijackThis log
User avatar
jmw3
MRU Emeritus
MRU Emeritus
 
Posts: 4621
Joined: February 12th, 2008, 2:36 am
Location: Port Hedland, Western Australia

Re: Possible trojan virus infection, please help me.

Unread postby Maelyder » January 17th, 2009, 3:42 pm

ComboFix 09-01-16.04 - MOEP 2009-01-17 17:40:40.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1031.18.2046.693 [GMT 1:00]
Running from: c:\dokumente und einstellungen\MOEP\Desktop\ComboFix.exe
AV: Avira AntiVir PersonalEdition *On-access scanning disabled* (Outdated)
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\programme\update.exe
c:\windows\OPTIONS\CABS\_desktop.ini
c:\windows\system32\abedihes.ini
c:\windows\system32\akorizaz.ini
c:\windows\system32\anafilok.ini
c:\windows\system32\anivosof.ini
c:\windows\system32\aruzuyaj.ini
c:\windows\system32\asumafil.ini
c:\windows\system32\awuwobuw.ini
c:\windows\system32\badihiyu.dll
c:\windows\system32\befayato.dll
c:\windows\system32\beyewuzi.dll
c:\windows\system32\detovina.dll
c:\windows\system32\edisodut.ini
c:\windows\system32\ekujilow.ini
c:\windows\system32\elojimif.ini
c:\windows\system32\eluniwow.ini
c:\windows\system32\emuzilek.ini
c:\windows\system32\epitoruv.ini
c:\windows\system32\esawavij.ini
c:\windows\system32\esukodug.ini
c:\windows\system32\febasuvo.dll
c:\windows\system32\fosovina.dll
c:\windows\system32\gozuwupi.dll
c:\windows\system32\gudokuse.dll
c:\windows\system32\gutakila.dll
c:\windows\system32\hapoyivu.dll
c:\windows\system32\hewopifi.dll
c:\windows\system32\hubunoye.dll
c:\windows\system32\idoduhop.ini
c:\windows\system32\ifipoweh.ini
c:\windows\system32\inuvesew.ini
c:\windows\system32\ipuwuzog.ini
c:\windows\system32\izasenaf.ini
c:\windows\system32\jamazote.dll
c:\windows\system32\jawehuvi.dll
c:\windows\system32\jawotiwi.dll
c:\windows\system32\jayuzura.dll
c:\windows\system32\jitakuvu.dll
c:\windows\system32\jivawase.dll
c:\windows\system32\jivulifu.dll
c:\windows\system32\jojogude.dll
c:\windows\system32\jufuweko.dll
c:\windows\system32\jupirope.dll
c:\windows\system32\jurumoku.dll
c:\windows\system32\kajepajo.dll
c:\windows\system32\kelizume.dll
c:\windows\system32\kiniyafu.dll
c:\windows\system32\kolifana.dll
c:\windows\system32\ligamosa.dll
c:\windows\system32\melotoso.dll
c:\windows\system32\moyovoro.dll
c:\windows\system32\mutelupo.dll
c:\windows\system32\newilovu.dll
c:\windows\system32\nirepuna.dll
c:\windows\system32\odujubip.ini
c:\windows\system32\ogawibep.ini
c:\windows\system32\okayelas.ini
c:\windows\system32\okewufuj.ini
c:\windows\system32\okoruzan.ini
c:\windows\system32\onabubew.ini
c:\windows\system32\opinuziw.ini
c:\windows\system32\oripoves.ini
c:\windows\system32\orovoyom.ini
c:\windows\system32\otayafeb.ini
c:\windows\system32\paditana.dll
c:\windows\system32\pasebite.dll
c:\windows\system32\pebiwago.dll
c:\windows\system32\pibosuse.dll
c:\windows\system32\pibujudo.dll
c:\windows\system32\purifahi.dll
c:\windows\system32\ratatoka.dll
c:\windows\system32\sajakola.dll
c:\windows\system32\sakurubu.dll
c:\windows\system32\saleyako.dll
c:\windows\system32\sehideba.dll
c:\windows\system32\sevopiro.dll
c:\windows\system32\sipaneya.dll
c:\windows\system32\sufanape.dll
c:\windows\system32\tudoside.dll
c:\windows\system32\uviyopah.ini
c:\windows\system32\uvupeduy.ini
c:\windows\system32\uyihidab.ini
c:\windows\system32\vadurafi.dll
c:\windows\system32\vihiduma.dll
c:\windows\system32\vurotipe.dll
c:\windows\system32\vuwizodi.dll
c:\windows\system32\webubano.dll
c:\windows\system32\wesevuni.dll
c:\windows\system32\wizunipo.dll
c:\windows\system32\wotunivo.dll
c:\windows\system32\wowegape.dll
c:\windows\system32\wubowuwa.dll
c:\windows\system32\yilefaju.dll
c:\windows\system32\yudepuvu.dll
c:\windows\system32\zabeyuse.dll
c:\windows\system32\zahutova.dll
c:\windows\system32\zaziroka.dll

.
((((((((((((((((((((((((( Files Created from 2008-12-17 to 2009-01-17 )))))))))))))))))))))))))))))))
.

2009-01-15 12:54 . 2009-01-15 12:54 <DIR> d-------- c:\programme\Gemeinsame Dateien\Skype
2009-01-15 12:54 . 2009-01-16 16:04 <DIR> d-------- c:\dokumente und einstellungen\MOEP\Anwendungsdaten\skypePM
2009-01-15 12:54 . 2009-01-15 12:54 56 --ah----- c:\windows\system32\ezsidmv.dat
2009-01-12 18:29 . 2009-01-12 18:29 <DIR> d-------- C:\rsit
2009-01-11 23:28 . 2009-01-11 23:28 4,096 --a------ c:\windows\d3dx.dat
2009-01-11 23:24 . 2009-01-11 23:25 <DIR> d-------- c:\programme\Larva Mortus
2009-01-05 19:40 . 2009-01-08 19:37 8 --a------ c:\windows\system32\nvModes.dat
2008-12-29 17:40 . 2008-12-29 17:40 <DIR> d-------- C:\VundoFix Backups
2008-12-26 14:05 . 2009-01-05 19:15 <DIR> d-------- c:\programme\SUPERAntiSpyware
2008-12-26 14:05 . 2008-12-26 14:05 <DIR> d-------- c:\dokumente und einstellungen\MOEP\Anwendungsdaten\SUPERAntiSpyware.com
2008-12-26 14:05 . 2008-12-26 14:05 <DIR> d-------- c:\dokumente und einstellungen\All Users\Anwendungsdaten\SUPERAntiSpyware.com
2008-12-22 13:45 . 2008-12-22 13:45 <DIR> d-------- c:\programme\Lavasoft
2008-12-22 13:45 . 2008-12-22 13:48 <DIR> d-------- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Lavasoft
2008-12-22 13:43 . 2008-12-22 13:43 <DIR> d-------- c:\programme\Trend Micro

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-16 23:54 --------- d-----w c:\dokumente und einstellungen\MOEP\Anwendungsdaten\Skype
2009-01-16 00:05 --------- d-----w c:\dokumente und einstellungen\MOEP\Anwendungsdaten\OpenOffice.org2
2009-01-15 11:54 --------- d-----w c:\programme\Skype
2009-01-11 17:30 --------- d-----w c:\dokumente und einstellungen\MOEP\Anwendungsdaten\teamspeak2
2009-01-06 11:41 --------- d-----w c:\programme\eMule
2009-01-06 11:30 --------- d-----w c:\programme\Azureus
2009-01-05 18:08 --------- d-----w c:\programme\Gemeinsame Dateien\Adobe
2009-01-05 17:41 --------- d-----w c:\dokumente und einstellungen\MOEP\Anwendungsdaten\Azureus
2008-12-26 13:02 --------- d-----w c:\programme\Gemeinsame Dateien\Wise Installation Wizard
2008-11-04 17:18 22,328 ----a-w c:\dokumente und einstellungen\MOEP\Anwendungsdaten\PnkBstrK.sys
2008-09-15 13:16 1,048,576 ----a-w c:\programme\6a79og0g.0
2008-09-15 13:12 528 ----a-w c:\programme\CONFIG.INI
2008-02-14 12:28 29 ----a-w c:\programme\version.ini
2008-02-14 12:23 231,944 ----a-w c:\programme\gwflash.exe
2007-09-21 17:42 19,008 ----a-w c:\programme\markfun.a64
2007-08-21 17:49 17,912 ----a-w c:\programme\markfun.w32
2007-08-21 17:49 125,504 ----a-w c:\programme\MarkFunDrv.dll
2007-04-04 16:35 207,680 ----a-w c:\programme\updateutility.exe
2007-03-30 02:36 301 ----a-w c:\programme\update.ini
2007-03-02 02:48 240,448 ----a-w c:\programme\gwf32.exe
2006-11-23 21:47 207,680 ----a-w c:\programme\BIOS_Run.exe
2006-11-23 21:40 60,224 ----a-w c:\programme\HUADRV.DLL
2005-04-27 17:40 6,800 ----a-w c:\programme\W95_HUA.vxd
2008-09-26 12:29 40,960 --sha-w c:\windows\system32\difoyuro.dll
2008-09-23 20:01 61,440 --sha-w c:\windows\system32\gahejeyu.dll
2008-09-28 00:26 21,504 --sha-w c:\windows\system32\rutijatu.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"EPSON Stylus DX5000 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIBVE.EXE" [2006-09-22 139264]
"msnmsgr"="c:\programme\MSN Messenger\msnmsgr.exe" [2007-01-19 5674352]
"CurseClient"="c:\programme\Curse\CurseClient.exe" [2008-10-10 4789760]
"SUPERAntiSpyware"="c:\programme\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-01-05 1830128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVMWlanClient"="c:\programme\avmwlanstick\wlangui.exe" [2006-12-28 1454080]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-02 13529088]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-02 86016]
"ISUSScheduler"="c:\programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe" [2005-02-17 81920]
"ISUSPM Startup"="c:\progra~1\GEMEIN~1\INSTAL~1\UPDATE~1\isuspm.exe" [2005-02-17 221184]
"OODefragTray"="c:\windows\system32\oodtray.exe" [2007-05-11 2512392]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"SunJavaUpdateSched"="c:\programme\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"JMB36X IDE Setup"="c:\windows\JM\JMInsIDE.exe" [2006-10-30 36864]
"QuickTime Task"="c:\programme\QuickTime\QTTask.exe" [2008-09-06 413696]
"Adobe Reader Speed Launcher"="c:\programme\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"RTHDCPL"="RTHDCPL.EXE" [2007-07-05 c:\windows\RTHDCPL.exe]
"nwiz"="nwiz.exe" [2008-05-02 c:\windows\system32\nwiz.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-04 15360]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\programme\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-01-05 19:15 356352 c:\programme\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3fhg"= mp3fhg.acm
"msacm.divxa32"= divxa32.acm
"VIDC.X264"= x264vfw.dll
"VIDC.HFYU"= huffyuv.dll
"vidc.i263"= i263_32.drv

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS\0lsdelete

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programme\\GIGABYTE\\@BIOS\\gwflash.exe"=
"d:\\Spiele\\Warcraft III\\war3.exe"=
"c:\\Programme\\Messenger\\msmsgs.exe"=
"c:\\Programme\\MSN Messenger\\msnmsgr.exe"=
"c:\\Programme\\MSN Messenger\\livecall.exe"=
"c:\\Programme\\Last.fm\\LastFM.exe"=
"c:\\Programme\\QIP\\qip.exe"=
"d:\\Spiele\\Steam\\steamapps\\salatbaum\\team fortress 2\\hl2.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"d:\\Spiele\\Call of Duty 4 Modern Warfare\\iw3mp.exe"=
"c:\\Programme\\ICQ6\\ICQ.exe"=
"d:\\Spiele\\Steam\\steamapps\\superzahnstein\\team fortress 2\\hl2.exe"=
"d:\\Spiele\\Quake\\etqw.exe"=
"d:\\Spiele\\Quake\\etqwded.exe"=
"d:\\Spiele\\Unreal Tournament III\\Binaries\\UT3.exe"=
"d:\\Spiele\\Firaxis Games\\Sid Meier's Civilization 4\\Civilization4.exe"=
"d:\\Spiele\\Firaxis Games\\Sid Meier's Civilization 4\\Beyond the Sword\\Civ4BeyondSword.exe"=
"d:\\Spiele\\Firaxis Games\\Sid Meier's Civilization 4\\Beyond the Sword\\Civ4BeyondSword_PitBoss.exe"=
"d:\\Spiele\\Cs\\hl.exe"=
"d:\\Spiele\\DiabloII\\D2Loader-1.11b.exe"=
"d:\\Spiele\\BROOD an familie\\starcraft.exe"=
"c:\\cryptload\\RouterClient.exe"=
"c:\\Programme\\GIGABYTE\\@BIOS\\update.exe"=
"c:\\Programme\\gwflash.exe"=
"c:\\Programme\\Tortun\\gui.exe"=
"d:\\Spiele\\Wrath of the Lich King Beta\\WoW-3.0.2.8962-to-3.0.2.8970-enGB-downloader.exe"=
"c:\\Programme\\Electronic Arts\\Command & Conquer 3\\RetailExe\\1.0\\cnc3game.dat"=
"c:\\Programme\\SiSoftware\\SiSoftware Sandra Lite 2009\\RpcAgentSrv.exe"=
"c:\\Programme\\SiSoftware\\SiSoftware Sandra Lite 2009\\WNt500x86\\RpcSandraSrv.exe"=
"c:\\Programme\\Curse\\CurseClient.exe"=
"c:\\Programme\\Electronic Arts\\Crytek\\Crysis\\Bin32\\Crysis.exe"=
"c:\\Programme\\Electronic Arts\\Crytek\\Crysis\\Bin32\\CrysisDedicatedServer.exe"=
"c:\\Programme\\Mozilla Firefox\\firefox.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\WINDOWS\\system32\\nvsvc32.exe"=
"c:\\WINDOWS\\system32\\oodag.exe"=
"c:\\Programme\\Avira\\AntiVir PersonalEdition Classic\\guardgui.exe"=
"c:\\Programme\\Avira\\AntiVir PersonalEdition Classic\\sched.exe"=
"c:\\Programme\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
"6881:TCP"= 6881:TCP:Blizzard Downloader: 6881

