Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
Trojaner Probleme 26.Mai 2010

Trojaner Probleme 26.Mai 2010


Log-Analyse und Auswertung: Trojaner Probleme 26.Mai 2010

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

Antwort
Alt 26.05.2010, 14:41   #1
79skyline
 
Trojaner Probleme 26.Mai 2010 - Standard

Trojaner Probleme 26.Mai 2010


Hallo,
ich habe mir so wie es den Anschein hat etwas eingefangen.
Nach mehrfacher Suche finde ich die Quelle des Übels nicht.
Ich kenne mich zu wenige aus.
Kann mir jemand helfen?

Es werden laufend neue Trojaner angezeigt.

Hier die Reports:


Zitat:
Malwarebytes' Anti-Malware 1.46
XXX.malwarebytes.org

Datenbank Version: 4144

Windows 6.0.6002 Service Pack 2
Internet Explorer 7.0.6002.18005

26.05.2010 14:38:17
mbam-log-2010-05-26 (14-38-17).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|F:\|G:\|)
Durchsuchte Objekte: 253072
Laufzeit: 1 Stunde(n), 10 Minute(n), 44 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 5
Infizierte Registrierungswerte: 1
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 3

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\M5T8QL3YW3 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\avsuite (Rogue.AntivirusSuite) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Handle (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\QZAIB7KITK (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\winid (Malware.Trace) -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
C:\Windows\System32\drivers\xawcfdwq.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\Windows\Tasks\{8C3FDD81-7AE0-4605-A46A-2488B179F2A3}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
RSIT Logfile:
RSIT Logfile:
Code:
ATTFilter
Logfile of random's system information tool 1.07 (written by random/random)
Run by XXX at 2010-05-26 14:49:35
Microsoft® Windows Vista™ Home Premium  Service Pack 2
System drive C: has 88 GB (74%) free of 119 GB
Total RAM: 3071 MB (65% free)

HijackThis download failed

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG9\avgssie.dll [2010-05-25 1615200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Anmelde-Hilfsprogramm - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype add-on for Internet Explorer - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2010-02-08 804136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B922D405-6D13-4A2B-AE89-08A030DA4402}]
pdfforge Toolbar - C:\Program Files\pdfforge Toolbar\IE\1.1.2\pdfforgeToolbarIE.dll [2010-01-08 700416]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}]
softonic-de3 Toolbar - C:\Program Files\softonic-de3\tbsoft.dll [2010-03-17 2355224]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-03-09 35840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}]
C:\Program Files\pdfforge Toolbar\SearchSettings.dll [2010-01-08 1109504]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{855F3B16-6D32-4fe6-8A56-BBB695989046} - ICQToolBar - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll [2008-12-09 958200]
{B922D405-6D13-4A2B-AE89-08A030DA4402} - pdfforge Toolbar - C:\Program Files\pdfforge Toolbar\IE\1.1.2\pdfforgeToolbarIE.dll [2010-01-08 700416]
{AD6E6555-FB2C-47D4-8339-3E2965509877} - TerraTec Home Cinema - C:\PROGRA~1\TerraTec\TERRAT~1\THCDES~1.DLL [2009-09-22 526336]
{cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - softonic-de3 Toolbar - C:\Program Files\softonic-de3\tbsoft.dll [2010-03-17 2355224]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-21 1008184]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2007-12-06 1029416]
"ASUSTPE"=C:\Windows\system32\ASUSTPE.exe [2007-10-12 106496]
"ASUS Camera ScreenSaver"=C:\Windows\AsScrProlog.exe [2008-12-17 47672]
"ASUS Screen Saver Protector"=C:\Windows\ASScrPro.exe [2008-12-17 33136]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2009-01-05 413696]
"SearchSettings"=C:\Program Files\pdfforge Toolbar\SearchSettings.exe [2010-01-08 974848]
"RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2008-01-07 4853760]
"NWEReboot"= []
"Skytel"=C:\Windows\Skytel.exe [2007-11-20 1826816]
"AVG9_TRAY"=C:\PROGRA~1\AVG\AVG9\avgtray.exe [2010-05-25 2064736]
" Malwarebytes Anti-Malware  (reboot)"=C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2009-04-11 1233920]
"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-21 125952]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Canaveral]
C:\Users\STEFFI~1\AppData\Local\Temp\sshnas21.dll,BackupReadW []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hsfe8owijfisjhgs7ye39gjsoighsd7y3eu]
C:\Users\XXX\AppData\Local\Temp\b3xs0.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hsfg9w8gujsokgahi8gysgnsdgefshyjy]
C:\Users\XXX\AppData\Local\Temp\login.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\M5T8QL3YW3]
C:\Users\STEFFI~1\AppData\Local\Temp\Zqd.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mcexecwin]
C:\Users\STEFFI~1\AppData\Local\Temp\uofyc37e3.dll, RestoreWindows []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mkunnlaw]
C:\Users\XXX\AppData\Local\cotbjaxww\agvwwbptssd.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\userinit]
C:\Users\XXX\AppData\Roaming\sdra64.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\{16F5D961-FEED-F7E9-D6F7-2C763441779C}]
C:\Users\XXX\AppData\Roaming\Egtogy\qaopy.exe []

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
MCtlSvc.lnk - C:\Program Files\congstar\Internetmanager\Bin\mcserver.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="avgrsstx.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"BindDirectlyToPropertySetStorage"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
shell\AutoRun\command - F:\Data\setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{48eaa3fd-5cea-11df-bbbc-0023546c39b3}]
shell\AutoRun\command - F:\setupSNK.exe


