Seite 1 von 2 12 LetzteLetzte
Ergebnis 1 bis 10 von 20

Thema: Win32/TrojanDownloader.Agent problem

  1. #1
    Einsteiger
    Registriert seit
    21.12.2009
    Beiträge
    10

    Win32/TrojanDownloader.Agent problem

    Hello all!

    This is my first visit here. Hope it'll be the last!

    For some time I get this pop-up from WinXP. Especially when I connect a USB memory.



    The current problems that I noticed in my WinXP are:

    - Internet Explorer cannot open a new window or pop-up window. It tries to but it just can't.
    - When I insert a music CD, I can't see that little window which asks me what application I want to open the CD with. The same goes for USB sticks. Windows doesn't open a new window when I connect them.
    - Lately, I cannot open my USB memory sticks when I double click them. This really disturbs me because currently I'm dealing with my thesis work and I really need the information in my USB stick. Instead I get an "open with" window as seen below. But I can open the files other way. i.e. If it's a .doc fiile, I open MS Word and from Files>Open and I can see the files in my memory stick.

    This is my screenshot when I try to open my memory stick via double clicking (The usual "open-with" window):


    When I made a NOD32 search, it gave me the following report:
    C:\WINDOWS\system32\actxprxy.dll - probably a variant of Win32/TrojanDownloader.Agent trojan - unable to clean

    ...and also this: (But I don't have such a file!)
    C:\Program Files\eMule\Incoming\Finale Viewer Allegro Notepad PrintMusic SongWriter Human 2007C By Malvinas Argentinas.iso » ISO » keygen.exe - probably a variant of Win32/Agent trojan

    Anyway, I installed HijackThis and it gave me this log:
    Code:
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 18:04:05, on 21.12.2009
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal
    
    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\CTsvcCDA.exe
    C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
    C:\WINDOWS\system32\drivers\KodakCCS.exe
    C:\Program Files\NetLimiter 2 Pro\nlsvc.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\PnkBstrA.exe
    C:\WINDOWS\system32\ScsiAccess.EXE
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\MsPMSPSv.exe
    C:\Program Files\Creative\SB Live! 24-bit\Surround Mixer\CTSysVol.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
    C:\Program Files\ABBYY FineReader 7.0 Professional Edition\AbbyyNewsReader.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Rainlendar2\Rainlendar2.exe
    C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
    C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
    C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
    C:\Program Files\SONY\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Java\jre1.6.0_05\bin\jucheck.exe
    C:\Program Files\eMule\emule.exe
    C:\Program Files\Real\RealPlayer\RealPlay.exe
    C:\Program Files\Adobe\Acrobat 5.0\Acrobat\Acrobat.exe
    C:\Program Files\Common Files\Adobe\Web\AOM.exe
    C:\Program Files\MathType\MathType.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\WINDOWS\system32\notepad.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    C:\WINDOWS\system32\mspaint.exe
    
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 217.195.246.83:8080
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Bağlantılar
    F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe, explorer.exe
    O1 - Hosts: 72.55.188.183 richarddawkins.net
    O1 - Hosts: 72.55.188.183 www.richarddawkins.net
    O1 - Hosts: 74.125.79.100 sites.google.com
    O1 - Hosts: 208.109.181.194 makat.org
    O1 - Hosts: 208.109.181.194 www.makat.org
    O1 - Hosts: 208.117.236.69 youtube.com
    O1 - Hosts: 208.117.236.69 www.youtube.com
    O1 - Hosts: 74.125.65.118 img.youtube.com
    O1 - Hosts: 64.15.124.143 sjc-v1.sjc.youtube.com
    O1 - Hosts: 64.15.124.144 sjc-v2.sjc.youtube.com
    O1 - Hosts: 64.15.124.145 sjc-v3.sjc.youtube.com
    O1 - Hosts: 64.15.124.146 sjc-v4.sjc.youtube.com
    O1 - Hosts: 64.15.124.147 sjc-v5.sjc.youtube.com
    O1 - Hosts: 64.15.124.148 sjc-v6.sjc.youtube.com
    O1 - Hosts: 64.15.124.149 sjc-v7.sjc.youtube.com
    O1 - Hosts: 64.15.124.150 sjc-v8.sjc.youtube.com
    O1 - Hosts: 64.15.124.151 sjc-v9.sjc.youtube.com
    O1 - Hosts: 64.15.124.152 sjc-v10.sjc.youtube.com
    O1 - Hosts: 64.15.124.153 sjc-v11.sjc.youtube.com
    O1 - Hosts: 64.15.124.154 sjc-v12.sjc.youtube.com
    O1 - Hosts: 64.15.124.155 sjc-v13.sjc.youtube.com
    O1 - Hosts: 64.15.124.156 sjc-v14.sjc.youtube.com
    O1 - Hosts: 64.15.124.157 sjc-v15.sjc.youtube.com
    O1 - Hosts: 64.15.124.158 sjc-v16.sjc.youtube.com
    O1 - Hosts: 64.15.124.159 sjc-v17.sjc.youtube.com
    O1 - Hosts: 64.15.124.160 sjc-v18.sjc.youtube.com
    O1 - Hosts: 64.15.124.161 sjc-v19.sjc.youtube.com
    O1 - Hosts: 64.15.124.162 sjc-v20.sjc.youtube.com
    O1 - Hosts: 64.15.124.163 sjc-v21.sjc.youtube.com
    O1 - Hosts: 64.15.124.164 sjc-v22.sjc.youtube.com
    O1 - Hosts: 64.15.124.165 sjc-v23.sjc.youtube.com
    O1 - Hosts: 64.15.124.166 sjc-v24.sjc.youtube.com
    O1 - Hosts: 64.15.124.167 sjc-v25.sjc.youtube.com
    O1 - Hosts: 64.15.124.168 sjc-v26.sjc.youtube.com
    O1 - Hosts: 64.15.124.169 sjc-v27.sjc.youtube.com
    O1 - Hosts: 64.15.124.170 sjc-v28.sjc.youtube.com
    O1 - Hosts: 64.15.124.171 sjc-v29.sjc.youtube.com
    O1 - Hosts: 64.15.124.172 sjc-v30.sjc.youtube.com
    O1 - Hosts: 64.15.124.173 sjc-v31.sjc.youtube.com
    O1 - Hosts: 64.15.124.174 sjc-v32.sjc.youtube.com
    O1 - Hosts: 64.15.124.175 sjc-v33.sjc.youtube.com
    O1 - Hosts: 64.15.124.176 sjc-v34.sjc.youtube.com
    O1 - Hosts: 64.15.124.177 sjc-v35.sjc.youtube.com
    O1 - Hosts: 64.15.124.178 sjc-v36.sjc.youtube.com
    O1 - Hosts: 64.15.124.179 sjc-v37.sjc.youtube.com
    O1 - Hosts: 64.15.124.180 sjc-v38.sjc.youtube.com
    O1 - Hosts: 64.15.124.207 sjc-v39.sjc.youtube.com
    O1 - Hosts: 64.15.124.208 sjc-v40.sjc.youtube.com
    O1 - Hosts: 64.15.124.209 sjc-v41.sjc.youtube.com
    O1 - Hosts: 64.15.124.210 sjc-v42.sjc.youtube.com
    O1 - Hosts: 64.15.124.211 sjc-v43.sjc.youtube.com
    O1 - Hosts: 64.15.124.212 sjc-v44.sjc.youtube.com
    O1 - Hosts: 64.15.124.213 sjc-v45.sjc.youtube.com
    O1 - Hosts: 64.15.124.214 sjc-v46.sjc.youtube.com
    O1 - Hosts: 64.15.124.215 sjc-v47.sjc.youtube.com
    O1 - Hosts: 64.15.124.216 sjc-v48.sjc.youtube.com
    O1 - Hosts: 64.15.124.217 sjc-v49.sjc.youtube.com
    O1 - Hosts: 64.15.124.218 sjc-v50.sjc.youtube.com
    O1 - Hosts: 64.15.124.219 sjc-v51.sjc.youtube.com
    O1 - Hosts: 64.15.124.220 sjc-v52.sjc.youtube.com
    O1 - Hosts: 64.15.124.221 sjc-v53.sjc.youtube.com
    O1 - Hosts: 64.15.124.222 sjc-v54.sjc.youtube.com
    O1 - Hosts: 64.15.124.223 sjc-v55.sjc.youtube.com
    O1 - Hosts: 64.15.124.224 sjc-v56.sjc.youtube.com
    O1 - Hosts: 64.15.124.225 sjc-v57.sjc.youtube.com
    O1 - Hosts: 64.15.124.226 sjc-v58.sjc.youtube.com
    O1 - Hosts: 64.15.124.227 sjc-v59.sjc.youtube.com
    O1 - Hosts: 64.15.124.228 sjc-v60.sjc.youtube.com
    O1 - Hosts: 64.15.124.229 sjc-v61.sjc.youtube.com
    O1 - Hosts: 64.15.124.230 sjc-v62.sjc.youtube.com
    O1 - Hosts: 64.15.124.231 sjc-v63.sjc.youtube.com
    O1 - Hosts: 64.15.124.232 sjc-v64.sjc.youtube.com
    O1 - Hosts: 64.15.124.233 sjc-v65.sjc.youtube.com
    O1 - Hosts: 64.15.124.234 sjc-v66.sjc.youtube.com
    O1 - Hosts: 64.15.124.235 sjc-v67.sjc.youtube.com
    O1 - Hosts: 64.15.124.236 sjc-v68.sjc.youtube.com
    O1 - Hosts: 64.15.124.237 sjc-v69.sjc.youtube.com
    O1 - Hosts: 64.15.124.238 sjc-v70.sjc.youtube.com
    O1 - Hosts: 64.15.124.239 sjc-v71.sjc.youtube.com
    O1 - Hosts: 64.15.124.240 sjc-v72.sjc.youtube.com
    O1 - Hosts: 64.15.124.241 sjc-v73.sjc.youtube.com
    O1 - Hosts: 64.15.124.242 sjc-v74.sjc.youtube.com
    O1 - Hosts: 64.15.124.243 sjc-v75.sjc.youtube.com
    O1 - Hosts: 64.15.124.244 sjc-v76.sjc.youtube.com
    O1 - Hosts: 64.15.125.16 sjc-v77.sjc.youtube.com
    O1 - Hosts: 64.15.125.17 sjc-v78.sjc.youtube.com
    O1 - Hosts: 64.15.125.18 sjc-v79.sjc.youtube.com
    O1 - Hosts: 64.15.125.19 sjc-v80.sjc.youtube.com
    O1 - Hosts: 64.15.125.20 sjc-v81.sjc.youtube.com
    O1 - Hosts: 64.15.125.21 sjc-v82.sjc.youtube.com
    O1 - Hosts: 64.15.125.22 sjc-v83.sjc.youtube.com
    O1 - Hosts: 64.15.125.23 sjc-v84.sjc.youtube.com
    O1 - Hosts: 64.15.125.24 sjc-v85.sjc.youtube.com
    O1 - Hosts: 64.15.125.25 sjc-v86.sjc.youtube.com
    O1 - Hosts: 64.15.125.26 sjc-v87.sjc.youtube.com
    O1 - Hosts: 64.15.125.27 sjc-v88.sjc.youtube.com
    O1 - Hosts: 64.15.125.28 sjc-v89.sjc.youtube.com
    O1 - Hosts: 64.15.125.29 sjc-v90.sjc.youtube.com
    O1 - Hosts: 64.15.125.30 sjc-v91.sjc.youtube.com
    O1 - Hosts: 64.15.125.31 sjc-v92.sjc.youtube.com
    O1 - Hosts: 64.15.125.32 sjc-v93.sjc.youtube.com
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O2 - BHO: ThunderAdvise - {97421D0D-E07F-40DF-8F07-99597B9585AD} - (no file)
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SB Live! 24-bit\Surround Mixer\CTSysVol.exe /r
    O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [BDSwitchAgent] "C:\progra~1\softwin\bitdef~1\bdswitch.exe"
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [FineReader7NewsReaderPro] C:\Program Files\ABBYY FineReader 7.0 Professional Edition\AbbyyNewsReader.exe
    O4 - HKLM\..\Run: [Barsaka] explorer.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [mirc] C:\WINDOWS\WINCRA\mirc.exe
    O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
    O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [amva] C:\WINDOWS\system32\amvo.exe
    O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - HKCU\..\Run: [Rainlendar2] C:\Program Files\Rainlendar2\Rainlendar2.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Startup: Picture Motion Browser Media Check Tool.lnk = C:\Program Files\SONY\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
    O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: hp psc 1000 series.lnk = ?
    O4 - Global Startup: hpoddt01.exe.lnk = ?
    O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
    O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O17 - HKLM\System\CCS\Services\Tcpip\..\{37D17006-8E1A-4418-AF41-AD76C2FA64C7}: NameServer = 195.175.39.40,195.175.39.39
    O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
    O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
    O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
    O23 - Service: Sony SPTI Service for DVE (ICDSPTSV) - Sony Corporation - C:\WINDOWS\system32\IcdSptSv.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
    O23 - Service: NetLimiter (nlsvc) - Locktime Software - C:\Program Files\NetLimiter 2 Pro\nlsvc.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
    O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\system32\ScsiAccess.EXE
    O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
    
    --
    End of file - 13967 bytes
    Any help would be appriciated. Thanks in advance.

  2. #2
    Moderator (global) Team-Mitglied Avatar von Jintan
    Registriert seit
    25.11.2006
    Beiträge
    6.369

    Re: Win32/TrojanDownloader.Agent problem

    Welcome to HijackThis.de Heavy Metal,

    The log shows a worm infection that includes changes made to net accesses there. Let's get more details and then start some repairs.

    Do you recognize all those "youtube.com" entires in your Hosts file (they shows in HijackThis as "01 - Hosts")? Also is this a proxy server setting you yourself chose:

    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 217.195.246.83:8080

    --------------

    To keep them from interfering with the repairs, be sure to temporarily disable all antivirus/anti-spyware softwares while these steps are being completed. This can usually be done through right clicking the software's Taskbar icons, or accessing each software through Start - Programs.


    Download RSIT (random's system information tool) from here to your desktop. Then click on the RSIT.exe to open the RSIT display, and click the Continue button.

    If necessary allow it to locate or download a copy of HijackThis as needed.

    Once the scan completes a textbox will open - copy/paste those contents here for review please. The log can also be found at C:\rsit\log.txt.

    RSIT will also create a second log, info.txt, which will be minimized to your taskbar. Post that here as well please (it will also be stored at C:\rsit\info.txt).

    You can break logs into parts and use separate posts here when replying and posting the log files, if needed.

    --------------

    Also click here and download the installer for Gmer to your desktop, then click that file to run Gmer.


    Once the opening scan finishes, click on Scan (before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while this scan completes. Also do not use your computer during the scan).

    When completed, click on the Copy button and rightclick on your Desktop, choose "New" > Text document. Once the file is created, open it and rightclick again and choose Paste. Copy the information and post it here please.
    Lebe den Tag!

    Jintan - Die Marke, bei der alles stimmt!

  3. #3
    Einsteiger
    Registriert seit
    21.12.2009
    Beiträge
    10

    Re: Win32/TrojanDownloader.Agent problem

    Hi Jintan,

    Thanks for the detailed answer. Sorry, I couldn't reply for a few days because of my thesis work.

    Zitat Zitat von Jintan Beitrag anzeigen
    Do you recognize all those "youtube.com" entires in your Hosts file (they shows in HijackThis as "01 - Hosts")? Also is this a proxy server setting you yourself chose:

    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 217.195.246.83:8080
    Yes, it's a proxy server to connect to Youtube. Youtube is currently down in Turkey and people try different ways to connect to it.

    ...and these are the RSIT files you want:

    Code:
    Logfile of random's system information tool 1.06 (written by random/random)
    Run by Deniz Can at 2009-12-28 23:28:54
    Microsoft Windows XP Professional Service Pack 2
    System drive C: has 11 GB (16%) free of 67 GB
    Total RAM: 511 MB (26% free)
    
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 23:29:19, on 28.12.2009
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal
    
    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\CTsvcCDA.exe
    C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
    C:\WINDOWS\system32\drivers\KodakCCS.exe
    C:\Program Files\NetLimiter 2 Pro\nlsvc.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\PnkBstrA.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\ScsiAccess.EXE
    C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\MsPMSPSv.exe
    C:\Program Files\Creative\SB Live! 24-bit\Surround Mixer\CTSysVol.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
    C:\Program Files\ABBYY FineReader 7.0 Professional Edition\AbbyyNewsReader.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Rainlendar2\Rainlendar2.exe
    C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Java\jre1.6.0_05\bin\jucheck.exe
    C:\Program Files\eMule\emule.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Documents and Settings\Deniz Can\Desktop\RSIT.exe
    C:\Program Files\Trend Micro\HijackThis\Deniz Can.exe
    