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R0 hotcore3;hotcore3;c:\windows\system32\drivers\hotcore3.sys [2007-09-28 38448]
R1 SASDIFSV;SASDIFSV;c:\programme\SUPERAntiSpyware\sasdifsv.sys [2008-12-04 8944]
R1 SASKUTIL;SASKUTIL;c:\programme\SUPERAntiSpyware\SASKUTIL.SYS [2008-12-04 55024]
R3 FWLANUSB;AVM FRITZ!WLAN;c:\windows\system32\drivers\fwlanusb.sys [2008-05-09 265088]
R3 SASENUM;SASENUM;c:\programme\SUPERAntiSpyware\SASENUM.SYS [2008-12-04 7408]
S3 avmeject;AVM Eject;c:\windows\system32\drivers\avmeject.sys [2008-05-09 4352]
S3 dtwmnic5;Telekom Eumex 504PC SE;c:\windows\system32\DRIVERS\dtwmnic5.sys --> c:\windows\system32\DRIVERS\dtwmnic5.sys [?]
S3 SandraAgentSrv;SiSoftware Deployment Agent Service;c:\programme\SiSoftware\SiSoftware Sandra Lite 2009\RpcAgentSrv.exe [2008-09-26 98488]
S3 ulisa;Telekom ISDN-Adapter (USB);c:\windows\system32\Drivers\ulisa.sys --> c:\windows\system32\Drivers\ulisa.sys [?]
S3 US122;US122 Driver;c:\windows\system32\drivers\US122.sys [2008-09-29 131968]
S3 US122DL;US122 Firmware Downloader;c:\windows\system32\drivers\US122DL.sys [2008-09-29 18304]
S3 Us122WdmService;US122 Wdm Audio;c:\windows\system32\drivers\US122Wdm.sys [2008-09-29 39168]
.
- - - - ORPHANS REMOVED - - - -

BHO-{2a7a5971-cd65-4b42-a7a9-7057f2bdb162} - c:\windows\system32\jadihuli.dll
HKLM-Run-tenijusuba - c:\windows\system32\dobayovu.dll
Notify-AtiExtEvent - (no file)
Notify-WgaLogon - (no file)


.
------- Supplementary Scan -------
.
uStart Page = hxxp://start.icq.com/
FF - ProfilePath - c:\dokumente und einstellungen\MOEP\Anwendungsdaten\Mozilla\Firefox\Profiles\44mz17tq.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_result ... id=afex&q=
FF - component: c:\programme\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-17 17:53:16
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1715567821-963894560-725345543-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:71,2f,4f,35,df,75,06,20,b1,15,41,aa,53,97,22,b8,47,11,6e,bc,b1,f9,8d,
05,f6,d4,f1,5a,a0,7c,db,c8,79,2f,1a,7f,69,61,b2,a4,a6,32,08,9a,61,16,8e,7f,\
"??"=hex:a1,5e,47,db,25,65,bb,27,8b,92,55,34,10,3f,d9,49

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG10.00.00.01WORKSTATION"="B0A37BE125709858BA9218F611DD20AA02255BC1EB9DE18A74006A81796443BDEBA040F93D34915B1D7B3A6137AD169D1EF72A1AADAA2E8CF43C00430738FEEA3BC07C9035CDB1824FBB7AFA2FE340329DD6473CFCD359D6683C8396508449FB32E99D78316E79642F5F596635EB035BC390E1344F57C8DB9BB37516A37EA600C85517FA78E0324C7A45D837ABC187C139C9FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933A2D97226D213B5555D575E7D6A3B9808BA7FD869164D6794CA38809CC21AC92181AC8D2AA3F379BC16F5DB866495B35EC2D1F0662F2CDC1BEF0295B553911C52FAF8D8AD8BE420E68ED11330626EEA41052483FE1BD0BA3166997AB5B48F7A8BE45E949D79E5C1AD7C5D054E17E86C3D154AED1C52FB39473800CE5CC5947BA2592D79EFACD2E0ADAD5224AA44DF43D30F89FB7DB92789E5F427D5FCA8D91B447AA564ADA841E1D7F25F85A26EE55D57169E9B76760245E32FF8770145C8BB6D68FAD4F237F78F6E2025632A5FBD8D724FB7DE6DF1EC6770FCD1C0664600A0714D5871F1647215890EBA1BC6A4E0892263787E5E5B7B4E8D7A7FDF391B527277D4DA0370FE6185169A2B30130E7B6BB501775458A4F93E11C4C72B217645BD7A2D11F4479C27D6522471463C32ED335259BF5F7F8464DD247FE29856D015F1C78B82D96315DADF5390822907E8CDC1F123D0C209736D394450FA43A2642EE404A6A66546834961004843C5C6D0625E60969BC4C232F8BF43E232ED683035CDA43A6CF006C8717993390EAE674928B3BDF10B510A3FA24448E59B7A9B77FE4975063279CA0986B09FD13018E6F8D04E01F6F5F553E4B5FECB8ABFF0C4C11758944DCE9F522DF06E86096C5E58C83FA2F06BAEE6252A358A9C8899FD7ED9BBDEF3598BA8EDDF4B800055F8FDDFE48E86AA19767B9B5E5667DA9A1AF07B4EDEA6DC73A47E8192E41819B4FD1939BF08B3204D042C649302777D00A4BDFDF32859676D4B2B89F7424BB0289B76338D2F4914D8849944A0D604CEF9127C5FE0718A041A24E1100A9A13F933E3FD2FC736C9A1929487939EA536EACFAD680CEF492BF450C8F73883D84CFD5E5CBE24AB089AB354C8DAB96CF31F454CB8630340721751EB46E3B6651E3998B7FDEA1C3A3F078B7AA7203AABFB31233EE4EE5AB5630982CD1DC454F3BCFE77CEB7D834382C3D3F682C0526C2AA459D785CB3B8F74620C8D8435BEF36BBA6A0B8EB80203054D03603455CA45B211523D03BFE5B717A63B6749F8AF8F9D61F6B0EEF82A56E70B5AC33D69E71E4B44175A10FBE92CF11B9338C925D754DFEB782EA0E9D9F836CC7B5E6B6E55C90F0CC2ACBDE88C209D26FF8906A007F8656A6E6F005BAFAC5E8C5B3103070485492"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(968)
c:\programme\SUPERAntiSpyware\SASWINLO.DLL
.
------------------------ Other Running Processes ------------------------
.
c:\programme\Lavasoft\Ad-Aware\aawservice.exe
c:\programme\Avira\AntiVir PersonalEdition Classic\avguard.exe
c:\programme\Avira\AntiVir PersonalEdition Classic\sched.exe
c:\programme\avmwlanstick\WLanNetService.exe
c:\programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\oodag.exe
c:\windows\system32\rundll32.exe
c:\programme\MSN Messenger\usnsvc.exe
.
**************************************************************************
.
Completion time: 2009-01-17 17:58:07 - machine was rebooted [MOEP]
ComboFix-quarantined-files.txt 2009-01-17 16:58:04

Pre-Run: 22 Verzeichnis(se), 33,306,451,968 Bytes frei
Post-Run: 22 Verzeichnis(se), 33,245,626,368 Bytes frei

Current=5 Default=5 Failed=4 LastKnownGood=6 Sets=1,2,3,4,5,6
311 --- E O F --- 2008-12-19 02:00:48




Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:42:35, on 17.01.2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Programme\avmwlanstick\WlanNetService.exe
C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\oodag.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Programme\avmwlanstick\wlangui.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\oodtray.exe
C:\Programme\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Curse\CurseClient.exe
C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Programme\MSN Messenger\usnsvc.exe
C:\WINDOWS\explorer.exe
C:\Programme\Java\jre1.6.0_07\bin\jucheck.exe
C:\Programme\Mozilla Firefox\firefox.exe
C:\Programme\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.icq.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [AVMWlanClient] C:\Programme\avmwlanstick\wlangui.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\GEMEIN~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKLM\..\Run: [OODefragTray] C:\WINDOWS\system32\oodtray.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\JM\JMInsIDE.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [EPSON Stylus DX5000 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBVE.EXE /FU "C:\WINDOWS\TEMP\E_S1BB.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [msnmsgr] "C:\Programme\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [CurseClient] C:\Programme\Curse\CurseClient.exe -silent
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows ... 1016297780
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Programme\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Programme\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - C:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Programme\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: AVM WLAN Connection Service - AVM Berlin - C:\Programme\avmwlanstick\WlanNetService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: SiSoftware Deployment Agent Service (SandraAgentSrv) - SiSoftware - C:\Programme\SiSoftware\SiSoftware Sandra Lite 2009\RpcAgentSrv.exe

--
End of file - 6325 bytes
Maelyder
Active Member
 
Posts: 11
Joined: January 6th, 2009, 7:44 am

Re: Possible trojan virus infection, please help me.

Unread postby jmw3 » January 17th, 2009, 7:21 pm

I note that your Avira AntiVir PersonalEdition is out of date. I would strongly suggets you update it to the latest version & definitions before doing anything else. Because new viruses regularly emerge, anti-virus software should be updated frequently.

Delete the copy of Combofix you have & download it again from one of these locations. Don't run it just yet:
Link 1
Link 2
Link 3

CFScript
Close any open browsers.
Open notepad and copy/paste the text in the code box below into it:

Code: Select all
File::
c:\windows\system32\ezsidmv.dat
c:\windows\system32\difoyuro.dll
c:\windows\system32\gahejeyu.dll
c:\windows\system32\rutijatu.dll

Folder::
c:\programme\eMule
c:\programme\Azureus
c:\dokumente und einstellungen\MOEP\Anwendungsdaten\Azureus
C:\VundoFix Backups

Save this as CFScript.txt, in the same location as ComboFix.exe

Image

Refering to the picture above, drag CFScript into ComboFix.exe
If prompted to install the Recovery Console allow Combofix to do so.
When finished, it shall produce a log for you at "C:\ComboFix.txt"
Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall
A word of warning: Neither I nor sUBs are responsible for any damage you may cause to your machine by running ComboFix on your own. This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper


To post in next reply:
Combofix log
New HijackThis log
User avatar
jmw3
MRU Emeritus
MRU Emeritus
 
Posts: 4621
Joined: February 12th, 2008, 2:36 am
Location: Port Hedland, Western Australia

Re: Possible trojan virus infection, please help me.

Unread postby Maelyder » January 19th, 2009, 7:06 am

ComboFix 09-01-18.03 - MOEP 2009-01-19 12:01:49.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1031.18.2046.1616 [GMT 1:00]
ausgeführt von:: c:\dokumente und einstellungen\MOEP\Desktop\ComboFix.exe
Benutzte Befehlsschalter :: c:\dokumente und einstellungen\MOEP\Desktop\CFScript.txt
AV: Avira AntiVir PersonalEdition *On-access scanning disabled* (Updated)
* Neuer Wiederherstellungspunkt wurde erstellt

FILE ::
c:\windows\system32\difoyuro.dll
c:\windows\system32\ezsidmv.dat
c:\windows\system32\gahejeyu.dll
c:\windows\system32\rutijatu.dll
.