======List of files/folders created in the last 1 months======

2010-05-26 14:49:36 ----D---- C:\Program Files\trend micro
2010-05-26 14:49:35 ----D---- C:\rsit
2010-05-26 13:23:27 ----D---- C:\Users\XXX\AppData\Roaming\Malwarebytes
2010-05-26 13:23:17 ----D---- C:\ProgramData\Malwarebytes
2010-05-26 13:23:16 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-05-26 13:10:25 ----D---- C:\Program Files\CCleaner
2010-05-25 08:03:40 ----HD---- C:\$AVG
2010-05-25 07:52:10 ----A---- C:\Windows\system32\avgrsstx.dll
2010-05-25 07:51:56 ----D---- C:\ProgramData\avg9
2010-05-25 07:51:56 ----D---- C:\Program Files\AVG
2010-05-25 07:43:37 ----D---- C:\Program Files\GRISOFT
2010-05-25 01:45:40 ----A---- C:\Windows\system32\gameux.dll
2010-05-25 01:45:39 ----A---- C:\Windows\system32\GameUXLegacyGDFs.dll
2010-05-25 01:45:39 ----A---- C:\Windows\system32\Apphlpdm.dll
2010-05-25 01:37:45 ----D---- C:\Program Files\Windows Portable Devices
2010-05-25 01:35:13 ----A---- C:\Windows\system32\UIAnimation.dll
2010-05-25 01:35:12 ----A---- C:\Windows\system32\UIRibbonRes.dll
2010-05-25 01:35:12 ----A---- C:\Windows\system32\UIRibbon.dll
2010-05-25 01:34:50 ----A---- C:\Windows\system32\WMPhoto.dll
2010-05-25 01:34:50 ----A---- C:\Windows\system32\cdd.dll
2010-05-25 01:34:49 ----A---- C:\Windows\system32\XpsRasterService.dll
2010-05-25 01:34:49 ----A---- C:\Windows\system32\XpsGdiConverter.dll
2010-05-25 01:34:49 ----A---- C:\Windows\system32\printfilterpipelineprxy.dll
2010-05-25 01:34:49 ----A---- C:\Windows\system32\d3d10warp.dll
2010-05-25 01:34:48 ----A---- C:\Windows\system32\xpsservices.dll
2010-05-25 01:34:48 ----A---- C:\Windows\system32\XpsPrint.dll
2010-05-25 01:34:48 ----A---- C:\Windows\system32\WindowsCodecsExt.dll
2010-05-25 01:34:48 ----A---- C:\Windows\system32\WindowsCodecs.dll
2010-05-25 01:34:48 ----A---- C:\Windows\system32\printfilterpipelinesvc.exe
2010-05-25 01:34:48 ----A---- C:\Windows\system32\PhotoMetadataHandler.dll
2010-05-25 01:34:48 ----A---- C:\Windows\system32\OpcServices.dll
2010-05-25 01:34:48 ----A---- C:\Windows\system32\FntCache.dll
2010-05-25 01:34:48 ----A---- C:\Windows\system32\dxgi.dll
2010-05-25 01:34:48 ----A---- C:\Windows\system32\dxdiagn.dll
2010-05-25 01:34:48 ----A---- C:\Windows\system32\dxdiag.exe
2010-05-25 01:34:48 ----A---- C:\Windows\system32\DWrite.dll
2010-05-25 01:34:48 ----A---- C:\Windows\system32\d3d11.dll
2010-05-25 01:34:48 ----A---- C:\Windows\system32\d3d10level9.dll
2010-05-25 01:34:48 ----A---- C:\Windows\system32\d3d10core.dll
2010-05-25 01:34:48 ----A---- C:\Windows\system32\d3d10_1core.dll
2010-05-25 01:34:48 ----A---- C:\Windows\system32\d3d10_1.dll
2010-05-25 01:34:48 ----A---- C:\Windows\system32\d3d10.dll
2010-05-25 01:34:48 ----A---- C:\Windows\system32\d2d1.dll
2010-05-25 01:34:28 ----A---- C:\Windows\system32\WPDShextAutoplay.exe
2010-05-25 01:34:28 ----A---- C:\Windows\system32\wpdbusenum.dll
2010-05-25 01:34:28 ----A---- C:\Windows\system32\BthMtpContextHandler.dll
2010-05-25 01:34:26 ----A---- C:\Windows\system32\PortableDeviceConnectApi.dll
2010-05-25 01:34:25 ----A---- C:\Windows\system32\wpdshext.dll
2010-05-25 01:34:25 ----A---- C:\Windows\system32\wpd_ci.dll
2010-05-25 01:34:24 ----A---- C:\Windows\system32\WPDSp.dll
2010-05-25 01:34:24 ----A---- C:\Windows\system32\WPDShServiceObj.dll
2010-05-25 01:34:24 ----A---- C:\Windows\system32\PortableDeviceWMDRM.dll
2010-05-25 01:34:24 ----A---- C:\Windows\system32\PortableDeviceTypes.dll
2010-05-25 01:34:24 ----A---- C:\Windows\system32\PortableDeviceClassExtension.dll
2010-05-25 01:34:24 ----A---- C:\Windows\system32\PortableDeviceApi.dll
2010-05-25 01:33:39 ----A---- C:\Windows\system32\UIAutomationCore.dll
2010-05-25 01:33:39 ----A---- C:\Windows\system32\oleaccrc.dll
2010-05-25 01:33:39 ----A---- C:\Windows\system32\oleacc.dll
2010-05-25 01:18:00 ----D---- C:\Windows\system32\eu-ES
2010-05-25 01:18:00 ----D---- C:\Windows\system32\ca-ES
2010-05-25 01:17:58 ----D---- C:\Windows\system32\vi-VN
2010-05-25 00:55:44 ----D---- C:\Windows\system32\EventProviders
2010-05-25 00:48:24 ----D---- C:\Program Files\QS
2010-05-25 00:48:21 ----D---- C:\Users\XXX\AppData\Roaming\TeamViewer
2010-05-24 23:10:47 ----SHD---- C:\Users\XXX\AppData\Roaming\lowsec
2010-05-24 12:55:07 ----D---- C:\Users\XXX\AppData\Roaming\WinRAR
2010-05-24 12:54:47 ----D---- C:\Program Files\softonic-de3
2010-05-24 12:54:47 ----D---- C:\Program Files\Conduit
2010-05-24 12:54:02 ----D---- C:\Program Files\WinRAR
2010-05-18 15:52:28 ----A---- C:\Windows\system32\sporder.dll
2010-05-18 15:52:28 ----A---- C:\Windows\system32\bmutil.dll
2010-05-18 15:52:28 ----A---- C:\Windows\system32\bmnet.dll
2010-05-18 15:52:28 ----A---- C:\Windows\system32\bminstall.dll
2010-05-18 15:52:03 ----D---- C:\Program Files\congstar
2010-05-14 21:35:12 ----D---- C:\ProgramData\TerraTec
2010-05-14 21:35:11 ----R---- C:\Windows\system32\MFC71KOR.DLL
2010-05-14 21:35:11 ----R---- C:\Windows\system32\MFC71JPN.DLL
2010-05-14 21:35:11 ----R---- C:\Windows\system32\MFC71ITA.DLL
2010-05-14 21:35:11 ----R---- C:\Windows\system32\MFC71FRA.DLL
2010-05-14 21:35:10 ----R---- C:\Windows\system32\MFC71ESP.DLL
2010-05-14 21:35:10 ----R---- C:\Windows\system32\MFC71ENU.DLL
2010-05-14 21:35:10 ----R---- C:\Windows\system32\MFC71DEU.DLL
2010-05-14 21:35:10 ----R---- C:\Windows\system32\MFC71CHT.DLL
2010-05-14 21:35:10 ----R---- C:\Windows\system32\MFC71CHS.DLL
2010-05-14 21:35:10 ----R---- C:\Windows\system32\gdiplus.dll
2010-05-14 21:34:55 ----D---- C:\Program Files\TerraTec
2010-05-14 21:34:55 ----D---- C:\Program Files\Common Files\TerraTec
2010-05-14 21:25:42 ----D---- C:\Users\XXX\AppData\Roaming\TerraTec
2010-05-14 10:44:49 ----D---- C:\Users\XXX\AppData\Roaming\Internetmanager
2010-05-14 10:44:21 ----D---- C:\Windows\system32\SupportAppZXH
2010-05-12 12:24:12 ----A---- C:\Windows\system32\inetcomm.dll
2010-05-11 12:31:34 ----D---- C:\Program Files\Application Updater
2010-05-11 12:31:32 ----D---- C:\Program Files\pdfforge Toolbar
2010-05-11 12:31:05 ----A---- C:\Windows\system32\pdfcmnnt.dll
2010-05-11 12:31:02 ----D---- C:\Program Files\PDFCreator
2010-05-11 12:31:02 ----A---- C:\Windows\system32\VB6DE.DLL
2010-05-11 12:31:02 ----A---- C:\Windows\system32\MSMPIDE.DLL
2010-05-11 12:31:02 ----A---- C:\Windows\system32\MSCMCDE.DLL
2010-05-11 12:31:02 ----A---- C:\Windows\system32\MSCC2DE.DLL
2010-05-07 14:29:02 ----D---- C:\ProgramData\Google
2010-05-07 14:25:12 ----D---- C:\Program Files\Common Files\DivX Shared
2010-05-07 14:23:39 ----D---- C:\Program Files\DivX
2010-05-07 14:23:09 ----D---- C:\ProgramData\DivX
2010-05-04 09:26:23 ----D---- C:\Users\XXX\AppData\Roaming\skypePM
2010-05-04 09:23:43 ----D---- C:\Users\XXX\AppData\Roaming\Skype
2010-05-04 09:23:14 ----D---- C:\Program Files\Common Files\Skype
2010-05-04 09:23:13 ----RD---- C:\Program Files\Skype
2010-05-04 09:23:09 ----D---- C:\ProgramData\Skype
2010-05-02 08:46:02 ----D---- C:\Users\XXX\AppData\Roaming\Egtogy