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 217.195.246.83:8080
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Bağlantılar
    F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe, explorer.exe
    O1 - Hosts: 72.55.188.183 richarddawkins.net
    O1 - Hosts: 72.55.188.183 www.richarddawkins.net
    O1 - Hosts: 74.125.79.100 sites.google.com
    O1 - Hosts: 208.109.181.194 makat.org
    O1 - Hosts: 208.109.181.194 www.makat.org
    O1 - Hosts: 208.117.236.69 youtube.com
    O1 - Hosts: 208.117.236.69 www.youtube.com
    O1 - Hosts: 74.125.65.118 img.youtube.com
    O1 - Hosts: 64.15.124.143 sjc-v1.sjc.youtube.com
    O1 - Hosts: 64.15.124.144 sjc-v2.sjc.youtube.com
    O1 - Hosts: 64.15.124.145 sjc-v3.sjc.youtube.com
    O1 - Hosts: 64.15.124.146 sjc-v4.sjc.youtube.com
    O1 - Hosts: 64.15.124.147 sjc-v5.sjc.youtube.com
    O1 - Hosts: 64.15.124.148 sjc-v6.sjc.youtube.com
    O1 - Hosts: 64.15.124.149 sjc-v7.sjc.youtube.com
    O1 - Hosts: 64.15.124.150 sjc-v8.sjc.youtube.com
    O1 - Hosts: 64.15.124.151 sjc-v9.sjc.youtube.com
    O1 - Hosts: 64.15.124.152 sjc-v10.sjc.youtube.com
    O1 - Hosts: 64.15.124.153 sjc-v11.sjc.youtube.com
    O1 - Hosts: 64.15.124.154 sjc-v12.sjc.youtube.com
    O1 - Hosts: 64.15.124.155 sjc-v13.sjc.youtube.com
    O1 - Hosts: 64.15.124.156 sjc-v14.sjc.youtube.com
    O1 - Hosts: 64.15.124.157 sjc-v15.sjc.youtube.com
    O1 - Hosts: 64.15.124.158 sjc-v16.sjc.youtube.com
    O1 - Hosts: 64.15.124.159 sjc-v17.sjc.youtube.com
    O1 - Hosts: 64.15.124.160 sjc-v18.sjc.youtube.com
    O1 - Hosts: 64.15.124.161 sjc-v19.sjc.youtube.com
    O1 - Hosts: 64.15.124.162 sjc-v20.sjc.youtube.com
    O1 - Hosts: 64.15.124.163 sjc-v21.sjc.youtube.com
    O1 - Hosts: 64.15.124.164 sjc-v22.sjc.youtube.com
    O1 - Hosts: 64.15.124.165 sjc-v23.sjc.youtube.com
    O1 - Hosts: 64.15.124.166 sjc-v24.sjc.youtube.com
    O1 - Hosts: 64.15.124.167 sjc-v25.sjc.youtube.com
    O1 - Hosts: 64.15.124.168 sjc-v26.sjc.youtube.com
    O1 - Hosts: 64.15.124.169 sjc-v27.sjc.youtube.com
    O1 - Hosts: 64.15.124.170 sjc-v28.sjc.youtube.com
    O1 - Hosts: 64.15.124.171 sjc-v29.sjc.youtube.com
    O1 - Hosts: 64.15.124.172 sjc-v30.sjc.youtube.com
    O1 - Hosts: 64.15.124.173 sjc-v31.sjc.youtube.com
    O1 - Hosts: 64.15.124.174 sjc-v32.sjc.youtube.com
    O1 - Hosts: 64.15.124.175 sjc-v33.sjc.youtube.com
    O1 - Hosts: 64.15.124.176 sjc-v34.sjc.youtube.com
    O1 - Hosts: 64.15.124.177 sjc-v35.sjc.youtube.com
    O1 - Hosts: 64.15.124.178 sjc-v36.sjc.youtube.com
    O1 - Hosts: 64.15.124.179 sjc-v37.sjc.youtube.com
    O1 - Hosts: 64.15.124.180 sjc-v38.sjc.youtube.com
    O1 - Hosts: 64.15.124.207 sjc-v39.sjc.youtube.com
    O1 - Hosts: 64.15.124.208 sjc-v40.sjc.youtube.com
    O1 - Hosts: 64.15.124.209 sjc-v41.sjc.youtube.com
    O1 - Hosts: 64.15.124.210 sjc-v42.sjc.youtube.com
    O1 - Hosts: 64.15.124.211 sjc-v43.sjc.youtube.com
    O1 - Hosts: 64.15.124.212 sjc-v44.sjc.youtube.com
    O1 - Hosts: 64.15.124.213 sjc-v45.sjc.youtube.com
    O1 - Hosts: 64.15.124.214 sjc-v46.sjc.youtube.com
    O1 - Hosts: 64.15.124.215 sjc-v47.sjc.youtube.com
    O1 - Hosts: 64.15.124.216 sjc-v48.sjc.youtube.com
    O1 - Hosts: 64.15.124.217 sjc-v49.sjc.youtube.com
    O1 - Hosts: 64.15.124.218 sjc-v50.sjc.youtube.com
    O1 - Hosts: 64.15.124.219 sjc-v51.sjc.youtube.com
    O1 - Hosts: 64.15.124.220 sjc-v52.sjc.youtube.com
    O1 - Hosts: 64.15.124.221 sjc-v53.sjc.youtube.com
    O1 - Hosts: 64.15.124.222 sjc-v54.sjc.youtube.com
    O1 - Hosts: 64.15.124.223 sjc-v55.sjc.youtube.com
    O1 - Hosts: 64.15.124.224 sjc-v56.sjc.youtube.com
    O1 - Hosts: 64.15.124.225 sjc-v57.sjc.youtube.com
    O1 - Hosts: 64.15.124.226 sjc-v58.sjc.youtube.com
    O1 - Hosts: 64.15.124.227 sjc-v59.sjc.youtube.com
    O1 - Hosts: 64.15.124.228 sjc-v60.sjc.youtube.com
    O1 - Hosts: 64.15.124.229 sjc-v61.sjc.youtube.com
    O1 - Hosts: 64.15.124.230 sjc-v62.sjc.youtube.com
    O1 - Hosts: 64.15.124.231 sjc-v63.sjc.youtube.com
    O1 - Hosts: 64.15.124.232 sjc-v64.sjc.youtube.com
    O1 - Hosts: 64.15.124.233 sjc-v65.sjc.youtube.com
    O1 - Hosts: 64.15.124.234 sjc-v66.sjc.youtube.com
    O1 - Hosts: 64.15.124.235 sjc-v67.sjc.youtube.com
    O1 - Hosts: 64.15.124.236 sjc-v68.sjc.youtube.com
    O1 - Hosts: 64.15.124.237 sjc-v69.sjc.youtube.com
    O1 - Hosts: 64.15.124.238 sjc-v70.sjc.youtube.com
    O1 - Hosts: 64.15.124.239 sjc-v71.sjc.youtube.com
    O1 - Hosts: 64.15.124.240 sjc-v72.sjc.youtube.com
    O1 - Hosts: 64.15.124.241 sjc-v73.sjc.youtube.com
    O1 - Hosts: 64.15.124.242 sjc-v74.sjc.youtube.com
    O1 - Hosts: 64.15.124.243 sjc-v75.sjc.youtube.com
    O1 - Hosts: 64.15.124.244 sjc-v76.sjc.youtube.com
    O1 - Hosts: 64.15.125.16 sjc-v77.sjc.youtube.com
    O1 - Hosts: 64.15.125.17 sjc-v78.sjc.youtube.com
    O1 - Hosts: 64.15.125.18 sjc-v79.sjc.youtube.com
    O1 - Hosts: 64.15.125.19 sjc-v80.sjc.youtube.com
    O1 - Hosts: 64.15.125.20 sjc-v81.sjc.youtube.com
    O1 - Hosts: 64.15.125.21 sjc-v82.sjc.youtube.com
    O1 - Hosts: 64.15.125.22 sjc-v83.sjc.youtube.com
    O1 - Hosts: 64.15.125.23 sjc-v84.sjc.youtube.com
    O1 - Hosts: 64.15.125.24 sjc-v85.sjc.youtube.com
    O1 - Hosts: 64.15.125.25 sjc-v86.sjc.youtube.com
    O1 - Hosts: 64.15.125.26 sjc-v87.sjc.youtube.com
    O1 - Hosts: 64.15.125.27 sjc-v88.sjc.youtube.com
    O1 - Hosts: 64.15.125.28 sjc-v89.sjc.youtube.com
    O1 - Hosts: 64.15.125.29 sjc-v90.sjc.youtube.com
    O1 - Hosts: 64.15.125.30 sjc-v91.sjc.youtube.com
    O1 - Hosts: 64.15.125.31 sjc-v92.sjc.youtube.com
    O1 - Hosts: 64.15.125.32 sjc-v93.sjc.youtube.com
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O2 - BHO: ThunderAdvise - {97421D0D-E07F-40DF-8F07-99597B9585AD} - (no file)
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SB Live! 24-bit\Surround Mixer\CTSysVol.exe /r
    O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [BDSwitchAgent] "C:\progra~1\softwin\bitdef~1\bdswitch.exe"
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [FineReader7NewsReaderPro] C:\Program Files\ABBYY FineReader 7.0 Professional Edition\AbbyyNewsReader.exe
    O4 - HKLM\..\Run: [Barsaka] explorer.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [mirc] C:\WINDOWS\WINCRA\mirc.exe
    O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
    O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [amva] C:\WINDOWS\system32\amvo.exe
    O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - HKCU\..\Run: [Rainlendar2] C:\Program Files\Rainlendar2\Rainlendar2.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Startup: Picture Motion Browser Media Check Tool.lnk = C:\Program Files\SONY\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
    O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: hp psc 1000 series.lnk = ?
    O4 - Global Startup: hpoddt01.exe.lnk = ?
    O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
    O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O17 - HKLM\System\CCS\Services\Tcpip\..\{37D17006-8E1A-4418-AF41-AD76C2FA64C7}: NameServer = 195.175.39.40,195.175.39.39
    O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
    O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
    O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
    O23 - Service: Sony SPTI Service for DVE (ICDSPTSV) - Sony Corporation - C:\WINDOWS\system32\IcdSptSv.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
    O23 - Service: NetLimiter (nlsvc) - Locktime Software - C:\Program Files\NetLimiter 2 Pro\nlsvc.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
    O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\system32\ScsiAccess.EXE
    O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
    
    --
    End of file - 13441 bytes
    
    ======Scheduled tasks folder======
    
    C:\WINDOWS\tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1188319073.job
    C:\WINDOWS\tasks\LifeChatTask.job
    C:\WINDOWS\tasks\WGASetup.job
    
    ======Registry dump======
    
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
    AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx [2001-03-02 37808]
    
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
    SSVHelper Class - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll [2008-02-22 509328]
    
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{97421D0D-E07F-40DF-8F07-99597B9585AD}]
    ThunderHlpObj Class
    
    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    "NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2006-10-22 7700480]
    "nwiz"=nwiz.exe /install []
    "CTSysVol"=C:\Program Files\Creative\SB Live! 24-bit\Surround Mixer\CTSysVol.exe [2003-09-17 57344]
    "UpdReg"=C:\WINDOWS\UpdReg.EXE [2000-05-11 90112]
    "NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]
    "BDSwitchAgent"=C:\progra~1\softwin\bitdef~1\bdswitch.exe []
    ""= []
    "iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2005-12-20 278528]
    "SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe [2008-02-22 144784]
    "NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2006-10-22 86016]
    "FineReader7NewsReaderPro"=C:\Program Files\ABBYY FineReader 7.0 Professional Edition\AbbyyNewsReader.exe [2003-09-12 278528]
    "Barsaka"=C:\WINDOWS\explorer.exe [2007-06-13 1033216]
    "QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2006-04-22 155648]
    "mirc"=C:\WINDOWS\WINCRA\mirc.exe []
    "ISUSPM Startup"=C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup []
    "ISUSScheduler"=C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2004-08-09 81920]
    "TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2009-01-31 185872]
    "egui"=C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [2009-02-06 2021400]
    
    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2004-08-03 15360]
    "MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2004-10-13 1694208]
    "amva"=C:\WINDOWS\system32\amvo.exe []
    "NBJ"=C:\Program Files\Ahead\Nero BackItUp\NBJ.exe [2005-04-08 1953792]
    "Skype"=C:\Program Files\Skype\Phone\Skype.exe [2006-01-18 19477544]
    "Rainlendar2"=C:\Program Files\Rainlendar2\Rainlendar2.exe [2006-11-26 984064]
    
    C:\Documents and Settings\All Users\Start Menu\Programlar\Başlangıç
    Acrobat Assistant.lnk - C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
    Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    hp psc 1000 series.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
    hpoddt01.exe.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
    Kodak EasyShare software.lnk - C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
    KODAK Software Updater.lnk - C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
    
    C:\Documents and Settings\Deniz Can\Start Menu\Programlar\Başlangıç
    Picture Motion Browser Media Check Tool.lnk - C:\Program Files\SONY\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
    
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    "{1ECE2FCB-C1BB-4706-920C-F4C1076FD155}"=C:\WINDOWS\system32\kT2NuqZeGma.dll []
    "{7A93621D-BFFE-4EB1-AAE1-CD487F429840}"=C:\WINDOWS\system32\PkVyCX5kHnftC7BXjt.dll []
    "{028A997C-4262-4107-BD46-2ABBC6143E8C}"=C:\WINDOWS\system32\efc0c52cc1.dll []
    "{56BC86C7-0692-4F94-A2C1-6CF1DBF8096C}"=C:\WINDOWS\system32\56BC86C7.dll []
    "{E88AE11C-26DF-4F4D-8726-C043F513990E}"=C:\WINDOWS\system32\yp77Tt3UCG74J.dll []
    "{4E5CFE74-700B-4A8B-B0BF-A6B47D896C18}"=C:\WINDOWS\system32\GrTZqH5SnRhAt.dll []
    "{76B9BA7A-81D0-4979-8598-8471F2AB5186}"=C:\WINDOWS\system32\76B9BA7A.dll []
    "{737858A9-9AEA-4838-9B49-54DA731F7F37}"=C:\WINDOWS\system32\BMsg6pdMD4ht.dll []
    "{08223B03-1B38-4A33-A83A-A4D3CC1D6E4E}"=C:\WINDOWS\system32\08223B03.dll []
    "{CD95107F-52A5-42A4-9914-18949993E798}"=C:\WINDOWS\fonts\tY5UFS434YYd.fon []
    "{0D267113-499A-4EEF-998D-C45731C1B313}"=C:\WINDOWS\system32\VnTU2WAqUcZA6.dll []
    "{A0C86020-5935-4B87-B20E-0B656D450264}"=C:\WINDOWS\system32\A0C86020.dll []
    "{CCCA2FB9-2D5D-4481-8BFE-1CDDC458A3F4}"=C:\WINDOWS\system32\CCCA2FB9.dll []
    "{704C3595-DB85-40F6-A601-8D6F346907BD}"=C:\WINDOWS\system32\704C3595.dll []
    "{E4814792-EFA3-4C20-93D0-8B130A59F9A8}"=C:\WINDOWS\system32\E4814792.dll []
    "{C722AD57-35DA-4460-8353-328372F32AB2}"=C:\WINDOWS\system32\ufQCU5.dll []
    "{171565E3-F0BB-4FF0-9A42-C9406C79DB78}"=C:\WINDOWS\system32\wF87W8XjgDW5Es6tuA.dll []
    "{EF6EF2D9-CDC7-481D-B17C-DA8DBA33BB01}"=C:\WINDOWS\system32\kW5xUYZjcSnWs.dll []
    "{6B74576A-BB20-47B3-AE0A-046B062897D0}"=C:\WINDOWS\system32\ACg9ycsarj8y.dll []
    "{36AC68E6-0C26-4D39-B98E-54B49DAB6BAA}"=C:\WINDOWS\system32\dhDhwS7fFW.dll []
    "{76CBCF38-0583-44C7-A1AE-D463DFE625EC}"=C:\WINDOWS\system32\skcfujQ5EDN.dll []
    "{A1A6BC2E-C6A1-43C1-8884-A31D772F42B8}"=C:\WINDOWS\system32\A1A6BC2E.dll []
    "{19250D1E-B733-4F49-BC56-44EFCF3BF650}"=C:\WINDOWS\system32\m37tEtTX7Ye5c.dll []
    "{93DA1E7D-7C46-4F90-8674-EC90511FCA72}"=C:\WINDOWS\system32\CDuAUVkGy9.dll []
    "{FBFAD3A6-0B1E-4122-9C2B-92A4623875EC}"=C:\WINDOWS\system32\v6yj3gxacYQU.dll []
    "{122B901E-493F-4AD9-BC69-7DE8C3E52FCC}"=C:\WINDOWS\system32\122B901E.dll []
    "{2EF0D734-21FD-4225-A1A2-BCD296182AAF}"=C:\WINDOWS\system32\2EF0D734.dll []
    "{A35BF249-2B40-4E4A-97B5-86DC8B358887}"=C:\WINDOWS\system32\j8EG7scz8.dll []
    
    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
    "dontdisplaylastusername"=0
    "legalnoticecaption"=
    "legalnoticetext"=
    "shutdownwithoutlogon"=1
    "undockwithoutlogon"=1
    
    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
    "NoDriveTypeAutoRun"=145
    
    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
    "HonorAutoRunSetting"=
    
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
    "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe"="C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe:*:Enabled:backWeb-7288971"
    "C:\Program Files\eMule\emule.exe"="C:\Program Files\eMule\emule.exe:*:Enabled:eMule"
    "C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
    "C:\Program Files\EA GAMES\Need For Speed Underground\Speed.exe"="C:\Program Files\EA GAMES\Need For Speed Underground\Speed.exe:*:Enabled:Speed"
    "C:\Program Files\Apache Software Foundation\Apache2.2\bin\httpd.exe"="C:\Program Files\Apache Software Foundation\Apache2.2\bin\httpd.exe:*:Enabled:Apache HTTP Server"
    "C:\Documents and Settings\Deniz Can\Desktop\utorrent.exe"="C:\Documents and Settings\Deniz Can\Desktop\utorrent.exe:*:Enabled:µTorrent"
    "C:\Program Files\Alias\Maya8.0\bin\maya.exe"="C:\Program Files\Alias\Maya8.0\bin\maya.exe:*:Disabled:Maya"
    "C:\Program Files\TVUPlayer\TVUPlayer.exe"="C:\Program Files\TVUPlayer\TVUPlayer.exe:*:Enabled:TVU Player Component"
    "C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
    "C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
    "C:\Program Files\Xfire\xfire.exe"="C:\Program Files\Xfire\xfire.exe:*:Enabled:Xfire"
    "C:\Program Files\Activision\Call of Duty 2\CoD2MP_s.exe"="C:\Program Files\Activision\Call of Duty 2\CoD2MP_s.exe:*:Enabled:CoD2MP_s"
    "C:\WINDOWS\Wincra\mirc.exe"="C:\WINDOWS\Wincra\mirc.exe:*:Disabled:mIRC"
    "C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"
    "C:\Program Files\Internet Explorer\IEXPLORE.EXE"="C:\Program Files\Internet Explorer\IEXPLORE.EXE:*:Enabled:Internet Explorer"
    "C:\Papyrus\NASCAR Racing 2002 Season\NR2002.exe"="C:\Papyrus\NASCAR Racing 2002 Season\NR2002.exe:*:Disabled:NASCAR Racing 2002 Season"
    "C:\Program Files\Chessmaster 8000\Chessmaster.exe"="C:\Program Files\Chessmaster 8000\Chessmaster.exe:*:Disabled:Chessmaster 8000"
    "C:\WINDOWS\system32\dplaysvr.exe"="C:\WINDOWS\system32\dplaysvr.exe:*:Enabled:Microsoft DirectPlay Helper"
    "C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
    
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
    "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
    "C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
    
    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
    shell\AutoRun\command - G:\Setup.now.exe
    
    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c56024ec-e3a8-11dd-95f0-0000e84b3687}]
    shell\AutoRun\command - jedna/stvar.exe
    shell\explore\command - jedna/stvar.exe
    shell\open\command - jedna/stvar.exe
    
    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f9f37baa-3d48-11dd-94d9-0000e84b3687}]
    shell\AutoRun\command - jedna/stvar.exe
    shell\explore\command - jedna/stvar.exe
    shell\open\command - jedna/stvar.exe
    
    
    ======File associations======
    
    .reg - open - "regedit.exe" "%1"
    
    ======List of files/folders created in the last 1 months======
    
    2009-12-28 23:28:54 ----D---- C:\rsit
    2009-12-25 19:07:43 ----D---- C:\Program Files\DOSBox-0.73
    2009-12-25 18:43:14 ----D---- C:\TIECD
    2009-12-22 22:29:53 ----D---- C:\Program Files\Industry Giant 2
    2009-12-21 18:01:22 ----D---- C:\Program Files\Trend Micro
    2009-12-17 11:14:08 ----N---- C:\WINDOWS\system32\pxafs.dll
    2009-12-17 11:13:58 ----D---- C:\Documents and Settings\Deniz Can\Application Data\Winamp
    2009-12-11 21:30:37 ----D---- C:\Program Files\Winamp
    2009-12-10 13:21:01 ----HDC---- C:\WINDOWS\$NtUninstallKB970430$
    2009-12-10 13:20:01 ----HDC---- C:\WINDOWS\$NtUninstallKB974318$
    2009-12-10 13:17:33 ----HDC---- C:\WINDOWS\$NtUninstallKB976325$
    2009-12-10 13:17:09 ----HDC---- C:\WINDOWS\$NtUninstallKB973904$
    2009-12-10 13:16:52 ----HDC---- C:\WINDOWS\$NtUninstallKB974392$
    2009-12-10 13:16:30 ----HDC---- C:\WINDOWS\$NtUninstallKB971737$
    2009-12-03 21:53:02 ----A---- C:\WINDOWS\ISL001.INI
    2009-12-03 21:50:28 ----D---- C:\Program Files\Common Files\Borland Shared
    
    ======List of files/folders modified in the last 1 months======
    
    2009-12-28 23:28:59 ----D---- C:\WINDOWS\Prefetch
    2009-12-28 23:26:04 ----D---- C:\WINDOWS\Temp
    2009-12-28 23:05:24 ----D---- C:\Program Files\eMule
    2009-12-28 22:59:06 ----D---- C:\Program Files\Mozilla Firefox
    2009-12-28 08:22:57 ----D---- C:\Documents and Settings\Deniz Can\Application Data\Skype
    2009-12-27 23:50:53 ----A---- C:\WINDOWS\SchedLgU.Txt
    2009-12-25 19:07:43 ----RD---- C:\Program Files
    2009-12-25 18:39:33 ----SHD---- C:\WINDOWS\Installer
    2009-12-25 18:39:33 ----SHD---- C:\Config.Msi
    2009-12-25 17:20:15 ----D---- C:\WINDOWS\system32\CatRoot2
    2009-12-25 03:32:24 ----D---- C:\WINDOWS
    2009-12-24 17:41:13 ----D---- C:\Documents and Settings\Deniz Can\Application Data\Adobe
    2009-12-20 13:00:42 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
    2009-12-19 07:32:31 ----D---- C:\WINDOWS\system32\CatRoot
    2009-12-19 07:31:34 ----RSHDC---- C:\WINDOWS\system32\dllcache
    2009-12-19 07:31:34 ----HD---- C:\WINDOWS\inf
    2009-12-19 07:31:33 ----D---- C:\WINDOWS\system32
    2009-12-18 10:24:00 ----D---- C:\temp
    2009-12-17 17:03:23 ----D---- C:\Program Files\Windows Media Player
    2009-12-17 11:27:40 ----D---- C:\WINDOWS\security
    2009-12-17 11:21:38 ----D---- C:\WINDOWS\RegisteredPackages
    2009-12-17 11:21:37 ----D---- C:\WINDOWS\Debug
    2009-12-17 11:21:27 ----D---- C:\WINDOWS\system32\drivers
    2009-12-11 21:59:59 ----D---- C:\Program Files\PokerStars.NET
    2009-12-11 21:59:48 ----D---- C:\ebyn
    2009-12-11 17:53:09 ----A---- C:\WINDOWS\avisplitter.ini
    2009-12-11 12:39:11 ----D---- C:\Program Files\Mozilla Thunderbird
    2009-12-10 18:38:05 ----A---- C:\WINDOWS\SBWIN.INI
    2009-12-10 17:28:45 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
    2009-12-10 13:20:14 ----A---- C:\WINDOWS\imsins.BAK
    2009-12-10 13:17:48 ----D---- C:\Program Files\Internet Explorer
    2009-12-10 13:17:06 ----HD---- C:\WINDOWS\$hf_mig$
    2009-12-03 21:50:28 ----D---- C:\Program Files\Common Files
    2009-11-29 10:35:27 ----HD---- C:\Program Files\InstallShield Installation Information
    
    ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
    
    R1 AFS2K;AFS2k; C:\WINDOWS\system32\drivers\AFS2K.sys [2007-08-28 82380]
    R1 AmdK7;AMD K7 İşlemci Sürücüsü; C:\WINDOWS\system32\DRIVERS\amdk7.sys [2004-08-03 41216]
    R1 DcCam;Kodak Camera Proxy; C:\WINDOWS\system32\DRIVERS\DcCam.sys [2003-06-18 36826]
    R1 ehdrv;ehdrv; C:\WINDOWS\system32\DRIVERS\ehdrv.sys [2009-02-06 106208]
    R1 epfwtdir;epfwtdir; C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2009-02-06 93336]
    R1 nltdi;nltdi; \??\C:\WINDOWS\system32\drivers\nltdi.sys []
    R2 atksgt;atksgt; C:\WINDOWS\system32\DRIVERS\atksgt.sys [2008-10-23 278984]
    R2 DCFS2K;Kodak DCFS2K Driver; C:\WINDOWS\system32\drivers\dcfs2k.sys [2003-06-18 38997]
    R2 DS1410D;DS1410D; \??\C:\WINDOWS\system32\drivers\ds1410d.sys []
    R2 eamon;eamon; C:\WINDOWS\system32\DRIVERS\eamon.sys [2009-02-06 113448]
    R2 Hardlock;Hardlock; \??\C:\WINDOWS\system32\drivers\hardlock.sys []
    R2 Haspnt;Haspnt; \??\C:\WINDOWS\system32\drivers\Haspnt.sys []
    R2 lirsgt;lirsgt; C:\WINDOWS\system32\DRIVERS\lirsgt.sys [2008-10-23 25416]
    R2 PfModNT;PfModNT; \??\C:\WINDOWS\system32\drivers\PfModNT.sys []
    R2 Sentinel;Sentinel; C:\WINDOWS\System32\Drivers\SENTINEL.SYS [2001-06-21 73728]
    R3 AN983;ADMtek AN983/AN985/ADM951X 10/100Mbps Fast Ethernet Bağdaştırıcısı; C:\WINDOWS\system32\DRIVERS\AN983.sys [2004-08-04 36224]
    R3 ctsfm2k;Creative SoundFont Management Device Driver; C:\WINDOWS\system32\DRIVERS\ctsfm2k.sys [2003-09-22 130192]
    R3 GEARAspiWDM;GEARAspiWDM; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2005-02-02 14408]
    R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2006-10-22 3994624]
    R3 ossrv;Creative OS Services Driver; C:\WINDOWS\system32\DRIVERS\ctoss2k.sys [2003-09-22 178672]
    R3 P17;Sound Blaster Live! 24-bit; C:\WINDOWS\system32\drivers\P17.sys [2004-06-04 840960]
    R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2003-08-11 14604]
    R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-03 26624]
    R3 usbhub;Microsoft USB Standart Hub Sürücüsü; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-03 57600]
    R3 USBSTOR;USB Yığın Depolama Sürücüsü; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
    R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-03 20480]
    S1 Aspi32;Aspi32; C:\WINDOWS\system32\drivers\Aspi32.sys []
    S1 Exportit;Exportit; C:\WINDOWS\system32\DRIVERS\exportit.sys [2003-06-18 138485]
    S2 FILESpy;FILESpy; \??\C:\Program Files\Softwin\BitDefender9\filespy.sys []
    S2 nvmini;NVIDIA Compatible Windows Miniport Driver; C:\WINDOWS\system32\DRIVERS\nvmini.sys []
    S2 REGSpy;REGSpy; \??\C:\Program Files\Softwin\BitDefender9\regspy.sys []
    S3 bdfdll;bdfdll; \??\C:\Program Files\Softwin\BitDefender9\bdfdll.sys []
    S3 DcFpoint;DcFpoint; C:\WINDOWS\system32\DRIVERS\DcFpoint.sys [2003-06-18 61568]
    S3 DcLps;Legacy Polling Service; C:\WINDOWS\system32\DRIVERS\DcLps.sys [2003-06-18 8058]
    S3 DcPTP;dcptp; C:\WINDOWS\system32\DRIVERS\DcPTP.sys [2003-06-18 63002]
    S3 GMSIPCI;GMSIPCI; \??\E:\INSTALL\GMSIPCI.SYS []
    S3 HidUsb;Microsoft HID Sınıf Sürücüsü; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
    S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2003-04-07 51024]
    S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2003-04-07 16080]
    S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2003-04-07 21456]
    S3 ICDUSB2;Sony IC Recorder (P); C:\WINDOWS\System32\Drivers\ICDUSB2.sys [2002-11-28 39048]
    S3 NTACCESS;NTACCESS; \??\E:\NTACCESS.sys []
    S3 SetupNTGLM7X;SetupNTGLM7X; \??\E:\NTGLM7X.sys []
    S3 Sntnlusb;Rainbow USB SuperPro; C:\WINDOWS\system32\DRIVERS\SNTNLUSB.SYS [2001-06-21 20032]
    S3 tapvpn;TAP VPN Adapter; C:\WINDOWS\system32\DRIVERS\tapvpn.sys [2008-01-23 27136]
    S3 usbaudio;USB Ses Sürücüsü (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2004-08-03 59264]
    S3 usbccgp;Microsoft USB Genel Üst Sürücüsü; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
    S3 usbprint;Microsoft USB YAZICI Sınıfı; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]
    S3 usbscan;USB Tarayıcı Sürücüsü; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
    S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
    S4 Rdpidirvw;Rdpidirvw; C:\WINDOWS\system32\drivers\rawwan.sys [2001-11-22 34432]
    S4 WS2IFSL;Windows Socket 2.0 IFS Olmayan Hizmet Sağlayıcısı Destek Ortamı; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-11-22 12032]
    
    ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
    
    R01000000 papycpu2;papycpu2; C:\WINDOWS\system32\drivers\papycpu2.sys [2002-01-20 1984]
    R01000000 papyjoy;papyjoy; C:\WINDOWS\system32\drivers\papyjoy.sys [2002-01-20 1856]
    R2 Creative Service for CDROM Access;Creative Service for CDROM Access; C:\WINDOWS\system32\CTsvcCDA.exe [1999-12-13 44032]
    R2 ekrn;ESET Service; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [2009-02-06 727720]
    R2 KodakCCS;Kodak Camera Connection Software; C:\WINDOWS\system32\drivers\KodakCCS.exe [2003-06-18 294972]
    R2 nlsvc;NetLimiter; C:\Program Files\NetLimiter 2 Pro\nlsvc.exe [2006-06-16 446464]
    R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2006-10-22 159810]
    R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2008-09-01 66872]
    R2 ScsiAccess;ScsiAccess; C:\WINDOWS\system32\ScsiAccess.EXE [2003-02-04 181312]
    R2 StarWindService;StarWind iSCSI Service; C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe [2005-04-02 217600]
    R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-01-28 38912]
    R2 WMDM PMSP Service;WMDM PMSP Service; C:\WINDOWS\system32\MsPMSPSv.exe [2000-06-26 53520]
    R3 iPodService;iPodService; C:\Program Files\iPod\bin\iPodService.exe [2005-12-20 323584]
    S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2008-09-17 68096]
    S3 aspnet_state;ASP.NET Durum Hizmeti; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
    S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
    S3 EhttpSrv;ESET HTTP Server; C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe [2009-02-06 20680]
    S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
    S3 ICDSPTSV;Sony SPTI Service for DVE; C:\WINDOWS\system32\IcdSptSv.exe [2003-04-01 69632]
    S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
    S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
    S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
    S3 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2003-04-07 65795]
    S4 NetTcpPortSharing;Net.Tcp Bağlantı Noktası Paylaştırma Hizmeti; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
    
    -----------------EOF-----------------
    Code:
    info.txt logfile of random's system information tool 1.06 2009-12-28 23:29:29
    