(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\dokumente und einstellungen\MOEP\Anwendungsdaten\Azureus
c:\dokumente und einstellungen\MOEP\Anwendungsdaten\Azureus\.certs
c:\dokumente und einstellungen\MOEP\Anwendungsdaten\Azureus\.keystore
c:\dokumente und einstellungen\MOEP\Anwendungsdaten\Azureus\.lock
c:\dokumente und einstellungen\MOEP\Anwendungsdaten\Azureus\active\0D5ED99B155C400137326C8A8507F235A09C5BE5.dat
c:\dokumente und einstellungen\MOEP\Anwendungsdaten\Azureus\active\0D5ED99B155C400137326C8A8507F235A09C5BE5.dat.bak
c:\dokumente und einstellungen\MOEP\Anwendungsdaten\Azureus\active\16FBB51D2A29E8B7D743C5D3F1C56DB5BD4CBEAD.dat
c:\dokumente und einstellungen\MOEP\Anwendungsdaten\Azureus\active\16FBB51D2A29E8B7D743C5D3F1C56DB5BD4CBEAD.dat.bak
c:\dokumente und einstellungen\MOEP\Anwendungsdaten\Azureus\active\21F63D29F9CF6D8E44A1088277F8784241E2C742.dat
c:\dokumente und einstellungen\MOEP\Anwendungsdaten\Azureus\active\21F63D29F9CF6D8E44A1088277F8784241E2C742.dat.bak
c:\dokumente und einstellungen\MOEP\Anwendungsdaten\Azureus\active\24C701D910925EC0A0743A7234516B2C6A90C856.dat
c:\dokumente und einstellungen\MOEP\Anwendungsdaten\Azureus\active\24C701D910925EC0A0743A7234516B2C6A90C856.dat.bak
c:\dokumente und einstellungen\MOEP\Anwendungsdaten\Azureus\active\27021A40892A59006F302EFC00524E337A530D5A.dat
c:\dokumente und einstellungen\MOEP\Anwendungsdaten\Azureus\active\27021A40892A59006F302EFC00524E337A530D5A.dat.bak
c:\dokumente und einstellungen\MOEP\Anwendungsdaten\Azureus\active\4891C6F2813CBF7F342CCEA712986CEBEA7A3823.dat
c:\dokumente und einstellungen\MOEP\Anwendungsdaten\Azureus\active\4891C6F2813CBF7F342CCEA712986CEBEA7A3823.dat.bak
c:\dokumente und einstellungen\MOEP\Anwendungsdaten\Azureus\active\52A4CCBBEEBD0CF68A32C883090858C9A3A5DA20.dat
c:\dokumente und einstellungen\MOEP\Anwendungsdaten\Azureus\active\52A4CCBBEEBD0CF68A32C883090858C9A3A5DA20.dat.bak
c:\dokumente und einstellungen\MOEP\Anwendungsdaten\Azureus\active\7F3208918DAA00543E79FECAB92F3B3961ABD8EF.dat
c:\dokumente und einstellungen\MOEP\Anwendungsdaten\Azureus\active\7F3208918DAA00543E79FECAB92F3B3961ABD8EF.dat.bak
c:\dokumente und einstellungen\MOEP\Anwendungsdaten\Azureus\active\86E0E6970C79426E9082A2E9CCBA80BCB27CF4E2.dat
c:\dokumente und einstellungen\MOEP\Anwendungsdaten\Azureus\active\86E0E6970C79426E9082A2E9CCBA80BCB27CF4E2.dat.bak
c:\dokumente und einstellungen\MOEP\Anwendungsdaten\Azureus\active\9516E0C80FFB0BD5B3BCD42551528BF9B208F2FD.dat
c:\dokumente und einstellungen\MOEP\Anwendungsdaten\Azureus\active\9516E0C80FFB0BD5B3BCD42551528BF9B208F2FD.dat.bak
c:\dokumente und einstellungen\MOEP\Anwendungsdaten\Azureus\active\970C5658C2C85C9F2FA24F66599D15FBE859CCEC.dat
c:\dokumente und einstellungen\MOEP\Anwendungsdaten\Azureus\active\970C5658C2C85C9F2FA24F66599D15FBE859CCEC.dat.bak
c:\dokumente und einstellungen\MOEP\Anwendungsdaten\Azureus\active\974A655715137E16807065C1E790903033D4881C.dat
c:\dokumente und einstellungen\MOEP\Anwendungsdaten\Azureus\active\974A655715137E16807065C1E790903033D4881C.dat.bak
c:\dokumente und einstellungen\MOEP\Anwendungsdaten\Azureus\active\cache.dat
c:\dokumente und einstellungen\MOEP\Anwendungsdaten\Azureus\active\D9C81292CF16945D7DA7576B3715674100DB214F.dat
c:\dokumente und einstellungen\MOEP\Anwendungsdaten\Azureus\active\D9C81292CF16945D7DA7576B3715674100DB214F.dat.bak
c:\dokumente und einstellungen\MOEP\Anwendungsdaten\Azureus\active\F05C7EE6E6CF1254AE5A6CD08B2989C4D231FA67.dat
c:\dokumente und einstellungen\MOEP\Anwendungsdaten\Azureus\active\F05C7EE6E6CF1254AE5A6CD08B2989C4D231FA67.dat.bak
c:\dokumente und einstellungen\MOEP\Anwendungsdaten\Azureus\active\FFAC953A15D8B39F6D60204ADC8D98889DA7E808.dat
c:\dokumente und einstellungen\MOEP\Anwendungsdaten\Azureus\active\FFAC953A15D8B39F6D60204ADC8D98889DA7E808.dat.bak
c:\dokumente und einstellungen\MOEP\Anwendungsdaten\Azureus\azureus.config
c:\dokumente und einstellungen\MOEP\Anwendungsdaten\Azureus\azureus.statistics
c:\dokumente und einstellungen\MOEP\Anwendungsdaten\Azureus\azureus.statistics.bak
c:\dokumente und einstellungen\MOEP\Anwendungsdaten\Azureus\banips.config
c:\dokumente und einstellungen\MOEP\Anwendungsdaten\Azureus\banips.config.bak
c:\dokumente und einstellungen\MOEP\Anwendungsdaten\Azureus\dht\addresses.dat
c:\dokumente und einstellungen\MOEP\Anwendungsdaten\Azureus\dht\contacts.dat
c:\dokumente und einstellungen\MOEP\Anwendungsdaten\Azureus\dht\diverse.dat
c:\dokumente und einstellungen\MOEP\Anwendungsdaten\Azureus\dht\general.dat
c:\dokumente und einstellungen\MOEP\Anwendungsdaten\Azureus\dht\version.dat
c:\dokumente und einstellungen\MOEP\Anwendungsdaten\Azureus\downloads.config
c:\dokumente und einstellungen\MOEP\Anwendungsdaten\Azureus\downloads.config.bak
c:\dokumente und einstellungen\MOEP\Anwendungsdaten\Azureus\friends.config
c:\dokumente und einstellungen\MOEP\Anwendungsdaten\Azureus\friends.config.bak
c:\dokumente und einstellungen\MOEP\Anwendungsdaten\Azureus\ipfilter.cache
c:\dokumente und einstellungen\MOEP\Anwendungsdaten\Azureus\logs\alerts_1.log
c:\dokumente und einstellungen\MOEP\Anwendungsdaten\Azureus\logs\AutoSpeed_1.log
c:\dokumente und einstellungen\MOEP\Anwendungsdaten\Azureus\logs\AutoSpeedSearchHistory_1.log
c:\dokumente und einstellungen\MOEP\Anwendungsdaten\Azureus\logs\clientid_1.log
c:\dokumente und einstellungen\MOEP\Anwendungsdaten\Azureus\logs\debug_1.log
c:\dokumente und einstellungen\MOEP\Anwendungsdaten\Azureus\logs\debug_2.log
c:\dokumente und einstellungen\MOEP\Anwendungsdaten\Azureus\logs\Friends_1.log
c:\dokumente und einstellungen\MOEP\Anwendungsdaten\Azureus\logs\Friends_2.log
c:\dokumente und einstellungen\MOEP\Anwendungsdaten\Azureus\logs\MetaSearch_1.log
c:\dokumente und einstellungen\MOEP\Anwendungsdaten\Azureus\logs\NetStatus_1.log
c:\dokumente und einstellungen\MOEP\Anwendungsdaten\Azureus\logs\seltrace_1.log
c:\dokumente und einstellungen\MOEP\Anwendungsdaten\Azureus\logs\seltrace_2.log
c:\dokumente und einstellungen\MOEP\Anwendungsdaten\Azureus\logs\SpeedMan_1.log
c:\dokumente und einstellungen\MOEP\Anwendungsdaten\Azureus\logs\SpeedMan_2.log
c:\dokumente und einstellungen\MOEP\Anwendungsdaten\Azureus\logs\Subscriptions_1.log
c:\dokumente und einstellungen\MOEP\Anwendungsdaten\Azureus\logs\thread_1.log
c:\dokumente und einstellungen\MOEP\Anwendungsdaten\Azureus\logs\thread_2.log
c:\dokumente und einstellungen\MOEP\Anwendungsdaten\Azureus\logs\v3.ads_1.log
c:\dokumente und einstellungen\MOEP\Anwendungsdaten\Azureus\logs\v3.CMsgr_1.log
c:\dokumente und einstellungen\MOEP\Anwendungsdaten\Azureus\logs\v3.emp_1.log
c:\dokumente und einstellungen\MOEP\Anwendungsdaten\Azureus\logs\v3.emp_2.log
c:\dokumente und einstellungen\MOEP\Anwendungsdaten\Azureus\logs\v3.Friends_1.log
c:\dokumente und einstellungen\MOEP\Anwendungsdaten\Azureus\logs\v3.Friends_2.log
c:\dokumente und einstellungen\MOEP\Anwendungsdaten\Azureus\logs\v3.MD_1.log
c:\dokumente und einstellungen\MOEP\Anwendungsdaten\Azureus\logs\v3.PMsgr_1.log
c:\dokumente und einstellungen\MOEP\Anwendungsdaten\Azureus\logs\v3.PMsgr_2.log
c:\dokumente und einstellungen\MOEP\Anwendungsdaten\Azureus\logs\v3.Stream_1.log
c:\dokumente und einstellungen\MOEP\Anwendungsdaten\Azureus\logs\v3.STres_1.log
c:\dokumente und einstellungen\MOEP\Anwendungsdaten\Azureus\metasearch.config
c:\dokumente und einstellungen\MOEP\Anwendungsdaten\Azureus\metasearch.config.bak
c:\dokumente und einstellungen\MOEP\Anwendungsdaten\Azureus\net\pm_3209.dat
c:\dokumente und einstellungen\MOEP\Anwendungsdaten\Azureus\net\pm_8881.dat
c:\dokumente und einstellungen\MOEP\Anwendungsdaten\Azureus\net\pm_default.dat
c:\dokumente und einstellungen\MOEP\Anwendungsdaten\Azureus\plugins\azump\azump_1.2.jar
c:\dokumente und einstellungen\MOEP\Anwendungsdaten\Azureus\plugins\azump\azump_1.2.zip
c:\dokumente und einstellungen\MOEP\Anwendungsdaten\Azureus\plugins\azump\mplayer.exe
c:\dokumente und einstellungen\MOEP\Anwendungsdaten\Azureus\plugins\azump\mplayer\config
c:\dokumente und einstellungen\MOEP\Anwendungsdaten\Azureus\sidebarauto.config
c:\dokumente und einstellungen\MOEP\Anwendungsdaten\Azureus\sidebarauto.config.bak
c:\dokumente und einstellungen\MOEP\Anwendungsdaten\Azureus\subs\02D1B50716002B8005FA.vuze
c:\dokumente und einstellungen\MOEP\Anwendungsdaten\Azureus\subs\0E1D012B0C3023E3F54C.vuze
c:\dokumente und einstellungen\MOEP\Anwendungsdaten\Azureus\subs\1700EB24274C9A45BBD3.vuze
c:\dokumente und einstellungen\MOEP\Anwendungsdaten\Azureus\subs\1C5D6D2537A292FD1359.vuze
c:\dokumente und einstellungen\MOEP\Anwendungsdaten\Azureus\subs\22BB031B5CFD4AFBA43E.vuze
c:\dokumente und einstellungen\MOEP\Anwendungsdaten\Azureus\subs\2FE0A26133D70BF4BD3D.vuze
c:\dokumente und einstellungen\MOEP\Anwendungsdaten\Azureus\subs\4A74826CC5D74F035DDA.vuze
c:\dokumente und einstellungen\MOEP\Anwendungsdaten\Azureus\subs\4CCDC32FA67955C0C503.vuze
c:\dokumente und einstellungen\MOEP\Anwendungsdaten\Azureus\subs\53A44CD10F9B96AF4413.vuze
c:\dokumente und einstellungen\MOEP\Anwendungsdaten\Azureus\subs\632A20E73961F1C133F2.vuze
c:\dokumente und einstellungen\MOEP\Anwendungsdaten\Azureus\subs\7871378D986902AFE5F0.vuze
c:\dokumente und einstellungen\MOEP\Anwendungsdaten\Azureus\subs\7ABE2EE415393033A4A4.vuze
c:\dokumente und einstellungen\MOEP\Anwendungsdaten\Azureus\subs\83CC52290231354014F5.vuze
c:\dokumente und einstellungen\MOEP\Anwendungsdaten\Azureus\subs\8FE6F34A516A3776FD5F.vuze
c:\dokumente und einstellungen\MOEP\Anwendungsdaten\Azureus\subs\903CAA55123C0F224D3E.vuze
c:\dokumente und einstellungen\MOEP\Anwendungsdaten\Azureus\subs\937FA71BCC6BAE57086E.vuze
c:\dokumente und einstellungen\MOEP\Anwendungsdaten\Azureus\subs\A884E873E95025BEF901.vuze
c:\dokumente und einstellungen\MOEP\Anwendungsdaten\Azureus\subs\AFBCA570F52765F3E94F.vuze
c:\dokumente und einstellungen\MOEP\Anwendungsdaten\Azureus\subs\BAD9AC808DA5DC699651.vuze
c:\dokumente und einstellungen\MOEP\Anwendungsdaten\Azureus\subs\C2851DE57CD8E4BEBAFC.vuze
c:\dokumente und einstellungen\MOEP\Anwendungsdaten\Azureus\subs\C424F89EF7397303E945.vuze
c:\dokumente und einstellungen\MOEP\Anwendungsdaten\Azureus\subs\CD549A59FB53D66109AA.vuze
c:\dokumente und einstellungen\MOEP\Anwendungsdaten\Azureus\subs\D74B983FCDDCEFF99A5B.vuze
c:\dokumente und einstellungen\MOEP\Anwendungsdaten\Azureus\subs\DA61A5C041756E6305D4.vuze
c:\dokumente und einstellungen\MOEP\Anwendungsdaten\Azureus\subs\DF3244DA261D1327A46B.vuze
c:\dokumente und einstellungen\MOEP\Anwendungsdaten\Azureus\subs\E483A37EAE0517185FDD.vuze
c:\dokumente und einstellungen\MOEP\Anwendungsdaten\Azureus\subscriptions.config
c:\dokumente und einstellungen\MOEP\Anwendungsdaten\Azureus\subscriptions.config.bak
c:\dokumente und einstellungen\MOEP\Anwendungsdaten\Azureus\tables.config
c:\dokumente und einstellungen\MOEP\Anwendungsdaten\Azureus\tables.config.bak
c:\dokumente und einstellungen\MOEP\Anwendungsdaten\Azureus\timingstats.dat
c:\dokumente und einstellungen\MOEP\Anwendungsdaten\Azureus\tmp\AZU30313.tmp
c:\dokumente und einstellungen\MOEP\Anwendungsdaten\Azureus\tmp\AZU30314.tmp
c:\dokumente und einstellungen\MOEP\Anwendungsdaten\Azureus\tmp\AZU30315.tmp
c:\dokumente und einstellungen\MOEP\Anwendungsdaten\Azureus\tmp\AZU30316.tmp
c:\dokumente und einstellungen\MOEP\Anwendungsdaten\Azureus\tmp\AZU30317.tmp
c:\dokumente und einstellungen\MOEP\Anwendungsdaten\Azureus\tmp\AZU30318.tmp
c:\dokumente und einstellungen\MOEP\Anwendungsdaten\Azureus\tmp\AZU30319.tmp
c:\dokumente und einstellungen\MOEP\Anwendungsdaten\Azureus\tmp\AZU30320.tmp
c:\dokumente und einstellungen\MOEP\Anwendungsdaten\Azureus\tmp\AZU30324.tmp
c:\dokumente und einstellungen\MOEP\Anwendungsdaten\Azureus\tmp\AZU30325.tmp
c:\dokumente und einstellungen\MOEP\Anwendungsdaten\Azureus\tmp\AZU30326.tmp
c:\dokumente und einstellungen\MOEP\Anwendungsdaten\Azureus\tmp\speedTestTorrent.torrent
c:\dokumente und einstellungen\MOEP\Anwendungsdaten\Azureus\torrents\[HDTVRip - Xvid - ENG] Greys Anatomy S05E01-02.torrent
c:\dokumente und einstellungen\MOEP\Anwendungsdaten\Azureus\torrents\_b173.torrent
c:\dokumente und einstellungen\MOEP\Anwendungsdaten\Azureus\torrents\AZU14398.tmp
c:\dokumente und einstellungen\MOEP\Anwendungsdaten\Azureus\torrents\AZU14402.tmp
c:\dokumente und einstellungen\MOEP\Anwendungsdaten\Azureus\torrents\AZU20747.tmp
c:\dokumente und einstellungen\MOEP\Anwendungsdaten\Azureus\torrents\AZU20749.tmp
c:\dokumente und einstellungen\MOEP\Anwendungsdaten\Azureus\torrents\AZU20751.tmp
c:\dokumente und einstellungen\MOEP\Anwendungsdaten\Azureus\torrents\AZU20769.tmp
c:\dokumente und einstellungen\MOEP\Anwendungsdaten\Azureus\torrents\AZU31302.tmp
c:\dokumente und einstellungen\MOEP\Anwendungsdaten\Azureus\torrents\AZU34011.tmp
c:\dokumente und einstellungen\MOEP\Anwendungsdaten\Azureus\torrents\AZU40614.tmp
c:\dokumente und einstellungen\MOEP\Anwendungsdaten\Azureus\torrents\AZU43876.tmp
c:\dokumente und einstellungen\MOEP\Anwendungsdaten\Azureus\torrents\AZU43883.tmp
c:\dokumente und einstellungen\MOEP\Anwendungsdaten\Azureus\torrents\AZU49701.tmp
c:\dokumente und einstellungen\MOEP\Anwendungsdaten\Azureus\torrents\AZU49703.tmp
c:\dokumente und einstellungen\MOEP\Anwendungsdaten\Azureus\torrents\AZU53261.tmp
c:\dokumente und einstellungen\MOEP\Anwendungsdaten\Azureus\torrents\AZU54656.tmp
c:\dokumente und einstellungen\MOEP\Anwendungsdaten\Azureus\torrents\AZU54832.tmp
c:\dokumente und einstellungen\MOEP\Anwendungsdaten\Azureus\torrents\AZU57189.tmp
c:\dokumente und einstellungen\MOEP\Anwendungsdaten\Azureus\torrents\AZU5817.tmp
c:\dokumente und einstellungen\MOEP\Anwendungsdaten\Azureus\torrents\AZU6083.tmp
c:\dokumente und einstellungen\MOEP\Anwendungsdaten\Azureus\torrents\AZU7804.tmp
c:\dokumente und einstellungen\MOEP\Anwendungsdaten\Azureus\torrents\AZU8183.tmp
c:\dokumente und einstellungen\MOEP\Anwendungsdaten\Azureus\torrents\AZU9223.tmp
c:\dokumente und einstellungen\MOEP\Anwendungsdaten\Azureus\torrents\b144.torrent
c:\dokumente und einstellungen\MOEP\Anwendungsdaten\Azureus\torrents\b145.torrent
c:\dokumente und einstellungen\MOEP\Anwendungsdaten\Azureus\torrents\b146.torrent
c:\dokumente und einstellungen\MOEP\Anwendungsdaten\Azureus\torrents\b147.torrent
c:\dokumente und einstellungen\MOEP\Anwendungsdaten\Azureus\torrents\b148.torrent
c:\dokumente und einstellungen\MOEP\Anwendungsdaten\Azureus\torrents\b149.torrent
c:\dokumente und einstellungen\MOEP\Anwendungsdaten\Azureus\torrents\b151.torrent
c:\dokumente und einstellungen\MOEP\Anwendungsdaten\Azureus\torrents\b152.torrent
c:\dokumente und einstellungen\MOEP\Anwendungsdaten\Azureus\torrents\b153.torrent
c:\dokumente und einstellungen\MOEP\Anwendungsdaten\Azureus\torrents\b154.torrent
c:\dokumente und einstellungen\MOEP\Anwendungsdaten\Azureus\torrents\b155.torrent
c:\dokumente und einstellungen\MOEP\Anwendungsdaten\Azureus\torrents\b156.torrent
c:\dokumente und einstellungen\MOEP\Anwendungsdaten\Azureus\torrents\b157.torrent
c:\dokumente und einstellungen\MOEP\Anwendungsdaten\Azureus\torrents\b158.torrent
c:\dokumente und einstellungen\MOEP\Anwendungsdaten\Azureus\torrents\b159.torrent
c:\dokumente und einstellungen\MOEP\Anwendungsdaten\Azureus\torrents\b160.torrent
c:\dokumente und einstellungen\MOEP\Anwendungsdaten\Azureus\torrents\b161.torrent
c:\dokumente und einstellungen\MOEP\Anwendungsdaten\Azureus\torrents\b162.torrent
c:\dokumente und einstellungen\MOEP\Anwendungsdaten\Azureus\torrents\b163.torrent
c:\dokumente und einstellungen\MOEP\Anwendungsdaten\Azureus\torrents\b165.torrent
c:\dokumente und einstellungen\MOEP\Anwendungsdaten\Azureus\torrents\b167.torrent
c:\dokumente und einstellungen\MOEP\Anwendungsdaten\Azureus\torrents\b168.torrent
c:\dokumente und einstellungen\MOEP\Anwendungsdaten\Azureus\torrents\b169.torrent
c:\dokumente und einstellungen\MOEP\Anwendungsdaten\Azureus\torrents\b170.torrent
c:\dokumente und einstellungen\MOEP\Anwendungsdaten\Azureus\torrents\b173.torrent
c:\dokumente und einstellungen\MOEP\Anwendungsdaten\Azureus\torrents\b174.torrent
c:\dokumente und einstellungen\MOEP\Anwendungsdaten\Azureus\torrents\b175.torrent
c:\dokumente und einstellungen\MOEP\Anwendungsdaten\Azureus\torrents\b176-177.torrent
c:\dokumente und einstellungen\MOEP\Anwendungsdaten\Azureus\torrents\b179.torrent
c:\dokumente und einstellungen\MOEP\Anwendungsdaten\Azureus\torrents\b180.torrent
c:\dokumente und einstellungen\MOEP\Anwendungsdaten\Azureus\torrents\b181.torrent
c:\dokumente und einstellungen\MOEP\Anwendungsdaten\Azureus\torrents\b182.torrent
c:\dokumente und einstellungen\MOEP\Anwendungsdaten\Azureus\torrents\b183.torrent
c:\dokumente und einstellungen\MOEP\Anwendungsdaten\Azureus\torrents\b184.torrent
c:\dokumente und einstellungen\MOEP\Anwendungsdaten\Azureus\torrents\b185.torrent
c:\dokumente und einstellungen\MOEP\Anwendungsdaten\Azureus\torrents\b186.torrent
c:\dokumente und einstellungen\MOEP\Anwendungsdaten\Azureus\torrents\b187.torrent
c:\dokumente und einstellungen\MOEP\Anwendungsdaten\Azureus\torrents\b188.torrent
c:\dokumente und einstellungen\MOEP\Anwendungsdaten\Azureus\torrents\b189.torrent
c:\dokumente und einstellungen\MOEP\Anwendungsdaten\Azureus\torrents\b190.torrent
c:\dokumente und einstellungen\MOEP\Anwendungsdaten\Azureus\torrents\b191.torrent
c:\dokumente und einstellungen\MOEP\Anwendungsdaten\Azureus\torrents\b192.torrent
c:\dokumente und einstellungen\MOEP\Anwendungsdaten\Azureus\torrents\b193v2.torrent
c:\dokumente und einstellungen\MOEP\Anwendungsdaten\Azureus\torrents\b194.torrent
c:\dokumente und einstellungen\MOEP\Anwendungsdaten\Azureus\torrents\b195.torrent
c:\dokumente und einstellungen\MOEP\Anwendungsdaten\Azureus\torrents\bmovie2.torrent
c:\dokumente und einstellungen\MOEP\Anwendungsdaten\Azureus\torrents\coil01.torrent
c:\dokumente und einstellungen\MOEP\Anwendungsdaten\Azureus\torrents\nb184.torrent
c:\dokumente und einstellungen\MOEP\Anwendungsdaten\Azureus\torrents\nsmovie.torrent
c:\dokumente und einstellungen\MOEP\Anwendungsdaten\Azureus\torrents\One_Piece_1_-_300.torrent
c:\dokumente und einstellungen\MOEP\Anwendungsdaten\Azureus\torrents\One_Piece_300_-_354.torrent
c:\dokumente und einstellungen\MOEP\Anwendungsdaten\Azureus\torrents\One_Piece_350_-_374.torrent
c:\dokumente und einstellungen\MOEP\Anwendungsdaten\Azureus\tracker.config
c:\dokumente und einstellungen\MOEP\Anwendungsdaten\Azureus\tracker.config.bak
c:\dokumente und einstellungen\MOEP\Anwendungsdaten\Azureus\unsentdata.config
c:\dokumente und einstellungen\MOEP\Anwendungsdaten\Azureus\unsentdata.config.bak
c:\dokumente und einstellungen\MOEP\Anwendungsdaten\Azureus\update.log
c:\dokumente und einstellungen\MOEP\Anwendungsdaten\Azureus\update.properties
c:\dokumente und einstellungen\MOEP\Anwendungsdaten\Azureus\upnp_trace1.log
c:\dokumente und einstellungen\MOEP\Anwendungsdaten\Azureus\v3.Friends.dat
c:\dokumente und einstellungen\MOEP\Anwendungsdaten\Azureus\v3.Friends.dat.bak
c:\dokumente und einstellungen\MOEP\Anwendungsdaten\Azureus\VuzeActivities.config
c:\dokumente und einstellungen\MOEP\Anwendungsdaten\Azureus\VuzeActivities.config.bak
c:\programme\Azureus
c:\programme\Azureus\.install4j\i4jinst.dll
c:\programme\Azureus\msvcr71.dll
c:\programme\Azureus\plugins\azemp\azemp_1.9.0.jar
c:\programme\Azureus\plugins\azemp\azemp_1.9.0.zip
c:\programme\Azureus\plugins\azemp\azemp_1.9.11.jar
c:\programme\Azureus\plugins\azemp\azemp_1.9.11.zip
c:\programme\Azureus\plugins\azemp\azemp_1.9.6.jar
c:\programme\Azureus\plugins\azemp\azemp_1.9.6.zip
c:\programme\Azureus\plugins\azemp\azemp_2.0.11.jar
c:\programme\Azureus\plugins\azemp\azemp_2.0.11.zip
c:\programme\Azureus\plugins\azemp\azemp_2.0.14.jar
c:\programme\Azureus\plugins\azemp\azemp_2.0.14.zip
c:\programme\Azureus\plugins\azemp\azemp_2.0.16.jar
c:\programme\Azureus\plugins\azemp\azemp_2.0.16.zip
c:\programme\Azureus\plugins\azemp\azemp_2.0.28.jar
c:\programme\Azureus\plugins\azemp\azemp_2.0.28.zip
c:\programme\Azureus\plugins\azemp\azemp_2.0.32.jar
c:\programme\Azureus\plugins\azemp\azemp_2.0.32.zip
c:\programme\Azureus\plugins\azemp\azmplay.exe.bak
c:\programme\Azureus\plugins\azemp\cp1250-a.raw.bak
c:\programme\Azureus\plugins\azemp\cp1250-b.raw.bak
c:\programme\Azureus\plugins\azemp\font.desc.bak
c:\programme\Azureus\plugins\azemp\libInfoGetter.dll
c:\programme\Azureus\plugins\azemp\mplayer\config
c:\programme\Azureus\plugins\azemp\osd-mplayer-a.raw.bak
c:\programme\Azureus\plugins\azemp\osd-mplayer-b.raw.bak
c:\programme\Azureus\plugins\azemp\plugin.properties_1.9.0
c:\programme\Azureus\plugins\azemp\plugin.properties_1.9.11
c:\programme\Azureus\plugins\azemp\plugin.properties_1.9.6
c:\programme\Azureus\plugins\azemp\plugin.properties_2.0.11
c:\programme\Azureus\plugins\azemp\plugin.properties_2.0.14
c:\programme\Azureus\plugins\azemp\plugin.properties_2.0.16
c:\programme\Azureus\plugins\azemp\plugin.properties_2.0.28
c:\programme\Azureus\plugins\azemp\plugin.properties_2.0.32
c:\programme\Azureus\plugins\azupdater\azupdater_1.8.8.zip
c:\programme\Azureus\plugins\azupdater\azupdaterpatcher_1.8.8.jar
c:\programme\Azureus\plugins\azupdater\plugin.properties_1.8.8
c:\programme\Azureus\plugins\azupdater\Updater.jar.bak
c:\programme\Azureus\plugins\azupnpav\azupnpav_0.1.7.jar
c:\programme\Azureus\plugins\azupnpav\azupnpav_0.1.7.zip
c:\programme\Azureus\plugins\azupnpav\azupnpav_0.2.0.jar
c:\programme\Azureus\plugins\azupnpav\azupnpav_0.2.0.zip
c:\programme\Azureus\plugins\azupnpav\azupnpav_0.2.1.jar
c:\programme\Azureus\plugins\azupnpav\azupnpav_0.2.1.zip
c:\programme\Azureus\plugins\azupnpav\azupnpav_0.2.2.jar
c:\programme\Azureus\plugins\azupnpav\azupnpav_0.2.2.zip
c:\programme\Azureus\plugins\azupnpav\plugin.properties_0.1.7
c:\programme\Azureus\plugins\azupnpav\plugin.properties_0.2.0
c:\programme\Azureus\plugins\azupnpav\plugin.properties_0.2.1
c:\programme\Azureus\plugins\azupnpav\plugin.properties_0.2.2
c:\programme\Azureus\uninstall.exe
c:\programme\eMule
c:\programme\eMule\Temp\002.part
c:\programme\eMule\Temp\002.part.met
c:\programme\eMule\Temp\002.part.met.bak
c:\programme\eMule\Temp\004.part
c:\programme\eMule\Temp\004.part.met
c:\programme\eMule\Temp\004.part.met.bak
C:\VundoFix Backups
c:\windows\system32\difoyuro.dll
c:\windows\system32\ezsidmv.dat
c:\windows\system32\gahejeyu.dll
c:\windows\system32\rutijatu.dll