======List of files/folders modified in the last 1 months======

2010-05-26 14:49:36 ----RD---- C:\Program Files
2010-05-26 14:49:36 ----D---- C:\Windows\Prefetch
2010-05-26 14:48:59 ----D---- C:\Windows\Temp
2010-05-26 14:43:11 ----D---- C:\Windows\system32\drivers
2010-05-26 14:43:11 ----D---- C:\Windows\system
2010-05-26 14:38:17 ----D---- C:\Windows\Tasks
2010-05-26 13:23:17 ----HD---- C:\ProgramData
2010-05-26 13:18:24 ----D---- C:\Windows\Debug
2010-05-26 13:18:24 ----D---- C:\Windows
2010-05-26 12:58:23 ----D---- C:\Windows\system32\catroot2
2010-05-26 12:58:23 ----D---- C:\Windows\system32\catroot
2010-05-26 12:58:21 ----D---- C:\Windows\System32
2010-05-26 12:58:21 ----A---- C:\Windows\system32\PerfStringBackup.INI
2010-05-26 12:58:20 ----D---- C:\Windows\inf
2010-05-26 12:58:19 ----D---- C:\Windows\winsxs
2010-05-25 23:20:06 ----D---- C:\Program Files\Google
2010-05-25 23:20:05 ----SHD---- C:\Windows\Installer
2010-05-25 22:15:09 ----D---- C:\Windows\system32\Tasks
2010-05-25 08:18:16 ----D---- C:\Users\XXX\AppData\Roaming\Ygxico
2010-05-25 02:05:00 ----D---- C:\Windows\rescache
2010-05-25 01:46:03 ----D---- C:\Windows\AppPatch
2010-05-25 01:37:46 ----D---- C:\Windows\system32\de-DE
2010-05-25 01:37:45 ----D---- C:\Windows\system32\wbem
2010-05-25 01:37:44 ----D---- C:\Windows\system32\zh-HK
2010-05-25 01:37:44 ----D---- C:\Windows\system32\uk-UA
2010-05-25 01:37:44 ----D---- C:\Windows\system32\tr-TR
2010-05-25 01:37:44 ----D---- C:\Windows\system32\th-TH
2010-05-25 01:37:44 ----D---- C:\Windows\system32\sv-SE
2010-05-25 01:37:44 ----D---- C:\Windows\system32\sr-Latn-CS
2010-05-25 01:37:44 ----D---- C:\Windows\system32\sl-SI
2010-05-25 01:37:44 ----D---- C:\Windows\system32\pt-PT
2010-05-25 01:37:44 ----D---- C:\Windows\system32\pt-BR
2010-05-25 01:37:44 ----D---- C:\Windows\system32\pl-PL
2010-05-25 01:37:44 ----D---- C:\Windows\system32\nl-NL
2010-05-25 01:37:44 ----D---- C:\Windows\system32\ko-KR
2010-05-25 01:37:44 ----D---- C:\Windows\system32\it-IT
2010-05-25 01:37:44 ----D---- C:\Windows\system32\hu-HU
2010-05-25 01:37:44 ----D---- C:\Windows\system32\hr-HR
2010-05-25 01:37:44 ----D---- C:\Windows\system32\he-IL
2010-05-25 01:37:44 ----D---- C:\Windows\system32\fr-FR
2010-05-25 01:37:44 ----D---- C:\Windows\system32\fi-FI
2010-05-25 01:37:44 ----D---- C:\Windows\system32\es-ES
2010-05-25 01:37:44 ----D---- C:\Windows\system32\el-GR
2010-05-25 01:37:44 ----D---- C:\Windows\system32\bg-BG
2010-05-25 01:37:43 ----D---- C:\Windows\system32\zh-TW
2010-05-25 01:37:43 ----D---- C:\Windows\system32\zh-CN
2010-05-25 01:37:43 ----D---- C:\Windows\system32\sk-SK
2010-05-25 01:37:43 ----D---- C:\Windows\system32\ru-RU
2010-05-25 01:37:43 ----D---- C:\Windows\system32\ro-RO
2010-05-25 01:37:43 ----D---- C:\Windows\system32\nb-NO
2010-05-25 01:37:43 ----D---- C:\Windows\system32\lv-LV
2010-05-25 01:37:43 ----D---- C:\Windows\system32\lt-LT
2010-05-25 01:37:43 ----D---- C:\Windows\system32\ja-JP
2010-05-25 01:37:43 ----D---- C:\Windows\system32\et-EE
2010-05-25 01:37:43 ----D---- C:\Windows\system32\en-US
2010-05-25 01:37:43 ----D---- C:\Windows\system32\da-DK
2010-05-25 01:37:43 ----D---- C:\Windows\system32\cs-CZ
2010-05-25 01:37:43 ----D---- C:\Windows\system32\ar-SA
2010-05-25 01:35:37 ----D---- C:\Windows\Microsoft.NET
2010-05-25 01:35:36 ----RSD---- C:\Windows\assembly
2010-05-25 01:26:03 ----SHD---- C:\Boot
2010-05-25 01:19:23 ----D---- C:\Program Files\Windows Mail
2010-05-25 01:19:23 ----D---- C:\Program Files\Windows Calendar
2010-05-25 01:19:23 ----D---- C:\Program Files\Movie Maker
2010-05-25 01:19:21 ----D---- C:\Program Files\Windows Sidebar
2010-05-25 01:19:21 ----D---- C:\Program Files\Internet Explorer
2010-05-25 01:19:20 ----D---- C:\Program Files\Windows Media Player
2010-05-25 01:19:20 ----D---- C:\Program Files\Windows Collaboration
2010-05-25 01:19:19 ----D---- C:\Program Files\Windows Journal
2010-05-25 01:19:17 ----D---- C:\Program Files\Windows Photo Gallery
2010-05-25 01:19:17 ----D---- C:\Program Files\Common Files\System
2010-05-25 01:19:12 ----D---- C:\Windows\servicing
2010-05-25 01:19:12 ----D---- C:\Windows\ehome
2010-05-25 01:19:12 ----D---- C:\Program Files\Windows Defender
2010-05-25 01:18:56 ----D---- C:\Windows\system32\XPSViewer
2010-05-25 01:18:56 ----D---- C:\Windows\IME
2010-05-25 01:18:53 ----D---- C:\Windows\system32\oobe
2010-05-25 01:18:52 ----D---- C:\Windows\system32\migration
2010-05-25 01:18:48 ----D---- C:\Windows\system32\SLUI
2010-05-25 01:18:48 ----D---- C:\Windows\system32\setup
2010-05-25 01:18:48 ----D---- C:\Windows\system32\AdvancedInstallers
2010-05-25 01:18:47 ----D---- C:\Windows\system32\manifeststore
2010-05-25 01:18:43 ----D---- C:\Windows\system32\migwiz
2010-05-25 01:18:06 ----RSD---- C:\Windows\Fonts
2010-05-25 01:17:58 ----D---- C:\Windows\system32\Boot
2010-05-25 01:16:31 ----D---- C:\Windows\system32\RTCOM
2010-05-24 23:59:46 ----SHD---- C:\$RECYCLE.BIN
2010-05-24 23:57:57 ----RD---- C:\Users
2010-05-18 15:52:03 ----HD---- C:\Program Files\InstallShield Installation Information
2010-05-18 15:36:42 ----D---- C:\Windows\ModemLogs
2010-05-18 14:31:23 ----D---- C:\Windows\system32\WDI
2010-05-14 21:34:55 ----D---- C:\Program Files\Common Files
2010-05-13 10:42:40 ----D---- C:\ProgramData\Microsoft Help
2010-05-12 11:21:16 ----N---- C:\Windows\system32\MpSigStub.exe
2010-05-06 10:57:16 ----D---- C:\ProgramData\Vodafone
2010-05-06 01:43:02 ----D---- C:\Program Files\Mozilla Firefox
2010-04-30 20:51:06 ----A---- C:\Windows\system32\mrt.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AvgArCln;Avg Anti-Rootkit Clean Driver; C:\Windows\System32\DRIVERS\AvgArCln.sys [2007-01-18 3968]
R1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\Windows\System32\Drivers\avgldx86.sys [2010-05-25 216200]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\Windows\System32\Drivers\avgmfx86.sys [2010-05-25 29512]
R1 AvgTdiX;AVG Free Network Redirector; C:\Windows\System32\Drivers\avgtdix.sys [2010-05-25 242896]
R1 tcpipBM;Bytemobile Kernel Network Provider; \??\C:\Windows\system32\drivers\tcpipBM.sys [2009-12-15 24192]
R2 ASMMAP;ASMMAP; \??\C:\Program Files\ATKGFNEX\ASMMAP.sys [2007-07-24 13880]
R2 ghaio;ghaio; \??\C:\Program Files\ASUS\NB Probe\SPM\ghaio.sys [2007-08-03 20936]
R3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athr.sys [2008-04-06 908800]
R3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2008-03-09 3533824]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\Windows\system32\DRIVERS\CmBatt.sys [2008-01-21 14208]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys [2008-04-17 15464]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2008-01-08 2044896]
R3 kbfiltr;Keyboard Filter; C:\Windows\system32\DRIVERS\kbfiltr.sys [2008-06-03 15928]
R3 MTsensor;ATK0100 ACPI UTILITY; C:\Windows\system32\DRIVERS\ATKACPI.sys [2006-12-14 7680]
R3 RTSTOR;USB Mass Storage Device; C:\Windows\system32\drivers\RTSTOR.SYS [2007-11-10 57856]
R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver; C:\Windows\system32\DRIVERS\SiSGB6.sys [2007-06-20 47616]
R3 SNP2UVC;USB2.0 PC Camera (SNP2UVC); C:\Windows\system32\DRIVERS\snp2uvc.sys [2008-05-22 1772544]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2007-12-06 196400]
R3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-21 83328]
S3 AF9035BDA;Cinergy T-Stick service; C:\Windows\system32\DRIVERS\AF9035BDA.sys [2009-02-18 245720]
S3 drmkaud;Microsoft Kernel-DRM-Audioentschlüsselung; C:\Windows\system32\drivers\drmkaud.sys [2008-01-21 5632]
S3 GTPTSER;GT PT SER; C:\Windows\system32\DRIVERS\gtptser.sys [2009-05-26 8064]
S3 GTUQBUS;GT UQ BUS; C:\Windows\system32\DRIVERS\gtuqbus.sys [2009-05-26 37120]
S3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 HSPADataCardusbmdm;HSPADataCard Proprietary USB Driver; C:\Windows\system32\DRIVERS\HSPADataCardusbmdm.sys [2010-02-11 106880]
S3 HSPADataCardusbnmea;HSPADataCard NMEA Port; C:\Windows\system32\DRIVERS\HSPADataCardusbnmea.sys [2010-02-11 106880]
S3 HSPADataCardusbser;HSPADataCard Diagnostic Port; C:\Windows\system32\DRIVERS\HSPADataCardusbser.sys [2010-02-11 106880]
S3 massfilter;ZTE Mass Storage Filter Driver; C:\Windows\system32\DRIVERS\massfilter.sys [2010-02-11 10240]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-21 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-21 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-21 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-21 6016]
S3 PCASp50;PCASp50 NDIS Protocol Driver; C:\Windows\System32\Drivers\PCASp50.sys []
S3 smserial;smserial; C:\Windows\system32\DRIVERS\smserial.sys [2006-11-02 1010560]
S3 usbaudio;USB-Audiotreiber (WDM); C:\Windows\system32\drivers\usbaudio.sys [2009-04-11 73216]
S3 usbscan;USB-Scannertreiber; C:\Windows\system32\DRIVERS\usbscan.sys [2008-01-21 35328]
S3 usbvideo;USB-Videogerät (WDM); C:\Windows\System32\Drivers\usbvideo.sys [2008-01-21 134016]
S3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller; C:\Windows\system32\DRIVERS\yk60x86.sys [2006-11-02 194048]
S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-01-21 6656]
S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [2008-01-21 386616]
S4 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2008-01-21 88576]
S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\DRIVERS\wmiacpi.sys [2008-01-21 11264]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 ADSMService;ADSM Service; C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe [2007-05-18 73728]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-11-07 132424]
R2 Application Updater;Application Updater; C:\Program Files\Application Updater\ApplicationUpdater.exe [2010-01-08 380928]
R2 ASLDRService;ASLDR Service; C:\Program Files\ATK Hotkey\ASLDRSrv.exe [2007-02-06 94208]
R2 Ati External Event Utility;Ati External Event Utility; C:\Windows\system32\Ati2evxx.exe [2008-03-09 655360]
R2 ATKGFNEXSrv;ATKGFNEX Service; C:\Program Files\ATKGFNEX\GFNEXSrv.exe [2007-08-08 94208]
R2 avg9wd;AVG Free WatchDog; C:\Program Files\AVG\AVG9\avgwdsvc.exe [2010-05-25 308064]
R2 Bonjour Service;Bonjour-Dienst; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]
R2 ICQ Service;ICQ Service; C:\Program Files\ICQ6Toolbar\ICQ Service.exe [2008-10-19 222456]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2008-06-09 73728]
R2 spmgr;spmgr; C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe [2007-08-03 125496]
S3 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\Windows\system32\svchost.exe [2008-01-21 21504]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-12-17 156656]
S3 iPod Service;iPod-Dienst; C:\Program Files\iPod\bin\iPodService.exe [2009-01-06 536872]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2008-10-25 65888]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]