    ======Uninstall list======
    
                -->MsiExec.exe /X{E9F81423-211E-46B6-9AE0-38568BC5CF6F}
    -->"C:\Program Files\Creative\SB Live! 24-bit\Program\Ctzapxx.EXE" /U /S 
    -->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
    -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1888DAFD-C634-4BC4-865C-3455E24F6177}\setup.exe" -l0x9 
    -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1888DAFD-C634-4BC4-865C-3455E24F6177}\setup.exe" -l0x9  /remove
    -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{435E969D-867E-4364-8E74-3DC8A69C5BDB}\setup.exe" -l0x9 
    -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{435E969D-867E-4364-8E74-3DC8A69C5BDB}\setup.exe" -l0x9  /remove
    -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{44DC86A0-248D-11D6-9BAF-0090271AF8A4}\setup.exe" -l0x9 
    -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{44DC86A0-248D-11D6-9BAF-0090271AF8A4}\setup.exe" -l0x9  /remove
    -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{510582B9-2633-11D4-99DC-0000F49094C7}\Setup.exe" UNINSTALL
    -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5210ED6D-52A9-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9 
    -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5210ED6D-52A9-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9  /remove
    -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5CDC05F7-83E4-4611-AD3C-A6EB2100332A}\setup.exe" -l0x9 
    -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5CDC05F7-83E4-4611-AD3C-A6EB2100332A}\setup.exe" -l0x9  /remove
    -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5CDDF96A-BC34-4D72-9ABA-E1FFF0C39977}\setup.exe" -l0x9 
    -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{67AEFC4C-69E4-11D7-85F4-00E018013273}\setup.exe" -l0x9 
    -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{67AEFC4C-69E4-11D7-85F4-00E018013273}\setup.exe" -l0x9  /remove
    -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7201B853-5833-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9 
    -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7201B853-5833-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9  /remove
    -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7A900EAB-DA37-4554-AF19-9C337476D05D}\setup.exe" -l0x9 
    -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7A900EAB-DA37-4554-AF19-9C337476D05D}\setup.exe" -l0x9  /remove
    -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{869D88A5-BD6C-4E39-8536-D95259EAD7E8}\setup.exe" -l0x9 
    -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{869D88A5-BD6C-4E39-8536-D95259EAD7E8}\setup.exe" -l0x9  /remove
    -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{87499F38-FD69-4A2B-B41A-BAB8DE9B94FE}\setup.exe" -l0x9 
    -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{881A74B3-3D17-4842-B9AF-0761C6E6C4B5}\setup.exe" -l0x9 
    -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{881A74B3-3D17-4842-B9AF-0761C6E6C4B5}\setup.exe" -l0x9  /remove
    -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A1185190-514F-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9 
    -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A1185190-514F-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9  /remove
    -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AC157741-3285-4D6A-B934-9174587A3493}\setup.exe" -l0x9 
    -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AC157741-3285-4D6A-B934-9174587A3493}\setup.exe" -l0x9  /remove
    -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B5BAAFAE-3561-463D-8E3F-91761A57ADB8}\setup.exe" -l0x9 
    -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B5BAAFAE-3561-463D-8E3F-91761A57ADB8}\setup.exe" -l0x9  /remove
    -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C6866B7D-ACFD-4C49-B77B-3B2F8CF54B96}\setup.exe" -l0x9 
    -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C6866B7D-ACFD-4C49-B77B-3B2F8CF54B96}\setup.exe" -l0x9  /remove
    -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DEBD7BF3-5856-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9 
    -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DEBD7BF3-5856-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9  /remove
    -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EE6699B3-E5AD-4E59-8F2B-207DF630670C}\setup.exe" -l0x9 
    -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EE6699B3-E5AD-4E59-8F2B-207DF630670C}\setup.exe" -l0x9  /remove
    -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F865C2FE-25E7-11D6-9BAF-0090271AF8A4}\setup.exe" -l0x9 
    -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F865C2FE-25E7-11D6-9BAF-0090271AF8A4}\setup.exe" -l0x9  /remove
    -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB2292C6-1F0A-11D7-AB2D-0090271A23A2}\setup.exe" -l0x9 
    -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB2292C6-1F0A-11D7-AB2D-0090271A23A2}\setup.exe" -l0x9  /remove
    -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FC0DD8AE-3DC0-11D7-AB2D-0090271A23A2}\setup.exe" -l0x9 
    -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FC0DD8AE-3DC0-11D7-AB2D-0090271A23A2}\setup.exe" -l0x9  /remove
    -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FD549B7B-3532-4160-80D4-3E3DD39A9AE5}\setup.exe" -l0x9 
    -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FD549B7B-3532-4160-80D4-3E3DD39A9AE5}\setup.exe" -l0x9  /remove
    -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{28B97CAB-828F-49D8-A30A-675476F9BA92}\setup.exe" -l0x9 /cont -removeonly
    -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3D173DC5-4AE5-4B3F-9819-3977DD11B1D0}\setup.exe" -l0x9  -removeonly
    -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4E7DC12A-3597-4A94-9429-F6C6987361B1}\setup.exe" -l0x9  -removeonly
    -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6813C983-427E-4511-8456-E98FCAA1A125}\setup.exe" -l0x9  -removeonly
    -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7DADB304-AF20-48C3-A780-4B4133A08817}\setup.exe" -l0x9  -removeonly
    -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9C423CF6-2DAA-4A37-94B8-59D7ECC7DB13}\setup.exe" -l0x9  -removeonly
    -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B34B6E67-FCDD-4E03-8742-B5701427FAFB}\setup.exe" -l0x9  -removeonly
    -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C9EFF51A-C925-4F1A-9DEB-DB5F970DE983}\setup.exe" -l0x9  -removeonly
    -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FA6CC4B4-7741-4F8D-8E81-15C4BAB9869B}\setup.exe" -l0x9  -removeonly
    -->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
    7-Zip 4.65-->"C:\Program Files\7-Zip\Uninstall.exe"
    ABBYY FineReader 7.0 Professional Edition-->MsiExec.exe /I{AAF70000-22B9-4CE9-98D6-2CCF359BAC07}
    Adobe Acrobat 5.0-->C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.isu" -c"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.dll"
    Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
    Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
    Adobe Photoshop CS-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EFB21DE7-8C19-4A88-BB28-A766E16493BC}\setup.exe" -l0x9 
    Adobe Premiere Pro-->RunDll32 "C:\Program Files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\ctor.dll",LaunchSetup "C:\Program Files\InstallShield Installation Information\{084709F7-38C5-4609-B55F-2417939315EB}\setup.exe"
    Adobe Shockwave Player-->C:\WINDOWS\system32\Adobe\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Adobe\SHOCKW~1\Install.log
    All To MP3 Converter 2.15-->"C:\Program Files\LitexMedia\All To MP3 Converter\unins000.exe"
    AMP Font Viewer-->"C:\Program Files\AMP Font Viewer\uninstall.exe"
    ASIO4ALL-->C:\Program Files\ASIO4ALL v2\uninstall.exe
    aspi-->MsiExec.exe /I{015E4B8A-29B5-4AE3-BD08-38220FADFF4C}
    Autodesk DirectConnect 2.0-->MsiExec.exe /I{C76FE689-6457-47C9-BACE-AA17060A9813}
    BSPlayer-->"C:\Program Files\Webteh\BSplayerPro\uninstall.exe"
    C64 prg Generator-->MsiExec.exe /I{5B6CCA50-AD7F-49D5-9FA9-99FD903FD43B}
    CCHelp-->MsiExec.exe /I{9D1CF8B6-17B3-4832-B062-2C2DD0B57B04}
    CCS64 V3.1-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Computerbrains\CCS64 V3.1\Uninst.isu"
    CCScore-->MsiExec.exe /I{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}
    Celtx (1.0)-->C:\Program Files\Celtx\uninstall\helper.exe
    Chessmaster 8000-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Chessmaster 8000\CM8kUninst.isu"
    Citrus Alarm Clock 1.0.5-->"C:\Program Files\Citrus Alarm Clock\unins000.exe"
    Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
    CR2-->MsiExec.exe /I{432C3720-37BF-4BD7-8E49-F38E090246D0}
    Creative MediaSource-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{56F3E1FF-54FE-4384-A153-6CCABA097814}\SETUP.EXE" -l0x9 /remove
    Creative System Information-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{87499F38-FD69-4A2B-B41A-BAB8DE9B94FE}\setup.exe" -l0x9  /remove
    Easy GIF Animator 4.8-->"C:\Program Files\Easy GIF Animator\unins000.exe"
    EasyPHP 1.8-->"C:\Program Files\EasyPHP1-8\unins000.exe"
    EclipseCrossword-->MsiExec.exe /I{C61177FD-37C4-4C5F-BE6C-E04A8AC399B6}
    eMule-->"C:\Program Files\eMule\Uninstall.exe"
    ESSAdpt-->MsiExec.exe /I{D15E9DB5-6BEB-4534-901E-80C0A29BAB97}
    ESSANUP-->MsiExec.exe /I{A6F18A67-B771-4191-8A33-36D2E742D6D9}
    ESSBrwr-->MsiExec.exe /I{643EAE81-920C-4931-9F0B-4B343B225CA6}
    ESSCAM-->MsiExec.exe /I{469730CC-78DF-4CD3-B286-562D459EA619}
    ESSCDBK-->MsiExec.exe /I{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}
    ESScore-->MsiExec.exe /I{9D8FEE90-0377-49A9-AEFB-525BDE549BA4}
    ESSgui-->MsiExec.exe /I{91517631-A9F3-4B7C-B482-43E0068FD55A}
    ESShelp-->MsiExec.exe /I{87843A41-7808-4F2E-B13F-25C1E67CF2FD}
    ESSini-->MsiExec.exe /I{8E92D746-CD9F-4B90-9668-42B74C14F765}
    ESSPCD-->MsiExec.exe /I{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}
    ESSTUTOR-->MsiExec.exe /I{CA60320D-6A16-49C8-A34F-84EEF4799567}
    ESSvpaht-->MsiExec.exe /I{A5B3EB8A-4071-42F0-8E8E-7A8342AA8E69}
    ESSvpot-->MsiExec.exe /I{48C82F7A-F100-4DAB-A310-8E18BF2159E1}
    Family Tree Maker 2005-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A4004E8B-6A95-4FA4-AA05-731FC6510474}\Setup.exe" -l0x9 
    Finale Allegro 2007-->C:\Program Files\Finale Allegro 2007\uninstallAllegro.exe
    Flatcast 4.16 RC1-->C:\WINDOWS\unins000.exe
    GLOBEtrotter FLEXid Drivers-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\GLOBEtrotter Software Inc.\GLOBEtrotter FLEXid Drivers\Uninst.isu"
    Google Earth-->MsiExec.exe /I{97C0EA4A-1A0B-4C53-ACEB-49984DA79C90}
    Guitar Pro 5.2-->"C:\Program Files\Guitar Pro 5\unins000.exe"
    HicEst 3.61.3-->"C:\Program Files\HicEst\unins000.exe"
    HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall  /qb+ REBOOTPROMPT=""
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
    HP Anılar Diski-->MsiExec.exe /X{B376402D-58EA-45EA-BD50-DD924EB67A70}
    HP Fotoğraf ve Görüntü 2.0  - All-in-One-->MsiExec.exe /X{9867A917-5D17-40DE-83BA-BEA5293194B1}
    HP Fotoğraf ve Görüntü 2.0 - All-in-One Sürücüleri-->MsiExec.exe /X{6ECB39BD-73C2-44DD-B1A0-898207C58D8B}
    HP Fotoğraf ve Görüntü 2.0 - HP psc 1200 series-->C:\Program Files\Hewlett-Packard\Digital Imaging\{7C8BB31C-E09E-4c7d-BBF1-45E33B467FE1}\Setup\hpzscr01.exe -datfile hposcr02.dat -forcereboot
    hp psc 1200 series-->MsiExec.exe /X{C900EF06-2E76-49C7-8DB0-41F629B21DC5}
    IL Download Manager-->C:\Program Files\Image-Line\Downloader\uninstall.exe
    Imperialism-->C:\WINDOWS\uninst.exe -f"C:\Program Files\Imperialism\DeIsL1.isu"
    Industry Giant 2 - Gold Edition-->MsiExec.exe /I{6910C412-A523-493C-BC22-0213CD7F4F3A}
    IndyCar Racing II v1.0.0f2-->C:\WINDOWS\uninst.exe -f"C:\Program Files\Papyrus\IndyCar Racing II\DeIsL1.isu"
    iTunes-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{501BADCD-F8F7-44CB-AC3F-6ED25C1A28B5} /l1033 
    J2SE Runtime Environment 5.0 Update 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
    Java(TM) 6 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
    Java(TM) 6 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
    K-Lite Codec Pack 4.1.7 (Standard)-->"C:\Program Files\K-Lite Codec Pack\unins000.exe"
    Kodak EasyShare software-->C:\Documents and Settings\All Users\Application Data\Kodak\EasyShareSetup\$SETUP_3c0002_1fae69\Setup.exe /APR-REMOVE
    KSU-->MsiExec.exe /I{B997C2A0-4383-41BF-B76E-9B8B7ECFB267}
    LaserJet 1020 series-->C:\Program Files\Zenographics\{06A23708-1242-4C1E-99F7-89469088F394}\setup.exe -u "HPLJInstaller.dll=Hplj1020.inf"
    Lizardtech DjVu Control-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{105CFC7C-6992-11D5-BD9D-000102C10FD8}\Setup.exe" -l0x9 
    Macromedia Flash Player 8-->C:\WINDOWS\system32\Macromed\Flash\UninstFl.exe
    makat v5-->"C:\WINDOWS\system32\drivers\etc\unins000.exe"
    MathType 5-->"C:\Program Files\MathType\Setup.exe" -R
    MATLAB Central User Contributed Screensaver Screen Saver-->C:\WINDOWS\system32\MATLAB~1.SCR /U
    MATLAB R2007b-->C:\Program Files\MATLAB\R2007b\uninstall\uninstall.exe C:\Program Files\MATLAB\R2007b\
    Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - TRK-->MsiExec.exe /I{2B7BC7C5-CE5F-373A-A1E7-37A5B909D933}
    Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
    Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - TRK-->MsiExec.exe /I{E1674673-0F0D-3D81-B2A0-9842A986C1D6}
    Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
    Microsoft .NET Framework 3.5 Dil Paketi SP1 - trk-->c:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack SP1 - trk\setup.exe
    Microsoft .NET Framework 3.5 Language Pack SP1 - trk-->MsiExec.exe /I{ACFD4C9A-931B-3CAB-9F72-78FDE810F394}
    Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
    Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
    Microsoft Office FrontPage 2003-->MsiExec.exe /I{90170409-6000-11D3-8CFE-0150048383C9}
    Microsoft Office Professional Edition 2003-->MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
    Microsoft Office Visio Professional 2003-->MsiExec.exe /I{90510409-6000-11D3-8CFE-0150048383C9}
    Microsoft Primary Interoperability Assemblies 2005-->MsiExec.exe /X{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}
    Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
    Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
    Microsoft WSE 3.0-->MsiExec.exe /I{EDEA8AB7-7683-4ED2-AA19-E6C078064C0D}
    Mount&Blade-->C:\Program Files\Mount&Blade\uninstall.exe
    Mozilla Firefox (3.0.16)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
    Mozilla Thunderbird (2.0.0.23)-->C:\Program Files\Mozilla Thunderbird\uninstall\helper.exe
    MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
    MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
    MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
    MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
    MSXML 6 Service Pack 2 (KB973686)-->MsiExec.exe /I{56EA8BC0-3751-4B93-BC9D-6651CC36E5AA}
    MyProduct-->C:\Program Files\Ubisoft\Crytek\Far Cry\Bin32\Uninstal.exe
    MySQL Server 5.0-->MsiExec.exe /I{E8B3C954-017C-45CF-B2FA-D4AA60FE61C1}
    NASCAR® Racing 2002 Season-->C:\WINDOWS\IsUninst.exe -f"C:\Papyrus\NASCAR Racing 2002 Season\Uninst.isu"
    Nero 6 Ultra Edition-->C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
    NetLimiter 2 Pro (remove only)-->"C:\Program Files\NetLimiter 2 Pro\nl2uninst.exe"
    Notifier-->MsiExec.exe /I{0008546E-DF6E-4CC1-AFD0-2CB8E16C95A2}
    NVIDIA Drivers-->C:\WINDOWS\system32\nvudisp.exe UninstallGUI
    OTtBP-->MsiExec.exe /I{F71760CD-0F8B-4DCC-B7B7-6B223CC3843C}
    PCDLNCH-->MsiExec.exe /I{69BD6399-3D8F-45B7-81D9-819361F5101D}
    PokerStars.net-->"C:\Program Files\PokerStars.NET\PokerStarsUninstall.exe" /u:PokerStars.net
    PowerDVD-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe"  -uninstall
    QuickTime-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{929408E6-D265-4174-805F-81D1D914E2A4} /l1033 
    Race - The WTCC Game-->MsiExec.exe /I{4368D6CF-3528-4D9C-A6FB-709B4B828968}
    Rainlendar2 (remove only)-->"C:\Program Files\Rainlendar2\uninst.exe"
    RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
    ScummVM 0.8.2-->"C:\Program Files\ScummVM\unins000.exe"
    Sentinel System Driver-->C:\WINDOWS\SYSTEM32\RNBOSENT\SETUPX86.EXE /U /q
    SFR-->MsiExec.exe /I{C354C9B6-A4E0-4BB0-A368-6DC6BCA0E314}
    SFR2-->MsiExec.exe /I{ABE068DF-8DC4-4947-ABFC-DD2B40850225}
    SHOUTcast Source DSP 1.9.1 (remove only)-->C:\Program Files\Winamp\uninst-dsp.exe
    Skype 2.0-->"C:\Program Files\Skype\Phone\unins000.exe"
    Sony Digital Voice Editor 3-->C:\PROGRA~1\SONY\DIGITA~1\UNINST.EXE
    Sony Picture Utility-->C:\Program Files\InstallShield Installation Information\{D5068583-D569-468B-9755-5FBF5848F46F}\setup.exe -runfromtemp -l0x0009 /removeonly uninstall -removeonly
    Sound Blaster Live! 24-bit-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{734BB64A-5A3D-4624-867D-6358B7068496}\SETUP.EXE" -l0x9 
    SSH Secure Shell-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{74E2CD0C-D4A2-11D3-95A6-0000E86CFDE5}\Setup.exe" 
    Subtitle Workshop 2.51-->"C:\Program Files\URUSoft\Subtitle Workshop\uninstall.exe"
    TempoPerfect-->C:\Program Files\NCH Swift Sound\TempoPerfect\uninst.exe
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
    Visual Fortran 6.1-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Microsoft Visual Studio\DF98\DFUNINST.ISU"
    Web Album Generator 1.8.2-->"C:\Program Files\Web Album Generator\unins000.exe"
    Winamp-->"C:\Program Files\Winamp\UninstWA.exe"
    Windows Imaging Component-->"C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
    Windows Installer 3.1 (KB893803)-->"C:\WINDOWS\$MSI31Uninstall_KB893803$\spuninst\spuninst.exe"
    Windows Installer 3.1 (KB893803)-->"C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe"
    Windows Media Encoder 9 Series-->msiexec.exe /I {E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}
    Windows Media Encoder 9 Series-->MsiExec.exe /I{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}
    Windows Media Format Runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
    Windows Media Kodlayıcısı (KB954156) için Güvenlik Güncelleştirmesi-->"C:\WINDOWS\$NtUninstallKB954156_WM9L$\spuninst\spuninst.exe"
    Windows Media Player (KB911564) için Güvenlik Güncelleştirmesi-->"C:\WINDOWS\$NtUninstallKB911564$\spuninst\spuninst.exe"
    Windows Media Player (KB952069) için Güvenlik Güncelleştirmesi-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
    Windows Media Player (KB954155) için Güvenlik Güncelleştirmesi-->"C:\WINDOWS\$NtUninstallKB954155_WM9$\spuninst\spuninst.exe"
    Windows Media Player (KB968816) için Güvenlik Güncelleştirmesi-->"C:\WINDOWS\$NtUninstallKB968816_WM9$\spuninst\spuninst.exe"
    Windows Media Player (KB973540) için Güvenlik Güncelleştirmesi-->"C:\WINDOWS\$NtUninstallKB973540_WM9L$\spuninst\spuninst.exe"
    Windows Media Player 6.4 (KB925398) için Güvenlik Güncelleştirmesi-->"C:\WINDOWS\$NtUninstallKB925398_WMP64$\spuninst\spuninst.exe"
    Windows Media Player 9 (KB911565) için Güvenlik Güncelleştirmesi-->"C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe"
    Windows Media Player 9 (KB917734) için Güvenlik Güncelleştirmesi-->"C:\WINDOWS\$NtUninstallKB917734_WMP9$\spuninst\spuninst.exe"
    Windows Media Player 9 (KB936782) için Güvenlik Güncelleştirmesi-->"C:\WINDOWS\$NtUninstallKB936782_WMP9$\spuninst\spuninst.exe"
    Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
    Windows XP (KB923689) için Güvenlik Güncelleştirmesi-->"C:\WINDOWS\$NtUninstallKB923689$\spuninst\spuninst.exe"
    Windows XP (KB941569) için Güvenlik Güncelleştirmesi-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
    Windows XP Düzeltme - KB873339-->C:\WINDOWS\$NtUninstallKB873339$\spuninst\spuninst.exe
    Windows XP Düzeltme - KB885250-->C:\WINDOWS\$NtUninstallKB885250$\spuninst\spuninst.exe
    Windows XP Düzeltme - KB885835-->C:\WINDOWS\$NtUninstallKB885835$\spuninst\spuninst.exe
    Windows XP Düzeltme - KB885836-->C:\WINDOWS\$NtUninstallKB885836$\spuninst\spuninst.exe
    Windows XP Düzeltme - KB886185-->C:\WINDOWS\$NtUninstallKB886185$\spuninst\spuninst.exe
    Windows XP Düzeltme - KB887472-->C:\WINDOWS\$NtUninstallKB887472$\spuninst\spuninst.exe
    Windows XP Düzeltme - KB887742-->C:\WINDOWS\$NtUninstallKB887742$\spuninst\spuninst.exe
    Windows XP Düzeltme - KB888113-->C:\WINDOWS\$NtUninstallKB888113$\spuninst\spuninst.exe
    Windows XP Düzeltme - KB888302-->C:\WINDOWS\$NtUninstallKB888302$\spuninst\spuninst.exe
    Windows XP Düzeltme - KB890859-->"C:\WINDOWS\$NtUninstallKB890859$\spuninst\spuninst.exe"
    Windows XP Düzeltme - KB891781-->C:\WINDOWS\$NtUninstallKB891781$\spuninst\spuninst.exe
    Windows XP için Düzeltme (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
    Windows XP için Düzeltme (KB961118)-->"C:\WINDOWS\$NtUninstallKB961118$\spuninst\spuninst.exe"
    Windows XP için Düzeltme (KB970653-v3)-->"C:\WINDOWS\$NtUninstallKB970653-v3$\spuninst\spuninst.exe"
    Windows XP için Düzeltme (KB976098-v2)-->"C:\WINDOWS\$NtUninstallKB976098-v2$\spuninst\spuninst.exe"
    Windows XP için Güncelleştirme (KB894391)-->"C:\WINDOWS\$NtUninstallKB894391$\spuninst\spuninst.exe"
    Windows XP için Güncelleştirme (KB898461)-->"C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
    Windows XP için Güncelleştirme (KB900485)-->"C:\WINDOWS\$NtUninstallKB900485$\spuninst\spuninst.exe"
    Windows XP için Güncelleştirme (KB910437)-->"C:\WINDOWS\$NtUninstallKB910437$\spuninst\spuninst.exe"
    Windows XP için Güncelleştirme (KB916595)-->"C:\WINDOWS\$NtUninstallKB916595$\spuninst\spuninst.exe"
    Windows XP için Güncelleştirme (KB920872)-->"C:\WINDOWS\$NtUninstallKB920872$\spuninst\spuninst.exe"
    Windows XP için Güncelleştirme (KB922582)-->"C:\WINDOWS\$NtUninstallKB922582$\spuninst\spuninst.exe"
    Windows XP için Güncelleştirme (KB925720)-->"C:\WINDOWS\$NtUninstallKB925720$\spuninst\spuninst.exe"
    Windows XP için Güncelleştirme (KB927891)-->"C:\WINDOWS\$NtUninstallKB927891$\spuninst\spuninst.exe"
    Windows XP için Güncelleştirme (KB929338)-->"C:\WINDOWS\$NtUninstallKB929338$\spuninst\spuninst.exe"
    Windows XP için Güncelleştirme (KB930916)-->"C:\WINDOWS\$NtUninstallKB930916$\spuninst\spuninst.exe"
    Windows XP için Güncelleştirme (KB931836)-->"C:\WINDOWS\$NtUninstallKB931836$\spuninst\spuninst.exe"
    Windows XP için Güncelleştirme (KB933360)-->"C:\WINDOWS\$NtUninstallKB933360$\spuninst\spuninst.exe"
    Windows XP için Güncelleştirme (KB938828)-->"C:\WINDOWS\$NtUninstallKB938828$\spuninst\spuninst.exe"
    Windows XP için Güncelleştirme (KB942763)-->"C:\WINDOWS\$NtUninstallKB942763$\spuninst\spuninst.exe"
    Windows XP için Güncelleştirme (KB942840)-->"C:\WINDOWS\$NtUninstallKB942840$\spuninst\spuninst.exe"
    Windows XP için Güncelleştirme (KB946627)-->"C:\WINDOWS\$NtUninstallKB946627$\spuninst\spuninst.exe"
    Windows XP için Güncelleştirme (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
    Windows XP için Güncelleştirme (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
    Windows XP için Güncelleştirme (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
    Windows XP için Güncelleştirme (KB968389)-->"C:\WINDOWS\$NtUninstallKB968389$\spuninst\spuninst.exe"
    Windows XP için Güncelleştirme (KB971737)-->"C:\WINDOWS\$NtUninstallKB971737$\spuninst\spuninst.exe"
    Windows XP için Güncelleştirme (KB973687)-->"C:\WINDOWS\$NtUninstallKB973687$\spuninst\spuninst.exe"
    Windows XP için Güncelleştirme (KB973815)-->"C:\WINDOWS\$NtUninstallKB973815$\spuninst\spuninst.exe"
    Windows XP için Güncelleştirme (KB976749)-->"C:\WINDOWS\$NtUninstallKB976749$\spuninst\spuninst.exe"
    Windows XP için Güvenlik Güncelleştirmesi (KB890046)-->"C:\WINDOWS\$NtUninstallKB890046$\spuninst\spuninst.exe"
    Windows XP için Güvenlik Güncelleştirmesi (KB893756)-->"C:\WINDOWS\$NtUninstallKB893756$\spuninst\spuninst.exe"
    Windows XP için Güvenlik Güncelleştirmesi (KB896358)-->"C:\WINDOWS\$NtUninstallKB896358$\spuninst\spuninst.exe"
    Windows XP için Güvenlik Güncelleştirmesi (KB896422)-->"C:\WINDOWS\$NtUninstallKB896422$\spuninst\spuninst.exe"
    Windows XP için Güvenlik Güncelleştirmesi (KB896423)-->"C:\WINDOWS\$NtUninstallKB896423$\spuninst\spuninst.exe"
    Windows XP için Güvenlik Güncelleştirmesi (KB896424)-->"C:\WINDOWS\$NtUninstallKB896424$\spuninst\spuninst.exe"
    Windows XP için Güvenlik Güncelleştirmesi (KB896428)-->"C:\WINDOWS\$NtUninstallKB896428$\spuninst\spuninst.exe"
    Windows XP için Güvenlik Güncelleştirmesi (KB899587)-->"C:\WINDOWS\$NtUninstallKB899587$\spuninst\spuninst.exe"
    Windows XP için Güvenlik Güncelleştirmesi (KB899589)-->"C:\WINDOWS\$NtUninstallKB899589$\spuninst\spuninst.exe"
    Windows XP için Güvenlik Güncelleştirmesi (KB899591)-->"C:\WINDOWS\$NtUninstallKB899591$\spuninst\spuninst.exe"
    Windows XP için Güvenlik Güncelleştirmesi (KB900725)-->"C:\WINDOWS\$NtUninstallKB900725$\spuninst\spuninst.exe"
    Windows XP için Güvenlik Güncelleştirmesi (KB901017)-->"C:\WINDOWS\$NtUninstallKB901017$\spuninst\spuninst.exe"
    Windows XP için Güvenlik Güncelleştirmesi (KB901214)-->"C:\WINDOWS\$NtUninstallKB901214$\spuninst\spuninst.exe"
    Windows XP için Güvenlik Güncelleştirmesi (KB902400)-->"C:\WINDOWS\$NtUninstallKB902400$\spuninst\spuninst.exe"
    Windows XP için Güvenlik Güncelleştirmesi (KB904706)-->"C:\WINDOWS\$NtUninstallKB904706$\spuninst\spuninst.exe"
    Windows XP için Güvenlik Güncelleştirmesi (KB905414)-->"C:\WINDOWS\$NtUninstallKB905414$\spuninst\spuninst.exe"
    Windows XP için Güvenlik Güncelleştirmesi (KB905749)-->"C:\WINDOWS\$NtUninstallKB905749$\spuninst\spuninst.exe"
    Windows XP için Güvenlik Güncelleştirmesi (KB908519)-->"C:\WINDOWS\$NtUninstallKB908519$\spuninst\spuninst.exe"
    Windows XP için Güvenlik Güncelleştirmesi (KB908531)-->"C:\WINDOWS\$NtUninstallKB908531$\spuninst\spuninst.exe"
    Windows XP için Güvenlik Güncelleştirmesi (KB911280)-->"C:\WINDOWS\$NtUninstallKB911280$\spuninst\spuninst.exe"
    Windows XP için Güvenlik Güncelleştirmesi (KB911562)-->"C:\WINDOWS\$NtUninstallKB911562$\spuninst\spuninst.exe"
    Windows XP için Güvenlik Güncelleştirmesi (KB911567)-->"C:\WINDOWS\$NtUninstallKB911567$\spuninst\spuninst.exe"
    Windows XP için Güvenlik Güncelleştirmesi (KB911927)-->"C:\WINDOWS\$NtUninstallKB911927$\spuninst\spuninst.exe"
    Windows XP için Güvenlik Güncelleştirmesi (KB912812)-->"C:\WINDOWS\$NtUninstallKB912812$\spuninst\spuninst.exe"
    Windows XP için Güvenlik Güncelleştirmesi (KB912919)-->"C:\WINDOWS\$NtUninstallKB912919$\spuninst\spuninst.exe"
    Windows XP için Güvenlik Güncelleştirmesi (KB913433)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB913433.inf
    Windows XP için Güvenlik Güncelleştirmesi (KB913446)-->"C:\WINDOWS\$NtUninstallKB913446$\spuninst\spuninst.exe"
    Windows XP için Güvenlik Güncelleştirmesi (KB913580)-->"C:\WINDOWS\$NtUninstallKB913580$\spuninst\spuninst.exe"
    Windows XP için Güvenlik Güncelleştirmesi (KB914388)-->"C:\WINDOWS\$NtUninstallKB914388$\spuninst\spuninst.exe"
    Windows XP için Güvenlik Güncelleştirmesi (KB914389)-->"C:\WINDOWS\$NtUninstallKB914389$\spuninst\spuninst.exe"
    Windows XP için Güvenlik Güncelleştirmesi (KB916281)-->"C:\WINDOWS\$NtUninstallKB916281$\spuninst\spuninst.exe"
    Windows XP için Güvenlik Güncelleştirmesi (KB917159)-->"C:\WINDOWS\$NtUninstallKB917159$\spuninst\spuninst.exe"
    Windows XP için Güvenlik Güncelleştirmesi (KB917344)-->"C:\WINDOWS\$NtUninstallKB917344$\spuninst\spuninst.exe"
    Windows XP için Güvenlik Güncelleştirmesi (KB917422)-->"C:\WINDOWS\$NtUninstallKB917422$\spuninst\spuninst.exe"
    Windows XP için Güvenlik Güncelleştirmesi (KB917953)-->"C:\WINDOWS\$NtUninstallKB917953$\spuninst\spuninst.exe"
    Windows XP için Güvenlik Güncelleştirmesi (KB918118)-->"C:\WINDOWS\$NtUninstallKB918118$\spuninst\spuninst.exe"
    Windows XP için Güvenlik Güncelleştirmesi (KB918439)-->"C:\WINDOWS\$NtUninstallKB918439$\spuninst\spuninst.exe"
    Windows XP için Güvenlik Güncelleştirmesi (KB918899)-->"C:\WINDOWS\$NtUninstallKB918899$\spuninst\spuninst.exe"
    Windows XP için Güvenlik Güncelleştirmesi (KB919007)-->"C:\WINDOWS\$NtUninstallKB919007$\spuninst\spuninst.exe"
    Windows XP için Güvenlik Güncelleştirmesi (KB920213)-->"C:\WINDOWS\$NtUninstallKB920213$\spuninst\spuninst.exe"
    Windows XP için Güvenlik Güncelleştirmesi (KB920214)-->"C:\WINDOWS\$NtUninstallKB920214$\spuninst\spuninst.exe"
    Windows XP için Güvenlik Güncelleştirmesi (KB920670)-->"C:\WINDOWS\$NtUninstallKB920670$\spuninst\spuninst.exe"
    Windows XP için Güvenlik Güncelleştirmesi (KB920683)-->"C:\WINDOWS\$NtUninstallKB920683$\spuninst\spuninst.exe"
    Windows XP için Güvenlik Güncelleştirmesi (KB920685)-->"C:\WINDOWS\$NtUninstallKB920685$\spuninst\spuninst.exe"
    Windows XP için Güvenlik Güncelleştirmesi (KB921398)-->"C:\WINDOWS\$NtUninstallKB921398$\spuninst\spuninst.exe"
    Windows XP için Güvenlik Güncelleştirmesi (KB921503)-->"C:\WINDOWS\$NtUninstallKB921503$\spuninst\spuninst.exe"
    Windows XP için Güvenlik Güncelleştirmesi (KB921883)-->"C:\WINDOWS\$NtUninstallKB921883$\spuninst\spuninst.exe"
    Windows XP için Güvenlik Güncelleştirmesi (KB922616)-->"C:\WINDOWS\$NtUninstallKB922616$\spuninst\spuninst.exe"
    Windows XP için Güvenlik Güncelleştirmesi (KB922760)-->"C:\WINDOWS\$NtUninstallKB922760$\spuninst\spuninst.exe"
    Windows XP için Güvenlik Güncelleştirmesi (KB922819)-->"C:\WINDOWS\$NtUninstallKB922819$\spuninst\spuninst.exe"
    Windows XP için Güvenlik Güncelleştirmesi (KB923191)-->"C:\WINDOWS\$NtUninstallKB923191$\spuninst\spuninst.exe"
    Windows XP için Güvenlik Güncelleştirmesi (KB923414)-->"C:\WINDOWS\$NtUninstallKB923414$\spuninst\spuninst.exe"
    Windows XP için Güvenlik Güncelleştirmesi (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
    Windows XP için Güvenlik Güncelleştirmesi (KB923694)-->"C:\WINDOWS\$NtUninstallKB923694$\spuninst\spuninst.exe"
    Windows XP için Güvenlik Güncelleştirmesi (KB923980)-->"C:\WINDOWS\$NtUninstallKB923980$\spuninst\spuninst.exe"
    Windows XP için Güvenlik Güncelleştirmesi (KB924191)-->"C:\WINDOWS\$NtUninstallKB924191$\spuninst\spuninst.exe"
    Windows XP için Güvenlik Güncelleştirmesi (KB924270)-->"C:\WINDOWS\$NtUninstallKB924270$\spuninst\spuninst.exe"
    Windows XP için Güvenlik Güncelleştirmesi (KB924496)-->"C:\WINDOWS\$NtUninstallKB924496$\spuninst\spuninst.exe"
    Windows XP için Güvenlik Güncelleştirmesi (KB924667)-->"C:\WINDOWS\$NtUninstallKB924667$\spuninst\spuninst.exe"
    Windows XP için Güvenlik Güncelleştirmesi (KB925454)-->"C:\WINDOWS\$NtUninstallKB925454$\spuninst\spuninst.exe"
    Windows XP için Güvenlik Güncelleştirmesi (KB925486)-->"C:\WINDOWS\$NtUninstallKB925486$\spuninst\spuninst.exe"
    Windows XP için Güvenlik Güncelleştirmesi (KB925902)-->"C:\WINDOWS\$NtUninstallKB925902$\spuninst\spuninst.exe"
    Windows XP için Güvenlik Güncelleştirmesi (KB926255)-->"C:\WINDOWS\$NtUninstallKB926255$\spuninst\spuninst.exe"
    Windows XP için Güvenlik Güncelleştirmesi (KB926436)-->"C:\WINDOWS\$NtUninstallKB926436$\spuninst\spuninst.exe"
    Windows XP için Güvenlik Güncelleştirmesi (KB927779)-->"C:\WINDOWS\$NtUninstallKB927779$\spuninst\spuninst.exe"
    Windows XP için Güvenlik Güncelleştirmesi (KB927802)-->"C:\WINDOWS\$NtUninstallKB927802$\spuninst\spuninst.exe"
    Windows XP için Güvenlik Güncelleştirmesi (KB928090)-->"C:\WINDOWS\$NtUninstallKB928090$\spuninst\spuninst.exe"
    Windows XP için Güvenlik Güncelleştirmesi (KB928255)-->"C:\WINDOWS\$NtUninstallKB928255$\spuninst\spuninst.exe"
    Windows XP için Güvenlik Güncelleştirmesi (KB928843)-->"C:\WINDOWS\$NtUninstallKB928843$\spuninst\spuninst.exe"
    Windows XP için Güvenlik Güncelleştirmesi (KB929123)-->"C:\WINDOWS\$NtUninstallKB929123$\spuninst\spuninst.exe"
    Windows XP için Güvenlik Güncelleştirmesi (KB929969)-->"C:\WINDOWS\$NtUninstallKB929969$\spuninst\spuninst.exe"
    Windows XP için Güvenlik Güncelleştirmesi (KB930178)-->"C:\WINDOWS\$NtUninstallKB930178$\spuninst\spuninst.exe"
    Windows XP için Güvenlik Güncelleştirmesi (KB931261)-->"C:\WINDOWS\$NtUninstallKB931261$\spuninst\spuninst.exe"
    Windows XP için Güvenlik Güncelleştirmesi (KB931768)-->"C:\WINDOWS\$NtUninstallKB931768$\spuninst\spuninst.exe"
    Windows XP için Güvenlik Güncelleştirmesi (KB931784)-->"C:\WINDOWS\$NtUninstallKB931784$\spuninst\spuninst.exe"
    Windows XP için Güvenlik Güncelleştirmesi (KB932168)-->"C:\WINDOWS\$NtUninstallKB932168$\spuninst\spuninst.exe"
    Windows XP için Güvenlik Güncelleştirmesi (KB933566)-->"C:\WINDOWS\$NtUninstallKB933566$\spuninst\spuninst.exe"
    Windows XP için Güvenlik Güncelleştirmesi (KB933729)-->"C:\WINDOWS\$NtUninstallKB933729$\spuninst\spuninst.exe"
    Windows XP için Güvenlik Güncelleştirmesi (KB935839)-->"C:\WINDOWS\$NtUninstallKB935839$\spuninst\spuninst.exe"
    Windows XP için Güvenlik Güncelleştirmesi (KB935840)-->"C:\WINDOWS\$NtUninstallKB935840$\spuninst\spuninst.exe"
    Windows XP için Güvenlik Güncelleştirmesi (KB936021)-->"C:\WINDOWS\$NtUninstallKB936021$\spuninst\spuninst.exe"
    Windows XP için Güvenlik Güncelleştirmesi (KB937143)-->"C:\WINDOWS\$NtUninstallKB937143$\spuninst\spuninst.exe"
    Windows XP için Güvenlik Güncelleştirmesi (KB937894)-->"C:\WINDOWS\$NtUninstallKB937894$\spuninst\spuninst.exe"
    Windows XP için Güvenlik Güncelleştirmesi (KB938127)-->"C:\WINDOWS\$NtUninstallKB938127$\spuninst\spuninst.exe"
    Windows XP için Güvenlik Güncelleştirmesi (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
    Windows XP için Güvenlik Güncelleştirmesi (KB938829)-->"C:\WINDOWS\$NtUninstallKB938829$\spuninst\spuninst.exe"
    Windows XP için Güvenlik Güncelleştirmesi (KB939653)-->"C:\WINDOWS\$NtUninstallKB939653$\spuninst\spuninst.exe"
    Windows XP için Güvenlik Güncelleştirmesi (KB941202)-->"C:\WINDOWS\$NtUninstallKB941202$\spuninst\spuninst.exe"
    Windows XP için Güvenlik Güncelleştirmesi (KB941568)-->"C:\WINDOWS\$NtUninstallKB941568$\spuninst\spuninst.exe"
    Windows XP için Güvenlik Güncelleştirmesi (KB941644)-->"C:\WINDOWS\$NtUninstallKB941644$\spuninst\spuninst.exe"
    Windows XP için Güvenlik Güncelleştirmesi (KB941693)-->"C:\WINDOWS\$NtUninstallKB941693$\spuninst\spuninst.exe"
    Windows XP için Güvenlik Güncelleştirmesi (KB942615)-->"C:\WINDOWS\$NtUninstallKB942615$\spuninst\spuninst.exe"
    Windows XP için Güvenlik Güncelleştirmesi (KB943055)-->"C:\WINDOWS\$NtUninstallKB943055$\spuninst\spuninst.exe"
    Windows XP için Güvenlik Güncelleştirmesi (KB943460)-->"C:\WINDOWS\$NtUninstallKB943460$\spuninst\spuninst.exe"
    Windows XP için Güvenlik Güncelleştirmesi (KB943485)-->"C:\WINDOWS\$NtUninstallKB943485$\spuninst\spuninst.exe"
    Windows XP için Güvenlik Güncelleştirmesi (KB944338)-->"C:\WINDOWS\$NtUninstallKB944338$\spuninst\spuninst.exe"
    Windows XP için Güvenlik Güncelleştirmesi (KB944533)-->"C:\WINDOWS\$NtUninstallKB944533$\spuninst\spuninst.exe"
    Windows XP için Güvenlik Güncelleştirmesi (KB944653)-->"C:\WINDOWS\$NtUninstallKB944653$\spuninst\spuninst.exe"
    Windows XP için Güvenlik Güncelleştirmesi (KB945553)-->"C:\WINDOWS\$NtUninstallKB945553$\spuninst\spuninst.exe"
    Windows XP için Güvenlik Güncelleştirmesi (KB946026)-->"C:\WINDOWS\$NtUninstallKB946026$\spuninst\spuninst.exe"
    Windows XP için Güvenlik Güncelleştirmesi (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
    Windows XP için Güvenlik Güncelleştirmesi (KB947864)-->"C:\WINDOWS\$NtUninstallKB947864$\spuninst\spuninst.exe"
    Windows XP için Güvenlik Güncelleştirmesi (KB948590)-->"C:\WINDOWS\$NtUninstallKB948590$\spuninst\spuninst.exe"
    Windows XP için Güvenlik Güncelleştirmesi (KB948881)-->"C:\WINDOWS\$NtUninstallKB948881$\spuninst\spuninst.exe"
    Windows XP için Güvenlik Güncelleştirmesi (KB950749)-->"C:\WINDOWS\$NtUninstallKB950749$\spuninst\spuninst.exe"
    Windows XP için Güvenlik Güncelleştirmesi (KB950759)-->"C:\WINDOWS\$NtUninstallKB950759$\spuninst\spuninst.exe"
    Windows XP için Güvenlik Güncelleştirmesi (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
    Windows XP için Güvenlik Güncelleştirmesi (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
    Windows XP için Güvenlik Güncelleştirmesi (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
    Windows XP için Güvenlik Güncelleştirmesi (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
    Windows XP için Güvenlik Güncelleştirmesi (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
    Windows XP için Güvenlik Güncelleştirmesi (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
    Windows XP için Güvenlik Güncelleştirmesi (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
    Windows XP için Güvenlik Güncelleştirmesi (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
    Windows XP için Güvenlik Güncelleştirmesi (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
    Windows XP için Güvenlik Güncelleştirmesi (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
    Windows XP için Güvenlik Güncelleştirmesi (KB953838)-->"C:\WINDOWS\$NtUninstallKB953838$\spuninst\spuninst.exe"
    Windows XP için Güvenlik Güncelleştirmesi (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
    Windows XP için Güvenlik Güncelleştirmesi (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
    Windows XP için Güvenlik Güncelleştirmesi (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
    Windows XP için Güvenlik Güncelleştirmesi (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
    Windows XP için Güvenlik Güncelleştirmesi (KB956390)-->"C:\WINDOWS\$NtUninstallKB956390$\spuninst\spuninst.exe"
    Windows XP için Güvenlik Güncelleştirmesi (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
    Windows XP için Güvenlik Güncelleştirmesi (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
    Windows XP için Güvenlik Güncelleştirmesi (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
    Windows XP için Güvenlik Güncelleştirmesi (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
    Windows XP için Güvenlik Güncelleştirmesi (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
    Windows XP için Güvenlik Güncelleştirmesi (KB956844)-->"C:\WINDOWS\$NtUninstallKB956844$\spuninst\spuninst.exe"
    Windows XP için Güvenlik Güncelleştirmesi (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
    Windows XP için Güvenlik Güncelleştirmesi (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
    Windows XP için Güvenlik Güncelleştirmesi (KB958215)-->"C:\WINDOWS\$NtUninstallKB958215$\spuninst\spuninst.exe"
    Windows XP için Güvenlik Güncelleştirmesi (KB958470)-->"C:\WINDOWS\$NtUninstallKB958470$\spuninst\spuninst.exe"
    Windows XP için Güvenlik Güncelleştirmesi (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
    Windows XP için Güvenlik Güncelleştirmesi (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
    Windows XP için Güvenlik Güncelleştirmesi (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
    Windows XP için Güvenlik Güncelleştirmesi (KB958869)-->"C:\WINDOWS\$NtUninstallKB958869$\spuninst\spuninst.exe"
    Windows XP için Güvenlik Güncelleştirmesi (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
    Windows XP için Güvenlik Güncelleştirmesi (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
    Windows XP için Güvenlik Güncelleştirmesi (KB960714)-->"C:\WINDOWS\$NtUninstallKB960714$\spuninst\spuninst.exe"
    Windows XP için Güvenlik Güncelleştirmesi (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
    Windows XP için Güvenlik Güncelleştirmesi (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
    Windows XP için Güvenlik Güncelleştirmesi (KB960859)-->"C:\WINDOWS\$NtUninstallKB960859$\spuninst\spuninst.exe"
    Windows XP için Güvenlik Güncelleştirmesi (KB961371)-->"C:\WINDOWS\$NtUninstallKB961371$\spuninst\spuninst.exe"
    Windows XP için Güvenlik Güncelleştirmesi (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe"
    Windows XP için Güvenlik Güncelleştirmesi (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
    Windows XP için Güvenlik Güncelleştirmesi (KB963027)-->"C:\WINDOWS\$NtUninstallKB963027$\spuninst\spuninst.exe"
    Windows XP için Güvenlik Güncelleştirmesi (KB968537)-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe"
    Windows XP için Güvenlik Güncelleştirmesi (KB969059)-->"C:\WINDOWS\$NtUninstallKB969059$\spuninst\spuninst.exe"
    Windows XP için Güvenlik Güncelleştirmesi (KB969897)-->"C:\WINDOWS\$NtUninstallKB969897$\spuninst\spuninst.exe"
    Windows XP için Güvenlik Güncelleştirmesi (KB969898)-->"C:\WINDOWS\$NtUninstallKB969898$\spuninst\spuninst.exe"
    Windows XP için Güvenlik Güncelleştirmesi (KB969947)-->"C:\WINDOWS\$NtUninstallKB969947$\spuninst\spuninst.exe"
    Windows XP için Güvenlik Güncelleştirmesi (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
    Windows XP için Güvenlik Güncelleştirmesi (KB970430)-->"C:\WINDOWS\$NtUninstallKB970430$\spuninst\spuninst.exe"
    Windows XP için Güvenlik Güncelleştirmesi (KB971032)-->"C:\WINDOWS\$NtUninstallKB971032$\spuninst\spuninst.exe"
    Windows XP için Güvenlik Güncelleştirmesi (KB971486)-->"C:\WINDOWS\$NtUninstallKB971486$\spuninst\spuninst.exe"
    Windows XP için Güvenlik Güncelleştirmesi (KB971557)-->"C:\WINDOWS\$NtUninstallKB971557$\spuninst\spuninst.exe"
    Windows XP için Güvenlik Güncelleştirmesi (KB971633)-->"C:\WINDOWS\$NtUninstallKB971633$\spuninst\spuninst.exe"
    Windows XP için Güvenlik Güncelleştirmesi (KB971657)-->"C:\WINDOWS\$NtUninstallKB971657$\spuninst\spuninst.exe"
    Windows XP için Güvenlik Güncelleştirmesi (KB971961)-->"C:\WINDOWS\$NtUninstallKB971961$\spuninst\spuninst.exe"
    Windows XP için Güvenlik Güncelleştirmesi (KB972260)-->"C:\WINDOWS\$NtUninstallKB972260$\spuninst\spuninst.exe"
    Windows XP için Güvenlik Güncelleştirmesi (KB973346)-->"C:\WINDOWS\$NtUninstallKB973346$\spuninst\spuninst.exe"
    Windows XP için Güvenlik Güncelleştirmesi (KB973354)-->"C:\WINDOWS\$NtUninstallKB973354$\spuninst\spuninst.exe"
    Windows XP için Güvenlik Güncelleştirmesi (KB973507)-->"C:\WINDOWS\$NtUninstallKB973507$\spuninst\spuninst.exe"
    Windows XP için Güvenlik Güncelleştirmesi (KB973525)-->"C:\WINDOWS\$NtUninstallKB973525$\spuninst\spuninst.exe"
    Windows XP için Güvenlik Güncelleştirmesi (KB973869)-->"C:\WINDOWS\$NtUninstallKB973869$\spuninst\spuninst.exe"
    Windows XP için Güvenlik Güncelleştirmesi (KB973904)-->"C:\WINDOWS\$NtUninstallKB973904$\spuninst\spuninst.exe"
    Windows XP için Güvenlik Güncelleştirmesi (KB974112)-->"C:\WINDOWS\$NtUninstallKB974112$\spuninst\spuninst.exe"
    Windows XP için Güvenlik Güncelleştirmesi (KB974318)-->"C:\WINDOWS\$NtUninstallKB974318$\spuninst\spuninst.exe"
    Windows XP için Güvenlik Güncelleştirmesi (KB974392)-->"C:\WINDOWS\$NtUninstallKB974392$\spuninst\spuninst.exe"
    Windows XP için Güvenlik Güncelleştirmesi (KB974455)-->"C:\WINDOWS\$NtUninstallKB974455$\spuninst\spuninst.exe"
    Windows XP için Güvenlik Güncelleştirmesi (KB974571)-->"C:\WINDOWS\$NtUninstallKB974571$\spuninst\spuninst.exe"
    Windows XP için Güvenlik Güncelleştirmesi (KB975025)-->"C:\WINDOWS\$NtUninstallKB975025$\spuninst\spuninst.exe"
    Windows XP için Güvenlik Güncelleştirmesi (KB975467)-->"C:\WINDOWS\$NtUninstallKB975467$\spuninst\spuninst.exe"
    Windows XP için Güvenlik Güncelleştirmesi (KB976325)-->"C:\WINDOWS\$NtUninstallKB976325$\spuninst\spuninst.exe"
    WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
    Xfire (remove only)-->"C:\Program Files\Xfire\uninst.exe"
    XML Paper Specification Shared Components Language Pack 1.0-->"C:\WINDOWS\$NtUninstallXPSEPSCLP$\spuninst\spuninst.exe"
    