.
((((((((((((((((((((((( Dateien erstellt von 2008-12-19 bis 2009-01-19 ))))))))))))))))))))))))))))))
.

2009-01-18 15:29 . 2009-01-18 15:29 <DIR> d-------- c:\programme\Ableton
2009-01-18 15:29 . 2009-01-18 15:30 <DIR> d-------- c:\dokumente und einstellungen\MOEP\Anwendungsdaten\Ableton
2009-01-18 15:29 . 2003-06-20 12:28 1,777,664 --a------ c:\windows\system32\gdiplus.dll
2009-01-18 15:29 . 2007-12-05 01:40 368,640 --a------ c:\windows\system32\rewire.dll
2009-01-18 15:29 . 2007-12-05 01:40 233,472 --a------ c:\windows\system32\rex shared library.dll
2009-01-15 12:54 . 2009-01-15 12:54 <DIR> d-------- c:\programme\Gemeinsame Dateien\Skype
2009-01-15 12:54 . 2009-01-16 16:04 <DIR> d-------- c:\dokumente und einstellungen\MOEP\Anwendungsdaten\skypePM
2009-01-12 18:29 . 2009-01-12 18:29 <DIR> d-------- C:\rsit
2009-01-11 23:28 . 2009-01-11 23:28 4,096 --a------ c:\windows\d3dx.dat
2009-01-11 23:24 . 2009-01-11 23:25 <DIR> d-------- c:\programme\Larva Mortus
2009-01-05 19:40 . 2009-01-08 19:37 8 --a------ c:\windows\system32\nvModes.dat
2008-12-26 14:05 . 2009-01-05 19:15 <DIR> d-------- c:\programme\SUPERAntiSpyware
2008-12-26 14:05 . 2008-12-26 14:05 <DIR> d-------- c:\dokumente und einstellungen\MOEP\Anwendungsdaten\SUPERAntiSpyware.com
2008-12-26 14:05 . 2008-12-26 14:05 <DIR> d-------- c:\dokumente und einstellungen\All Users\Anwendungsdaten\SUPERAntiSpyware.com
2008-12-22 13:45 . 2008-12-22 13:45 <DIR> d-------- c:\programme\Lavasoft
2008-12-22 13:45 . 2008-12-22 13:48 <DIR> d-------- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Lavasoft
2008-12-22 13:43 . 2008-12-22 13:43 <DIR> d-------- c:\programme\Trend Micro

.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-16 23:54 --------- d-----w c:\dokumente und einstellungen\MOEP\Anwendungsdaten\Skype
2009-01-16 00:05 --------- d-----w c:\dokumente und einstellungen\MOEP\Anwendungsdaten\OpenOffice.org2
2009-01-15 11:54 --------- d-----w c:\programme\Skype
2009-01-11 17:30 --------- d-----w c:\dokumente und einstellungen\MOEP\Anwendungsdaten\teamspeak2
2009-01-05 18:08 --------- d-----w c:\programme\Gemeinsame Dateien\Adobe
2008-12-26 13:02 --------- d-----w c:\programme\Gemeinsame Dateien\Wise Installation Wizard
2008-12-11 11:57 333,184 ----a-w c:\windows\system32\drivers\srv.sys
2008-11-04 17:18 669,184 ----a-w c:\windows\system32\pbsvc.exe
2008-11-04 17:18 66,872 ----a-w c:\windows\system32\PnkBstrA.exe
2008-11-04 17:18 22,328 ----a-w c:\dokumente und einstellungen\MOEP\Anwendungsdaten\PnkBstrK.sys
2008-11-04 17:18 103,736 ----a-w c:\windows\system32\PnkBstrB.exe
2008-10-23 12:59 283,648 ----a-w c:\windows\system32\gdi32.dll
2008-09-15 13:16 1,048,576 ----a-w c:\programme\6a79og0g.0
2008-09-15 13:12 528 ----a-w c:\programme\CONFIG.INI
2008-02-14 12:28 29 ----a-w c:\programme\version.ini
2008-02-14 12:23 231,944 ----a-w c:\programme\gwflash.exe
2007-09-21 17:42 19,008 ----a-w c:\programme\markfun.a64
2007-08-21 17:49 17,912 ----a-w c:\programme\markfun.w32
2007-08-21 17:49 125,504 ----a-w c:\programme\MarkFunDrv.dll
2007-04-04 16:35 207,680 ----a-w c:\programme\updateutility.exe
2007-03-30 02:36 301 ----a-w c:\programme\update.ini
2007-03-02 02:48 240,448 ----a-w c:\programme\gwf32.exe
2006-11-23 21:47 207,680 ----a-w c:\programme\BIOS_Run.exe
2006-11-23 21:40 60,224 ----a-w c:\programme\HUADRV.DLL
2005-04-27 17:40 6,800 ----a-w c:\programme\W95_HUA.vxd
.