-----------------EOF-----------------


[QUOTE]
info.txtRSIT Logfile:
Code:
ATTFilter
logfile of random's system information tool 1.06 2010-05-26 14:49:40

======Uninstall list======

7-Zip 4.65-->"C:\Program Files\7-Zip\Uninstall.exe"
Adobe Flash Player 10 Plugin-->C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Flash Player 9 ActiveX-->C:\Windows\system32\Macromed\Flash\UninstFl.exe -q
Adobe Reader 8.1.5 - Deutsch-->MsiExec.exe /I{AC76BA86-7AD7-1031-7B44-A81300000003}
Apple Mobile Device Support-->MsiExec.exe /I{EC4455AB-F155-4CC1-A4C5-88F3777F9886}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
ASUS CopyProtect-->MsiExec.exe /I{6B77A7F6-DD63-4F13-A6FF-83137A5AC354}
ASUS Data Security Manager-->C:\Program Files\InstallShield Installation Information\{1C8521E5-5A7B-4A4E-A9CD-AD53116EAEE0}\SETUP.exe -runfromtemp -l0x0009 -removeonly
ASUS LifeFrame3-->MsiExec.exe /I{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}
ASUS Live Update-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E657B243-9AD4-4ECC-BE81-4CCF8D667FD0}\setup.exe" -l0x9 
ASUS Power4Gear eXtreme-->MsiExec.exe /I{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}
ASUS SmartLogon-->MsiExec.exe /I{64452561-169F-4A36-A2FF-B5E118EC65F5}
ASUS Touch Pad Extra-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DB891739-2EB3-45A8-9CBD-941C255CECD4}\SETUP.EXE" -l0x9 
Asus_Camera_ScreenSaver-->"C:\Windows\ASUS Camera ScreenSaver Uninstaller.exe"
Atheros Client Installation Program-->C:\Program Files\InstallShield Installation Information\{28006915-2739-4EBE-B5E8-49B25D32EB33}\SETUP.exe -runfromtemp -l0x0009 -removeonly
ATK Generic Function Service-->C:\Program Files\InstallShield Installation Information\{D3D54F3E-C5C3-443D-978F-87A72E5616E8}\setup.exe -runfromtemp -l0x0009 -removeonly
ATK Hotkey-->C:\Program Files\InstallShield Installation Information\{3912D529-02BC-4CA8-B5ED-0D0C20EB6003}\SETUP.exe -runfromtemp -l0x0009 -removeonly
ATK Media-->MsiExec.exe /I{D1E5870E-E3E5-4475-98A6-ADD614524ADF}
ATKOSD2-->C:\Program Files\InstallShield Installation Information\{5C1DB4ED-E9B4-402D-BB14-D75D97D6C1A6}\SETUP.exe -runfromtemp -l0x0009 -removeonly
AVG Anti-Rootkit Free-->C:\Program Files\GRISOFT\AVG Anti-Rootkit Free\Uninstall.exe
AVG Free 9.0-->C:\Program Files\AVG\AVG9\setup.exe /UNINSTALL
Bonjour-->MsiExec.exe /I{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}
Brother MFL-Pro Suite-->"C:\Program Files\InstallShield Installation Information\{A3FEC306-FBFF-4B0D-95B9-F9C67C65079E}\Setup.exe"  -runfromtemp -l0x0007 Brunin03.dll -removeonly
ccc-Branding-->MsiExec.exe /I{6E32B134-CA8D-49DD-B94C-0DB155CE70B5}
CCleaner-->"C:\Program Files\CCleaner\uninst.exe"
Cisco EAP-FAST Module-->MsiExec.exe /I{415B2719-AD3A-4944-B404-C472DB6085B3}
Cisco LEAP Module-->MsiExec.exe /I{83770D14-21B9-44B3-8689-F7B523F94560}
Cisco PEAP Module-->MsiExec.exe /I{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}
collection Screen Saver-->C:\Windows\system32\collection.scr /u
congstar Internet-Manager-->"C:\Program Files\InstallShield Installation Information\{27D28586-BEF1-4E06-8787-3B1FC3A41489}\setup.exe" -runfromtemp -l0x0007 -removeonly
CyberLink LabelPrint-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C59C179C-668D-49A9-B6EA-0121CCFC1243}\Setup.exe"  -uninstall
CyberLink Power2Go-->"C:\Program Files\InstallShield Installation Information\{40BF1E83-20EB-11D8-97C5-0009C5020658}\Setup.exe" /z-uninstall
CyberLink Power2Go-->"C:\Program Files\InstallShield Installation Information\{40BF1E83-20EB-11D8-97C5-0009C5020658}\Setup.exe" /z-uninstall
DivX-Setup-->C:\ProgramData\DivX\Setup\DivXSetup.exe /uninstall /bundleGroupId divx.com
ElsterFormular 2008/2009-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{04830D0F-F980-4EC0-89F1-594F2FD2A1B5}\setup.exe" -l0x7  -removeonly
Express Gate-->MsiExec.exe /I{27D51A76-371D-48B6-B06E-4137A15B7583}
Free Studio version 4.3-->"C:\Program Files\DVDVideoSoft\Free Studio\unins000.exe"
Free YouTube to Mp3 Converter version 3.1-->"C:\Program Files\DVDVideoSoft\Free YouTube to Mp3 Converter\unins000.exe"
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall  /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
ICQ Toolbar-->C:\Program Files\ICQ6Toolbar\ICQUnToolbar.exe
ICQ6.5-->"C:\Program Files\InstallShield Installation Information\{60DE4033-9503-48D1-A483-7846BD217CA9}\setup.exe" -runfromtemp -l0x0009 -removeonly
iTunes-->MsiExec.exe /I{F5C63795-2708-4D15-BF18-5ABBFF7DFFC8}
Java(TM) 6 Update 13-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216012FF}
Juicy Couture Screen Saver-->C:\Windows\system32\Juicy Couture.scr /u
LightScribe System Software  1.14.17.1-->MsiExec.exe /X{0E7DBD52-B097-4F2B-A7C7-F105B0D20FDB}
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU-->C:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack SP1 - deu\setup.exe
Microsoft .NET Framework 3.5 Language Pack SP1 - deu-->MsiExec.exe /I{052FDD78-A6EA-3187-8386-C82F4CA3A929}
Microsoft .NET Framework 3.5 SP1-->C:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Choice Guard-->MsiExec.exe /X{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0015-0407-0000-0000000FF1CE} /uninstall {9BD40163-B95D-4B07-8991-0AB775B6D88B}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0016-0407-0000-0000000FF1CE} /uninstall {9BD40163-B95D-4B07-8991-0AB775B6D88B}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0018-0407-0000-0000000FF1CE} /uninstall {9BD40163-B95D-4B07-8991-0AB775B6D88B}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0019-0407-0000-0000000FF1CE} /uninstall {9BD40163-B95D-4B07-8991-0AB775B6D88B}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001A-0407-0000-0000000FF1CE} /uninstall {9BD40163-B95D-4B07-8991-0AB775B6D88B}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001B-0407-0000-0000000FF1CE} /uninstall {9BD40163-B95D-4B07-8991-0AB775B6D88B}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0044-0407-0000-0000000FF1CE} /uninstall {9BD40163-B95D-4B07-8991-0AB775B6D88B}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-006E-0407-0000-0000000FF1CE} /uninstall {26454C26-D259-4543-AA60-3189E09C5F76}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-00A1-0407-0000-0000000FF1CE} /uninstall {9BD40163-B95D-4B07-8991-0AB775B6D88B}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-00BA-0407-0000-0000000FF1CE} /uninstall {9BD40163-B95D-4B07-8991-0AB775B6D88B}
Microsoft Office Access MUI (German) 2007-->MsiExec.exe /X{90120000-0015-0407-0000-0000000FF1CE}
Microsoft Office Enterprise 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL
Microsoft Office Enterprise 2007-->MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (German) 2007-->MsiExec.exe /X{90120000-0016-0407-0000-0000000FF1CE}
Microsoft Office Groove MUI (German) 2007-->MsiExec.exe /X{90120000-00BA-0407-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (German) 2007-->MsiExec.exe /X{90120000-0044-0407-0000-0000000FF1CE}
Microsoft Office OneNote MUI (German) 2007-->MsiExec.exe /X{90120000-00A1-0407-0000-0000000FF1CE}