    ======Hosts File======
    
    127.0.0.1 activate.adobe.com
    72.55.188.183 richarddawkins.net
    72.55.188.183 www.richarddawkins.net
    74.125.79.100 sites.google.com
    208.109.181.194 makat.org
    208.109.181.194 www.makat.org
    208.117.236.69 youtube.com
    208.117.236.69 www.youtube.com
    74.125.65.118 img.youtube.com
    64.15.124.143 sjc-v1.sjc.youtube.com
    
    ======Security center information======
    
    AV: ESET NOD32 Antivirus 4.0
    
    ======System event log======
    
    Computer Name: DC1
    Event Code: 11
    Message: Sürücü, \Device\Harddisk1\D üzerinde bir denetleyici hatası belirledi.
    
    Record Number: 113293
    Source Name: Disk
    Time Written: 20091204145437.000000+120
    Event Type: Hata
    User: 
    
    Computer Name: DC1
    Event Code: 11
    Message: Sürücü, \Device\Harddisk1\D üzerinde bir denetleyici hatası belirledi.
    
    Record Number: 113292
    Source Name: Disk
    Time Written: 20091204145432.000000+120
    Event Type: Hata
    User: 
    
    Computer Name: DC1
    Event Code: 11
    Message: Sürücü, \Device\Harddisk1\D üzerinde bir denetleyici hatası belirledi.
    
    Record Number: 113291
    Source Name: Disk
    Time Written: 20091204145427.000000+120
    Event Type: Hata
    User: 
    
    Computer Name: DC1
    Event Code: 11
    Message: Sürücü, \Device\Harddisk1\D üzerinde bir denetleyici hatası belirledi.
    
    Record Number: 113290
    Source Name: Disk
    Time Written: 20091204145422.000000+120
    Event Type: Hata
    User: 
    
    Computer Name: DC1
    Event Code: 11
    Message: Sürücü, \Device\Harddisk1\D üzerinde bir denetleyici hatası belirledi.
    
    Record Number: 113289
    Source Name: Disk
    Time Written: 20091204145417.000000+120
    Event Type: Hata
    User: 
    
    =====Application event log=====
    
    Computer Name: DC1
    Event Code: 11724
    Message: Product: Le Mans 24 Hours -- Removal completed successfully.
    
    Record Number: 3812
    Source Name: MsiInstaller
    Time Written: 20090201110904.000000+120
    Event Type: Bilgi
    User: DC1\Deniz Can
    
    Computer Name: DC1
    Event Code: 11728
    Message: Product: Le Mans 24 Hours -- Configuration completed successfully.
    
    Record Number: 3811
    Source Name: MsiInstaller
    Time Written: 20090201110837.000000+120
    Event Type: Bilgi
    User: DC1\Deniz Can
    
    Computer Name: DC1
    Event Code: 11707
    Message: Product: ISScript -- Installation operation completed successfully.
    
    Record Number: 3810
    Source Name: MsiInstaller
    Time Written: 20090201110822.000000+120
    Event Type: Bilgi
    User: DC1\Deniz Can
    
    Computer Name: DC1
    Event Code: 1800
    Message: Windows Güvenlik Merkezi Hizmeti başlatıldı.
    
    Record Number: 3809
    Source Name: SecurityCenter
    Time Written: 20090201110625.000000+120
    Event Type: Bilgi
    User: 
    
    Computer Name: DC1
    Event Code: 105
    Message: The service was started.
    
    Record Number: 3808
    Source Name: WMDM PMSP Service
    Time Written: 20090201110601.000000+120
    Event Type: Bilgi
    User: 
    
    ======Environment variables======
    
    "ComSpec"=%SystemRoot%\system32\cmd.exe
    "Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\QuickTime\QTSystem\;C:\Program Files\Common Files\Ulead Systems\MPEG;C:\Program Files\MATLAB\R2007b\bin;C:\Program Files\MATLAB\R2007b\bin\win32
    "windir"=%SystemRoot%
    "FP_NO_HOST_CHECK"=NO
    "OS"=Windows_NT
    "PROCESSOR_ARCHITECTURE"=x86
    "PROCESSOR_LEVEL"=6
    "PROCESSOR_IDENTIFIER"=x86 Family 6 Model 10 Stepping 0, AuthenticAMD
    "PROCESSOR_REVISION"=0a00
    "NUMBER_OF_PROCESSORS"=1
    "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
    "TEMP"=%SystemRoot%\TEMP
    "TMP"=%SystemRoot%\TEMP
    "CLASSPATH"=C:\Program Files\QuickTime\QTSystem\QTJava.zip
    "QTJAVA"=C:\Program Files\QuickTime\QTSystem\QTJava.zip
    
    -----------------EOF-----------------
    I tried to run Gmer as well, but unfortunately every time it gave an error. I shut down antivirus and all other running applications, I even restarted the computer but all I got was this:



    It says Gmer has to be shut down and they ask me if I want to send an error report.
    Geändert von Heavy Metal (29.12.2009 um 09:53 Uhr)

  4. #4
    Moderator (global) Team-Mitglied Avatar von Jintan
    Registriert seit
    25.11.2006
    Beiträge
    6.369

    Re: Win32/TrojanDownloader.Agent problem

    Looks like we're getting Gmer crashes across the board here today.


    To keep them from interfering with the repairs, be sure to temporarily disable all antivirus/anti-spyware softwares while these steps are being completed. This can usually be done through right clicking the software's Taskbar icons, or accessing each software through Start - Programs.

    Download ComboFix.exe from here to your desktop, but I would like you to rename the file as you download it (do not download it directly without renaming it - use right click "Save Target/Link As" ). For this, rename the downloading file to iexplore.exe, then click the renamed iexplore.exe to run that scan.

    Be sure to install the Recovery Console if you are asked to do so. When the scan completes, a text window with your log will open. Please copy and paste that log back here.

    A caution - do not touch your mouse/keyboard until the scan has completed. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop.

    Allow the scan to run. When completed a text window will appear - please copy/paste the contents back here. This log can also be found at C:\ComboFix.txt.
    Lebe den Tag!

    Jintan - Die Marke, bei der alles stimmt!

  5. #5
    Einsteiger
    Registriert seit
    21.12.2009
    Beiträge
    10

    Re: Win32/TrojanDownloader.Agent problem

    OK, I did just as you wrote. This is the logfile of Combo Fix:

    Code:
    ComboFix 09-12-30.01 - Deniz Can 31.12.2009  13:16:18.1.1 - x86
    Microsoft Windows XP Professional  5.1.2600.2.1254.90.1055.18.511.274 [GMT 2:00]
    Running from: c:\documents and settings\Deniz Can\Desktop\ComboFix.exe
     * Resident AV is active
    
    .
    