((((((((((((((((((((((((((((( snapshot@2009-01-17_17.57.07.87 )))))))))))))))))))))))))))))))))))))))))
.
- 2004-08-04 06:07:58 60,288 -c--a-w c:\windows\system32\dllcache\drmk.sys
+ 2004-08-04 07:07:58 60,288 -c--a-w c:\windows\system32\dllcache\drmk.sys
- 2004-08-04 06:15:22 140,928 -c--a-w c:\windows\system32\dllcache\ks.sys
+ 2004-08-04 07:15:22 140,928 -c--a-w c:\windows\system32\dllcache\ks.sys
- 2008-08-28 10:04:17 333,056 -c----w c:\windows\system32\dllcache\srv.sys
+ 2008-12-11 11:57:21 333,184 -c----w c:\windows\system32\dllcache\srv.sys
- 2004-08-04 06:08:02 48,640 -c--a-w c:\windows\system32\dllcache\stream.sys
+ 2004-08-04 07:08:02 48,640 -c--a-w c:\windows\system32\dllcache\stream.sys
- 2004-08-04 06:07:58 60,288 ----a-w c:\windows\system32\drivers\drmk.sys
+ 2004-08-04 07:07:58 60,288 ----a-w c:\windows\system32\drivers\drmk.sys
- 2004-08-04 06:15:22 140,928 ----a-w c:\windows\system32\drivers\ks.sys
+ 2004-08-04 07:15:22 140,928 ----a-w c:\windows\system32\drivers\ks.sys
- 2004-08-04 06:08:02 48,640 ----a-w c:\windows\system32\drivers\stream.sys
+ 2004-08-04 07:08:02 48,640 ----a-w c:\windows\system32\drivers\stream.sys
+ 2009-01-09 16:35:30 20,853,704 ----a-w c:\windows\system32\MRT.exe
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"EPSON Stylus DX5000 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIBVE.EXE" [2006-09-22 139264]
"msnmsgr"="c:\programme\MSN Messenger\msnmsgr.exe" [2007-01-19 5674352]
"CurseClient"="c:\programme\Curse\CurseClient.exe" [2008-10-10 4789760]
"SUPERAntiSpyware"="c:\programme\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-01-05 1830128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVMWlanClient"="c:\programme\avmwlanstick\wlangui.exe" [2006-12-28 1454080]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-02 13529088]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-02 86016]
"ISUSScheduler"="c:\programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe" [2005-02-17 81920]
"ISUSPM Startup"="c:\progra~1\GEMEIN~1\INSTAL~1\UPDATE~1\isuspm.exe" [2005-02-17 221184]
"OODefragTray"="c:\windows\system32\oodtray.exe" [2007-05-11 2512392]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"SunJavaUpdateSched"="c:\programme\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"JMB36X IDE Setup"="c:\windows\JM\JMInsIDE.exe" [2006-10-30 36864]
"QuickTime Task"="c:\programme\QuickTime\QTTask.exe" [2008-09-06 413696]
"Adobe Reader Speed Launcher"="c:\programme\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"RTHDCPL"="RTHDCPL.EXE" [2007-07-05 c:\windows\RTHDCPL.exe]
"nwiz"="nwiz.exe" [2008-05-02 c:\windows\system32\nwiz.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-04 15360]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\programme\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-01-05 19:15 356352 c:\programme\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3fhg"= mp3fhg.acm
"msacm.divxa32"= divxa32.acm
"VIDC.X264"= x264vfw.dll
"VIDC.HFYU"= huffyuv.dll
"vidc.i263"= i263_32.drv

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS\0lsdelete

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programme\\GIGABYTE\\@BIOS\\gwflash.exe"=
"d:\\Spiele\\Warcraft III\\war3.exe"=
"c:\\Programme\\Messenger\\msmsgs.exe"=
"c:\\Programme\\MSN Messenger\\msnmsgr.exe"=
"c:\\Programme\\MSN Messenger\\livecall.exe"=
"c:\\Programme\\Last.fm\\LastFM.exe"=
"c:\\Programme\\QIP\\qip.exe"=
"d:\\Spiele\\Steam\\steamapps\\salatbaum\\team fortress 2\\hl2.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"d:\\Spiele\\Call of Duty 4 Modern Warfare\\iw3mp.exe"=
"c:\\Programme\\ICQ6\\ICQ.exe"=
"d:\\Spiele\\Steam\\steamapps\\superzahnstein\\team fortress 2\\hl2.exe"=
"d:\\Spiele\\Quake\\etqw.exe"=
"d:\\Spiele\\Quake\\etqwded.exe"=
"d:\\Spiele\\Unreal Tournament III\\Binaries\\UT3.exe"=
"d:\\Spiele\\Firaxis Games\\Sid Meier's Civilization 4\\Civilization4.exe"=
"d:\\Spiele\\Firaxis Games\\Sid Meier's Civilization 4\\Beyond the Sword\\Civ4BeyondSword.exe"=
"d:\\Spiele\\Firaxis Games\\Sid Meier's Civilization 4\\Beyond the Sword\\Civ4BeyondSword_PitBoss.exe"=
"d:\\Spiele\\Cs\\hl.exe"=
"d:\\Spiele\\DiabloII\\D2Loader-1.11b.exe"=
"d:\\Spiele\\BROOD an familie\\starcraft.exe"=
"c:\\cryptload\\RouterClient.exe"=
"c:\\Programme\\GIGABYTE\\@BIOS\\update.exe"=
"c:\\Programme\\gwflash.exe"=
"c:\\Programme\\Tortun\\gui.exe"=
"d:\\Spiele\\Wrath of the Lich King Beta\\WoW-3.0.2.8962-to-3.0.2.8970-enGB-downloader.exe"=
"c:\\Programme\\Electronic Arts\\Command & Conquer 3\\RetailExe\\1.0\\cnc3game.dat"=
"c:\\Programme\\SiSoftware\\SiSoftware Sandra Lite 2009\\RpcAgentSrv.exe"=
"c:\\Programme\\SiSoftware\\SiSoftware Sandra Lite 2009\\WNt500x86\\RpcSandraSrv.exe"=
"c:\\Programme\\Curse\\CurseClient.exe"=
"c:\\Programme\\Electronic Arts\\Crytek\\Crysis\\Bin32\\Crysis.exe"=
"c:\\Programme\\Electronic Arts\\Crytek\\Crysis\\Bin32\\CrysisDedicatedServer.exe"=
"c:\\Programme\\Mozilla Firefox\\firefox.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\WINDOWS\\system32\\nvsvc32.exe"=
"c:\\WINDOWS\\system32\\oodag.exe"=
"c:\\Programme\\Avira\\AntiVir PersonalEdition Classic\\guardgui.exe"=
"c:\\Programme\\Avira\\AntiVir PersonalEdition Classic\\sched.exe"=
"c:\\Programme\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
"6881:TCP"= 6881:TCP:Blizzard Downloader: 6881

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R0 hotcore3;hotcore3;c:\windows\system32\drivers\hotcore3.sys [2007-09-28 38448]
R1 SASDIFSV;SASDIFSV;c:\programme\SUPERAntiSpyware\sasdifsv.sys [2008-12-04 8944]
R1 SASKUTIL;SASKUTIL;c:\programme\SUPERAntiSpyware\SASKUTIL.SYS [2008-12-04 55024]
R3 SASENUM;SASENUM;c:\programme\SUPERAntiSpyware\SASENUM.SYS [2008-12-04 7408]
R3 US122;US122 Driver;c:\windows\system32\drivers\US122.sys [2008-09-29 131968]
R3 Us122WdmService;US122 Wdm Audio;c:\windows\system32\drivers\US122Wdm.sys [2008-09-29 39168]
S3 avmeject;AVM Eject;c:\windows\system32\drivers\avmeject.sys [2008-05-09 4352]
S3 dtwmnic5;Telekom Eumex 504PC SE;c:\windows\system32\DRIVERS\dtwmnic5.sys --> c:\windows\system32\DRIVERS\dtwmnic5.sys [?]
S3 FWLANUSB;AVM FRITZ!WLAN;c:\windows\system32\drivers\fwlanusb.sys [2008-05-09 265088]
S3 SandraAgentSrv;SiSoftware Deployment Agent Service;c:\programme\SiSoftware\SiSoftware Sandra Lite 2009\RpcAgentSrv.exe [2008-09-26 98488]
S3 ulisa;Telekom ISDN-Adapter (USB);c:\windows\system32\Drivers\ulisa.sys --> c:\windows\system32\Drivers\ulisa.sys [?]
S3 US122DL;US122 Firmware Downloader;c:\windows\system32\drivers\US122DL.sys [2008-09-29 18304]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://start.icq.com/
FF - ProfilePath - c:\dokumente und einstellungen\MOEP\Anwendungsdaten\Mozilla\Firefox\Profiles\44mz17tq.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_result ... id=afex&q=
FF - component: c:\programme\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-19 12:03:15
Windows 5.1.2600 Service Pack 2 NTFS

Scanne versteckte Prozesse...

Scanne versteckte Autostarteinträge...

Scanne versteckte Dateien...

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------

[HKEY_USERS\S-1-5-21-1715567821-963894560-725345543-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:71,2f,4f,35,df,75,06,20,b1,15,41,aa,53,97,22,b8,47,11,6e,bc,b1,f9,8d,
05,f6,d4,f1,5a,a0,7c,db,c8,79,2f,1a,7f,69,61,b2,a4,a6,32,08,9a,61,16,8e,7f,\
"??"=hex:a1,5e,47,db,25,65,bb,27,8b,92,55,34,10,3f,d9,49

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG10.00.00.01WORKSTATION"="B0A37BE125709858BA9218F611DD20AA02255BC1EB9DE18A74006A81796443BDEBA040F93D34915B1D7B3A6137AD169D1EF72A1AADAA2E8CF43C00430738FEEA3BC07C9035CDB1824FBB7AFA2FE340329DD6473CFCD359D6683C8396508449FB32E99D78316E79642F5F596635EB035BC390E1344F57C8DB9BB37516A37EA600C85517FA78E0324C7A45D837ABC187C139C9FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933A2D97226D213B5555D575E7D6A3B9808BA7FD869164D6794CA38809CC21AC92181AC8D2AA3F379BC16F5DB866495B35EC2D1F0662F2CDC1BEF0295B553911C52FAF8D8AD8BE420E68ED11330626EEA41052483FE1BD0BA3166997AB5B48F7A8BE45E949D79E5C1AD7C5D054E17E86C3D154AED1C52FB39473800CE5CC5947BA2592D79EFACD2E0ADAD5224AA44DF43D30F89FB7DB92789E5F427D5FCA8D91B447AA564ADA841E1D7F25F85A26EE55D57169E9B76760245E32FF8770145C8BB6D68FAD4F237F78F6E2025632A5FBD8D724FB7DE6DF1EC6770FCD1C0664600A0714D5871F1647215890EBA1BC6A4E0892263787E5E5B7B4E8D7A7FDF391B527277D4DA0370FE6185169A2B30130E7B6BB501775458A4F93E11C4C72B217645BD7A2D11F4479C27D6522471463C32ED335259BF5F7F8464DD247FE29856D015F1C78B82D96315DADF5390822907E8CDC1F123D0C209736D394450FA43A2642EE404A6A66546834961004843C5C6D0625E60969BC4C232F8BF43E232ED683035CDA43A6CF006C8717993390EAE674928B3BDF10B510A3FA24448E59B7A9B77FE4975063279CA0986B09FD13018E6F8D04E01F6F5F553E4B5FECB8ABFF0C4C11758944DCE9F522DF06E86096C5E58C83FA2F06BAEE6252A358A9C8899FD7ED9BBDEF3598BA8EDDF4B800055F8FDDFE48E86AA19767B9B5E5667DA9A1AF07B4EDEA6DC73A47E8192E41819B4FD1939BF08B3204D042C649302777D00A4BDFDF32859676D4B2B89F7424BB0289B76338D2F4914D8849944A0D604CEF9127C5FE0718A041A24E1100A9A13F933E3FD2FC736C9A1929487939EA536EACFAD680CEF492BF450C8F73883D84CFD5E5CBE24AB089AB354C8DAB96CF31F454CB8630340721751EB46E3B6651E3998B7FDEA1C3A3F078B7AA7203AABFB31233EE4EE5AB5630982CD1DC454F3BCFE77CEB7D834382C3D3F682C0526C2AA459D785CB3B8F74620C8D8435BEF36BBA6A0B8EB80203054D03603455CA45B211523D03BFE5B717A63B6749F8AF8F9D61F6B0EEF82A56E70B5AC33D69E71E4B44175A10FBE92CF11B9338C925D754DFEB782EA0E9D9F836CC7B5E6B6E55C90F0CC2ACBDE88C209D26FF8906A007F8656A6E6F005BAFAC5E8C5B3103070485492"
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------

- - - - - - - > 'winlogon.exe'(812)
c:\programme\SUPERAntiSpyware\SASWINLO.DLL
.
Zeit der Fertigstellung: 2009-01-19 12:04:39
ComboFix-quarantined-files.txt 2009-01-19 11:04:28
ComboFix2.txt 2009-01-17 16:58:08

Vor Suchlauf: 23 Verzeichnis(se), 31.915.552.768 Bytes frei
Nach Suchlauf: 22 Verzeichnis(se), 31,894,478,848 Bytes frei

WindowsXP-KB310994-SP2-Pro-BootDisk-DEU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn

Current=5 Default=5 Failed=4 LastKnownGood=6 Sets=1,2,3,4,5,6
510 --- E O F --- 2009-01-18 02:02:43



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:06:14, on 19.01.2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Programme\avmwlanstick\WlanNetService.exe
C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\oodag.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Programme\avmwlanstick\wlangui.exe
C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\oodtray.exe
C:\Programme\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Curse\CurseClient.exe
C:\Programme\MSN Messenger\usnsvc.exe
C:\Programme\Java\jre1.6.0_07\bin\jucheck.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\Programme\Mozilla Firefox\firefox.exe
C:\Programme\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.icq.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [AVMWlanClient] C:\Programme\avmwlanstick\wlangui.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\GEMEIN~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKLM\..\Run: [OODefragTray] C:\WINDOWS\system32\oodtray.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\JM\JMInsIDE.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [EPSON Stylus DX5000 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBVE.EXE /FU "C:\WINDOWS\TEMP\E_S1BB.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [msnmsgr] "C:\Programme\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [CurseClient] C:\Programme\Curse\CurseClient.exe -silent
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows ... 1016297780
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Programme\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Programme\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - C:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Programme\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: AVM WLAN Connection Service - AVM Berlin - C:\Programme\avmwlanstick\WlanNetService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: SiSoftware Deployment Agent Service (SandraAgentSrv) - SiSoftware - C:\Programme\SiSoftware\SiSoftware Sandra Lite 2009\RpcAgentSrv.exe

--
End of file - 6272 bytes
Maelyder
Active Member
 
Posts: 11
Joined: January 6th, 2009, 7:44 am

Re: Possible trojan virus infection, please help me.