Microsoft Office Outlook MUI (German) 2007-->MsiExec.exe /X{90120000-001A-0407-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (German) 2007-->MsiExec.exe /X{90120000-0018-0407-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (German) 2007-->MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}
Microsoft Office Proof (Italian) 2007-->MsiExec.exe /X{90120000-001F-0410-0000-0000000FF1CE}
Microsoft Office Proofing (German) 2007-->MsiExec.exe /X{90120000-002C-0407-0000-0000000FF1CE}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0407-0000-0000000FF1CE} /uninstall {A0516415-ED61-419A-981D-93596DA74165}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {ABDDE972-355B-4AF1-89A8-DA50B7B5C045}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {F580DDD5-8D37-4998-968E-EBB76BB86787}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0410-0000-0000000FF1CE} /uninstall {322296D4-1EAE-4030-9FBC-D2787EB25FA2}
Microsoft Office Publisher MUI (German) 2007-->MsiExec.exe /X{90120000-0019-0407-0000-0000000FF1CE}
Microsoft Office Shared MUI (German) 2007-->MsiExec.exe /X{90120000-006E-0407-0000-0000000FF1CE}
Microsoft Office Word MUI (German) 2007-->MsiExec.exe /X{90120000-001B-0407-0000-0000000FF1CE}
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{837b34e3-7c30-493c-8f6a-2b0f04e2912c}
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148-->MsiExec.exe /X{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Mozilla Firefox (3.6.3)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
NB Probe-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6324A1EF-CEF4-43E3-8BCD-9EF3F67317FD}\setup.exe" -l0x9 
OpenOffice.org 3.1-->MsiExec.exe /I{D765F1CE-5AE5-4C47-B134-AE58AC474740}
PaperPort Image Printer-->MsiExec.exe /X{332CC6BF-E6C7-48EE-BA3D-435E576AD67F}
PDFCreator-->C:\Program Files\PDFCreator\unins000.exe
pdfforge Toolbar v1.1.2-->MsiExec.exe /X{5791B7D3-8B34-4218-9750-6A8E45D0AD32}
Picasa 2-->"C:\Program Files\Picasa2\Uninstall.exe"
QuickTime-->MsiExec.exe /I{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}
Realtek High Definition Audio Driver-->RtlUpd.exe -r -m
Realtek USB 2.0 Card Reader-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DC24971E-1946-445D-8A82-CE685433FA7D}\SETUP.exe" -l0x9  -removeonly
ScanSoft PaperPort 11-->MsiExec.exe /I{B6C89654-A6A2-477C-873B-724EC1C56407}
Security Update for 2007 Microsoft Office System (KB969559)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {69F52148-9BF6-4CDC-BF76-103DEAF3DD08}
Security Update for 2007 Microsoft Office System (KB976321)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {7F207DCA-3399-40CB-A968-6E5991B1421A}
Security Update for 2007 Microsoft Office System (KB978380)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {667A88D1-0369-4070-A62A-70672D68A9BF}
Security Update for Microsoft Office Excel 2007 (KB978382)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {6DE3DABF-0203-426B-B330-7287D1003E86}
Security Update for Microsoft Office Outlook 2007 (KB972363)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {120BE9A0-9B09-4855-9E0C-7DEE45CB03C0}
Security Update for Microsoft Office PowerPoint 2007 (KB957789)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {7559E742-FF9F-4FAE-B279-008ED296CB4D}
Security Update for Microsoft Office Publisher 2007 (KB980470)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {34573F17-DADE-4D0D-835F-A54A1DE8AC1F}
Security Update for Microsoft Office system 2007 (972581)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {3D019598-7B59-447A-80AE-815B703B84FF}
Security Update for Microsoft Office system 2007 (KB969613)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {5ECEB317-CBE9-4E08-AB10-756CB6F0FB6C}
Security Update for Microsoft Office system 2007 (KB974234)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {FCD742B9-7A55-44BC-A776-F795F21FEDDC}
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {71127777-8B2C-4F97-AF7A-6CF8CAC8224D}
Skype Toolbars-->MsiExec.exe /I{981029E0-7FC9-4CF3-AB39-6F133621921A}
Skype™ 4.2-->MsiExec.exe /X{D103C4BA-F905-437A-8049-DB24763BBE36}
softonic-de3 Toolbar-->C:\PROGRA~1\SOFTON~1\UNWISE.EXE   /U C:\PROGRA~1\SOFTON~1\INSTALL.LOG  
Spelling Dictionaries Support For Adobe Reader 8-->MsiExec.exe /I{AC76BA86-7AD7-5464-3428-800000000003}
Synaptics Pointing Device Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
TerraTec Home Cinema-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{63B9BAB5-F36A-4A3B-9E5C-68A7F212BFB9}\setup.exe" -l0x7 
Uninstall 1.0.0.1-->"C:\Program Files\Common Files\DVDVideoSoft\unins000.exe"
Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D}
Update for 2007 Microsoft Office System (KB981715)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {661B3F32-FFE4-4606-AE3A-DFA11DCC0D79}
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
Update for Microsoft Office InfoPath 2007 (KB976416)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {432C5EE4-8096-4FF1-95E1-65219365DFF7}
Update for Microsoft Office OneNote 2007 (KB980729)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {329050A9-EF80-40F9-B633-74508F54C1FF}
Update for Microsoft Office Word 2007 (KB974561)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {0CDDBAA2-2111-4A0E-A1B0-76C40C635331}
Update for Outlook 2007 Junk Email Filter (kb981726)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {2C69BACE-1151-41C0-8C8D-F6026D510BD4}
Update für Microsoft Office Excel 2007 Help (KB963678)-->msiexec /package {90120000-0016-0407-0000-0000000FF1CE} /uninstall {BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}
Update für Microsoft Office Outlook 2007 Help (KB963677)-->msiexec /package {90120000-001A-0407-0000-0000000FF1CE} /uninstall {F6828576-6F79-470D-AB50-69D1BBADBD30}
Update für Microsoft Office Powerpoint 2007 Help (KB963669)-->msiexec /package {90120000-0018-0407-0000-0000000FF1CE} /uninstall {EA160DA3-E9B5-4D03-A518-21D306665B96}
Update für Microsoft Office Word 2007 Help (KB963665)-->msiexec /package {90120000-001B-0407-0000-0000000FF1CE} /uninstall {38472199-D7B6-4833-A949-10E4EE6365A1}
USB2.0 UVC 1.3M WebCam-->C:\Windows\snuninst.exe /name='USB2.0 UVC 1.3M WebCam'
VC80CRTRedist - 8.0.50727.4053-->MsiExec.exe /I{5EE7D259-D137-4438-9A5F-42F432EC0421}
VideoLAN VLC media player 0.8.6c-->C:\Program Files\VideoLAN\VLC\uninstall.exe
Windows Live Anmelde-Assistent-->MsiExec.exe /I{52B97218-98CB-4B8B-9283-D213C85E1AA4}
Windows Live Call-->MsiExec.exe /I{5FC68772-6D56-41C6-9DF1-24E868198AE6}
Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52}
Windows Live Essentials-->C:\Program Files\Windows Live\Installer\wlarp.exe
Windows Live Essentials-->MsiExec.exe /I{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}
Windows Live Messenger-->MsiExec.exe /X{41E654A9-26D0-4EAC-854B-0FA824FFFABB}
Windows Live-Uploadtool-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
WinFlash-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DE10AB76-4756-4913-BE25-55D1C1051F9A}\setup.exe" -l0x9 
WinRAR-->C:\Program Files\WinRAR\uninstall.exe
Wireless Console 2-->C:\Program Files\InstallShield Installation Information\{83F73CB1-7705-49D1-9852-84D839CA2A45}\SETUP.exe -runfromtemp -l0x0009 -removeonly