    (((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    
    c:\program files\Internet Explorer\iekey.dll
    c:\recycler\S-1-5-21-1482476501-1644491937-682003330-1013
    c:\windows\AppPatch\AcXtrnel.sdb
    c:\windows\Fonts\2knxWtVjbWXmUdGG.Ttf
    c:\windows\Fonts\6e6EUdxVeWUYJynN.Ttf
    c:\windows\Fonts\bKkCsU7Z6YntjH4G.Ttf
    c:\windows\Fonts\cD9KArZZUHxCqnyM.Ttf
    c:\windows\Fonts\cFDPmh3MDPjcHMPd.Ttf
    c:\windows\Fonts\CTwZYd7mY2XCUkn5.Ttf
    c:\windows\Fonts\DmYqJAPsv3KjBFCN.ttf
    c:\windows\Fonts\du3Q2JXbHYGxcSAe.Ttf
    c:\windows\Fonts\eCgMhGRkPUcdutd0.Ttf
    c:\windows\Fonts\EEUJgNKN6xmNqKr6.Ttf
    c:\windows\Fonts\fKzf9wP6bhq6Bcxa.Ttf
    c:\windows\Fonts\G49AhKxDmsj6uxnu.Ttf
    c:\windows\Fonts\gTWpW66gR9RSmZrC.Ttf
    c:\windows\Fonts\hBRNYhzGWu6vwg6G.Ttf
    c:\windows\Fonts\JNwybEjgUVaxBU5d.Ttf
    c:\windows\Fonts\KXBqRpa2mrNPeXKb.Ttf
    c:\windows\Fonts\MhaUKGazkr3fZZKp.Ttf
    c:\windows\Fonts\Nxw6N4rjSsVpMUPe.Ttf
    c:\windows\Fonts\PACNkAWTwg4Cyb3e.Ttf
    c:\windows\Fonts\pDuuqr4BgFn65AeW.Ttf
    c:\windows\Fonts\pKxp3cBbnHVb65ZWUDgRE5.Ttf
    c:\windows\Fonts\PrZWDcWgjaE3SQyr.Ttf
    c:\windows\Fonts\Qq3qg7RGSp9raxWW.Ttf
    c:\windows\Fonts\S8a8cnEuaydPJGg8.Ttf
    c:\windows\Fonts\tukVTEVUdJmB1k.Ttf
    c:\windows\Fonts\WtEZSTBurjKEKSB9.Ttf
    c:\windows\Fonts\YywxhF7TSnkktrJw.Ttf
    c:\windows\Fonts\zZ5kDff9es3wZ9YZ.Ttf
    c:\windows\system32\Data
    c:\windows\system32\ieuinit.inf
    c:\windows\system32\scrrntr.dll
    c:\windows\unins000.dat
    c:\windows\unins000.exe
    
    .
    (((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    
    -------\Legacy_NVMINI
    -------\Service_nvmini
    
    
    (((((((((((((((((((((((((   Files Created from 2009-11-28 to 2009-12-31  )))))))))))))))))))))))))))))))
    .
    
    2009-12-28 21:28 . 2009-12-28 21:29	--------	d-----w-	C:\rsit
    2009-12-25 17:09 . 2009-12-25 17:09	--------	d-----w-	c:\documents and settings\Deniz Can\Local Settings\Application Data\DOSBox
    2009-12-25 17:07 . 2009-12-25 17:18	--------	d-----w-	c:\program files\DOSBox-0.73
    2009-12-25 16:43 . 2009-12-31 10:03	--------	d-----w-	C:\TIECD
    2009-12-22 20:29 . 2009-12-29 09:13	--------	d-----w-	c:\program files\Industry Giant 2
    2009-12-21 16:01 . 2009-12-21 16:01	--------	d-----w-	c:\program files\Trend Micro
    2009-12-18 08:24 . 2009-12-18 08:24	--------	d-----w-	c:\temp\FrankProtocol
    2009-12-18 08:24 . 2009-12-18 08:24	--------	d-----w-	c:\temp\FrankPacManager
    2009-12-18 08:24 . 2009-12-18 08:24	--------	d-----w-	c:\temp\FrankMedium
    2009-12-18 08:24 . 2009-12-18 08:24	--------	d-----w-	c:\temp\FrankHandler
    2009-12-18 08:24 . 2009-12-18 08:24	--------	d-----w-	c:\temp\FrankFormat
    2009-12-18 08:24 . 2009-12-18 08:24	--------	d-----w-	c:\temp\FrankDevice
    2009-12-18 08:24 . 2009-12-18 08:24	--------	d-----w-	c:\temp\FrankContents
    2009-12-18 08:24 . 2009-12-18 08:24	--------	d-----w-	c:\temp\Frank
    2009-12-17 09:14 . 2009-04-28 20:20	129520	------w-	c:\windows\system32\pxafs.dll
    2009-12-17 09:13 . 2009-12-17 10:15	--------	d-----w-	c:\documents and settings\Deniz Can\Application Data\Winamp
    2009-12-11 19:30 . 2009-12-17 09:22	--------	d-----w-	c:\program files\Winamp
    2009-12-05 08:23 . 2009-08-24 23:30	13312	----a-w-	c:\documents and settings\Deniz Can\Application Data\Mozilla\Firefox\Profiles\6bsdy355.default\extensions\twitternotifier@naan.net\components\nsTwitterFoxSign.dll
    2009-12-03 19:50 . 2009-12-03 19:50	--------	d-----w-	c:\program files\Common Files\Borland Shared
    2009-12-03 19:49 . 2009-12-03 19:49	--------	d-----w-	c:\temp\Isletme
    
    .
    ((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-12-31 07:54 . 2006-04-15 07:52	--------	d-----w-	c:\program files\eMule
    2009-12-31 07:42 . 2006-05-12 17:25	--------	d-----w-	c:\documents and settings\Deniz Can\Application Data\Skype
    2009-12-11 19:59 . 2009-10-25 10:18	--------	d-----w-	c:\program files\PokerStars.NET
    2009-12-11 10:39 . 2009-10-27 17:42	--------	d-----w-	c:\program files\Mozilla Thunderbird
    2009-12-10 15:28 . 2001-11-22 12:00	419572	----a-w-	c:\windows\system32\perfh01F.dat
    2009-12-10 15:28 . 2001-11-22 12:00	76586	----a-w-	c:\windows\system32\perfc01F.dat
    2009-11-29 08:35 . 2006-04-15 06:52	--------	d--h--w-	c:\program files\InstallShield Installation Information
    2009-10-29 05:46 . 2004-08-03 21:45	661504	----a-w-	c:\windows\system32\wininet.dll
    2009-10-22 19:08 . 2006-04-17 14:08	99024	----a-w-	c:\documents and settings\Deniz Can\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
    2009-10-21 06:02 . 2004-08-03 21:45	75776	----a-w-	c:\windows\system32\strmfilt.dll
    2009-10-21 06:02 . 2004-08-03 21:45	25088	----a-w-	c:\windows\system32\httpapi.dll
    2009-10-20 14:58 . 2004-08-03 20:00	263552	----a-w-	c:\windows\system32\drivers\http.sys
    2009-10-13 10:52 . 2004-08-03 21:45	267264	----a-w-	c:\windows\system32\oakley.dll
    2009-10-12 13:52 . 2004-08-03 21:45	69632	----a-w-	c:\windows\system32\raschap.dll
    2009-10-12 13:52 . 2004-08-03 21:45	112640	----a-w-	c:\windows\system32\rastls.dll
    .
    
    ------- Sigcheck -------
    
    [7] 2008-06-20 . B0BEFD78B3816E6A49636A8B67C4F28F . 245760 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3GDR\mswsock.dll
    [7] 2008-06-20 . F04F500D4217A2C940D91140AC53C717 . 245760 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\mswsock.dll
    [-] 2008-06-20 . E4BFA352E2D05B079673BF1FE1FD965D . 245760 . . [5.1.2600.3394] . . c:\windows\system32\mswsock.dll
    [7] 2008-06-20 . 8FDC1A5E2813A835ECAEF186AF80C9F5 . 245760 . . [5.1.2600.3394] . . c:\windows\system32\dllcache\mswsock.dll
    [7] 2008-06-20 . 7ECF6887F65367DD5CF94C91924588CA . 245760 . . [5.1.2600.3394] . . c:\windows\$hf_mig$\KB951748\SP2QFE\mswsock.dll
    [-] 2008-04-14 . C4FDA698CAB8527C1D58D7A437587952 . 245760 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\232cad025a4de3b5651532234015bf6b\mswsock.dll
    [7] 2004-08-03 . C1FB7C7331E87A0E5129FCCE0B73167F . 245760 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB951748$\mswsock.dll
    .
    (((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown 
    REGEDIT4
    
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]
    "NBJ"="c:\program files\Ahead\Nero BackItUp\NBJ.exe" [2005-04-08 1953792]
    "Skype"="c:\program files\Skype\Phone\Skype.exe" [2006-01-18 19477544]
    "Rainlendar2"="c:\program files\Rainlendar2\Rainlendar2.exe" [2006-11-26 984064]
    
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-22 7700480]
    "nwiz"="nwiz.exe" [2006-10-22 1622016]
    "CTSysVol"="c:\program files\Creative\SB Live! 24-bit\Surround Mixer\CTSysVol.exe" [2003-09-17 57344]
    "UpdReg"="c:\windows\UpdReg.EXE" [2000-05-10 90112]
    "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2005-12-20 278528]
    "SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 144784]
    "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-10-22 86016]
    "FineReader7NewsReaderPro"="c:\program files\ABBYY FineReader 7.0 Professional Edition\AbbyyNewsReader.exe" [2003-09-11 278528]
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-04-22 155648]
    "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-08-09 81920]
    "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-01-31 185872]
    "egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-02-06 2021400]
    
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360]
    
    c:\documents and settings\All Users\Start Menu\Programlar\BaŸlang‡\
    Acrobat Assistant.lnk - c:\program files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe [2006-4-15 49254]
    Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2006-4-28 113664]
    hp psc 1000 series.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe [2003-4-6 147456]
    hpoddt01.exe.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-4-6 28672]
    Kodak EasyShare software.lnk - c:\program files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2003-6-25 614531]
    KODAK Software Updater.lnk - c:\program files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe [2003-6-8 16432]
    
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\backWeb-7288971.exe"=
    "c:\\Program Files\\eMule\\emule.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    "c:\\Program Files\\Xfire\\xfire.exe"=
    "c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
    "c:\\Papyrus\\NASCAR Racing 2002 Season\\NR2002.exe"=
    "c:\\Program Files\\Chessmaster 8000\\Chessmaster.exe"=
    "c:\\WINDOWS\\system32\\dplaysvr.exe"=
    "c:\\Program Files\\Skype\\Phone\\Skype.exe"=
    
    R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [30.06.2006 12:57 664064]
    R0 Vax347b;Vax347b;c:\windows\system32\drivers\Vax347b.sys [15.04.2006 14:10 159616]
    R0 Vax347s;Vax347s;c:\windows\system32\drivers\Vax347s.sys [15.04.2006 14:10 5248]
    R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [06.02.2009 13:23 106208]
    R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [06.02.2009 13:24 93336]
    R1 nltdi;nltdi;c:\windows\system32\drivers\nltdi.sys [14.06.2006 21:44 93824]
    R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [06.02.2009 13:23 727720]
    S2 FILESpy;FILESpy;\??\c:\program files\Softwin\BitDefender9\filespy.sys --> c:\program files\Softwin\BitDefender9\filespy.sys [?]
    S3 ICDUSB2;Sony IC Recorder (P);c:\windows\system32\drivers\IcdUsb2.sys [03.01.2008 16:09 39048]
    S3 SetupNTGLM7X;SetupNTGLM7X;\??\e:\ntglm7x.sys --> e:\NTGLM7X.sys [?]
    S4 Rdpidirvw;Rdpidirvw;c:\windows\system32\drivers\rawwan.sys [22.11.2001 14:00 34432]
    .
    Contents of the 'Scheduled Tasks' folder
    
    2007-11-28 c:\windows\Tasks\FRU Task 2003-04-06 08:52ewlett-Packard2003-04-06 08:52p psc 1200 series5E771253C1676EBED677BF361FDFC537825E15B8188319073.job
    - c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2003-04-05 21:52]
    
    2009-12-31 c:\windows\Tasks\WGASetup.job
    - c:\windows\system32\KB905474\wgasetup.exe [2009-04-14 19:18]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = about:blank
    uInternet Settings,ProxyOverride = localhost
    uInternet Settings,ProxyServer = 217.195.246.83:8080
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    IE: {{FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - c:\program files\PokerStars.NET\PokerStarsUpdate.exe
    TCP: {37D17006-8E1A-4418-AF41-AD76C2FA64C7} = 195.175.39.40,195.175.39.39
    FF - ProfilePath - c:\documents and settings\Deniz Can\Application Data\Mozilla\Firefox\Profiles\6bsdy355.default\
    FF - prefs.js: browser.startup.homepage - about:blank
    FF - component: c:\documents and settings\Deniz Can\Application Data\Mozilla\Firefox\Profiles\6bsdy355.default\extensions\twitternotifier@naan.net\components\nsTwitterFoxSign.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\npdjvu.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\NpFv41629.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\npmozax.dll
    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
    .
    - - - - ORPHANS REMOVED - - - -
    
    HKLM-Run-BDSwitchAgent - c:\progra~1\softwin\bitdef~1\bdswitch.exe
    HKLM-Run-mirc - c:\windows\WINCRA\mirc.exe
    HKLM-Run-ISUSPM Startup - c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe
    ShellExecuteHooks-{1ECE2FCB-C1BB-4706-920C-F4C1076FD155} - c:\windows\system32\kT2NuqZeGma.dll
    ShellExecuteHooks-{7A93621D-BFFE-4EB1-AAE1-CD487F429840} - c:\windows\system32\PkVyCX5kHnftC7BXjt.dll
    ShellExecuteHooks-{CCCA2FB9-2D5D-4481-8BFE-1CDDC458A3F4} - c:\windows\system32\CCCA2FB9.dll
    ShellExecuteHooks-{EF6EF2D9-CDC7-481D-B17C-DA8DBA33BB01} - c:\windows\system32\kW5xUYZjcSnWs.dll
    ShellExecuteHooks-{6B74576A-BB20-47B3-AE0A-046B062897D0} - c:\windows\system32\ACg9ycsarj8y.dll
    ShellExecuteHooks-{19250D1E-B733-4F49-BC56-44EFCF3BF650} - c:\windows\system32\m37tEtTX7Ye5c.dll
    ShellExecuteHooks-{A35BF249-2B40-4E4A-97B5-86DC8B358887} - c:\windows\system32\j8EG7scz8.dll
    AddRemove-Flatcast_is1 - c:\windows\unins000.exe
    AddRemove-IL Download Manager - c:\program files\Image-Line\Downloader\uninstall.exe
    AddRemove-MyProduct - c:\program files\Ubisoft\Crytek\Far Cry\Bin32\Uninstal.exe
    AddRemove-ShockwaveFlash - c:\windows\system32\Macromed\Flash\UninstFl.exe
    
    
    
    **************************************************************************
    
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-12-31 13:31
    Windows 5.1.2600 Service Pack 2 NTFS
    
    scanning hidden processes ...  
    
    scanning hidden autostart entries ... 
    
    scanning hidden files ...  
    
    scan completed successfully
    hidden files: 0
    
    **************************************************************************
    
    Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
    
    device: opened successfully
    user: MBR read successfully
    called modules: ntoskrnl.exe >>UNKNOWN [0x82F96688]<< 
    kernel: MBR read successfully
    detected MBR rootkit hooks:
    \Driver\Disk -> 0x82f96688
    \Driver\ACPI -> ACPI.sys @ 0xf8563cb8
    \Driver\atapi -> 0x82d0e748
    IoDeviceObjectType -> DeleteProcedure -> ntoskrnl.exe @ 0x805a0084
     ParseProcedure -> ntoskrnl.exe @ 0x8056f07e
    \Device\Harddisk0\DR0 -> DeleteProcedure -> ntoskrnl.exe @ 0x805a0084
     ParseProcedure -> ntoskrnl.exe @ 0x8056f07e SendCompleteHandler -> NDIS.sys @ 0xf83ebaf9
     PacketIndicateHandler -> NDIS.sys @ 0xf83f6b21
     SendHandler -> NDIS.sys @ 0xf83eb938
    Warning: possible MBR rootkit infection !
    user & kernel MBR OK 
    
    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    
    [HKEY_USERS\S-1-5-21-1614895754-448539723-725345543-1003\Software\SecuROM\License information*]
    "datasecu"=hex:d6,1c,17,c1,3a,ee,f8,7f,36,c2,37,20,cd,c0,87,30,05,36,83,9e,7c,
       3d,8c,35,8c,89,75,43,aa,2a,ca,2b,ae,1c,b8,51,88,35,df,6d,6a,15,d7,07,61,8a,\
    "rkeysecu"=hex:11,4a,21,88,3e,48,d9,8c,f2,33,47,f6,d6,5d,83,4e
    
    [HKEY_LOCAL_MACHINE\System\MountedDevices]
    @Denied: (Read) (Administrators)
    "\\??\\Volume{03c46290-cbfc-11da-a90f-806d6172696f}"=hex:5c,00,3f,00,3f,00,5c,
       00,46,00,44,00,43,00,23,00,47,00,45,00,4e,00,45,00,52,00,49,00,43,00,5f,00,\
    "\\??\\Volume{03c46291-cbfc-11da-a90f-806d6172696f}"=hex:5c,00,3f,00,3f,00,5c,
       00,49,00,44,00,45,00,23,00,43,00,64,00,52,00,6f,00,6d,00,48,00,4c,00,2d,00,\
    "\\??\\Volume{03c46292-cbfc-11da-a90f-806d6172696f}"=hex:5c,00,3f,00,3f,00,5c,
       00,49,00,44,00,45,00,23,00,43,00,64,00,52,00,6f,00,6d,00,48,00,4c,00,2d,00,\
    "\\??\\Volume{03c46294-cbfc-11da-a90f-806d6172696f}"=hex:e3,06,e3,06,00,48,e6,
       3f,10,00,00,00
    "\\DosDevices\\D:"=hex:e3,06,e3,06,00,48,e6,3f,10,00,00,00
    "\\DosDevices\\A:"=hex:5c,00,3f,00,3f,00,5c,00,46,00,44,00,43,00,23,00,47,00,
       45,00,4e,00,45,00,52,00,49,00,43,00,5f,00,46,00,4c,00,4f,00,50,00,50,00,59,\
    "\\DosDevices\\E:"=hex:5c,00,3f,00,3f,00,5c,00,49,00,44,00,45,00,23,00,43,00,
       64,00,52,00,6f,00,6d,00,48,00,4c,00,2d,00,44,00,54,00,2d,00,53,00,54,00,5f,\
    "\\DosDevices\\F:"=hex:5c,00,3f,00,3f,00,5c,00,49,00,44,00,45,00,23,00,43,00,
       64,00,52,00,6f,00,6d,00,48,00,4c,00,2d,00,44,00,54,00,2d,00,53,00,54,00,5f,\
    "\\??\\Volume{03c46296-cbfc-11da-a90f-806d6172696f}"=hex:e3,06,e3,06,00,7e,00,
       00,00,00,00,00
    "\\DosDevices\\C:"=hex:e3,06,e3,06,00,7e,00,00,00,00,00,00
    "\\??\\Volume{2c5fd2fc-cc79-11da-917c-0000e84b3687}"=hex:5c,00,3f,00,3f,00,5c,
       00,53,00,43,00,53,00,49,00,23,00,43,00,64,00,52,00,6f,00,6d,00,26,00,56,00,\
    "\\DosDevices\\G:"=hex:5c,00,3f,00,3f,00,5c,00,53,00,43,00,53,00,49,00,23,00,
       43,00,64,00,52,00,6f,00,6d,00,26,00,56,00,65,00,6e,00,5f,00,53,00,43,00,53,\
    "\\??\\Volume{2c5fd2fd-cc79-11da-917c-0000e84b3687}"=hex:5c,00,3f,00,3f,00,5c,
       00,53,00,54,00,4f,00,52,00,41,00,47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,\
    "\\DosDevices\\H:"=hex:5c,00,3f,00,3f,00,5c,00,53,00,54,00,4f,00,52,00,41,00,
       47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,76,00,61,00,62,00,6c,00,65,00,4d,\
    "\\??\\Volume{2c5fd301-cc79-11da-917c-0000e84b3687}"=hex:5c,00,3f,00,3f,00,5c,
       00,53,00,54,00,4f,00,52,00,41,00,47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,\
    "\\DosDevices\\I:"=hex:d9,fe,52,a5,00,00,7e,00,00,00,00,00
    "\\??\\Volume{fe8a6ee8-292e-11db-9251-0000e84b3687}"=hex:5c,00,3f,00,3f,00,5c,
       00,53,00,54,00,4f,00,52,00,41,00,47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,\
    "\\??\\Volume{1cefad0a-72ef-11db-92b6-0000e84b3687}"=hex:5c,00,3f,00,3f,00,5c,
       00,53,00,54,00,4f,00,52,00,41,00,47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,\
    "\\??\\Volume{1cefad0b-72ef-11db-92b6-0000e84b3687}"=hex:5c,00,3f,00,3f,00,5c,
       00,53,00,54,00,4f,00,52,00,41,00,47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,\
    "\\DosDevices\\J:"=hex:5c,00,3f,00,3f,00,5c,00,53,00,54,00,4f,00,52,00,41,00,
       47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,76,00,61,00,62,00,6c,00,65,00,4d,\
    "\\??\\Volume{7a240d66-fd72-11db-9379-0000e84b3687}"=hex:5c,00,3f,00,3f,00,5c,
       00,53,00,54,00,4f,00,52,00,41,00,47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,\
    "\\??\\Volume{3e3cd785-10d1-11dc-9391-0000e84b3687}"=hex:5c,00,3f,00,3f,00,5c,
       00,53,00,54,00,4f,00,52,00,41,00,47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,\
    "\\??\\Volume{aca44564-18af-11dc-9393-0000e84b3687}"=hex:5c,00,3f,00,3f,00,5c,
       00,53,00,54,00,4f,00,52,00,41,00,47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,\
    "\\??\\Volume{b6683514-b491-11dc-9432-0000e84b3687}"=hex:46,78,4a,30,00,7e,00,
       00,00,00,00,00
    "\\??\\Volume{3da0b67b-f289-11dc-9482-0000e84b3687}"=hex:5c,00,3f,00,3f,00,5c,
       00,53,00,54,00,4f,00,52,00,41,00,47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,\
    "\\??\\Volume{4463c76c-03f4-11dd-9493-0000e84b3687}"=hex:5c,00,3f,00,3f,00,5c,
       00,53,00,54,00,4f,00,52,00,41,00,47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,\
    "\\??\\Volume{61a5c57e-370a-11dd-94d1-0000e84b3687}"=hex:5c,00,3f,00,3f,00,5c,
       00,53,00,54,00,4f,00,52,00,41,00,47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,\
    "\\??\\Volume{f9f37baa-3d48-11dd-94d9-0000e84b3687}"=hex:5c,00,3f,00,3f,00,5c,
       00,53,00,54,00,4f,00,52,00,41,00,47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,\
    "\\??\\Volume{9d2560ac-831a-11dd-951b-0000e84b3687}"=hex:46,c6,6a,5b,00,7e,00,
       00,00,00,00,00
    "\\??\\Volume{c56024ec-e3a8-11dd-95f0-0000e84b3687}"=hex:5c,00,3f,00,3f,00,5c,
       00,53,00,54,00,4f,00,52,00,41,00,47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,\
    "\\??\\Volume{08ba475c-1132-11de-9648-0000e84b3687}"=hex:d9,fe,52,a5,00,00,7e,
       00,00,00,00,00
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    
    - - - - - - - > 'explorer.exe'(2368)
    c:\docume~1\DENIZC~1\LOCALS~1\TempIadHide3.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\windows\system32\CTsvcCDA.exe
    c:\windows\system32\drivers\KodakCCS.exe
    c:\program files\NetLimiter 2 Pro\nlsvc.exe
    c:\windows\system32\nvsvc32.exe
    c:\windows\system32\PnkBstrA.exe
    c:\windows\system32\ScsiAccess.EXE
    c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
    c:\windows\system32\wdfmgr.exe
    c:\windows\system32\MsPMSPSv.exe
    c:\program files\iPod\bin\iPodService.exe
    c:\program files\SONY\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
    c:\program files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
    c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
    c:\program files\Java\jre1.6.0_05\bin\jucheck.exe
    c:\windows\system32\DllHost.exe
    c:\windows\system32\MATLAB~1.SCR
    .
    **************************************************************************
    .
    Completion time: 2009-12-31  13:50:37 - machine was rebooted
    ComboFix-quarantined-files.txt  2009-12-31 11:50
    