Unread postby jmw3 » January 19th, 2009, 8:38 am

Fix HiJackThis Entries
  • Open HiJackThis
  • Click on Do a system scan only
  • Place a checkmark next to these lines(if still present):
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

  • Close all windows except Hijackthis and click Fix Checked
  • Click Yes when prompted
  • Close HijackThis.
Update Java Runtime
You are using an old version of Java. Sun's Java is sometimes updated in order to eliminate the exploitation of vulnerabilities in an existing version. For this reason, it's extremely important that you keep the program
up to date, and also remove the older more vulnerable versions from your system. The most current version of Sun Java is: Java Runtime Environment Version 6 Update 11.
JavaRa
Download JavaRa and unzip it to your desktop.
***Please close any instances of Internet Explorer before continuing!***
  • Double-click on JavaRa.exe to start the program
  • From the drop-down menu, choose English and click on Select
  • JavaRa will open; click on Remove Older Versions to remove the older versions of Java installed on your computer
  • Click Yes when prompted. When JavaRa is done, a notice will appear that a logfile has been produced. Click OK
  • A logfile will pop up. Save it to a convenient location
  • Click on Additional Tasks then tick Remove Useless JRE Files
  • Click Go then OK when prompted & close the program
  • Click Start > Control Panel > Add/Remove Programs. Look for any old versions of Java that may have been missed. If found remove them
Update Java Runtime
  • Go to http://java.sun.com/javase/downloads/index.jsp
  • Scroll down to Java Runtime Environment (JRE) 6 Update 11 and click on the Download button
  • In the Platform box choose Windows
  • Check the box to Accept License Agreement and click Continue
  • Click on Windows Offline Installation, click on the link under it which says "jre-6u11-windows-i586-p.exe" and save the downloaded file to your desktop
  • Install the new version by running the downloaded file with the Java icon & follow the on-screen instructions

Run ATF-Cleaner again then reboot.

Kaspersky Online Scan
Do an online scan with >Kaspersky Online Scanner<
  • Read through the requirements and privacy statement and click on Accept button
  • It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run
  • When the downloads have finished, click on Settings
  • Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
      Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
      Mail databases
  • Click on My Computer under Scan
  • Once the scan is complete, it will display the results. Click on View Scan Report
  • You will see a list of infected items there. Click on Save Report As...
  • Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button
  • Please post this log in your next reply
To post in next reply:
Kaspersky Scan log
New HijackThis log
Let me know how the computer is running / problems
User avatar
jmw3
MRU Emeritus
MRU Emeritus
 
Posts: 4621
Joined: February 12th, 2008, 2:36 am
Location: Port Hedland, Western Australia

Re: Possible trojan virus infection, please help me.

Unread postby Maelyder » January 20th, 2009, 1:01 pm

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Tuesday, January 20, 2009
Operating System: Microsoft Windows XP Professional Service Pack 2 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Tuesday, January 20, 2009 09:14:26
Records in database: 1652487
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
A:\
C:\
D:\
E:\
F:\
G:\

Scan statistics:
Files scanned: 198496
Threat name: 12
Infected objects: 24
Suspicious objects: 0
Duration of the scan: 03:42:12


File name / Threat name / Threats count
C:\cryptload\router\FRITZ!Box\nc.exe Infected: not-a-virus:RemoteAdmin.Win32.NetCat.a 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\gahejeyu.dll.vir Infected: Trojan.Win32.Agent.bdfa 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\hapoyivu.dll.vir Infected: Trojan.Win32.Monder.aidz 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\jawehuvi.dll.vir Infected: Trojan-Spy.Win32.Agent.hgr 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\jayuzura.dll.vir Infected: Trojan.Win32.Monder.aidi 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\jufuweko.dll.vir Infected: Trojan.Win32.Agent.bfdf 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\kelizume.dll.vir Infected: Trojan.Win32.Monder.aidz 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\kolifana.dll.vir Infected: Trojan.Win32.Monder.aidi 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\ligamosa.dll.vir Infected: Trojan.Win32.Agent.bdez 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\moyovoro.dll.vir Infected: Trojan.Win32.Monder.aidi 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\pibujudo.dll.vir Infected: Trojan.Win32.Monder.agor 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\saleyako.dll.vir Infected: Trojan.Win32.Agent.bfdf 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\sehideba.dll.vir Infected: Trojan.Win32.Monder.alks 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\sevopiro.dll.vir Infected: Trojan.Win32.Monder.aidz 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\tudoside.dll.vir Infected: Trojan.Win32.Agent.bfdf 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\vurotipe.dll.vir Infected: Trojan.Win32.Monder.alkr 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\webubano.dll.vir Infected: Trojan.Win32.Monder.alkr 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\wesevuni.dll.vir Infected: Trojan.Win32.Monder.aidi 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\wotunivo.dll.vir Infected: Backdoor.Win32.Agent.aalh 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\zaziroka.dll.vir Infected: Trojan.Win32.Monder.aidi 1
C:\WINDOWS\system32\dutuhabe.dll.tmp Infected: Trojan-Downloader.Win32.BHO.afm 1
C:\WINDOWS\system32\hiwalapo.dll.tmp Infected: Trojan-Downloader.Win32.BHO.afm 1
C:\WINDOWS\system32\kiramega.dll.tmp Infected: Trojan-Downloader.Win32.BHO.afm 1
C:\WINDOWS\system32\nomefitu.VIR000 Infected: Trojan.Win32.Agent.bdez 1

The selected area was scanned.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:51:55, on 20.01.2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Programme\avmwlanstick\WlanNetService.exe
C:\Programme\Java\jre6\bin\jqs.exe
C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\oodag.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Programme\avmwlanstick\wlangui.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\oodtray.exe
C:\Programme\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\MSN Messenger\msnmsgr.exe
C:\Programme\Curse\CurseClient.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programme\MSN Messenger\usnsvc.exe
C:\Programme\Mozilla Firefox\firefox.exe
c:\programme\gemeinsame dateien\installshield\updateservice\isuspm.exe
C:\PROGRA~1\GEMEIN~1\INSTAL~1\UPDATE~1\agent.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Programme\Java\jre6\bin\java.exe
C:\Programme\ICQ6\ICQ.exe
C:\Programme\M-Audio\M-Audio Series II MIDI\MA_CMIDI_Inst.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Programme\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.icq.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [AVMWlanClient] C:\Programme\avmwlanstick\wlangui.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\GEMEIN~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKLM\..\Run: [OODefragTray] C:\WINDOWS\system32\oodtray.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\JM\JMInsIDE.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [EPSON Stylus DX5000 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBVE.EXE /FU "C:\WINDOWS\TEMP\E_S1BB.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [msnmsgr] "C:\Programme\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [CurseClient] C:\Programme\Curse\CurseClient.exe -silent
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre6\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre6\bin\ssv.dll
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows ... 1016297780
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Programme\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Programme\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - C:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Programme\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: AVM WLAN Connection Service - AVM Berlin - C:\Programme\avmwlanstick\WlanNetService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programme\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe
O23 - Service: M-Audio Series II MIDI Installer (MA_CMIDI_InstallerService) - Unknown owner - C:\Programme\M-Audio\M-Audio Series II MIDI\MA_CMIDI_Inst.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: SiSoftware Deployment Agent Service (SandraAgentSrv) - SiSoftware - C:\Programme\SiSoftware\SiSoftware Sandra Lite 2009\RpcAgentSrv.exe

--
End of file - 7082 bytes


The Pc is already running better, as I don't get the pop ups anymore, but when a start scanning using Avira it still goescrazy, with a lot of virusalerts without fixing them.
Maelyder
Active Member
 
Posts: 11
Joined: January 6th, 2009, 7:44 am

Re: Possible trojan virus infection, please help me.

Unread postby jmw3 » January 20th, 2009, 2:08 pm

Hi
Most of those entries flagged by Kaspersky are safely quarantined by Combofix. It's the last four that I'm concerned about.

Malwarebytes' Anti-Malware
Download Malwarebytes' Anti-Malware here and save to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to:
    Update Malwarebytes' Anti-Malware
    Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform full scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Please copy and paste the log back into your next reply
    Note:
  • The log can also be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
  • Or via the Logs tab when Malwarebytes' Anti-Malware is started.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so. Failure to reboot will prevent MBAM from removing all the malware.
If you receive an (Error Loading) error on reboot please reboot a second time . It is normal for this error to occur once and does not need to be reported unless it returns on future reboots.


Gmer
Download gmer.zip from Gmer here & save it to your desktop.
  • Right click on gmer.zip and select Extract All...
  • Click Next on seeing the Welcome to the Compressed (zipped) Folders Extraction Wizard
  • Click on the Browse button. Click on Desktop. Then click OK
  • Click Next. It will start extracting
  • Once done, check (tick) the Show extracted files box and click Finish
  • Double click on gmer.exe to run it
  • Select the Rootkit tab
  • On the right hand side, check all the items to be scanned, but leave Show All box unchecked
  • Select all drives that are connected to your system to be scanned
  • Click on the Scan button
  • When the scan is finished, click Copy to save the scan log to the Windows clipboard
  • Open Notepad or a similar text editor
  • Paste the clipboard contents into the text editor
  • Save the Gmer scan log and post it in your next reply
  • Close Gmer
Note: Do not run any programs while Gmer is running.

To post in next reply:
Malwarebytes' log
Gmer log
User avatar
jmw3
MRU Emeritus
MRU Emeritus
 
Posts: 4621
Joined: February 12th, 2008, 2:36 am
Location: Port Hedland, Western Australia

Re: Possible trojan virus infection, please help me.

Unread postby Maelyder » January 22nd, 2009, 5:06 am

Malwarebytes' Anti-Malware 1.33
Datenbank Version: 1671
Windows 5.1.2600 Service Pack 2

20.01.2009 21:59:53
mbam-log-2009-01-20 (21-59-53).txt

Scan-Methode: Vollständiger Scan (C:\|D:\|G:\|)
Durchsuchte Objekte: 252071
Laufzeit: 2 hour(s), 0 minute(s), 34 second(s)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 116

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
C:\Qoobox\Quarantine\C\WINDOWS\system32\difoyuro.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\gahejeyu.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\hapoyivu.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\hewopifi.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\jamazote.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\jawehuvi.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\jawotiwi.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\jayuzura.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\jivawase.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\jivulifu.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\jufuweko.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\kelizume.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\kiniyafu.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\kolifana.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\ligamosa.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\melotoso.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\moyovoro.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\mutelupo.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\newilovu.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\pebiwago.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\pibosuse.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\pibujudo.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\rutijatu.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\sajakola.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\sakurubu.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\saleyako.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\sehideba.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\sevopiro.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\sipaneya.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\tudoside.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\vihiduma.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\vurotipe.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\vuwizodi.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\webubano.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\wesevuni.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\wizunipo.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\wotunivo.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\wubowuwa.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\yilefaju.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\yudepuvu.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\zabeyuse.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\zaziroka.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{592C293F-F47A-4A4A-9ADC-4AAF842F1D6C}\RP354\A0106812.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{592C293F-F47A-4A4A-9ADC-4AAF842F1D6C}\RP354\A0106815.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{592C293F-F47A-4A4A-9ADC-4AAF842F1D6C}\RP354\A0106816.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{592C293F-F47A-4A4A-9ADC-4AAF842F1D6C}\RP354\A0106840.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{592C293F-F47A-4A4A-9ADC-4AAF842F1D6C}\RP355\A0106868.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{592C293F-F47A-4A4A-9ADC-4AAF842F1D6C}\RP356\A0106934.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{592C293F-F47A-4A4A-9ADC-4AAF842F1D6C}\RP356\A0106938.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{592C293F-F47A-4A4A-9ADC-4AAF842F1D6C}\RP360\A0107052.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{592C293F-F47A-4A4A-9ADC-4AAF842F1D6C}\RP360\A0107053.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{592C293F-F47A-4A4A-9ADC-4AAF842F1D6C}\RP360\A0107054.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{592C293F-F47A-4A4A-9ADC-4AAF842F1D6C}\RP363\A0108114.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{592C293F-F47A-4A4A-9ADC-4AAF842F1D6C}\RP363\A0108208.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{592C293F-F47A-4A4A-9ADC-4AAF842F1D6C}\RP363\A0108209.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{592C293F-F47A-4A4A-9ADC-4AAF842F1D6C}\RP364\A0108307.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{592C293F-F47A-4A4A-9ADC-4AAF842F1D6C}\RP364\A0108308.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{592C293F-F47A-4A4A-9ADC-4AAF842F1D6C}\RP364\A0108309.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{592C293F-F47A-4A4A-9ADC-4AAF842F1D6C}\RP374\A0109515.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{592C293F-F47A-4A4A-9ADC-4AAF842F1D6C}\RP374\A0109527.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{592C293F-F47A-4A4A-9ADC-4AAF842F1D6C}\RP374\A0109528.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{592C293F-F47A-4A4A-9ADC-4AAF842F1D6C}\RP374\A0109529.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{592C293F-F47A-4A4A-9ADC-4AAF842F1D6C}\RP374\A0109531.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{592C293F-F47A-4A4A-9ADC-4AAF842F1D6C}\RP374\A0109532.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{592C293F-F47A-4A4A-9ADC-4AAF842F1D6C}\RP374\A0109539.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{592C293F-F47A-4A4A-9ADC-4AAF842F1D6C}\RP374\A0109540.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{592C293F-F47A-4A4A-9ADC-4AAF842F1D6C}\RP374\A0109541.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{592C293F-F47A-4A4A-9ADC-4AAF842F1D6C}\RP374\A0109542.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{592C293F-F47A-4A4A-9ADC-4AAF842F1D6C}\RP374\A0109544.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{592C293F-F47A-4A4A-9ADC-4AAF842F1D6C}\RP374\A0109545.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{592C293F-F47A-4A4A-9ADC-4AAF842F1D6C}\RP374\A0109546.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{592C293F-F47A-4A4A-9ADC-4AAF842F1D6C}\RP374\A0109547.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{592C293F-F47A-4A4A-9ADC-4AAF842F1D6C}\RP374\A0109551.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{592C293F-F47A-4A4A-9ADC-4AAF842F1D6C}\RP374\A0109552.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{592C293F-F47A-4A4A-9ADC-4AAF842F1D6C}\RP374\A0109554.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{592C293F-F47A-4A4A-9ADC-4AAF842F1D6C}\RP374\A0109555.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{592C293F-F47A-4A4A-9ADC-4AAF842F1D6C}\RP374\A0109556.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{592C293F-F47A-4A4A-9ADC-4AAF842F1D6C}\RP374\A0109557.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{592C293F-F47A-4A4A-9ADC-4AAF842F1D6C}\RP374\A0109558.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{592C293F-F47A-4A4A-9ADC-4AAF842F1D6C}\RP374\A0109572.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{592C293F-F47A-4A4A-9ADC-4AAF842F1D6C}\RP374\A0109573.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{592C293F-F47A-4A4A-9ADC-4AAF842F1D6C}\RP374\A0109574.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{592C293F-F47A-4A4A-9ADC-4AAF842F1D6C}\RP374\A0109577.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{592C293F-F47A-4A4A-9ADC-4AAF842F1D6C}\RP374\A0109578.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{592C293F-F47A-4A4A-9ADC-4AAF842F1D6C}\RP374\A0109579.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{592C293F-F47A-4A4A-9ADC-4AAF842F1D6C}\RP374\A0109580.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{592C293F-F47A-4A4A-9ADC-4AAF842F1D6C}\RP374\A0109581.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{592C293F-F47A-4A4A-9ADC-4AAF842F1D6C}\RP374\A0109582.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{592C293F-F47A-4A4A-9ADC-4AAF842F1D6C}\RP374\A0109584.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{592C293F-F47A-4A4A-9ADC-4AAF842F1D6C}\RP374\A0109590.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{592C293F-F47A-4A4A-9ADC-4AAF842F1D6C}\RP374\A0109591.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{592C293F-F47A-4A4A-9ADC-4AAF842F1D6C}\RP374\A0109592.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{592C293F-F47A-4A4A-9ADC-4AAF842F1D6C}\RP374\A0109593.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{592C293F-F47A-4A4A-9ADC-4AAF842F1D6C}\RP374\A0109594.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{592C293F-F47A-4A4A-9ADC-4AAF842F1D6C}\RP374\A0109595.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{592C293F-F47A-4A4A-9ADC-4AAF842F1D6C}\RP374\A0109597.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{592C293F-F47A-4A4A-9ADC-4AAF842F1D6C}\RP374\A0109598.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{592C293F-F47A-4A4A-9ADC-4AAF842F1D6C}\RP374\A0109599.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{592C293F-F47A-4A4A-9ADC-4AAF842F1D6C}\RP374\A0109600.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{592C293F-F47A-4A4A-9ADC-4AAF842F1D6C}\RP374\A0109602.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{592C293F-F47A-4A4A-9ADC-4AAF842F1D6C}\RP374\A0109517.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{592C293F-F47A-4A4A-9ADC-4AAF842F1D6C}\RP374\A0109553.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{592C293F-F47A-4A4A-9ADC-4AAF842F1D6C}\RP374\A0109589.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{592C293F-F47A-4A4A-9ADC-4AAF842F1D6C}\RP377\A0110568.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{592C293F-F47A-4A4A-9ADC-4AAF842F1D6C}\RP377\A0110569.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{592C293F-F47A-4A4A-9ADC-4AAF842F1D6C}\RP377\A0110570.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hirisaki.dll.tmp (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\honinegi.dll.tmp (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hudefagi.dll.tmp (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mihesuyu.dll.tmp (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\nomefitu.VIR000 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\toyolida.dll.tmp (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\buwavuki.dll.tmp (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\powigipo.dll.tmp (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\lavetidi.dll.tmp (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\letehume.dll.tmp (Trojan.Vundo) -> Quarantined and deleted successfully.