======Security center information======

AS: Windows Defender

======System event log======

Computer Name: XXX-PC
Event Code: 7036
Message: Dienst "Arbeitsstationsdienst" befindet sich jetzt im Status "Ausgeführt".
Record Number: 133282
Source Name: Service Control Manager
Time Written: 20100111141323.000000-000
Event Type: Informationen
User: 

Computer Name: XXX-PC
Event Code: 7036
Message: Dienst "WebClient" befindet sich jetzt im Status "Ausgeführt".
Record Number: 133281
Source Name: Service Control Manager
Time Written: 20100111141323.000000-000
Event Type: Informationen
User: 

Computer Name: XXX-PC
Event Code: 7036
Message: Dienst "Basisfiltermodul" befindet sich jetzt im Status "Ausgeführt".
Record Number: 133280
Source Name: Service Control Manager
Time Written: 20100111141323.000000-000
Event Type: Informationen
User: 

Computer Name: XXX-PC
Event Code: 7036
Message: Dienst "Druckwarteschlange" befindet sich jetzt im Status "Ausgeführt".
Record Number: 133279
Source Name: Service Control Manager
Time Written: 20100111141323.000000-000
Event Type: Informationen
User: 

Computer Name: XXX-PC
Event Code: 7036
Message: Dienst "Aufgabenplanung" befindet sich jetzt im Status "Ausgeführt".
Record Number: 133278
Source Name: Service Control Manager
Time Written: 20100111141323.000000-000
Event Type: Informationen
User: 

=====Application event log=====

Computer Name: XXX-PC
Event Code: 10002
Message: Die folgende Anwendung wurde beendet, weil sie nicht reagiert hat: sidebar.exe.
Record Number: 888
Source Name: Microsoft-Windows-Winsrv
Time Written: 20081216124141.944500-000
Event Type: Informationen
User: XXX-PC\Administrator

Computer Name: XXX-PC
Event Code: 1531
Message: Der Benutzerprofildienst wurde erfolgreich gestartet.  


Record Number: 887
Source Name: Microsoft-Windows-User Profiles Service
Time Written: 20090206095014.000000-000
Event Type: Informationen
User: NT-AUTORITÄT\SYSTEM

Computer Name: WIN-TT7TXOEW48X
Event Code: 36
Message: 
Record Number: 886
Source Name: ccSvcHst
Time Written: 20081216124138.000000-000
Event Type: Informationen
User: NT-AUTORITÄT\SYSTEM

Computer Name: WIN-TT7TXOEW48X
Event Code: 103
Message: Windows (2088) Windows: Das Datenbankmodul hat die Instanz (0) beendet.
Record Number: 885
Source Name: ESENT
Time Written: 20081216123930.000000-000
Event Type: Informationen
User: 

Computer Name: WIN-TT7TXOEW48X
Event Code: 1013
Message: Der Windows-Suchdienst wurde normal beendet.

Record Number: 884
Source Name: Microsoft-Windows-Search
Time Written: 20081216123930.000000-000
Event Type: Informationen
User: 

=====Security event log=====

Computer Name: XXX-PC
Event Code: 4907
Message: Die Überwachungseinstellungen für ein Objekt wurden geändert:

Antragsteller:
	Sicherheits-ID:		XXX-5-18
	Kontoname:		XXX-PC$
	Kontodomäne:		WORKGROUP
	Anmelde-ID:		XXXe7

Objekt:
	Objektserver:	Security
	Objekttyp:	File
	Objektname:	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\ReachFramework.dll
	Handle-ID:	0x14

Prozessinformationen:
	Prozess-ID:	0x814
	Prozessname:	C:\Windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.0.6002.18005_none_0b4ada54c46c45b0\poqexec.exe

Überwachungseinstellungen:
	Originalsicherheitsbeschreibung:	
	Neue Sicherheitsbeschreibung:		S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
Record Number: 20041
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090822012008.888350-000
Event Type: Überwachung erfolgreich
User: 

Computer Name: XXX-PC
Event Code: 4907
Message: Die Überwachungseinstellungen für ein Objekt wurden geändert:

Antragsteller:
	Sicherheits-ID:		XXX-5-18
	Kontoname:		XXX-PC$
	Kontodomäne:		WORKGROUP
	Anmelde-ID:		XXXe7

Objekt:
	Objektserver:	Security
	Objekttyp:	File
	Objektname:	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\UIAutomationClient.dll
	Handle-ID:	0x14

Prozessinformationen:
	Prozess-ID:	0x814
	Prozessname:	C:\Windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.0.6002.18005_none_0b4ada54c46c45b0\poqexec.exe

Überwachungseinstellungen:
	Originalsicherheitsbeschreibung:	
	Neue Sicherheitsbeschreibung:		S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
Record Number: 20040
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090822012008.857100-000
Event Type: Überwachung erfolgreich
User: 

Computer Name: XXX-PC
Event Code: 4907
Message: Die Überwachungseinstellungen für ein Objekt wurden geändert:

Antragsteller:
	Sicherheits-ID:		XXX-5-18
	Kontoname:		XXX-PC$
	Kontodomäne:		WORKGROUP
	Anmelde-ID:		XXXe7

Objekt:
	Objektserver:	Security
	Objekttyp:	File
	Objektname:	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\PresentationCore.dll
	Handle-ID:	0x14

Prozessinformationen:
	Prozess-ID:	0x814
	Prozessname:	C:\Windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.0.6002.18005_none_0b4ada54c46c45b0\poqexec.exe

Überwachungseinstellungen:
	Originalsicherheitsbeschreibung:	
	Neue Sicherheitsbeschreibung:		S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
Record Number: 20039
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090822012008.794600-000
Event Type: Überwachung erfolgreich
User: 

Computer Name: XXX-PC
Event Code: 4907
Message: Die Überwachungseinstellungen für ein Objekt wurden geändert:

Antragsteller:
	Sicherheits-ID:		XXX-5-18
	Kontoname:		XXX-PC$
	Kontodomäne:		WORKGROUP
	Anmelde-ID:		XXXe7

Objekt:
	Objektserver:	Security
	Objekttyp:	File
	Objektname:	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\System.Workflow.Activities.dll
	Handle-ID:	0x14

Prozessinformationen:
	Prozess-ID:	0x814
	Prozessname:	C:\Windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.0.6002.18005_none_0b4ada54c46c45b0\poqexec.exe

Überwachungseinstellungen:
	Originalsicherheitsbeschreibung:	
	Neue Sicherheitsbeschreibung:		S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
Record Number: 20038
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090822012008.732100-000
Event Type: Überwachung erfolgreich
User: 

Computer Name: XXX-PC
Event Code: 4907
Message: Die Überwachungseinstellungen für ein Objekt wurden geändert:

Antragsteller:
	Sicherheits-ID:		XXX-5-18
	Kontoname:		XXX-PC$
	Kontodomäne:		WORKGROUP
	Anmelde-ID:		XXXe7

Objekt:
	Objektserver:	Security
	Objekttyp:	File
	Objektname:	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\UIAutomationProvider.dll
	Handle-ID:	0x14