    Pre-Run: 14.648.020.992 bayt boş
    Post-Run: 14.832.390.144 bayt boş
    
    WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
    
    - - End Of File - - F08B234357EA6D70077187B510EC672E

  6. #6
    Moderator (global) Team-Mitglied Avatar von Jintan
    Registriert seit
    25.11.2006
    Beiträge
    6.369

    Re: Win32/TrojanDownloader.Agent problem

    Progress, but due to Alcohol and Daemon Tools rootkit-like settings the results of some of the ComboFix log are not clear. I will need you to uninstall Alcohol and/or Daemon Tools (if installed separately). Then go here and download Duplex Secure's SPTD installer SPTDinst-v162-x86.exe to your desktop, then click the downloaded file to start the installer. When the option appears select Uninstall, and allow the tool to uninstall SPTD from your system. Be sure to reboot after to complete the removal of the SPTD settings.

    Then temp disable any security software, and run ComboFix again please, and post back that new C:\ComboFix.txt log.
    Lebe den Tag!

    Jintan - Die Marke, bei der alles stimmt!

  7. #7
    Einsteiger
    Registriert seit
    21.12.2009
    Beiträge
    10

    Re: Win32/TrojanDownloader.Agent problem

    How is this?

    Code:
    ComboFix 09-12-30.01 - Deniz Can 01.01.2010  12:07:15.2.1 - x86
    Microsoft Windows XP Professional  5.1.2600.2.1254.90.1055.18.511.215 [GMT 2:00]
    Running from: c:\documents and settings\Deniz Can\Desktop\ComboFix.exe
    AV: ESET NOD32 Antivirus 4.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
    .
    
    (((((((((((((((((((((((((   Files Created from 2009-12-01 to 2010-01-01  )))))))))))))))))))))))))))))))
    .
    
    2009-12-28 21:28 . 2009-12-28 21:29	--------	d-----w-	C:\rsit
    2009-12-25 17:09 . 2009-12-25 17:09	--------	d-----w-	c:\documents and settings\Deniz Can\Local Settings\Application Data\DOSBox
    2009-12-25 17:07 . 2009-12-25 17:18	--------	d-----w-	c:\program files\DOSBox-0.73
    2009-12-25 16:43 . 2010-01-01 09:39	--------	d-----w-	C:\TIECD
    2009-12-22 20:29 . 2009-12-29 09:13	--------	d-----w-	c:\program files\Industry Giant 2
    2009-12-21 16:01 . 2009-12-21 16:01	--------	d-----w-	c:\program files\Trend Micro
    2009-12-18 08:24 . 2009-12-18 08:24	--------	d-----w-	c:\temp\FrankProtocol
    2009-12-18 08:24 . 2009-12-18 08:24	--------	d-----w-	c:\temp\FrankPacManager
    2009-12-18 08:24 . 2009-12-18 08:24	--------	d-----w-	c:\temp\FrankMedium
    2009-12-18 08:24 . 2009-12-18 08:24	--------	d-----w-	c:\temp\FrankHandler
    2009-12-18 08:24 . 2009-12-18 08:24	--------	d-----w-	c:\temp\FrankFormat
    2009-12-18 08:24 . 2009-12-18 08:24	--------	d-----w-	c:\temp\FrankDevice
    2009-12-18 08:24 . 2009-12-18 08:24	--------	d-----w-	c:\temp\FrankContents
    2009-12-18 08:24 . 2009-12-18 08:24	--------	d-----w-	c:\temp\Frank
    2009-12-17 09:14 . 2009-04-28 20:20	129520	------w-	c:\windows\system32\pxafs.dll
    2009-12-17 09:13 . 2009-12-17 10:15	--------	d-----w-	c:\documents and settings\Deniz Can\Application Data\Winamp
    2009-12-11 19:30 . 2009-12-17 09:22	--------	d-----w-	c:\program files\Winamp
    2009-12-05 08:23 . 2009-08-24 23:30	13312	----a-w-	c:\documents and settings\Deniz Can\Application Data\Mozilla\Firefox\Profiles\6bsdy355.default\extensions\twitternotifier@naan.net\components\nsTwitterFoxSign.dll
    2009-12-03 19:50 . 2009-12-03 19:50	--------	d-----w-	c:\program files\Common Files\Borland Shared
    2009-12-03 19:49 . 2009-12-03 19:49	--------	d-----w-	c:\temp\Isletme
    
    .
    ((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-01-01 10:04 . 2006-05-12 17:25	--------	d-----w-	c:\documents and settings\Deniz Can\Application Data\Skype
    2010-01-01 10:02 . 2006-09-08 09:11	--------	d-----w-	c:\program files\EasyPHP1-8
    2010-01-01 08:57 . 2006-04-15 07:52	--------	d-----w-	c:\program files\eMule
    2009-12-11 19:59 . 2009-10-25 10:18	--------	d-----w-	c:\program files\PokerStars.NET
    2009-12-11 10:39 . 2009-10-27 17:42	--------	d-----w-	c:\program files\Mozilla Thunderbird
    2009-12-10 15:28 . 2001-11-22 12:00	419572	----a-w-	c:\windows\system32\perfh01F.dat
    2009-12-10 15:28 . 2001-11-22 12:00	76586	----a-w-	c:\windows\system32\perfc01F.dat
    2009-11-29 08:35 . 2006-04-15 06:52	--------	d--h--w-	c:\program files\InstallShield Installation Information
    2009-10-29 05:46 . 2004-08-03 21:45	661504	------w-	c:\windows\system32\wininet.dll
    2009-10-22 19:08 . 2006-04-17 14:08	99024	----a-w-	c:\documents and settings\Deniz Can\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
    2009-10-21 06:02 . 2004-08-03 21:45	75776	----a-w-	c:\windows\system32\strmfilt.dll
    2009-10-21 06:02 . 2004-08-03 21:45	25088	----a-w-	c:\windows\system32\httpapi.dll
    2009-10-20 14:58 . 2004-08-03 20:00	263552	----a-w-	c:\windows\system32\drivers\http.sys
    2009-10-13 10:52 . 2004-08-03 21:45	267264	----a-w-	c:\windows\system32\oakley.dll
    2009-10-12 13:52 . 2004-08-03 21:45	69632	----a-w-	c:\windows\system32\raschap.dll
    2009-10-12 13:52 . 2004-08-03 21:45	112640	----a-w-	c:\windows\system32\rastls.dll
    .
    
    ------- Sigcheck -------
    
    [7] 2008-06-20 . B0BEFD78B3816E6A49636A8B67C4F28F . 245760 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3GDR\mswsock.dll
    [7] 2008-06-20 . F04F500D4217A2C940D91140AC53C717 . 245760 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\mswsock.dll
    [-] 2008-06-20 . E4BFA352E2D05B079673BF1FE1FD965D . 245760 . . [5.1.2600.3394] . . c:\windows\system32\mswsock.dll
    [7] 2008-06-20 . 8FDC1A5E2813A835ECAEF186AF80C9F5 . 245760 . . [5.1.2600.3394] . . c:\windows\system32\dllcache\mswsock.dll
    [7] 2008-06-20 . 7ECF6887F65367DD5CF94C91924588CA . 245760 . . [5.1.2600.3394] . . c:\windows\$hf_mig$\KB951748\SP2QFE\mswsock.dll
    [-] 2008-04-14 . C4FDA698CAB8527C1D58D7A437587952 . 245760 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\232cad025a4de3b5651532234015bf6b\mswsock.dll
    [7] 2004-08-03 . C1FB7C7331E87A0E5129FCCE0B73167F . 245760 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB951748$\mswsock.dll
    .
    (((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown 
    REGEDIT4
    
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]
    "NBJ"="c:\program files\Ahead\Nero BackItUp\NBJ.exe" [2005-04-08 1953792]
    "Skype"="c:\program files\Skype\Phone\Skype.exe" [2006-01-18 19477544]
    "Rainlendar2"="c:\program files\Rainlendar2\Rainlendar2.exe" [2006-11-26 984064]
    
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-22 7700480]
    "nwiz"="nwiz.exe" [2006-10-22 1622016]
    "CTSysVol"="c:\program files\Creative\SB Live! 24-bit\Surround Mixer\CTSysVol.exe" [2003-09-17 57344]
    "UpdReg"="c:\windows\UpdReg.EXE" [2000-05-10 90112]
    "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2005-12-20 278528]
    "SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 144784]
    "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-10-22 86016]
    "FineReader7NewsReaderPro"="c:\program files\ABBYY FineReader 7.0 Professional Edition\AbbyyNewsReader.exe" [2003-09-11 278528]
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-04-22 155648]
    "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-08-09 81920]
    "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-01-31 185872]
    "egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-02-06 2021400]
    
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360]
    
    c:\documents and settings\Deniz Can\Start Menu\Programlar\BaŸlang‡\
    Picture Motion Browser Media Check Tool.lnk - c:\program files\SONY\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe [2008-12-5 344064]
    
    c:\documents and settings\All Users\Start Menu\Programlar\BaŸlang‡\
    Acrobat Assistant.lnk - c:\program files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe [2006-4-15 49254]
    Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2006-4-28 113664]
    hp psc 1000 series.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe [2003-4-6 147456]
    hpoddt01.exe.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-4-6 28672]
    Kodak EasyShare software.lnk - c:\program files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2003-6-25 614531]
    KODAK Software Updater.lnk - c:\program files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe [2003-6-8 16432]
    
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\backWeb-7288971.exe"=
    "c:\\Program Files\\eMule\\emule.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    "c:\\Program Files\\Xfire\\xfire.exe"=
    "c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
    "c:\\Papyrus\\NASCAR Racing 2002 Season\\NR2002.exe"=
    "c:\\Program Files\\Chessmaster 8000\\Chessmaster.exe"=
    "c:\\WINDOWS\\system32\\dplaysvr.exe"=
    "c:\\Program Files\\Skype\\Phone\\Skype.exe"=
    
    R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [06.02.2009 13:23 106208]
    R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [06.02.2009 13:24 93336]
    R1 nltdi;nltdi;c:\windows\system32\drivers\nltdi.sys [14.06.2006 21:44 93824]
    R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [06.02.2009 13:23 727720]
    S2 FILESpy;FILESpy;\??\c:\program files\Softwin\BitDefender9\filespy.sys --> c:\program files\Softwin\BitDefender9\filespy.sys [?]
    S3 ICDUSB2;Sony IC Recorder (P);c:\windows\system32\drivers\IcdUsb2.sys [03.01.2008 16:09 39048]
    S3 SetupNTGLM7X;SetupNTGLM7X;\??\e:\ntglm7x.sys --> e:\NTGLM7X.sys [?]
    S4 Rdpidirvw;Rdpidirvw;c:\windows\system32\drivers\rawwan.sys [22.11.2001 14:00 34432]
    S4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys --> c:\windows\system32\Drivers\sptd.sys [?]
    .
    Contents of the 'Scheduled Tasks' folder
    
    2007-11-28 c:\windows\Tasks\FRU Task 2003-04-06 08:52ewlett-Packard2003-04-06 08:52p psc 1200 series5E771253C1676EBED677BF361FDFC537825E15B8188319073.job
    - c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2003-04-05 21:52]
    
    2010-01-01 c:\windows\Tasks\WGASetup.job
    - c:\windows\system32\KB905474\wgasetup.exe [2009-04-14 19:18]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = about:blank
    uInternet Settings,ProxyOverride = localhost
    uInternet Settings,ProxyServer = 217.195.246.83:8080
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    IE: {{FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - c:\program files\PokerStars.NET\PokerStarsUpdate.exe
    TCP: {37D17006-8E1A-4418-AF41-AD76C2FA64C7} = 195.175.39.40,195.175.39.39
    FF - ProfilePath - c:\documents and settings\Deniz Can\Application Data\Mozilla\Firefox\Profiles\6bsdy355.default\
    FF - prefs.js: browser.startup.homepage - about:blank
    FF - component: c:\documents and settings\Deniz Can\Application Data\Mozilla\Firefox\Profiles\6bsdy355.default\extensions\twitternotifier@naan.net\components\nsTwitterFoxSign.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\npdjvu.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\NpFv41629.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\npmozax.dll
    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
    .
    
    **************************************************************************
    
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2010-01-01 12:19
    Windows 5.1.2600 Service Pack 2 NTFS
    
    scanning hidden processes ...  
    
    scanning hidden autostart entries ... 
    
    scanning hidden files ...  
    
    scan completed successfully
    hidden files: 0
    
    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    
    [HKEY_USERS\S-1-5-21-1614895754-448539723-725345543-1003\Software\SecuROM\License information*]
    "datasecu"=hex:d6,1c,17,c1,3a,ee,f8,7f,36,c2,37,20,cd,c0,87,30,05,36,83,9e,7c,
       3d,8c,35,8c,89,75,43,aa,2a,ca,2b,ae,1c,b8,51,88,35,df,6d,6a,15,d7,07,61,8a,\
    "rkeysecu"=hex:11,4a,21,88,3e,48,d9,8c,f2,33,47,f6,d6,5d,83,4e
    
    [HKEY_LOCAL_MACHINE\System\MountedDevices]
    @Denied: (Read) (Administrators)
    "\\??\\Volume{03c46290-cbfc-11da-a90f-806d6172696f}"=hex:5c,00,3f,00,3f,00,5c,
       00,46,00,44,00,43,00,23,00,47,00,45,00,4e,00,45,00,52,00,49,00,43,00,5f,00,\
    "\\??\\Volume{03c46291-cbfc-11da-a90f-806d6172696f}"=hex:5c,00,3f,00,3f,00,5c,
       00,49,00,44,00,45,00,23,00,43,00,64,00,52,00,6f,00,6d,00,48,00,4c,00,2d,00,\
    "\\??\\Volume{03c46292-cbfc-11da-a90f-806d6172696f}"=hex:5c,00,3f,00,3f,00,5c,
       00,49,00,44,00,45,00,23,00,43,00,64,00,52,00,6f,00,6d,00,48,00,4c,00,2d,00,\
    "\\??\\Volume{03c46294-cbfc-11da-a90f-806d6172696f}"=hex:e3,06,e3,06,00,48,e6,
       3f,10,00,00,00
    "\\DosDevices\\D:"=hex:e3,06,e3,06,00,48,e6,3f,10,00,00,00
    "\\DosDevices\\A:"=hex:5c,00,3f,00,3f,00,5c,00,46,00,44,00,43,00,23,00,47,00,
       45,00,4e,00,45,00,52,00,49,00,43,00,5f,00,46,00,4c,00,4f,00,50,00,50,00,59,\
    "\\DosDevices\\E:"=hex:5c,00,3f,00,3f,00,5c,00,49,00,44,00,45,00,23,00,43,00,
       64,00,52,00,6f,00,6d,00,48,00,4c,00,2d,00,44,00,54,00,2d,00,53,00,54,00,5f,\
    "\\DosDevices\\F:"=hex:5c,00,3f,00,3f,00,5c,00,49,00,44,00,45,00,23,00,43,00,
       64,00,52,00,6f,00,6d,00,48,00,4c,00,2d,00,44,00,54,00,2d,00,53,00,54,00,5f,\
    "\\??\\Volume{03c46296-cbfc-11da-a90f-806d6172696f}"=hex:e3,06,e3,06,00,7e,00,
       00,00,00,00,00
    "\\DosDevices\\C:"=hex:e3,06,e3,06,00,7e,00,00,00,00,00,00
    "\\??\\Volume{2c5fd2fc-cc79-11da-917c-0000e84b3687}"=hex:5c,00,3f,00,3f,00,5c,
       00,53,00,43,00,53,00,49,00,23,00,43,00,64,00,52,00,6f,00,6d,00,26,00,56,00,\
    "\\DosDevices\\G:"=hex:5c,00,3f,00,3f,00,5c,00,53,00,43,00,53,00,49,00,23,00,
       43,00,64,00,52,00,6f,00,6d,00,26,00,56,00,65,00,6e,00,5f,00,53,00,43,00,53,\
    "\\??\\Volume{2c5fd2fd-cc79-11da-917c-0000e84b3687}"=hex:5c,00,3f,00,3f,00,5c,
       00,53,00,54,00,4f,00,52,00,41,00,47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,\
    "\\DosDevices\\H:"=hex:5c,00,3f,00,3f,00,5c,00,53,00,54,00,4f,00,52,00,41,00,
       47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,76,00,61,00,62,00,6c,00,65,00,4d,\
    "\\??\\Volume{2c5fd301-cc79-11da-917c-0000e84b3687}"=hex:5c,00,3f,00,3f,00,5c,
       00,53,00,54,00,4f,00,52,00,41,00,47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,\
    "\\DosDevices\\I:"=hex:d9,fe,52,a5,00,00,7e,00,00,00,00,00
    "\\??\\Volume{fe8a6ee8-292e-11db-9251-0000e84b3687}"=hex:5c,00,3f,00,3f,00,5c,
       00,53,00,54,00,4f,00,52,00,41,00,47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,\
    "\\??\\Volume{1cefad0a-72ef-11db-92b6-0000e84b3687}"=hex:5c,00,3f,00,3f,00,5c,
       00,53,00,54,00,4f,00,52,00,41,00,47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,\
    "\\??\\Volume{1cefad0b-72ef-11db-92b6-0000e84b3687}"=hex:5c,00,3f,00,3f,00,5c,
       00,53,00,54,00,4f,00,52,00,41,00,47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,\
    "\\DosDevices\\J:"=hex:5c,00,3f,00,3f,00,5c,00,53,00,54,00,4f,00,52,00,41,00,
       47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,76,00,61,00,62,00,6c,00,65,00,4d,\
    "\\??\\Volume{7a240d66-fd72-11db-9379-0000e84b3687}"=hex:5c,00,3f,00,3f,00,5c,
       00,53,00,54,00,4f,00,52,00,41,00,47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,\
    "\\??\\Volume{3e3cd785-10d1-11dc-9391-0000e84b3687}"=hex:5c,00,3f,00,3f,00,5c,
       00,53,00,54,00,4f,00,52,00,41,00,47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,\
    "\\??\\Volume{aca44564-18af-11dc-9393-0000e84b3687}"=hex:5c,00,3f,00,3f,00,5c,
       00,53,00,54,00,4f,00,52,00,41,00,47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,\
    "\\??\\Volume{b6683514-b491-11dc-9432-0000e84b3687}"=hex:46,78,4a,30,00,7e,00,
       00,00,00,00,00
    "\\??\\Volume{3da0b67b-f289-11dc-9482-0000e84b3687}"=hex:5c,00,3f,00,3f,00,5c,
       00,53,00,54,00,4f,00,52,00,41,00,47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,\
    "\\??\\Volume{4463c76c-03f4-11dd-9493-0000e84b3687}"=hex:5c,00,3f,00,3f,00,5c,
       00,53,00,54,00,4f,00,52,00,41,00,47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,\
    "\\??\\Volume{61a5c57e-370a-11dd-94d1-0000e84b3687}"=hex:5c,00,3f,00,3f,00,5c,
       00,53,00,54,00,4f,00,52,00,41,00,47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,\
    "\\??\\Volume{f9f37baa-3d48-11dd-94d9-0000e84b3687}"=hex:5c,00,3f,00,3f,00,5c,
       00,53,00,54,00,4f,00,52,00,41,00,47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,\
    "\\??\\Volume{9d2560ac-831a-11dd-951b-0000e84b3687}"=hex:46,c6,6a,5b,00,7e,00,
       00,00,00,00,00
    "\\??\\Volume{c56024ec-e3a8-11dd-95f0-0000e84b3687}"=hex:5c,00,3f,00,3f,00,5c,
       00,53,00,54,00,4f,00,52,00,41,00,47,00,45,00,23,00,52,00,65,00,6d,00,6f,00,\
    "\\??\\Volume{08ba475c-1132-11de-9648-0000e84b3687}"=hex:d9,fe,52,a5,00,00,7e,
       00,00,00,00,00
    .
    Completion time: 2010-01-01  12:27:24
    ComboFix-quarantined-files.txt  2010-01-01 10:27
    ComboFix2.txt  2009-12-31 11:50
    
    Pre-Run: 14.782.480.384 bayt boş
    Post-Run: 14.747.656.192 bayt boş
    
    - - End Of File - - 8E486184D508E639ACB51C2604476AC5
    Happy new year by the way!