Gmer isn't running correct, since everytime I run it I get a blue screen. I followed your instructions and closed all programs, but it still doesn't work.
Maelyder
Active Member
 
Posts: 11
Joined: January 6th, 2009, 7:44 am

Re: Possible trojan virus infection, please help me.

Unread postby jmw3 » January 22nd, 2009, 6:07 am

Hi
What error messages were you getting when trying to run Gmer?

Rooter.exe
Download Rooter.exe from Here & save it to your desktop.
  • Double-click on Rooter.exe to start the tool
  • A Notepad file containing the report will open, also found at %systemdrive%\Rooter.txt
  • Post the contents of the log in your next reply
To post in next reply:
Rooter log
New RSIT log
User avatar
jmw3
MRU Emeritus
MRU Emeritus
 
Posts: 4621
Joined: February 12th, 2008, 2:36 am
Location: Port Hedland, Western Australia

Re: Possible trojan virus infection, please help me.

Unread postby Maelyder » January 26th, 2009, 10:34 am

When i use Gmer it says IRQL_NOT_LESS_OR_EQUAL on the blue screen.


Microsoft Windows XP Professional ( v5.1.2600 ) Service Pack 2
X86-based PC ( Multiprocessor Free : Intel(R) Core(TM)2 Quad CPU Q6600 @ 2.40GHz )
BIOS : Award Modular BIOS v6.00PG
USER : MOEP ( Administrator )
BOOT : Normal boot

Antivirus : Avira AntiVir PersonalEdition 8.0.1.30 (Activated)


A:\ (USB)
C:\ (Local Disk) - NTFS - Total:74 Go (Free:29 Go)
D:\ (Local Disk) - NTFS - Total:465 Go (Free:174 Go)
E:\ (CD or DVD)
F:\ (CD or DVD)
G:\ (Local Disk) - NTFS - Total:149 Go (Free:39 Go)

26.01.2009|15:27

----------------------\\ Search..

----------------------\\ Cracks & Keygens..

C:\DOKUME~1\MOEP\Eigene Dateien\Ableton\Library\Presets\Audio Effects\Vinyl Distortion\Crack.adv


1 - "C:\Rooter$\Rooter_1.txt" - 26.01.2009|15:16

----------------------\\ Scan completed at 15:16

Logfile of random's system information tool 1.05 (written by random/random)
Run by MOEP at 2009-01-26 15:31:34
Microsoft Windows XP Professional Service Pack 2
System drive C: has 30 GB (40%) free of 76 GB
Total RAM: 2046 MB (74% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:31:36, on 26.01.2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Programme\avmwlanstick\WlanNetService.exe
C:\Programme\Java\jre6\bin\jqs.exe
C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe
C:\Programme\M-Audio\M-Audio Series II MIDI\MA_CMIDI_Inst.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\oodag.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Programme\avmwlanstick\wlangui.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\oodtray.exe
C:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Programme\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\MSN Messenger\msnmsgr.exe
C:\Programme\Curse\CurseClient.exe
C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\MSN Messenger\usnsvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Programme\Mozilla Firefox\firefox.exe
C:\Dokumente und Einstellungen\MOEP\Desktop\RSIT.exe
C:\Programme\Trend Micro\HijackThis\MOEP.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.icq.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [AVMWlanClient] C:\Programme\avmwlanstick\wlangui.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\GEMEIN~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKLM\..\Run: [OODefragTray] C:\WINDOWS\system32\oodtray.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\JM\JMInsIDE.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [EPSON Stylus DX5000 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBVE.EXE /FU "C:\WINDOWS\TEMP\E_S1BB.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [msnmsgr] "C:\Programme\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [CurseClient] C:\Programme\Curse\CurseClient.exe -silent
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre6\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre6\bin\jp2iexp.dll
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows ... 1016297780
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Programme\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Programme\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - C:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Programme\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: AVM WLAN Connection Service - AVM Berlin - C:\Programme\avmwlanstick\WlanNetService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programme\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe
O23 - Service: M-Audio Series II MIDI Installer (MA_CMIDI_InstallerService) - Unknown owner - C:\Programme\M-Audio\M-Audio Series II MIDI\MA_CMIDI_Inst.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: SiSoftware Deployment Agent Service (SandraAgentSrv) - SiSoftware - C:\Programme\SiSoftware\SiSoftware Sandra Lite 2009\RpcAgentSrv.exe

--
End of file - 7056 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Programme\Java\jre6\bin\ssv.dll [2009-01-19 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Programme\Java\jre6\bin\jp2ssv.dll [2009-01-19 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-01-19 73728]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2007-07-05 16380416]
"AVMWlanClient"=C:\Programme\avmwlanstick\wlangui.exe [2006-12-28 1454080]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2008-05-02 13529088]
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2008-05-02 86016]
"nwiz"=nwiz.exe /install []
"ISUSScheduler"=C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe [2005-02-17 81920]
"ISUSPM Startup"=C:\PROGRA~1\GEMEIN~1\INSTAL~1\UPDATE~1\isuspm.exe [2005-02-17 221184]
"OODefragTray"=C:\WINDOWS\system32\oodtray.exe [2007-05-11 2512392]
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]
"JMB36X IDE Setup"=C:\WINDOWS\JM\JMInsIDE.exe [2006-10-30 36864]
"QuickTime Task"=C:\Programme\QuickTime\QTTask.exe [2008-09-06 413696]
"Adobe Reader Speed Launcher"=C:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-10-15 39792]
"SunJavaUpdateSched"=C:\Programme\Java\jre6\bin\jusched.exe [2009-01-19 136600]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2004-08-04 15360]
"EPSON Stylus DX5000 Series"=C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBVE.EXE [2006-09-22 139264]
"msnmsgr"=C:\Programme\MSN Messenger\msnmsgr.exe [2007-01-19 5674352]
"CurseClient"=C:\Programme\Curse\CurseClient.exe [2008-10-10 4789760]
"SUPERAntiSpyware"=C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe [2009-01-05 1830128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Programme\SUPERAntiSpyware\SASWINLO.DLL [2009-01-05 356352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Programme\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Programme\GIGABYTE\@BIOS\gwflash.exe"="C:\Programme\GIGABYTE\@BIOS\gwflash.exe:*:Enabled:gwflash"
"D:\Spiele\Warcraft III\war3.exe"="D:\Spiele\Warcraft III\war3.exe:*:Enabled:Warcraft III"
"C:\Programme\Messenger\msmsgs.exe"="C:\Programme\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Programme\MSN Messenger\msnmsgr.exe"="C:\Programme\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Programme\MSN Messenger\livecall.exe"="C:\Programme\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\Programme\Last.fm\LastFM.exe"="C:\Programme\Last.fm\LastFM.exe:*:Enabled:Last.fm"
"C:\Programme\QIP\qip.exe"="C:\Programme\QIP\qip.exe:*:Enabled:Quiet Internet Pager"
"D:\Spiele\Steam\steamapps\salatbaum\team fortress 2\hl2.exe"="D:\Spiele\Steam\steamapps\salatbaum\team fortress 2\hl2.exe:*:Enabled:hl2"
"C:\WINDOWS\system32\PnkBstrA.exe"="C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA"
"C:\WINDOWS\system32\PnkBstrB.exe"="C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB"
"D:\Spiele\Call of Duty 4 Modern Warfare\iw3mp.exe"="D:\Spiele\Call of Duty 4 Modern Warfare\iw3mp.exe:*:Enabled:Call of Duty(R) 4 - Modern Warfare(TM)"
"C:\Programme\ICQ6\ICQ.exe"="C:\Programme\ICQ6\ICQ.exe:*:Enabled:ICQ6"
"D:\Spiele\Steam\steamapps\superzahnstein\team fortress 2\hl2.exe"="D:\Spiele\Steam\steamapps\superzahnstein\team fortress 2\hl2.exe:*:Enabled:hl2"
"D:\Spiele\Quake\etqw.exe"="D:\Spiele\Quake\etqw.exe:*:Enabled:Enemy Territory - QUAKE Wars(TM)"
"D:\Spiele\Quake\etqwded.exe"="D:\Spiele\Quake\etqwded.exe:*:Enabled:etqwded.exe"
"D:\Spiele\Unreal Tournament III\Binaries\UT3.exe"="D:\Spiele\Unreal Tournament III\Binaries\UT3.exe:*:Enabled:Unreal Tournament 3"
"D:\Spiele\Firaxis Games\Sid Meier's Civilization 4\Civilization4.exe"="D:\Spiele\Firaxis Games\Sid Meier's Civilization 4\Civilization4.exe:*:Enabled:Sid Meier's Civilization 4"
"D:\Spiele\Firaxis Games\Sid Meier's Civilization 4\Beyond the Sword\Civ4BeyondSword.exe"="D:\Spiele\Firaxis Games\Sid Meier's Civilization 4\Beyond the Sword\Civ4BeyondSword.exe:*:Enabled:Sid Meier's Civilization 4 Beyond the Sword"
"D:\Spiele\Firaxis Games\Sid Meier's Civilization 4\Beyond the Sword\Civ4BeyondSword_PitBoss.exe"="D:\Spiele\Firaxis Games\Sid Meier's Civilization 4\Beyond the Sword\Civ4BeyondSword_PitBoss.exe:*:Enabled:Sid Meier's Civilization 4 Beyond the Sword Pitboss"
"D:\Spiele\Cs\hl.exe"="D:\Spiele\Cs\hl.exe:*:Enabled:Half-Life Launcher"
"D:\Spiele\DiabloII\D2Loader-1.11b.exe"="D:\Spiele\DiabloII\D2Loader-1.11b.exe:*:Enabled:Diablo II"
"D:\Spiele\BROOD an familie\starcraft.exe"="D:\Spiele\BROOD an familie\starcraft.exe:*:Enabled:Starcraft"
"C:\cryptload\RouterClient.exe"="C:\cryptload\RouterClient.exe:*:Enabled:RouterClient"
"C:\Programme\GIGABYTE\@BIOS\update.exe"="C:\Programme\GIGABYTE\@BIOS\update.exe:*:Enabled:update"
"C:\Programme\gwflash.exe"="C:\Programme\gwflash.exe:*:Enabled:gwflash"
"C:\Programme\Tortun\gui.exe"="C:\Programme\Tortun\gui.exe:*:Enabled:gui"
"D:\Spiele\Wrath of the Lich King Beta\WoW-3.0.2.8962-to-3.0.2.8970-enGB-downloader.exe"="D:\Spiele\Wrath of the Lich King Beta\WoW-3.0.2.8962-to-3.0.2.8970-enGB-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\Programme\Electronic Arts\Command & Conquer 3\RetailExe\1.0\cnc3game.dat"="C:\Programme\Electronic Arts\Command & Conquer 3\RetailExe\1.0\cnc3game.dat:*:Enabled:Command & Conquer 3 Tiberium Wars"
"C:\Programme\SiSoftware\SiSoftware Sandra Lite 2009\RpcAgentSrv.exe"="C:\Programme\SiSoftware\SiSoftware Sandra Lite 2009\RpcAgentSrv.exe:*:Enabled:SiSoftware Deployment Agent Service"
"C:\Programme\SiSoftware\SiSoftware Sandra Lite 2009\WNt500x86\RpcSandraSrv.exe"="C:\Programme\SiSoftware\SiSoftware Sandra Lite 2009\WNt500x86\RpcSandraSrv.exe:*:Enabled:SiSoftware Sandra Agent Service"
"C:\Programme\Curse\CurseClient.exe"="C:\Programme\Curse\CurseClient.exe:*:Enabled:Curse Client"
"C:\Programme\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe"="C:\Programme\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe:*:Enabled:Crysis_32"
"C:\Programme\Electronic Arts\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe"="C:\Programme\Electronic Arts\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe:*:Enabled:CrysisDedicatedServer_32"
"C:\Programme\Mozilla Firefox\firefox.exe"="C:\Programme\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"
"C:\WINDOWS\system32\dpvsetup.exe"="C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\WINDOWS\system32\nvsvc32.exe"="C:\WINDOWS\system32\nvsvc32.exe:*:Enabled:nvsvc32"
"C:\WINDOWS\system32\oodag.exe"="C:\WINDOWS\system32\oodag.exe:*:Enabled:oodag"
"C:\Programme\Avira\AntiVir PersonalEdition Classic\guardgui.exe"="C:\Programme\Avira\AntiVir PersonalEdition Classic\guardgui.exe:*:Enabled:GUARDGUI"
"C:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe"="C:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe:*:Enabled:sched"
"C:\Programme\Skype\Phone\Skype.exe"="C:\Programme\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Programme\MSN Messenger\msnmsgr.exe"="C:\Programme\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Programme\MSN Messenger\livecall.exe"="C:\Programme\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