Prozessinformationen:
	Prozess-ID:	0x814
	Prozessname:	C:\Windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.0.6002.18005_none_0b4ada54c46c45b0\poqexec.exe

Überwachungseinstellungen:
	Originalsicherheitsbeschreibung:	
	Neue Sicherheitsbeschreibung:		S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
Record Number: 20037
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090822012008.669600-000
Event Type: Überwachung erfolgreich
User: 

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files\QuickTime\QTSystem\
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=x86
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 13, GenuineIntel
"PROCESSOR_REVISION"=0f0d
"NUMBER_OF_PROCESSORS"=2
"TRACE_FORMAT_SEARCH_PATH"=\\NTREL202.ntdev.corp.microsoft.com\4F18C3A5-CA09-4DBD-B6FC-219FDD4C6BE0\TraceFormat
"DFSTRACINGON"=FALSE
"configsetroot"=%SystemRoot%\ConfigSetRoot
"CLASSPATH"=.;C:\Program Files\QuickTime\QTSystem\QTJava.zip
"QTJAVA"=C:\Program Files\QuickTime\QTSystem\QTJava.zip

-----------------EOF-----------------
Geändert von 79skyline (26.05.2010 um 15:21 Uhr)

Alt 26.05.2010, 21:05   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Trojaner Probleme 26.Mai 2010 - Standard

Trojaner Probleme 26.Mai 2010


Hallo und

Du hast ein Rootkit im System, poste bitte daher jetzt mal GMER und OSAM Logfiles. GMER kann abstürzen, sollte es beim 2. Mal auch abstürzen, einfach nur OSAM ausführen und das Log posten.
__________________

__________________
Alt 26.05.2010, 23:25   #3
79skyline
 
Trojaner Probleme 26.Mai 2010 - Standard

Trojaner Probleme 26.Mai 2010


Hallo und danke für die Begrüßung,
bin überrascht und begeistert, dass so schnell eine Reaktion kam.
Hier die Reports.

OSAM Report kann ich leider hier nicht Posten, läßt sich nicht einkopieren.


GMER Logfile:
Code:
ATTFilter
GMER 1.0.15.15281 - hXXp://wXw.gmer.net
Rootkit scan 2010-05-27 00:01:56
Windows 6.0.6002 Service Pack 2
Running: sfjutb9n.exe; Driver: C:\Users\XXX\AppData\Local\Temp\ugtyqpob.sys


---- System - GMER 1.0.15 ----

INT 0x1F        \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)             827D9CD0
INT 0x37        \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)             827D90E8
INT 0xC1        \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)             827D93D8
INT 0xD1        \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)             827C5724
INT 0xDF        \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)             827D91C0
INT 0xE1        \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)             827D9B40
INT 0xE3        \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)             827D96D4
INT 0xFD        \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)             827DA100
INT 0xFE        \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)             827DA36C

---- Kernel code sections - GMER 1.0.15 ----

?               System32\Drivers\xawcfdwq.sys                                                                        Ein an das System angeschlossenes Gerät funktioniert nicht. !
.text           C:\Windows\system32\DRIVERS\atikmdag.sys                                                             section is writeable [0x8E010000, 0x1F875A, 0xE8000020]

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT             \SystemRoot\system32\DRIVERS\tdx.sys[TDI.SYS!TdiRegisterDeviceObject]                                [8ABD0D56] \SystemRoot\system32\drivers\BMLoad.sys (Bytemobile Kernel Driver Loader/Bytemobile, Inc.)
IAT             \SystemRoot\system32\DRIVERS\smb.sys[TDI.SYS!TdiRegisterDeviceObject]                                [8ABD0D56] \SystemRoot\system32\drivers\BMLoad.sys (Bytemobile Kernel Driver Loader/Bytemobile, Inc.)
IAT             \SystemRoot\System32\DRIVERS\netbt.sys[TDI.SYS!TdiRegisterDeviceObject]                              [8ABD0D56] \SystemRoot\system32\drivers\BMLoad.sys (Bytemobile Kernel Driver Loader/Bytemobile, Inc.)

---- User IAT/EAT - GMER 1.0.15 ----

IAT             C:\Windows\Explorer.EXE[2904] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown]                [74BA7817] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[2904] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage]                 [74BFA86D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[2904] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI]             [74BABB22] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[2904] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode]       [74B9F695] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[2904] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup]                 [74BA75E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[2904] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC]              [74B9E7CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[2904] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM]  [74BD8395] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[2904] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream]     [74BADA60] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[2904] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight]             [74B9FFFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[2904] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth]              [74B9FF61] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[2904] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage]               [74B971CF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[2904] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM]       [74C2CAE2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[2904] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile]          [74BCC8D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[2904] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics]             [74B9D968] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[2904] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree]                       [74B96853] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[2904] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc]                      [74B9687E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[2904] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode]         [74BA2AD1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

Device          \FileSystem\Ntfs \Ntfs                                                                               86A85F78

AttachedDevice  \FileSystem\Ntfs \Ntfs                                                                               AsDsm.sys (Data Security Manager Driver/Windows (R) Codename Longhorn DDK provider)

Device          \Driver\ACPI_HAL \Device\00000040                                                                    halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

AttachedDevice  \Driver\kbdclass \Device\KeyboardClass0                                                              Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice  \Driver\kbdclass \Device\KeyboardClass1                                                              Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice  \Driver\tdx \Device\Tcp                                                                              tcpipBM.sys
AttachedDevice  \FileSystem\fastfat \Fat                                                                             fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation)
AttachedDevice  \FileSystem\fastfat \Fat                                                                             AsDsm.sys (Data Security Manager Driver/Windows (R) Codename Longhorn DDK provider)

---- Services - GMER 1.0.15 ----

Service          (*** hidden *** )                                                                                   [BOOT] xawcfdwq                                                                                                                                                       <-- ROOTKIT !!!

---- Registry - GMER 1.0.15 ----

Reg             HKLM\SYSTEM\CurrentControlSet\Services\xawcfdwq@Type                                                 1
Reg             HKLM\SYSTEM\CurrentControlSet\Services\xawcfdwq@Start                                                0
Reg             HKLM\SYSTEM\CurrentControlSet\Services\xawcfdwq@ErrorControl                                         0
Reg             HKLM\SYSTEM\CurrentControlSet\Services\xawcfdwq@Group                                                Boot Bus Extender
Reg             HKLM\SYSTEM\ControlSet002\Services\xawcfdwq@Type                                                     1
Reg             HKLM\SYSTEM\ControlSet002\Services\xawcfdwq@Start                                                    0
Reg             HKLM\SYSTEM\ControlSet002\Services\xawcfdwq@ErrorControl                                             0
Reg             HKLM\SYSTEM\ControlSet002\Services\xawcfdwq@Group                                                    Boot Bus Extender
Reg             HKLM\SYSTEM\ControlSet003\Services\xawcfdwq@Type                                                     1
Reg             HKLM\SYSTEM\ControlSet003\Services\xawcfdwq@Start                                                    0
Reg             HKLM\SYSTEM\ControlSet003\Services\xawcfdwq@ErrorControl                                             0
Reg             HKLM\SYSTEM\ControlSet003\Services\xawcfdwq@Group                                                    Boot Bus Extender
Reg             HKLM\SYSTEM\ControlSet004\Services\xawcfdwq@Type                                                     1
Reg             HKLM\SYSTEM\ControlSet004\Services\xawcfdwq@Start                                                    0
Reg             HKLM\SYSTEM\ControlSet004\Services\xawcfdwq@ErrorControl                                             0
Reg             HKLM\SYSTEM\ControlSet004\Services\xawcfdwq@Group                                                    Boot Bus Extender
Reg             HKLM\SYSTEM\ControlSet005\Services\xawcfdwq@Type                                                     1
Reg             HKLM\SYSTEM\ControlSet005\Services\xawcfdwq@Start                                                    0
Reg             HKLM\SYSTEM\ControlSet005\Services\xawcfdwq@ErrorControl                                             0
Reg             HKLM\SYSTEM\ControlSet005\Services\xawcfdwq@Group                                                    Boot Bus Extender
Reg             HKLM\SYSTEM\ControlSet006\Services\xawcfdwq@Type                                                     1
Reg             HKLM\SYSTEM\ControlSet006\Services\xawcfdwq@Start                                                    0
Reg             HKLM\SYSTEM\ControlSet006\Services\xawcfdwq@ErrorControl                                             0
Reg             HKLM\SYSTEM\ControlSet006\Services\xawcfdwq@Group                                                    Boot Bus Extender
Reg             HKLM\SYSTEM\ControlSet007\Services\xawcfdwq@Type                                                     1
Reg             HKLM\SYSTEM\ControlSet007\Services\xawcfdwq@Start                                                    0
Reg             HKLM\SYSTEM\ControlSet007\Services\xawcfdwq@ErrorControl                                             0
Reg             HKLM\SYSTEM\ControlSet007\Services\xawcfdwq@Group                                                    Boot Bus Extender
Reg             HKLM\SYSTEM\ControlSet008\Services\xawcfdwq@Type                                                     1
Reg             HKLM\SYSTEM\ControlSet008\Services\xawcfdwq@Start                                                    0
Reg             HKLM\SYSTEM\ControlSet008\Services\xawcfdwq@ErrorControl                                             0
Reg             HKLM\SYSTEM\ControlSet008\Services\xawcfdwq@Group                                                    Boot Bus Extender

---- Files - GMER 1.0.15 ----

File            C:\ADSM_PData_0150                                                                                   0 bytes
File            C:\ADSM_PData_0150\DB                                                                                0 bytes
File            C:\ADSM_PData_0150\DB\SI.db                                                                          624 bytes
File            C:\ADSM_PData_0150\DB\UL.db                                                                          16 bytes
File            C:\ADSM_PData_0150\DB\VL.db                                                                          16 bytes
File            C:\ADSM_PData_0150\DB\_avt                                                                           512 bytes
File            C:\ADSM_PData_0150\DragWait.exe                                                                      253952 bytes executable
File            C:\ADSM_PData_0150\_avt                                                                              512 bytes
File            C:\Program Files\ASUS\ASUS Data Security Manager\driver\x86                                          0 bytes
File            C:\Program Files\ASUS\ASUS Data Security Manager\driver\x86\AsDsm.sys                                29752 bytes executable
File            C:\Program Files\ASUS\ASUS Data Security Manager\driver\x86\_avt                                     512 bytes

---- EOF - GMER 1.0.15 ----
__________________
Geändert von 79skyline (26.05.2010 um 23:48 Uhr)

Alt 27.05.2010, 18:36   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Trojaner Probleme 26.Mai 2010 - Standard

Trojaner Probleme 26.Mai 2010


Das OSAM-Log kannst Du auch zippen und hier anhängen - oder bei file-upload.net hochladen und hier verlinken.

Bitte mal den Avenger anwenden:

1.) Lade Dir von hier Avenger:
http://swandog46.geekstogo.com/avenger2/avenger2.html (Download, linksseitig)

2.) Entpack das zip-Archiv, führe die Datei "avenger.exe" aus (unter Vista per Rechtsklick => als Administrator ausführen). Die Haken unten wie abgebildet setzen:



3.) Kopiere Dir exakt die Zeilen aus dem folgenden Code-Feld:
Code:
ATTFilter
registry keys to delete:
HKLM\SYSTEM\ControlSet002\Services\xawcfdwq
HKLM\SYSTEM\ControlSet003\Services\xawcfdwq
HKLM\SYSTEM\ControlSet004\Services\xawcfdwq
HKLM\SYSTEM\ControlSet005\Services\xawcfdwq
HKLM\SYSTEM\ControlSet006\Services\xawcfdwq
HKLM\SYSTEM\ControlSet007\Services\xawcfdwq
HKLM\SYSTEM\ControlSet008\Services\xawcfdwq

files to delete:
C:\Windows\System32\drivers\xawcfdwq.sys

drivers to delete:
xawcfdwq
4.) Geh in "The Avenger" nun oben auf "Load Script", dort auf "Paste from Clipboard".

5.) Der Code-Text hier aus meinem Beitrag müsste nun unter "Input Script here" in "The Avenger" zu sehen sein.

6.) Falls dem so ist, klick unten rechts auf "Execute". Bestätige die nächste Abfrage mit "Ja", die Frage zu "Reboot now" (Neustart des Systems) ebenso.

7.) Nach dem Neustart erhältst Du ein LogFile von Avenger eingeblendet. Kopiere dessen Inhalt und poste ihn hier.

8.) Die Datei c:\avenger\backup.zip bei http://www.file-upload.net hochladen und hier verlinken
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 31.05.2010, 21:04   #5
79skyline
 
Trojaner Probleme 26.Mai 2010 - Standard

Trojaner Probleme 26.Mai 2010


Hallo,
inzwischen hat sich das Problem leider auf andere Weise erledigt. Ich mußte den PC formatieren und neu aufsetzten da er sich nicht mehr Hochfahren lassen hat. Vielleicht auch eine Auswirkung der letzten Tage.

Ich bedanke mich dennoch für eure Hilfe und Freundlichkeit !

Grüße, 79 Skyline


Antwort

Themen zu Trojaner Probleme 26.Mai 2010
acroiehelper.dll, asus, autorun, avg free, avsuite, basisfiltermodul, benutzerprofildienst, black, bonjour, browser, defender, device driver, diagnostics, error, explorer, fontcache, gfnexsrv.exe, hdaudio.sys, helper, home, home premium, install.exe, installation, lan, local\temp, mozilla, msiexec.exe, office 2007, pdf, plug-in, programdata, proxy, realtek, registry, saver, scan, searchsettings.dll, security, software, start menu, studio, svchost.exe, system, temp, trojan.downloader, trojaner, ups, usb 2.0, usbvideo.sys, vlc media player, wireless lan


« Auswertung Malwarebytes | Einige Internetseiten lassen sich nicht öffnen (web.de,msn.de...) »


Ähnliche Themen: Trojaner Probleme 26.Mai 2010


  1. Update-Probleme mit Exchange 2010 SP3
    Nachrichten - 10.12.2014 (0)
  2. Windows 7: Verdacht auf Trojaner (Probleme über Probleme)
    Log-Analyse und Auswertung - 18.03.2014 (10)
  3. BKA/GVU Trojaner wird trotz Kaspersky-RescueDisc 2010 leider nicht entfernt
    Log-Analyse und Auswertung - 28.09.2012 (12)
  4. EXP/CVE-2010-0840.HG(Exploit), EXP/JAVA.Ternub.Gen(Exploit) und TR/Agent.464.4(Trojaner) - nicht totzukriegen
    Plagegeister aller Art und deren Bekämpfung - 14.08.2012 (12)
  5. GVU-Trojaner lässt sich trotz Kaspersky-RescueDisc 2010 und WindowsUnlocker nicht entfernen
    Plagegeister aller Art und deren Bekämpfung - 08.08.2012 (12)
  6. EXP/CVE-2010-0840.EO (evtl. Verschlüsselungs/BKA-Trojaner)
    Log-Analyse und Auswertung - 13.06.2012 (7)
  7. Mehrere Trojaner auf dem PC (FakeSysdef, CVE-2010-0840, Dropper.gen...)
    Plagegeister aller Art und deren Bekämpfung - 27.03.2012 (3)
  8. Trojaner gefunden - TR/Agent.eu und EXP/2010-0840.ag
    Log-Analyse und Auswertung - 14.12.2011 (7)
  9. Trojaner auf USB: Exploit CVE 2010-2568
    Plagegeister aller Art und deren Bekämpfung - 01.08.2011 (19)
  10. Ist PC nach Trojaner Internet Security 2010 wieder sauber?
    Plagegeister aller Art und deren Bekämpfung - 07.03.2011 (11)
  11. XP Antispyware 2010
    Plagegeister aller Art und deren Bekämpfung - 10.11.2010 (4)
  12. 20 Tan Trojaner - am 11.10.2010 aufgetreten
    Plagegeister aller Art und deren Bekämpfung - 15.10.2010 (8)
  13. Probleme mit Norton IS 2010 und Trojaner Board.de Seite
    Diskussionsforum - 25.05.2010 (1)
  14. XP Internet Security 2010 / Antivirus Vista 2010 / Win 7 Antispyware 2010 entfernen
    Anleitungen, FAQs & Links - 22.02.2010 (2)
  15. XP Internet security 2010 & Trojaner-BNK.WIN.32.Keylogger.gen
    Plagegeister aller Art und deren Bekämpfung - 07.02.2010 (45)
  16. Das Jahr 2010 sorgt für IT-Probleme
    Nachrichten - 05.01.2010 (0)
  17. Trojaner TR/Dldr.FakeRean.20 , Antivirus Pro 2010
    Plagegeister aller Art und deren Bekämpfung - 29.09.2009 (3)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Trojaner Probleme 26.Mai 2010 - Hallo, ich habe mir so wie es den Anschein hat etwas eingefangen. Nach mehrfacher Suche finde ich die Quelle des Übels nicht. Ich kenne mich zu wenige aus. Kann mir - Trojaner Probleme 26.Mai 2010...
Archiv
Du betrachtest: Trojaner Probleme 26.Mai 2010 auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131