  8. #8
    Moderator (global) Team-Mitglied Avatar von Jintan
    Registriert seit
    25.11.2006
    Beiträge
    6.369

    Re: Win32/TrojanDownloader.Agent problem

    That removed the indication of boot file altering, so it was Daemon, and not malware. Is this a proxy setting you recognize?

    ProxyServer = 217.195.246.83:8080


    Be sure to continue to temporarily disable any protective software when running the scan tools we use here.


    Open notepad (go to Start, Run, type notepad and press Enter) and copy/paste the text inside the codebox below into it:

    Code:
    KillAll::
    Driver::
    Rdpidirvw
    FILESpy
    Registry::
    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c56024ec-e3a8-11dd-95f0-0000e84b3687}]
    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f9f37baa-3d48-11dd-94d9-0000e84b3687}]
    Reglock::
    [HKEY_LOCAL_MACHINE\System\MountedDevices]
    Save this to your desktop as CFScript.txt


    You should now have both ComboFix and that CFScript.txt on the desktop. Just left click/hold on the CFScript.txt file, and drag it into ComboFix to start the scan.

    ComboFix will now run as it did before. Allow the scan to run. When completed a text window will appear - please copy/paste the contents back here. This log can also be found at C:\ComboFix.txt.

    A caution - do not touch your mouse/keyboard until the scan has completed. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop.

    --------

    Download Malwarebytes' Anti-Malware from Here or Here.

    Double Click mbam-setup.exe to install the application.

    * Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    * If an update is found, it will download and install the latest version.
    * Once the program has loaded, select "Perform quick scan", then click Scan.
    * The scan may take some time to finish,so please be patient.
    * When the scan is complete, click OK, then Show Results to view the results.
    * Make sure that everything is checked, and click Remove Selected.
    * When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.
    * The log is automatically saved by Malwarebytes and can be viewed by clicking the Logs tab in Malwarebytes.
    * Copy and Paste the entire report in your next reply. If it calls for a reboot to complete the repairs do that as well then.

    ---------------------

    Post that log and the new C:\ComboFix.txt log please.
    Lebe den Tag!

    Jintan - Die Marke, bei der alles stimmt!

  9. #9
    Einsteiger
    Registriert seit
    21.12.2009
    Beiträge
    10

    Re: Win32/TrojanDownloader.Agent problem

    Here it goes:

    Code:
    ComboFix 09-12-30.01 - Deniz Can 01.01.2010  20:19:22.3.1 - x86
    Microsoft Windows XP Professional  5.1.2600.2.1254.90.1055.18.511.284 [GMT 2:00]
    Running from: c:\documents and settings\Deniz Can\Desktop\ComboFix.exe
    Command switches used :: c:\documents and settings\Deniz Can\Desktop\CFScript.txt
    AV: ESET NOD32 Antivirus 4.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
    .
    
    (((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    
    .
    (((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    
    -------\Legacy_FILESPY
    -------\Service_FILESpy
    -------\Service_Rdpidirvw
    
    
    (((((((((((((((((((((((((   Files Created from 2009-12-01 to 2010-01-01  )))))))))))))))))))))))))))))))
    .
    
    2010-01-01 17:26 . 2010-01-01 18:15	--------	d-----w-	c:\documents and settings\Deniz Can\Application Data\GSplit
    2010-01-01 17:20 . 2010-01-01 17:21	--------	d-----w-	c:\documents and settings\Deniz Can\Application Data\Flsplt
    2010-01-01 17:20 . 2010-01-01 17:20	--------	d-----w-	c:\documents and settings\Deniz Can\Application Data\Split_Segments
    2009-12-28 21:28 . 2009-12-28 21:29	--------	d-----w-	C:\rsit
    2009-12-25 17:09 . 2009-12-25 17:09	--------	d-----w-	c:\documents and settings\Deniz Can\Local Settings\Application Data\DOSBox
    2009-12-25 17:07 . 2009-12-25 17:18	--------	d-----w-	c:\program files\DOSBox-0.73
    2009-12-25 16:43 . 2010-01-01 16:51	--------	d-----w-	C:\TIECD
    2009-12-22 20:29 . 2009-12-29 09:13	--------	d-----w-	c:\program files\Industry Giant 2
    2009-12-21 16:01 . 2009-12-21 16:01	--------	d-----w-	c:\program files\Trend Micro
    2009-12-18 08:24 . 2009-12-18 08:24	--------	d-----w-	c:\temp\FrankProtocol
    2009-12-18 08:24 . 2009-12-18 08:24	--------	d-----w-	c:\temp\FrankPacManager
    2009-12-18 08:24 . 2009-12-18 08:24	--------	d-----w-	c:\temp\FrankMedium
    2009-12-18 08:24 . 2009-12-18 08:24	--------	d-----w-	c:\temp\FrankHandler
    2009-12-18 08:24 . 2009-12-18 08:24	--------	d-----w-	c:\temp\FrankFormat
    2009-12-18 08:24 . 2009-12-18 08:24	--------	d-----w-	c:\temp\FrankDevice
    2009-12-18 08:24 . 2009-12-18 08:24	--------	d-----w-	c:\temp\FrankContents
    2009-12-18 08:24 . 2009-12-18 08:24	--------	d-----w-	c:\temp\Frank
    2009-12-17 09:14 . 2009-04-28 20:20	129520	------w-	c:\windows\system32\pxafs.dll
    2009-12-17 09:13 . 2009-12-17 10:15	--------	d-----w-	c:\documents and settings\Deniz Can\Application Data\Winamp
    2009-12-11 19:30 . 2009-12-17 09:22	--------	d-----w-	c:\program files\Winamp
    2009-12-05 08:23 . 2009-08-24 23:30	13312	----a-w-	c:\documents and settings\Deniz Can\Application Data\Mozilla\Firefox\Profiles\6bsdy355.default\extensions\twitternotifier@naan.net\components\nsTwitterFoxSign.dll
    2009-12-03 19:50 . 2009-12-03 19:50	--------	d-----w-	c:\program files\Common Files\Borland Shared
    2009-12-03 19:49 . 2009-12-03 19:49	--------	d-----w-	c:\temp\Isletme
    
    .
    ((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-01-01 10:59 . 2006-04-15 07:52	--------	d-----w-	c:\program files\eMule
    2010-01-01 10:04 . 2006-05-12 17:25	--------	d-----w-	c:\documents and settings\Deniz Can\Application Data\Skype
    2010-01-01 10:02 . 2006-09-08 09:11	--------	d-----w-	c:\program files\EasyPHP1-8
    2009-12-11 19:59 . 2009-10-25 10:18	--------	d-----w-	c:\program files\PokerStars.NET
    2009-12-11 10:39 . 2009-10-27 17:42	--------	d-----w-	c:\program files\Mozilla Thunderbird
    2009-12-10 15:28 . 2001-11-22 12:00	419572	----a-w-	c:\windows\system32\perfh01F.dat
    2009-12-10 15:28 . 2001-11-22 12:00	76586	----a-w-	c:\windows\system32\perfc01F.dat
    2009-11-29 08:35 . 2006-04-15 06:52	--------	d--h--w-	c:\program files\InstallShield Installation Information
    2009-10-29 05:46 . 2004-08-03 21:45	661504	------w-	c:\windows\system32\wininet.dll
    2009-10-22 19:08 . 2006-04-17 14:08	99024	----a-w-	c:\documents and settings\Deniz Can\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
    2009-10-21 06:02 . 2004-08-03 21:45	75776	----a-w-	c:\windows\system32\strmfilt.dll
    2009-10-21 06:02 . 2004-08-03 21:45	25088	----a-w-	c:\windows\system32\httpapi.dll
    2009-10-20 14:58 . 2004-08-03 20:00	263552	----a-w-	c:\windows\system32\drivers\http.sys
    2009-10-13 10:52 . 2004-08-03 21:45	267264	----a-w-	c:\windows\system32\oakley.dll
    2009-10-12 13:52 . 2004-08-03 21:45	69632	----a-w-	c:\windows\system32\raschap.dll
    2009-10-12 13:52 . 2004-08-03 21:45	112640	----a-w-	c:\windows\system32\rastls.dll
    .
    
    ------- Sigcheck -------
    
    [7] 2008-06-20 . B0BEFD78B3816E6A49636A8B67C4F28F . 245760 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3GDR\mswsock.dll
    [7] 2008-06-20 . F04F500D4217A2C940D91140AC53C717 . 245760 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\mswsock.dll
    [-] 2008-06-20 . E4BFA352E2D05B079673BF1FE1FD965D . 245760 . . [5.1.2600.3394] . . c:\windows\system32\mswsock.dll
    [7] 2008-06-20 . 8FDC1A5E2813A835ECAEF186AF80C9F5 . 245760 . . [5.1.2600.3394] . . c:\windows\system32\dllcache\mswsock.dll
    [7] 2008-06-20 . 7ECF6887F65367DD5CF94C91924588CA . 245760 . . [5.1.2600.3394] . . c:\windows\$hf_mig$\KB951748\SP2QFE\mswsock.dll
    [-] 2008-04-14 . C4FDA698CAB8527C1D58D7A437587952 . 245760 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\232cad025a4de3b5651532234015bf6b\mswsock.dll
    [7] 2004-08-03 . C1FB7C7331E87A0E5129FCCE0B73167F . 245760 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB951748$\mswsock.dll
    .
    (((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown 
    REGEDIT4
    
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]
    "NBJ"="c:\program files\Ahead\Nero BackItUp\NBJ.exe" [2005-04-08 1953792]
    "Skype"="c:\program files\Skype\Phone\Skype.exe" [2006-01-18 19477544]
    "Rainlendar2"="c:\program files\Rainlendar2\Rainlendar2.exe" [2006-11-26 984064]
    
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-22 7700480]
    "nwiz"="nwiz.exe" [2006-10-22 1622016]
    "CTSysVol"="c:\program files\Creative\SB Live! 24-bit\Surround Mixer\CTSysVol.exe" [2003-09-17 57344]
    "UpdReg"="c:\windows\UpdReg.EXE" [2000-05-10 90112]
    "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2005-12-20 278528]
    "SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 144784]
    "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-10-22 86016]
    "FineReader7NewsReaderPro"="c:\program files\ABBYY FineReader 7.0 Professional Edition\AbbyyNewsReader.exe" [2003-09-11 278528]
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-04-22 155648]
    "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-08-09 81920]
    "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-01-31 185872]
    "egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-02-06 2021400]
    
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360]
    
    c:\documents and settings\Deniz Can\Start Menu\Programlar\BaŸlang‡\
    Picture Motion Browser Media Check Tool.lnk - c:\program files\SONY\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe [2008-12-5 344064]
    
    c:\documents and settings\All Users\Start Menu\Programlar\BaŸlang‡\
    Acrobat Assistant.lnk - c:\program files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe [2006-4-15 49254]
    Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2006-4-28 113664]
    hp psc 1000 series.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe [2003-4-6 147456]
    hpoddt01.exe.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-4-6 28672]
    Kodak EasyShare software.lnk - c:\program files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2003-6-25 614531]
    KODAK Software Updater.lnk - c:\program files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe [2003-6-8 16432]
    
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\backWeb-7288971.exe"=
    "c:\\Program Files\\eMule\\emule.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    "c:\\Program Files\\Xfire\\xfire.exe"=
    "c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
    "c:\\Papyrus\\NASCAR Racing 2002 Season\\NR2002.exe"=
    "c:\\Program Files\\Chessmaster 8000\\Chessmaster.exe"=
    "c:\\WINDOWS\\system32\\dplaysvr.exe"=
    "c:\\Program Files\\Skype\\Phone\\Skype.exe"=
    
    R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [06.02.2009 13:23 106208]
    R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [06.02.2009 13:24 93336]
    R1 nltdi;nltdi;c:\windows\system32\drivers\nltdi.sys [14.06.2006 21:44 93824]
    R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [06.02.2009 13:23 727720]
    S3 ICDUSB2;Sony IC Recorder (P);c:\windows\system32\drivers\IcdUsb2.sys [03.01.2008 16:09 39048]
    S3 SetupNTGLM7X;SetupNTGLM7X;\??\e:\ntglm7x.sys --> e:\NTGLM7X.sys [?]
    S4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys --> c:\windows\system32\Drivers\sptd.sys [?]
    .
    Contents of the 'Scheduled Tasks' folder
    
    2007-11-28 c:\windows\Tasks\FRU Task 2003-04-06 08:52ewlett-Packard2003-04-06 08:52p psc 1200 series5E771253C1676EBED677BF361FDFC537825E15B8188319073.job
    - c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2003-04-05 21:52]
    
    2010-01-01 c:\windows\Tasks\WGASetup.job
    - c:\windows\system32\KB905474\wgasetup.exe [2009-04-14 19:18]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = about:blank
    uInternet Settings,ProxyOverride = localhost
    uInternet Settings,ProxyServer = 217.195.246.83:8080
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    IE: {{FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - c:\program files\PokerStars.NET\PokerStarsUpdate.exe
    TCP: {37D17006-8E1A-4418-AF41-AD76C2FA64C7} = 195.175.39.40,195.175.39.39
    FF - ProfilePath - c:\documents and settings\Deniz Can\Application Data\Mozilla\Firefox\Profiles\6bsdy355.default\
    FF - prefs.js: browser.startup.homepage - about:blank
    FF - component: c:\documents and settings\Deniz Can\Application Data\Mozilla\Firefox\Profiles\6bsdy355.default\extensions\twitternotifier@naan.net\components\nsTwitterFoxSign.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\npdjvu.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\NpFv41629.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\npmozax.dll
    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
    .
    
    **************************************************************************
    
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2010-01-01 20:33
    Windows 5.1.2600 Service Pack 2 NTFS
    
    scanning hidden processes ...  
    
    scanning hidden autostart entries ... 
    
    scanning hidden files ...  
    
    scan completed successfully
    hidden files: 0
    
    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    
    [HKEY_USERS\S-1-5-21-1614895754-448539723-725345543-1003\Software\SecuROM\License information*]
    "datasecu"=hex:d6,1c,17,c1,3a,ee,f8,7f,36,c2,37,20,cd,c0,87,30,05,36,83,9e,7c,
       3d,8c,35,8c,89,75,43,aa,2a,ca,2b,ae,1c,b8,51,88,35,df,6d,6a,15,d7,07,61,8a,\
    "rkeysecu"=hex:11,4a,21,88,3e,48,d9,8c,f2,33,47,f6,d6,5d,83,4e
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    
    - - - - - - - > 'explorer.exe'(1828)
    c:\docume~1\DENIZC~1\LOCALS~1\TempIadHide3.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\windows\system32\CTsvcCDA.exe
    c:\windows\system32\drivers\KodakCCS.exe
    c:\program files\NetLimiter 2 Pro\nlsvc.exe
    c:\windows\system32\nvsvc32.exe
    c:\windows\system32\PnkBstrA.exe
    c:\windows\system32\ScsiAccess.EXE
    c:\windows\system32\wdfmgr.exe
    c:\windows\system32\MsPMSPSv.exe
    c:\program files\iPod\bin\iPodService.exe
    c:\program files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
    c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
    c:\program files\Java\jre1.6.0_05\bin\jucheck.exe
    .
    **************************************************************************
    .
    Completion time: 2010-01-01  20:44:34 - machine was rebooted
    ComboFix-quarantined-files.txt  2010-01-01 18:44
    ComboFix2.txt  2010-01-01 10:27
    ComboFix3.txt  2009-12-31 11:50
    
    Pre-Run: 14.719.262.720 bayt boş
    Post-Run: 14.689.116.160 bayt boş
    
    - - End Of File - - 50D89AD21F7C8812B1897A15D45B9FD1
    Code:
    Malwarebytes' Anti-Malware 1.43
    Database version: 3470
    Windows 5.1.2600 Service Pack 2
    Internet Explorer 6.0.2900.2180
    
    01.01.2010 21:10:55
    mbam-log-2010-01-01 (21-10-55).txt
    
    Scan type: Quick Scan
    Objects scanned: 117169
    Time elapsed: 9 minute(s), 26 second(s)
    
    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 5
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0
    
    Memory Processes Infected:
    (No malicious items detected)
    
    Memory Modules Infected:
    (No malicious items detected)
    
    Registry Keys Infected:
    HKEY_CLASSES_ROOT\wmilib.services (Spyware.OnlineGames) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{bf5c81c0-416d-487c-a4ad-07cc1f8e6e71} (Spyware.OnlineGames) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{6c3db97b-69d4-46da-87cd-4e323bff2c3c} (Spyware.OnlineGames) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Typelib\{43893dfb-e095-42eb-ab67-784853fdfa58} (Spyware.OnlineGames) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Active Setup\Installed Components\{88abc5c0-4fcb-11bb-aax5-81cx1c635612} (Trojan.Agent) -> Quarantined and deleted successfully.
    
    Registry Values Infected:
    (No malicious items detected)
    
    Registry Data Items Infected:
    (No malicious items detected)
    
    Folders Infected:
    (No malicious items detected)
    
    Files Infected:
    (No malicious items detected)
    Malwarebytes' Anti-Malware didn't ask for reboot BTW.

  10. #10
    Moderator (global) Team-Mitglied Avatar von Jintan
    Registriert seit
    25.11.2006
    Beiträge
    6.369

    Re: Win32/TrojanDownloader.Agent problem

    Steady progress. Let's do one additional scan to make sure nothing remains there.


    Disable your antivirus program and go here and run an online scan using ESET Online Scanner (you will need to use Internet Explorer for this scan, or download the installer to run it in a different browser). If you accept the Terms of Use, check the box and click Start. After the ActiveX Control has loaded, it will take a couple minutes for the scanner to get ready. Next, check the following boxes:

    Remove found threats
    Scan unwanted applications


    Next to "Current scan targets: Operating memory, Local drives", click the "Change" word. Make sure you place a check next to all disk drives, including any external drives that are attached (no need to check off the floppy or DVD/CD-Rom drives).

    Click Start. This scan may take a while, so please be patient. A log may open when the scan is complete (if not, go to C:\Program Files\EsetOnlineScanner\ and open the file log.txt). Click Edit - Select All then copy/paste that log back here please.


    If you have any problems getting Eset started, one work-around is to have an open Internet connection, and then click here and download the esetsmartinstaller_enu.exe Eset installer. Then click that file, and follow the same previous steps to run the scan.
    Lebe den Tag!

    Jintan - Die Marke, bei der alles stimmt!

Seite 1 von 2 12 LetzteLetzte

Aktive Benutzer

Aktive Benutzer

Aktive Benutzer in diesem Thema: 1 (Registrierte Benutzer: 0, Gäste: 1)

Ähnliche Themen

  1. win32.zbot und win32.Agent.pz problem
    Von cayn im Forum Archiv
    Antworten: 6
    Letzter Beitrag: 21.10.2009, 11:18
  2. win32 trojandownloader Zlob
    Von Psy23 im Forum Archiv
    Antworten: 2
    Letzter Beitrag: 15.11.2007, 06:57
  3. Trojandownloader.Agent.uj
    Von Biffes im Forum Archiv
    Antworten: 0
    Letzter Beitrag: 18.10.2005, 12:51
  4. Win32.TrojanDownloader.Swizzor.br
    Von Sandman im Forum Archiv
    Antworten: 10
    Letzter Beitrag: 17.01.2005, 01:57
  5. win32. trojanDownloader .Swizzor.br :(
    Von Unregistriert im Forum Archiv
    Antworten: 9
    Letzter Beitrag: 07.11.2004, 19:32

Berechtigungen

  • Neue Themen erstellen: Nein
  • Themen beantworten: Nein
  • Anhänge hochladen: Nein
  • Beiträge bearbeiten: Nein
  •