======List of files/folders created in the last 1 months======

2009-01-26 15:16:01 ----A---- C:\Rooter.txt
2009-01-26 15:15:09 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\nView_Profiles
2009-01-26 15:14:16 ----D---- C:\Rooter$
2009-01-21 00:17:31 ----A---- C:\WINDOWS\gmer.ini
2009-01-21 00:17:28 ----A---- C:\WINDOWS\gmer_uninstall.cmd
2009-01-21 00:17:28 ----A---- C:\WINDOWS\gmer.exe
2009-01-21 00:17:28 ----A---- C:\WINDOWS\gmer.dll
2009-01-20 19:56:52 ----D---- C:\Dokumente und Einstellungen\MOEP\Anwendungsdaten\Malwarebytes
2009-01-20 19:56:44 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
2009-01-20 19:56:43 ----D---- C:\Programme\Malwarebytes' Anti-Malware
2009-01-20 14:32:54 ----A---- C:\WINDOWS\system32\USBMN1X1.DLL
2009-01-20 14:32:54 ----A---- C:\WINDOWS\system32\MA_CMIDN.DLL
2009-01-20 14:32:53 ----D---- C:\Programme\M-Audio
2009-01-20 14:32:53 ----A---- C:\WINDOWS\system32\USBMM1X1.DLL
2009-01-20 14:32:53 ----A---- C:\WINDOWS\system32\MA_CMIDI.DLL
2009-01-19 15:19:03 ----SHD---- C:\RECYCLER
2009-01-19 15:14:59 ----A---- C:\WINDOWS\system32\javaws.exe
2009-01-19 15:14:59 ----A---- C:\WINDOWS\system32\javaw.exe
2009-01-19 15:14:59 ----A---- C:\WINDOWS\system32\java.exe
2009-01-19 15:14:59 ----A---- C:\WINDOWS\system32\deploytk.dll
2009-01-19 12:04:40 ----D---- C:\WINDOWS\temp
2009-01-19 12:04:40 ----A---- C:\ComboFix.txt
2009-01-19 11:59:29 ----A---- C:\Boot.bak
2009-01-19 11:59:20 ----RASHD---- C:\cmdcons
2009-01-19 11:57:14 ----D---- C:\ComboFix
2009-01-18 15:29:34 ----A---- C:\WINDOWS\system32\rex shared library.dll
2009-01-18 15:29:34 ----A---- C:\WINDOWS\system32\rewire.dll
2009-01-18 15:29:33 ----D---- C:\Dokumente und Einstellungen\MOEP\Anwendungsdaten\Ableton
2009-01-18 15:29:32 ----D---- C:\Programme\Ableton
2009-01-18 15:29:17 ----A---- C:\WINDOWS\system32\gdiplus.dll
2009-01-18 03:02:34 ----HDC---- C:\WINDOWS\$NtUninstallKB958687$
2009-01-18 03:00:25 ----A---- C:\WINDOWS\system32\MRT.exe
2009-01-15 12:54:18 ----D---- C:\Dokumente und Einstellungen\MOEP\Anwendungsdaten\skypePM
2009-01-15 12:54:01 ----D---- C:\Programme\Gemeinsame Dateien\Skype
2009-01-12 18:29:42 ----D---- C:\rsit
2009-01-11 23:24:56 ----D---- C:\Programme\Larva Mortus
2009-01-05 19:08:10 ----D---- C:\Programme\Adobe
2008-12-29 17:40:20 ----A---- C:\VundoFix.txt
2008-12-28 01:48:33 ----A---- C:\WINDOWS\zip.exe
2008-12-28 01:48:33 ----A---- C:\WINDOWS\VFIND.exe
2008-12-28 01:48:33 ----A---- C:\WINDOWS\SWXCACLS.exe
2008-12-28 01:48:33 ----A---- C:\WINDOWS\SWSC.exe
2008-12-28 01:48:33 ----A---- C:\WINDOWS\SWREG.exe
2008-12-28 01:48:33 ----A---- C:\WINDOWS\sed.exe
2008-12-28 01:48:33 ----A---- C:\WINDOWS\NIRCMD.exe
2008-12-28 01:48:33 ----A---- C:\WINDOWS\grep.exe
2008-12-28 01:48:33 ----A---- C:\WINDOWS\fdsv.exe
2008-12-28 01:48:28 ----D---- C:\WINDOWS\ERDNT
2008-12-28 01:48:28 ----D---- C:\Qoobox

======List of files/folders modified in the last 1 months======

2009-01-26 15:31:36 ----D---- C:\WINDOWS\Prefetch
2009-01-26 15:29:29 ----D---- C:\Programme\Mozilla Firefox
2009-01-26 15:26:16 ----D---- C:\WINDOWS
2009-01-26 01:26:09 ----D---- C:\WINDOWS\system32\oodag
2009-01-25 04:22:59 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-01-25 01:09:16 ----D---- C:\WINDOWS\system32\CatRoot2
2009-01-24 22:05:48 ----D---- C:\WINDOWS\Minidump
2009-01-24 20:50:03 ----D---- C:\Dokumente und Einstellungen\MOEP\Anwendungsdaten\Skype
2009-01-24 17:48:45 ----D---- C:\Dokumente und Einstellungen\MOEP\Anwendungsdaten\OpenOffice.org2
2009-01-22 19:10:20 ----D---- C:\Dokumente und Einstellungen\MOEP\Anwendungsdaten\teamspeak2
2009-01-22 11:39:12 ----D---- C:\WINDOWS\system32
2009-01-21 00:17:28 ----D---- C:\WINDOWS\system32\drivers
2009-01-20 19:56:43 ----RD---- C:\Programme
2009-01-20 14:33:19 ----HD---- C:\WINDOWS\inf
2009-01-20 14:32:52 ----HD---- C:\Programme\InstallShield Installation Information
2009-01-19 15:17:30 ----SHD---- C:\WINDOWS\Installer
2009-01-19 15:17:29 ----SHD---- C:\Config.Msi
2009-01-19 15:14:40 ----D---- C:\Programme\Java
2009-01-19 12:03:16 ----A---- C:\WINDOWS\system.ini
2009-01-19 12:02:52 ----D---- C:\WINDOWS\AppPatch
2009-01-19 12:02:52 ----D---- C:\Programme\Gemeinsame Dateien
2009-01-19 11:59:29 ----RASH---- C:\boot.ini
2009-01-18 15:30:05 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-01-18 03:02:25 ----HD---- C:\WINDOWS\$hf_mig$
2009-01-18 03:00:26 ----D---- C:\WINDOWS\Debug
2009-01-17 17:43:45 ----D---- C:\WINDOWS\system32\config
2009-01-15 12:54:04 ----D---- C:\Programme\Skype
2009-01-11 19:39:38 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-01-10 14:28:27 ----A---- C:\WINDOWS\NeroDigital.ini
2009-01-05 19:15:29 ----D---- C:\Programme\SUPERAntiSpyware
2009-01-05 19:08:37 ----D---- C:\Programme\Gemeinsame Dateien\Adobe
2009-01-05 19:08:29 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Adobe
2009-01-05 14:28:04 ----A---- C:\WINDOWS\WININIT.INI
2008-12-28 01:34:48 ----A---- C:\WINDOWS\avisplitter.ini

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 avgio;avgio; \??\C:\Programme\Avira\AntiVir PersonalEdition Classic\avgio.sys []
R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2008-11-11 75072]
R1 intelppm;Intel-Prozessortreiber; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2004-08-04 40192]
R1 kbdhid;Tastatur-HID-Treiber; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-04 14848]
R1 SASDIFSV;SASDIFSV; \??\C:\Programme\SUPERAntiSpyware\SASDIFSV.SYS []
R1 SASKUTIL;SASKUTIL; \??\C:\Programme\SUPERAntiSpyware\SASKUTIL.sys []
R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2008-05-10 21248]
R2 Aspi32;Aspi32; C:\WINDOWS\System32\drivers\aspi32.sys [2002-07-17 16877]
R2 atksgt;atksgt; C:\WINDOWS\system32\DRIVERS\atksgt.sys [2007-11-24 278984]
R2 lirsgt;lirsgt; C:\WINDOWS\system32\DRIVERS\lirsgt.sys [2007-11-24 25416]
R2 NwlnkIpx;NWLink IPX/SPX/NetBIOS-kompatibles Transportprotokoll; C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys [2004-08-04 88448]
R2 NwlnkNb;NWLink-NetBIOS; C:\WINDOWS\system32\DRIVERS\nwlnknb.sys [2001-08-23 63232]
R2 NwlnkSpx;NWLink SPX/SPXII-Protokoll; C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys [2001-08-23 55936]
R3 avgntflt;avgntflt; \??\C:\Programme\Avira\AntiVir PersonalEdition Classic\avgntflt.sys []
R3 hamachi;Hamachi Network Interface; C:\WINDOWS\system32\DRIVERS\hamachi.sys [2007-10-27 25280]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2005-01-07 138752]
R3 hidusb;Microsoft HID Class-Treiber; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2001-08-23 9600]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2007-07-18 4547584]
R3 mouhid;Maus-HID-Treiber; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-23 12288]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2008-05-02 6554496]
R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:\WINDOWS\System32\DRIVERS\Rtenicxp.sys [2007-03-01 90496]
R3 SASENUM;SASENUM; \??\C:\Programme\SUPERAntiSpyware\SASENUM.SYS []
R3 US122;US122 Driver; C:\WINDOWS\System32\Drivers\US122.sys [2007-08-29 131968]
R3 Us122WdmService;US122 Wdm Audio; C:\WINDOWS\System32\Drivers\US122Wdm.sys [2007-08-29 39168]
R3 usbccgp;Microsoft Standard-USB-Haupttreiber; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-04 31616]
R3 usbehci;Miniporttreiber für erweiterten Microsoft USB 2.0-Hostcontroller; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-04 26624]
R3 usbhub;Microsoft USB-Standardhubtreiber; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2004-08-04 57600]
R3 USBSTOR;USB-Massenspeichertreiber; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 26496]
R3 usbuhci;Miniporttreiber für universellen Microsoft USB-Hostcontroller; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2004-08-04 20480]
S3 apsd3tkk;apsd3tkk; C:\WINDOWS\system32\drivers\apsd3tkk.sys []
S3 Arp1394;1394-ARP-Clientprotokoll; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2004-08-04 60800]
S3 avmeject;AVM Eject; C:\WINDOWS\system32\drivers\avmeject.sys [2006-12-28 4352]
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 dtwmnic5;Telekom Eumex 504PC SE; C:\WINDOWS\system32\DRIVERS\dtwmnic5.sys []
S3 ET5Drv;ET5Drv; \??\C:\WINDOWS\system32\Drivers\ET5Drv.sys []
S3 FWLANUSB;AVM FRITZ!WLAN; C:\WINDOWS\system32\DRIVERS\fwlanusb.sys [2006-12-28 265088]
S3 gdrv;gdrv; \??\C:\WINDOWS\gdrv.sys []
S3 gmer;gmer; C:\WINDOWS\System32\DRIVERS\gmer.sys [2009-01-21 85969]
S3 NIC1394;1394-Netzwerktreiber; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2004-08-04 61824]
S3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2001-08-23 5888]
S3 SANDRA;SANDRA; \??\C:\Programme\SiSoftware\SiSoftware Sandra Lite 2009\WNt500x86\Sandra.sys []
S3 ulisa;Telekom ISDN-Adapter (USB); C:\WINDOWS\System32\Drivers\ulisa.sys []
S3 US122DL;US122 Firmware Downloader; C:\WINDOWS\System32\Drivers\US122DL.sys [2007-08-29 18304]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys []
S3 usbaudio;USB-Audiotreiber (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2004-08-04 59264]
S3 usbprint;Microsoft USB-Druckerklasse; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-04 25856]
S3 usbscan;USB-Scannertreiber; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-04 15104]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aawservice;Lavasoft Ad-Aware Service; C:\Programme\Lavasoft\Ad-Aware\aawservice.exe [2008-09-10 611664]
R2 AntiVirScheduler;AntiVir PersonalEdition Classic Planer; C:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe [2008-10-26 68865]
R2 AntiVirService;AntiVir PersonalEdition Classic Guard; C:\Programme\Avira\AntiVir PersonalEdition Classic\avguard.exe [2008-10-26 151297]
R2 AVM WLAN Connection Service;AVM WLAN Connection Service; C:\Programme\avmwlanstick\WlanNetService.exe [2006-12-28 356352]
R2 JavaQuickStarterService;Java Quick Starter; C:\Programme\Java\jre6\bin\jqs.exe [2009-01-19 152984]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe [2005-06-20 53248]
R2 MA_CMIDI_InstallerService;M-Audio Series II MIDI Installer; C:\Programme\M-Audio\M-Audio Series II MIDI\MA_CMIDI_Inst.exe [2007-01-08 94208]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2008-05-02 159812]
R2 O&O Defrag;O&O Defrag; C:\WINDOWS\system32\oodag.exe [2007-05-11 1050120]
R3 usnjsvc;Messenger USN Journal Reader-Service für freigegebene Ordner; C:\Programme\MSN Messenger\usnsvc.exe [2007-01-19 97136]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 IDriverT;InstallDriver Table Manager; C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 SandraAgentSrv;SiSoftware Deployment Agent Service; C:\Programme\SiSoftware\SiSoftware Sandra Lite 2009\RpcAgentSrv.exe [2008-09-08 98488]
S3 WMPNetworkSvc;Windows Media Player-Netzwerkfreigabedienst; C:\Programme\Windows Media Player\WMPNetwk.exe [2006-11-03 920576]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336]
S4 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2008-11-04 66872]

-----------------EOF-----------------
Maelyder
Active Member
 
Posts: 11
Joined: January 6th, 2009, 7:44 am
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 45 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware