Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: TR/Agent.AN.1033 Malware gefunden, Antivir springt an

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 12.02.2010, 16:35   #1
pe__ka
 
TR/Agent.AN.1033 Malware gefunden, Antivir springt an - Standard

TR/Agent.AN.1033 Malware gefunden, Antivir springt an



Hallo,
mein Antivir springt ständig an und meldet Malware. Auch der Windows Defender hat einmal reagiert.
Habe den CCleaner benutzt und einen Hijack-Scan gemacht.
Hier die logfile:

Code:
ATTFilter
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:20:58, on 12.02.2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18882)
Boot mode: Normal

Running processes:
C:\Users\************\AppData\Local\Temp\Vsh.exe
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files (x86)\Warner Bros. Digital Copy Manager\Warner Bros. Digital Copy Manager.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Java\jre6\bin\jusched.exe
C:\Users\DSIRE&~1\AppData\Local\Temp\Vsm.exe
C:\Windows\SysWOW64\ctfmon.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files (x86)\CCleaner\ccleaner.exe
C:\Windows\SysWOW64\wscript.exe
C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/USCON/8
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/ig?hl=de&source=iglk
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/USCON/8
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
R3 - URLSearchHook: (no name) -  - (no file)
F2 - REG:system.ini: UserInit=userinit.exe
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Asz.Citavi.IEPicker.IEPickerButton - {609D670F-B735-4da7-AC6D-F3BD358E325E} - C:\Windows\SysWow64\mscoree.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
O4 - HKLM\..\Run: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [F5JMWNZTHI] C:\Users\******************\AppData\Local\Temp\Vsh.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe
O4 - Startup: Warner Bros.lnk = C:\Program Files (x86)\Warner Bros. Digital Copy Manager\Warner Bros. Digital Copy Manager.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: &Citavi Picker... - file://C:\Program Files (x86)\Internet Explorer\PLUGINS\Citavi Picker\ShowContextMenu.html
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Citavi Picker - {619D670F-B735-4da7-AC6D-F3BD358E325E} - C:\Windows\SysWow64\mscoree.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files (x86)\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files (x86)\ICQ6.5\ICQ.exe
O13 - Gopher Prefix: 
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files%20(x86)/Monopoly/Images/stg_drm.ocx
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Program%20Files%20(x86)/Monopoly/Images/armhelper.ocx
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Andrea ST Filters Service (AESTFilters) - Unknown owner - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_15f4e438\AESTSr64.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour-Dienst (Bonjour Service) - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: Dock Login Service (DockLoginService) - Stardock Corporation - C:\Program Files\Dell\DellDock\DockLogin.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: SupportSoft Sprocket Service (DellSupportCenter) (sprtsvc_DellSupportCenter) - SupportSoft, Inc. - C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
O23 - Service: Audio Service (STacSV) - Unknown owner - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_15f4e438\STacSV64.exe (file missing)
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: Marvell Yukon Service (yksvc) - Unknown owner - RUNDLL32.EXE (file missing)

--
End of file - 11642 bytes
         
Soll ich auch Malwarebites-Anti-Malware und RSIT drüberlaufen lassen?


Hoffe auf eure Hilfe. Vielen Dank im Voraus

Alt 12.02.2010, 16:41   #2
Kiyoshi
 
TR/Agent.AN.1033 Malware gefunden, Antivir springt an - Standard

TR/Agent.AN.1033 Malware gefunden, Antivir springt an



Ja, führe noch Malwarebytes aus und poste hier das Logfile. Dann schauen wir wie es weiter geht!
__________________


Alt 12.02.2010, 16:42   #3
Leonixx
/// Helfer-Team
 
TR/Agent.AN.1033 Malware gefunden, Antivir springt an - Standard

TR/Agent.AN.1033 Malware gefunden, Antivir springt an



Mich würde eher der Ereignisbericht von Antivir interessieren. Dazu Antivir starten, Übersicht, Ergeignisse. Text abkopieren und hier reinstellen. In letzter Zeit häufen sich die false positiv Funde.
__________________

Alt 12.02.2010, 17:56   #4
pe__ka
 
TR/Agent.AN.1033 Malware gefunden, Antivir springt an - Standard

TR/Agent.AN.1033 Malware gefunden, Antivir springt an



Hier der Ereignisbericht von Antivir:

File-Upload.net - Ereignisse.txt

Malwarebytes wird ausgeführt. Ich melde mich dann.
Danke

Alt 12.02.2010, 18:22   #5
Leonixx
/// Helfer-Team
 
TR/Agent.AN.1033 Malware gefunden, Antivir springt an - Standard

TR/Agent.AN.1033 Malware gefunden, Antivir springt an



C:\Users\*********************\AppData\Local\Temp\Vsm.exe

Diese Datei bei Virustotal prüfen. Poste das Ergebnis. Kann auch ein Fehlalarm sein.


Alt 12.02.2010, 18:45   #6
pe__ka
 
TR/Agent.AN.1033 Malware gefunden, Antivir springt an - Standard

TR/Agent.AN.1033 Malware gefunden, Antivir springt an



Die Datei existiert scheinbar nicht mehr. Zumindest find ich sie nicht, um sie hochladen zu können. Der Fehler und die Malware werden trotzdem noch gemeldet bei Antivir.

Vorhin hatte ich auch den CCleaner verwendet..

Alt 12.02.2010, 18:57   #7
Kiyoshi
 
TR/Agent.AN.1033 Malware gefunden, Antivir springt an - Standard

TR/Agent.AN.1033 Malware gefunden, Antivir springt an



Sobald der Vollständige Sacn von Malwarebytes fertig ist stell mal das Logfile dazu rein.

Alt 12.02.2010, 19:09   #8
pe__ka
 
TR/Agent.AN.1033 Malware gefunden, Antivir springt an - Standard

TR/Agent.AN.1033 Malware gefunden, Antivir springt an



Code:
ATTFilter
Malwarebytes' Anti-Malware 1.44
Datenbank Version: 3730
Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18882

12.02.2010 18:59:36
mbam-log-2010-02-12 (18-59-36).txt

Scan-Methode: Vollständiger Scan (C:\|E:\|)
Durchsuchte Objekte: 300216
Laufzeit: 56 minute(s), 56 second(s)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 4
Infizierte Registrierungswerte: 1
Infizierte Dateiobjekte der Registrierung: 1
Infizierte Verzeichnisse: 0
Infizierte Dateien: 2

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_CURRENT_USER\SOFTWARE\F5JMWNZTHI (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Handle (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\ROUA3O12PW (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\f5jmwnzthi (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
C:\Windows\Tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
         
Einiges gefunden und gelöscht.
Aber nach dem Neustart wurde immer noch der Trojaner von Antivir angezeigt.
Jetzt auch TR/Agent.AN.1031

Alt 12.02.2010, 19:23   #9
Kiyoshi
 
TR/Agent.AN.1033 Malware gefunden, Antivir springt an - Standard

TR/Agent.AN.1033 Malware gefunden, Antivir springt an



Könntest du uns ein weiteres RSIT Logfile zeigen?
Da Avira sich meldet scannen wir mal damit, bitte aber Avira so konfigurieren
http://www.trojaner-board.de/54192-a...tellungen.html

Avira Logfile & das RSIT Logfile bitte hier hinein kopieren

Alt 12.02.2010, 19:47   #10
pe__ka
 
TR/Agent.AN.1033 Malware gefunden, Antivir springt an - Standard

TR/Agent.AN.1033 Malware gefunden, Antivir springt an



Code:
ATTFilter
Logfile of random's system information tool 1.06 (written by random/random)
Run by ************ at 2010-02-12 19:38:56
Microsoft® Windows Vista™ Home Premium  Service Pack 2
System drive C: has 145 GB (50%) free of 290 GB
Total RAM: 4057 MB (63% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:38:58, on 12.02.2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18882)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Java\jre6\bin\jusched.exe
C:\Program Files (x86)\Warner Bros. Digital Copy Manager\Warner Bros. Digital Copy Manager.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
C:\Users\************\Desktop\Downloads\RSIT.exe
C:\Program Files (x86)\Trend Micro\HijackThis\************.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/USCON/8
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/ig?hl=de&source=iglk
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/USCON/8
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
R3 - URLSearchHook: (no name) -  - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Asz.Citavi.IEPicker.IEPickerButton - {609D670F-B735-4da7-AC6D-F3BD358E325E} - C:\Windows\SysWow64\mscoree.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
O4 - HKLM\..\Run: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe
O4 - Startup: Warner Bros.lnk = C:\Program Files (x86)\Warner Bros. Digital Copy Manager\Warner Bros. Digital Copy Manager.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: &Citavi Picker... - file://C:\Program Files (x86)\Internet Explorer\PLUGINS\Citavi Picker\ShowContextMenu.html
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Citavi Picker - {619D670F-B735-4da7-AC6D-F3BD358E325E} - C:\Windows\SysWow64\mscoree.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files (x86)\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files (x86)\ICQ6.5\ICQ.exe
O13 - Gopher Prefix: 
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files%20(x86)/Monopoly/Images/stg_drm.ocx
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Program%20Files%20(x86)/Monopoly/Images/armhelper.ocx
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Andrea ST Filters Service (AESTFilters) - Unknown owner - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_15f4e438\AESTSr64.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour-Dienst (Bonjour Service) - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: Dock Login Service (DockLoginService) - Stardock Corporation - C:\Program Files\Dell\DellDock\DockLogin.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: SupportSoft Sprocket Service (DellSupportCenter) (sprtsvc_DellSupportCenter) - SupportSoft, Inc. - C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
O23 - Service: Audio Service (STacSV) - Unknown owner - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_15f4e438\STacSV64.exe (file missing)
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: Marvell Yukon Service (yksvc) - Unknown owner - RUNDLL32.EXE (file missing)

--
End of file - 11362 bytes

======Scheduled tasks folder======

C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{609D670F-B735-4da7-AC6D-F3BD358E325E}]
Asz.Citavi.IEPicker.IEPickerButton - C:\Windows\SysWow64\mscoree.dll [2009-03-30 278848]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
Search Helper - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [2009-05-19 137600]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Anmelde-Hilfsprogramm - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-02-17 408440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2009-10-11 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}]
Windows Live Toolbar Helper - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll [2008-12-08 1067352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{21FA44EF-376D-4D53-9B0F-8A89D3229068} - &Windows Live Toolbar - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll [2008-12-08 1067352]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"PDVDDXSrv"=C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe [2009-02-05 128232]
"Dell Webcam Central"=C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe [2009-01-09 405639]
"DellSupportCenter"=C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe [2009-05-21 206064]
"GrooveMonitor"=C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [2008-10-25 31072]
"avgnt"=C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [2009-03-02 209153]
"HP Software Update"=C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [2006-12-10 49152]
"Adobe Reader Speed Launcher"=C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-10-03 35696]
"Adobe ARM"=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2009-09-04 935288]
"QuickTime Task"=C:\Program Files (x86)\QuickTime\QTTask.exe [2009-11-10 417792]
"iTunesHelper"=C:\Program Files (x86)\iTunes\iTunesHelper.exe [2009-11-12 141600]
"SunJavaUpdateSched"=C:\Program Files (x86)\Java\jre6\bin\jusched.exe [2009-10-11 149280]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-21 138240]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Adobe Gamma Loader.lnk - C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
HP Digital Imaging Monitor.lnk - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe

C:\Users\*************\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
Adobe Gamma.lnk - C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
Dell Dock.lnk - C:\Program Files (x86)\Dell\DellDock\DellDock.exe
Warner Bros.lnk - C:\Program Files (x86)\Warner Bros. Digital Copy Manager\Warner Bros. Digital Copy Manager.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=
"ForceActiveDesktopOn"=
"BindDirectlyToPropertySetStorage"=
"NoActiveDesktopChanges"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
shell\AutoRun\command - G:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7d1c13fc-75f3-11de-b52c-002564435475}]
shell\AutoRun\command - G:\LaunchU3.exe -a


======File associations======

.js - edit - C:\Windows\SysWOW64\Notepad.exe %1
.js - open - C:\Windows\SysWOW64\WScript.exe "%1" %*

======List of files/folders created in the last 1 months======

2010-02-12 19:38:56 ----D---- C:\rsit
2010-02-12 18:00:38 ----D---- C:\Users\**************\AppData\Roaming\Malwarebytes
2010-02-12 18:00:32 ----D---- C:\ProgramData\Malwarebytes
2010-02-12 18:00:32 ----D---- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2010-02-12 16:20:48 ----D---- C:\Program Files (x86)\Trend Micro
2010-02-12 16:10:50 ----D---- C:\Program Files (x86)\CCleaner
2010-02-11 01:32:36 ----D---- C:\ProgramData\PlayPond
2010-02-11 01:26:34 ----D---- C:\ProgramData\Arcade Lab
2010-02-11 00:20:23 ----D---- C:\Program Files (x86)\PopCap Games
2010-02-11 00:04:08 ----D---- C:\ProgramData\PopCap Games
2010-02-10 20:28:22 ----A---- C:\Windows\system32\quartz.dll
2010-02-10 20:28:21 ----A---- C:\Windows\system32\tsbyuv.dll
2010-02-10 20:28:21 ----A---- C:\Windows\system32\msyuv.dll
2010-02-10 20:28:21 ----A---- C:\Windows\system32\msvidc32.dll
2010-02-10 20:28:21 ----A---- C:\Windows\system32\msvfw32.dll
2010-02-10 20:28:21 ----A---- C:\Windows\system32\msrle32.dll
2010-02-10 20:28:21 ----A---- C:\Windows\system32\mciavi32.dll
2010-02-10 20:28:21 ----A---- C:\Windows\system32\iyuv_32.dll
2010-02-10 20:28:21 ----A---- C:\Windows\system32\avifil32.dll
2010-02-10 01:17:20 ----D---- C:\ProgramData\Real
2010-02-08 16:34:06 ----A---- C:\Windows\system32\javaws.exe
2010-02-08 16:34:06 ----A---- C:\Windows\system32\javaw.exe
2010-02-08 16:34:06 ----A---- C:\Windows\system32\java.exe
2010-02-08 01:36:26 ----D---- C:\Users\************\AppData\Roaming\HdO Adventure
2010-02-06 18:30:43 ----D---- C:\Users\************\AppData\Roaming\com.warnerbros.DigitalCopyManager.449F66ACC381FDC604DC2AA255FEECEEBBBEE1E5.1
2010-02-06 18:30:39 ----D---- C:\Program Files (x86)\Warner Bros. Digital Copy Manager
2010-01-29 01:38:17 ----D---- C:\ProgramData\Dekovir
2010-01-22 22:24:42 ----D---- C:\Program Files (x86)\Common Files\Adobe AIR
2010-01-22 13:48:52 ----A---- C:\Windows\system32\mshtml.dll
2010-01-22 13:48:50 ----A---- C:\Windows\system32\ieframe.dll
2010-01-22 13:48:49 ----A---- C:\Windows\system32\wininet.dll
2010-01-22 13:48:49 ----A---- C:\Windows\system32\urlmon.dll
2010-01-22 13:48:49 ----A---- C:\Windows\system32\iertutil.dll
2010-01-22 13:48:48 ----A---- C:\Windows\system32\occache.dll
2010-01-22 13:48:48 ----A---- C:\Windows\system32\msfeedsbs.dll
2010-01-22 13:48:48 ----A---- C:\Windows\system32\msfeeds.dll
2010-01-22 13:48:48 ----A---- C:\Windows\system32\ieUnatt.exe
2010-01-22 13:48:48 ----A---- C:\Windows\system32\ieui.dll
2010-01-22 13:48:48 ----A---- C:\Windows\system32\iepeers.dll
2010-01-22 13:48:48 ----A---- C:\Windows\system32\iedkcs32.dll
2010-01-22 13:48:47 ----A---- C:\Windows\system32\msfeedssync.exe
2010-01-22 13:48:47 ----A---- C:\Windows\system32\jsproxy.dll
2010-01-22 13:48:47 ----A---- C:\Windows\system32\iesysprep.dll
2010-01-22 13:48:47 ----A---- C:\Windows\system32\iesetup.dll
2010-01-22 13:48:47 ----A---- C:\Windows\system32\iernonce.dll
2010-01-22 13:48:47 ----A---- C:\Windows\system32\ie4uinit.exe
2010-01-20 09:42:09 ----D---- C:\Program Files (x86)\Windows Portable Devices
2010-01-20 09:37:13 ----A---- C:\Windows\system32\WMPhoto.dll
2010-01-20 09:37:12 ----A---- C:\Windows\system32\d3d10warp.dll
2010-01-20 09:37:12 ----A---- C:\Windows\system32\d2d1.dll
2010-01-20 09:37:11 ----A---- C:\Windows\system32\xpsservices.dll
2010-01-20 09:37:11 ----A---- C:\Windows\system32\XpsRasterService.dll
2010-01-20 09:37:11 ----A---- C:\Windows\system32\XpsPrint.dll
2010-01-20 09:37:11 ----A---- C:\Windows\system32\XpsGdiConverter.dll
2010-01-20 09:37:11 ----A---- C:\Windows\system32\WindowsCodecsExt.dll
2010-01-20 09:37:11 ----A---- C:\Windows\system32\WindowsCodecs.dll
2010-01-20 09:37:11 ----A---- C:\Windows\system32\PhotoMetadataHandler.dll
2010-01-20 09:37:11 ----A---- C:\Windows\system32\OpcServices.dll
2010-01-20 09:37:11 ----A---- C:\Windows\system32\dxgi.dll
2010-01-20 09:37:11 ----A---- C:\Windows\system32\dxdiagn.dll
2010-01-20 09:37:11 ----A---- C:\Windows\system32\dxdiag.exe
2010-01-20 09:37:11 ----A---- C:\Windows\system32\d3d11.dll
2010-01-20 09:37:11 ----A---- C:\Windows\system32\d3d10level9.dll
2010-01-20 09:37:11 ----A---- C:\Windows\system32\d3d10core.dll
2010-01-20 09:37:11 ----A---- C:\Windows\system32\d3d10_1core.dll
2010-01-20 09:37:10 ----A---- C:\Windows\system32\DWrite.dll
2010-01-20 09:37:10 ----A---- C:\Windows\system32\d3d10_1.dll
2010-01-20 09:37:10 ----A---- C:\Windows\system32\d3d10.dll
2010-01-20 09:36:45 ----A---- C:\Windows\system32\WPDShextAutoplay.exe
2010-01-20 09:36:32 ----A---- C:\Windows\system32\WPDShServiceObj.dll
2010-01-20 09:36:32 ----A---- C:\Windows\system32\wpdshext.dll
2010-01-20 09:36:32 ----A---- C:\Windows\system32\PortableDeviceTypes.dll
2010-01-20 09:36:32 ----A---- C:\Windows\system32\PortableDeviceConnectApi.dll
2010-01-20 09:36:32 ----A---- C:\Windows\system32\PortableDeviceClassExtension.dll
2010-01-20 09:36:32 ----A---- C:\Windows\system32\PortableDeviceApi.dll
2010-01-20 09:36:31 ----A---- C:\Windows\system32\WPDSp.dll
2010-01-20 09:36:31 ----A---- C:\Windows\system32\PortableDeviceWMDRM.dll
2010-01-20 09:35:33 ----A---- C:\Windows\system32\oleaccrc.dll
2010-01-20 09:35:32 ----A---- C:\Windows\system32\UIAutomationCore.dll
2010-01-20 09:35:32 ----A---- C:\Windows\system32\oleacc.dll
2010-01-20 09:34:18 ----A---- C:\Windows\system32\UIAnimation.dll
2010-01-20 09:34:17 ----A---- C:\Windows\system32\UIRibbonRes.dll
2010-01-20 09:34:16 ----A---- C:\Windows\system32\UIRibbon.dll
2010-01-19 12:42:31 ----D---- C:\Windows\system32\vi-VN
2010-01-19 12:42:31 ----D---- C:\Windows\system32\eu-ES
2010-01-19 12:42:31 ----D---- C:\Windows\system32\ca-ES
2010-01-18 20:02:35 ----A---- C:\Windows\IsUn040a.exe
2010-01-18 18:40:02 ----D---- C:\Users\*************\AppData\Roaming\gtk-2.0
2010-01-15 21:27:55 ----D---- C:\Users\*************\AppData\Roaming\NCH Software
2010-01-15 21:26:28 ----D---- C:\ProgramData\NCH Software
2010-01-15 21:26:21 ----D---- C:\Program Files (x86)\NCH Software
2010-01-14 13:09:48 ----A---- C:\Windows\system32\t2embed.dll
2010-01-14 13:09:48 ----A---- C:\Windows\system32\fontsub.dll

======List of files/folders modified in the last 1 months======

2010-02-12 19:37:49 ----D---- C:\Windows\Temp
2010-02-12 19:01:00 ----D---- C:\Windows
2010-02-12 18:59:36 ----D---- C:\Windows\Tasks
2010-02-12 18:00:34 ----D---- C:\Windows\system32\drivers
2010-02-12 18:00:32 ----RD---- C:\Program Files (x86)
2010-02-12 18:00:32 ----HD---- C:\ProgramData
2010-02-12 16:41:12 ----SHD---- C:\System Volume Information
2010-02-12 16:15:40 ----D---- C:\Windows\Debug
2010-02-11 14:28:53 ----D---- C:\Windows\winsxs
2010-02-11 14:03:46 ----D---- C:\Windows\SysWOW64
2010-02-11 14:03:45 ----D---- C:\Windows\System32
2010-02-11 14:03:45 ----D---- C:\Program Files (x86)\Windows Mail
2010-02-11 14:00:49 ----SHD---- C:\Windows\Installer
2010-02-11 14:00:44 ----HD---- C:\Config.Msi
2010-02-11 14:00:26 ----D---- C:\ProgramData\Microsoft Help
2010-02-11 01:32:33 ----D---- C:\Users\***********\AppData\Roaming\Zylom
2010-02-11 01:32:33 ----D---- C:\Users\************\AppData\Roaming\Identities
2010-02-10 18:53:40 ----D---- C:\Windows\inf
2010-02-09 18:50:45 ----D---- C:\Users\**************\AppData\Roaming\Image Zone Express
2010-02-09 17:30:24 ----D---- C:\Windows\Prefetch
2010-02-09 01:45:17 ----D---- C:\Program Files (x86)\Google
2010-02-08 18:28:11 ----RSD---- C:\Windows\assembly
2010-02-08 16:34:03 ----D---- C:\Program Files (x86)\Java
2010-02-08 01:36:08 ----D---- C:\ProgramData\JollyBear
2010-02-04 22:26:26 ----D---- C:\Users\***************\AppData\Roaming\SpinTop Games
2010-02-04 14:01:41 ----D---- C:\Program Files (x86)\DivX
2010-02-04 14:01:11 ----D---- C:\Program Files (x86)\Common Files\DivX Shared
2010-01-28 03:07:48 ----D---- C:\Users\************\AppData\Roaming\ICQ
2010-01-28 03:00:26 ----D---- C:\Program Files (x86)\Internet Explorer
2010-01-27 17:13:34 ----D---- C:\Program Files (x86)\Adobe
2010-01-26 20:57:05 ----D---- C:\Users\***********\AppData\Roaming\Apple Computer
2010-01-24 20:53:10 ----SD---- C:\Users\***********\AppData\Roaming\Microsoft
2010-01-23 03:22:49 ----D---- C:\Windows\system32\migration
2010-01-22 22:24:51 ----D---- C:\ProgramData\Electronic Arts
2010-01-22 22:24:45 ----D---- C:\ProgramData\Adobe
2010-01-22 22:24:44 ----D---- C:\Users\**************\AppData\Roaming\Adobe
2010-01-22 22:24:42 ----D---- C:\Program Files (x86)\Common Files
2010-01-21 12:57:10 ----D---- C:\Program Files (x86)\Microsoft Silverlight
2010-01-20 18:54:05 ----D---- C:\Windows\Microsoft.NET
2010-01-20 12:49:00 ----D---- C:\Windows\rescache
2010-01-20 09:42:10 ----D---- C:\Windows\system32\de-DE
2010-01-20 09:42:09 ----RD---- C:\Program Files
2010-01-20 09:42:09 ----D---- C:\Windows\system32\wbem
2010-01-20 09:42:04 ----D---- C:\Windows\system32\zh-TW
2010-01-20 09:42:04 ----D---- C:\Windows\system32\zh-HK
2010-01-20 09:42:04 ----D---- C:\Windows\system32\zh-CN
2010-01-20 09:42:04 ----D---- C:\Windows\system32\uk-UA
2010-01-20 09:42:04 ----D---- C:\Windows\system32\tr-TR
2010-01-20 09:42:04 ----D---- C:\Windows\system32\th-TH
2010-01-20 09:42:04 ----D---- C:\Windows\system32\sv-SE
2010-01-20 09:42:04 ----D---- C:\Windows\system32\sr-Latn-CS
2010-01-20 09:42:04 ----D---- C:\Windows\system32\sl-SI
2010-01-20 09:42:04 ----D---- C:\Windows\system32\sk-SK
2010-01-20 09:42:04 ----D---- C:\Windows\system32\ru-RU
2010-01-20 09:42:04 ----D---- C:\Windows\system32\ro-RO
2010-01-20 09:42:04 ----D---- C:\Windows\system32\pt-PT
2010-01-20 09:42:04 ----D---- C:\Windows\system32\pt-BR
2010-01-20 09:42:04 ----D---- C:\Windows\system32\pl-PL
2010-01-20 09:42:04 ----D---- C:\Windows\system32\nl-NL
2010-01-20 09:42:04 ----D---- C:\Windows\system32\nb-NO
2010-01-20 09:42:04 ----D---- C:\Windows\system32\lv-LV
2010-01-20 09:42:04 ----D---- C:\Windows\system32\lt-LT
2010-01-20 09:42:04 ----D---- C:\Windows\system32\ko-KR
2010-01-20 09:42:04 ----D---- C:\Windows\system32\ja-JP
2010-01-20 09:42:04 ----D---- C:\Windows\system32\it-IT
2010-01-20 09:42:04 ----D---- C:\Windows\system32\hu-HU
2010-01-20 09:42:04 ----D---- C:\Windows\system32\hr-HR
2010-01-20 09:42:04 ----D---- C:\Windows\system32\he-IL
2010-01-20 09:42:04 ----D---- C:\Windows\system32\fr-FR
2010-01-20 09:42:04 ----D---- C:\Windows\system32\fi-FI
2010-01-20 09:42:04 ----D---- C:\Windows\system32\et-EE
2010-01-20 09:42:04 ----D---- C:\Windows\system32\es-ES
2010-01-20 09:42:04 ----D---- C:\Windows\system32\en-US
2010-01-20 09:42:04 ----D---- C:\Windows\system32\el-GR
2010-01-20 09:42:04 ----D---- C:\Windows\system32\da-DK
2010-01-20 09:42:04 ----D---- C:\Windows\system32\cs-CZ
2010-01-20 09:42:04 ----D---- C:\Windows\system32\bg-BG
2010-01-20 09:42:04 ----D---- C:\Windows\system32\ar-SA
2010-01-19 17:32:10 ----D---- C:\Program Files (x86)\Common Files\Adobe
2010-01-19 12:51:20 ----SHD---- C:\boot
2010-01-19 12:44:19 ----D---- C:\Program Files (x86)\Windows Sidebar
2010-01-19 12:44:19 ----D---- C:\Program Files (x86)\Windows Media Player
2010-01-19 12:44:19 ----D---- C:\Program Files (x86)\Windows Calendar
2010-01-19 12:44:18 ----D---- C:\Program Files (x86)\Common Files\System
2010-01-19 12:44:17 ----D---- C:\Program Files (x86)\Windows Photo Gallery
2010-01-19 12:44:14 ----D---- C:\Windows\servicing
2010-01-19 12:44:13 ----D---- C:\Windows\ehome
2010-01-19 12:43:49 ----D---- C:\Windows\system32\XPSViewer
2010-01-19 12:43:47 ----D---- C:\Windows\system32\oobe
2010-01-19 12:43:43 ----D---- C:\Windows\system32\SLUI
2010-01-19 12:43:43 ----D---- C:\Windows\system32\setup
2010-01-19 12:43:43 ----D---- C:\Windows\system32\manifeststore
2010-01-19 12:43:43 ----D---- C:\Windows\system32\AdvancedInstallers
2010-01-19 12:43:41 ----D---- C:\Windows\system32\migwiz
2010-01-19 12:43:20 ----D---- C:\Windows\IME
2010-01-19 12:42:39 ----RSD---- C:\Windows\Fonts
2010-01-19 12:42:38 ----D---- C:\Windows\AppPatch
2010-01-15 14:04:16 ----D---- C:\Program Files (x86)\Common Files\DVDVideoSoft
2010-01-14 13:02:52 ----D---- C:\Program Files (x86)\BrainSpeeder

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 acedrv11;acedrv11; \??\C:\Windows\system32\drivers\acedrv11.sys []
R2 atksgt;atksgt; C:\Windows\system32\DRIVERS\atksgt.sys []
R2 avgntflt;avgntflt; C:\Windows\system32\DRIVERS\avgntflt.sys []
R2 lirsgt;lirsgt; C:\Windows\system32\DRIVERS\lirsgt.sys []
R3 ApfiltrService;Alps Touch Pad Filter Driver for Windows XP/Vista x64; C:\Windows\system32\DRIVERS\Apfiltr.sys []
R3 CmBatt;Treiber für Microsoft-ACPI-Kontrollmethodenkompatible Batterie; C:\Windows\system32\DRIVERS\CmBatt.sys []
R3 CtClsFlt;Creative Camera Class Upper Filter Driver; C:\Windows\system32\DRIVERS\CtClsFlt.sys []
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys []
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd64.sys []
R3 ksthunk;Kernel Streaming Thunks; C:\Windows\system32\drivers\ksthunk.sys []
R3 NETw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit; C:\Windows\system32\DRIVERS\NETw5v64.sys []
R3 OA009Ufd;Creative Camera OA009 Upper Filter Driver; C:\Windows\system32\DRIVERS\OA009Ufd.sys []
R3 OA009Vid;Creative Camera OA009 Function Driver; C:\Windows\system32\DRIVERS\OA009Vid.sys []
R3 STHDA;IDT High Definition Audio CODEC; C:\Windows\system32\DRIVERS\stwrt64.sys []
R3 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\DRIVERS\wmiacpi.sys []
R3 yukonx64;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller; C:\Windows\system32\DRIVERS\yk60x64.sys []
S3 Dot4;MS IEEE-1284.4-Treiber; C:\Windows\system32\DRIVERS\Dot4.sys []
S3 Dot4Print;Druckerklassentreiber für IEEE-1284.4; C:\Windows\system32\DRIVERS\Dot4Prt.sys []
S3 dot4usb;MS Dot4USB Filter Dot4USB Filter; C:\Windows\system32\DRIVERS\dot4usb.sys []
S3 drmkaud;Microsoft Kernel-DRM-Audioentschlüsselung; C:\Windows\system32\drivers\drmkaud.sys []
S3 e1express;Intel(R) PRO/1000 PCI Express-Netzwerkverbindungstreiber; C:\Windows\system32\DRIVERS\e1e6032e.sys []
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys []
S3 MSPCLOCK;Microsoft Proxy für Streaming Clock; C:\Windows\system32\drivers\MSPCLOCK.sys []
S3 MSPQM;Microsoft Proxy für Streaming Quality Manager; C:\Windows\system32\drivers\MSPQM.sys []
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink-Konvertierung; C:\Windows\system32\drivers\MSTEE.sys []
S3 PCD5SRVC{048DBD20-445E8C82-05040104};PCD5SRVC{048DBD20-445E8C82-05040104} - PCDR Kernel Mode Service Helper Driver; \??\C:\PROGRA~2\DELLSU~1\HWDiag\bin\PCD5SRVC_x64.pkms [2008-11-05 28152]
S3 R300;R300; C:\Windows\system32\DRIVERS\atikmdag.sys []
S3 RTSTOR;Realtek USB 2.0 Card Reader; C:\Windows\system32\drivers\RTSTOR64.SYS []
S3 usbscan;USB-Scannertreiber; C:\Windows\system32\DRIVERS\usbscan.sys []
S3 usbvideo;USB-Videogerät (WDM); C:\Windows\System32\Drivers\usbvideo.sys []
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys []
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys []
S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys []
S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AESTFilters;Andrea ST Filters Service; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_15f4e438\AESTSr64.exe []
R2 AntiVirSchedulerService;Avira AntiVir Planer; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289]
R2 AntiVirService;Avira AntiVir Guard; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2009-08-05 185089]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-08-28 144672]
R2 Bonjour Service;Bonjour-Dienst; C:\Program Files (x86)\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 DockLoginService;Dock Login Service; C:\Program Files\Dell\DellDock\DockLogin.exe [2008-12-18 155648]
R2 hpqddsvc;HP CUE DeviceDiscovery Service; C:\Windows\system32\svchost.exe [2008-01-21 21504]
R2 IAANTMON;Intel(R) Matrix Storage Event Monitor; C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe [2008-05-07 354840]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\Windows\System32\svchost.exe [2008-01-21 21504]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\Windows\System32\svchost.exe [2008-01-21 21504]
R2 SeaPort;SeaPort; C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-05-19 240512]
R2 sprtsvc_DellSupportCenter;SupportSoft Sprocket Service (DellSupportCenter); C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe [2008-12-17 206064]
R2 STacSV;Audio Service; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_15f4e438\STacSV64.exe []
R2 yksvc;Marvell Yukon Service; ykx64coinst,serviceStartProc []
R3 hpqcxs08;hpqcxs08; C:\Windows\system32\svchost.exe [2008-01-21 21504]
R3 iPod Service;iPod-Dienst; C:\Program Files\iPod\bin\iPodService.exe [2009-11-12 660256]
S2 gupdate;Google Update Service (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2009-09-18 133104]
S3 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64; C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2009-03-30 89920]
S3 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\Windows\system32\svchost.exe [2008-01-21 21504]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe [2008-10-25 65888]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 PerfHost;@%systemroot%\sysWow64\perfhost.exe,-2; C:\Windows\SysWow64\perfhost.exe [2008-01-21 19968]
S3 stllssvr;stllssvr; C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe [2008-03-24 74384]

-----------------EOF-----------------
         

Alt 12.02.2010, 19:49   #11
pe__ka
 
TR/Agent.AN.1033 Malware gefunden, Antivir springt an - Standard

TR/Agent.AN.1033 Malware gefunden, Antivir springt an



Code:
ATTFilter
info.txt logfile of random's system information tool 1.06 2010-02-12 19:38:59

======Uninstall list======

-->C:\Program Files (x86)\DivX\DivXConverterUninstall.exe /CONVERTER
-->C:\Windows\CtDrvIns.exe -uninstall -script OA009.uns -unsext NTamd64 -plugin OA009Pin.dll -pluginres OA009Pin.crl -nodisconprompt -langid 0x0407
-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{88564CEF-20A5-4EF2-A05F-309F2EBA9B06}\setup.exe" -l0x7 
-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{BC12448A-0B41-4E11-B242-B1129512F5B7}\setup.exe" -l0x7 
Adobe AIR-->c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{A2BCA9F1-566C-4805-97D1-7FDC93386723}
Adobe Flash Player 10 ActiveX-->C:\Windows\SysWOW64\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\Windows\SysWOW64\Macromed\Flash\uninstall_plugin.exe
Adobe Photoshop 7.0-->C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files (x86)\Adobe\Photoshop 7.0\Uninst.isu" -c"C:\Program Files (x86)\Adobe\Photoshop 7.0\Uninst.dll"
Adobe Reader 9.2 - Deutsch-->MsiExec.exe /I{AC76BA86-7AD7-1031-7B44-A92000000001}
Adobe Shockwave Player 11.5-->"C:\Windows\system32\Adobe\Shockwave 11\uninstaller.exe"
Advanced Audio FX Engine-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{88564CEF-20A5-4EF2-A05F-309F2EBA9B06}\setup.exe" -l0x7  /remove
Apple Application Support-->MsiExec.exe /I{3FA365DF-2D68-45ED-8F83-8C8A33E65143}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Avira AntiVir Personal - Free Antivirus-->C:\Program Files (x86)\Avira\AntiVir Desktop\setup.exe /REMOVE
CCleaner-->"C:\Program Files (x86)\CCleaner\uninst.exe"
Choice Guard-->MsiExec.exe /I{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}
Citavi 2.5-->C:\Program Files (x86)\Citavi\Deinstallieren.exe
Compatibility Pack für 2007 Office System-->MsiExec.exe /X{90120000-0020-0407-0000-0000000FF1CE}
Dell Getting Started Guide-->MsiExec.exe /I{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}
Dell Support Center (Support Software)-->MsiExec.exe /X{E3BFEE55-39E2-4BE0-B966-89FE583822C1}
Dell Video Chat-->C:\Program Files (x86)\Dell Video Chat\uninst.exe
Dell Webcam Central-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{BC12448A-0B41-4E11-B242-B1129512F5B7}\setup.exe" -l0x7  /remove
Die Sims™ 3-->"C:\Program Files (x86)\InstallShield Installation Information\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}\setup.exe" -runfromtemp -l0x0007 -removeonly
DivX Codec-->C:\Program Files (x86)\DivX\DivXCodecUninstall.exe /CODEC
DivX Converter-->C:\Program Files (x86)\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player-->C:\Program Files (x86)\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Plus DirectShow Filters-->C:\Program Files (x86)\DivX\DivXDSFiltersUninstall.exe /DSFILTERS
DivX Plus Web Player-->C:\Program Files (x86)\DivX\DivXWebPlayerUninstall.exe /PLUGIN
EA Download Manager UI-->msiexec /qb /x {C4FFCD8D-3A06-E243-2747-2CE771A8B7D4}
EA Download Manager UI-->MsiExec.exe /I{C4FFCD8D-3A06-E243-2747-2CE771A8B7D4}
EA Download Manager-->C:\Program Files (x86)\Electronic Arts\EADM\EADMUninstall.exe
Free Studio version 4.2-->"C:\Program Files (x86)\DVDVideoSoft\Free Studio\unins000.exe"
Google Chrome-->"C:\Program Files (x86)\Google\Chrome\Application\4.0.249.89\Installer\setup.exe" --uninstall --system-level
Google Earth-->MsiExec.exe /X{2EAF7E61-068E-11DF-953C-005056806466}
Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
HijackThis 2.0.2-->"C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\Windows\SysWOW64\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall  /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->c:\Windows\SysWOW64\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {08155812-0202-4D5F-A7FF-12A2782DC548} /qb+ REBOOTPROMPT=""
HP Photosmart Essential-->MsiExec.exe /X{EB21A812-671B-4D08-B974-2A347F0D8F70}
HP Update-->MsiExec.exe /X{818ABC3C-635C-4651-8183-D0E9640B7DD1}
HPSSupply-->MsiExec.exe /X{EB75DE50-5754-4F6F-875D-126EDF8E4CB3}
ICQ6.5-->"C:\Program Files (x86)\InstallShield Installation Information\{60DE4033-9503-48D1-A483-7846BD217CA9}\setup.exe" -runfromtemp -l0x0009 -removeonly
Java(TM) 6 Update 17-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216013FF}
Junk Mail filter update-->MsiExec.exe /I{4AB8B41B-3AF1-46BE-99B0-0ACD3B300C0A}
Live! Cam Avatar Creator-->C:\Program Files (x86)\InstallShield Installation Information\{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}\setup.exe -runfromtemp -l0x0007 -removeonly /remove
Malwarebytes' Anti-Malware-->"C:\Program Files (x86)\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0015-0407-0000-0000000FF1CE} /uninstall {9BD40163-B95D-4B07-8991-0AB775B6D88B}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0016-0407-0000-0000000FF1CE} /uninstall {9BD40163-B95D-4B07-8991-0AB775B6D88B}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0016-0407-0000-0000000FF1CE} /uninstall {9BD40163-B95D-4B07-8991-0AB775B6D88B}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0018-0407-0000-0000000FF1CE} /uninstall {9BD40163-B95D-4B07-8991-0AB775B6D88B}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0018-0407-0000-0000000FF1CE} /uninstall {9BD40163-B95D-4B07-8991-0AB775B6D88B}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0019-0407-0000-0000000FF1CE} /uninstall {9BD40163-B95D-4B07-8991-0AB775B6D88B}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001A-0407-0000-0000000FF1CE} /uninstall {9BD40163-B95D-4B07-8991-0AB775B6D88B}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001B-0407-0000-0000000FF1CE} /uninstall {9BD40163-B95D-4B07-8991-0AB775B6D88B}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001B-0407-0000-0000000FF1CE} /uninstall {9BD40163-B95D-4B07-8991-0AB775B6D88B}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-002A-0000-1000-0000000FF1CE} /uninstall {E64BA721-2310-4B55-BE5A-2925F9706192}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-002A-0000-1000-0000000FF1CE} /uninstall {E64BA721-2310-4B55-BE5A-2925F9706192}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-002A-0407-1000-0000000FF1CE} /uninstall {26454C26-D259-4543-AA60-3189E09C5F76}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-002A-0407-1000-0000000FF1CE} /uninstall {26454C26-D259-4543-AA60-3189E09C5F76}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0044-0407-0000-0000000FF1CE} /uninstall {9BD40163-B95D-4B07-8991-0AB775B6D88B}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-006E-0407-0000-0000000FF1CE} /uninstall {26454C26-D259-4543-AA60-3189E09C5F76}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-006E-0407-0000-0000000FF1CE} /uninstall {26454C26-D259-4543-AA60-3189E09C5F76}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-00A1-0407-0000-0000000FF1CE} /uninstall {9BD40163-B95D-4B07-8991-0AB775B6D88B}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-00A1-0407-0000-0000000FF1CE} /uninstall {9BD40163-B95D-4B07-8991-0AB775B6D88B}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-00BA-0407-0000-0000000FF1CE} /uninstall {9BD40163-B95D-4B07-8991-0AB775B6D88B}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}
Microsoft Office Access MUI (German) 2007-->MsiExec.exe /X{90120000-0015-0407-0000-0000000FF1CE}
Microsoft Office Enterprise 2007-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL
Microsoft Office Enterprise 2007-->MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (German) 2007-->MsiExec.exe /X{90120000-0016-0407-0000-0000000FF1CE}
Microsoft Office Groove MUI (German) 2007-->MsiExec.exe /X{90120000-00BA-0407-0000-0000000FF1CE}
Microsoft Office Home and Student 2007-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall HOMESTUDENTR /dll OSETUP.DLL
Microsoft Office Home and Student 2007-->MsiExec.exe /X{91120000-002F-0000-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (German) 2007-->MsiExec.exe /X{90120000-0044-0407-0000-0000000FF1CE}
Microsoft Office OneNote MUI (German) 2007-->MsiExec.exe /X{90120000-00A1-0407-0000-0000000FF1CE}
Microsoft Office Outlook MUI (German) 2007-->MsiExec.exe /X{90120000-001A-0407-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (German) 2007-->MsiExec.exe /X{90120000-0018-0407-0000-0000000FF1CE}
Microsoft Office PowerPoint Viewer 2007 (German)-->MsiExec.exe /X{95120000-00AF-0407-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (German) 2007-->MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}
Microsoft Office Proof (Italian) 2007-->MsiExec.exe /X{90120000-001F-0410-0000-0000000FF1CE}
Microsoft Office Proofing (German) 2007-->MsiExec.exe /X{90120000-002C-0407-0000-0000000FF1CE}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0407-0000-0000000FF1CE} /uninstall {A0516415-ED61-419A-981D-93596DA74165}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0407-0000-0000000FF1CE} /uninstall {A0516415-ED61-419A-981D-93596DA74165}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {ABDDE972-355B-4AF1-89A8-DA50B7B5C045}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {ABDDE972-355B-4AF1-89A8-DA50B7B5C045}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {F580DDD5-8D37-4998-968E-EBB76BB86787}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {F580DDD5-8D37-4998-968E-EBB76BB86787}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0410-0000-0000000FF1CE} /uninstall {322296D4-1EAE-4030-9FBC-D2787EB25FA2}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0410-0000-0000000FF1CE} /uninstall {322296D4-1EAE-4030-9FBC-D2787EB25FA2}
Microsoft Office Publisher MUI (German) 2007-->MsiExec.exe /X{90120000-0019-0407-0000-0000000FF1CE}
Microsoft Office Shared MUI (German) 2007-->MsiExec.exe /X{90120000-006E-0407-0000-0000000FF1CE}
Microsoft Office Suite Activation Assistant-->MsiExec.exe /X{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}
Microsoft Office Word MUI (German) 2007-->MsiExec.exe /X{90120000-001B-0407-0000-0000000FF1CE}
Microsoft Search Enhancement Pack-->MsiExec.exe /X{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
Microsoft Sync Framework Runtime Native v1.0 (x86)-->MsiExec.exe /I{8A74E887-8F0F-4017-AF53-CBA42211AAA5}
Microsoft Sync Framework Services Native v1.0 (x86)-->MsiExec.exe /I{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148-->MsiExec.exe /X{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022-->MsiExec.exe /X{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Microsoft Works-->MsiExec.exe /I{39D0E034-1042-4905-BECB-5502909FCB7C}
Microsoft WSE 3.0 Runtime-->MsiExec.exe /X{E3E71D07-CD27-46CB-8448-16D4FB29AA13}
Mozilla Firefox (3.5.7)-->C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe
MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
NVIDIA GAME System Software 2.8.1-->MsiExec.exe /I{4F0C7CCF-5666-474B-B02E-AC514A95EC93}
Peggle Deluxe 1.01-->C:\Program Files (x86)\PopCap Games\Peggle Deluxe\PopUninstall.exe "C:\Program Files (x86)\PopCap Games\Peggle Deluxe\Install.log"
PokerStars-->"C:\Program Files (x86)\PokerStars\PokerStarsUninstall.exe" /u:PokerStars
PowerDVD DX-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -l0x7  -cluninstall
Prism Video Converter-->C:\Program Files (x86)\NCH Software\Prism\uninst.exe
ProtectDisc Driver, Version 11-->C:\Program Files (x86)\ProtectDisc Driver Installer\uninstall_v11.exe
QuickTime-->MsiExec.exe /I{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}
Roxio Creator Audio-->MsiExec.exe /I{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}
Roxio Creator Copy-->MsiExec.exe /I{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}
Roxio Creator Data-->MsiExec.exe /I{08E81ABD-79F7-49C2-881F-FD6CB0975693}
Roxio Creator DE-->C:\ProgramData\Uninstall\{09760D42-E223-42AD-8C3E-55B47D0DDAC3}\setup.exe /x {09760D42-E223-42AD-8C3E-55B47D0DDAC3}
Roxio Creator DE-->MsiExec.exe /I{ED439A64-F018-4DD4-8BA5-328D85AB09AB}
Roxio Creator Tools-->MsiExec.exe /I{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}
Roxio Express Labeler 3-->MsiExec.exe /I{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
Roxio Update Manager-->MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E}
ScummVM 0.13.0-->"C:\Program Files (x86)\ScummVM\unins000.exe"
Security Update for 2007 Microsoft Office System (KB969559)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {69F52148-9BF6-4CDC-BF76-103DEAF3DD08}
Security Update for 2007 Microsoft Office System (KB969559)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {69F52148-9BF6-4CDC-BF76-103DEAF3DD08}
Security Update for 2007 Microsoft Office System (KB973704)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {E626DC89-A787-4553-9BB3-DC2EC7E1593F}
Security Update for 2007 Microsoft Office System (KB973704)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {E626DC89-A787-4553-9BB3-DC2EC7E1593F}
Security Update for Microsoft Office Excel 2007 (KB973593)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {7D6255E3-3423-4D8B-A328-F6F8D28DD5FE}
Security Update for Microsoft Office Excel 2007 (KB973593)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {7D6255E3-3423-4D8B-A328-F6F8D28DD5FE}
Security Update for Microsoft Office Outlook 2007 (KB972363)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {120BE9A0-9B09-4855-9E0C-7DEE45CB03C0}
Security Update for Microsoft Office PowerPoint 2007 (KB957789)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {7559E742-FF9F-4FAE-B279-008ED296CB4D}
Security Update for Microsoft Office PowerPoint 2007 (KB957789)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {7559E742-FF9F-4FAE-B279-008ED296CB4D}
Security Update for Microsoft Office Publisher 2007 (KB969693)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {7BE67088-1EB3-4569-8E75-DDAFBF61BC4E}
Security Update for Microsoft Office system 2007 (972581)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {3D019598-7B59-447A-80AE-815B703B84FF}
Security Update for Microsoft Office system 2007 (972581)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {3D019598-7B59-447A-80AE-815B703B84FF}
Security Update for Microsoft Office system 2007 (KB969613)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {5ECEB317-CBE9-4E08-AB10-756CB6F0FB6C}
Security Update for Microsoft Office system 2007 (KB969613)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {5ECEB317-CBE9-4E08-AB10-756CB6F0FB6C}
Security Update for Microsoft Office system 2007 (KB974234)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {FCD742B9-7A55-44BC-A776-F795F21FEDDC}
Security Update for Microsoft Office system 2007 (KB974234)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {FCD742B9-7A55-44BC-A776-F795F21FEDDC}
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {71127777-8B2C-4F97-AF7A-6CF8CAC8224D}
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {71127777-8B2C-4F97-AF7A-6CF8CAC8224D}
Skype web features-->MsiExec.exe /I{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}
Skype™ 4.1-->MsiExec.exe /X{D103C4BA-F905-437A-8049-DB24763BBE36}
SlimDX Redistributable (March 2009)-->MsiExec.exe /X{D5395E5F-4D45-4665-8F00-234FA33678AF}
SPORE™-->"C:\Program Files (x86)\InstallShield Installation Information\{9DF0196F-B6B8-4C3A-8790-DE42AA530101}\SPORESetup.exe" -runfromtemp -l0x0007 -removeonly
TSR Workshop-->MsiExec.exe /I{69656F80-EC05-4FF4-915C-AE417CAB7226}
Uninstall 1.0.0.1-->"C:\Program Files (x86)\Common Files\DVDVideoSoft\unins000.exe"
Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D}
Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D}
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->c:\Windows\SysWOW64\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
Update for Microsoft Office InfoPath 2007 (KB976416)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {432C5EE4-8096-4FF1-95E1-65219365DFF7}
Update for Microsoft Office InfoPath 2007 (KB976416)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {432C5EE4-8096-4FF1-95E1-65219365DFF7}
Update for Microsoft Office Word 2007 (KB974561)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {0CDDBAA2-2111-4A0E-A1B0-76C40C635331}
Update for Microsoft Office Word 2007 (KB974561)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {0CDDBAA2-2111-4A0E-A1B0-76C40C635331}
Update for Outlook 2007 Junk Email Filter (kb977719)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {C0C92202-5215-4EFA-B0B9-B3A0DEABCDF1}
Update für Microsoft Office Excel 2007 Help (KB963678)-->msiexec /package {90120000-0016-0407-0000-0000000FF1CE} /uninstall {BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}
Update für Microsoft Office Excel 2007 Help (KB963678)-->msiexec /package {90120000-0016-0407-0000-0000000FF1CE} /uninstall {BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}
Update für Microsoft Office Outlook 2007 Help (KB963677)-->msiexec /package {90120000-001A-0407-0000-0000000FF1CE} /uninstall {F6828576-6F79-470D-AB50-69D1BBADBD30}
Update für Microsoft Office Powerpoint 2007 Help (KB963669)-->msiexec /package {90120000-0018-0407-0000-0000000FF1CE} /uninstall {EA160DA3-E9B5-4D03-A518-21D306665B96}
Update für Microsoft Office Powerpoint 2007 Help (KB963669)-->msiexec /package {90120000-0018-0407-0000-0000000FF1CE} /uninstall {EA160DA3-E9B5-4D03-A518-21D306665B96}
Update für Microsoft Office Word 2007 Help (KB963665)-->msiexec /package {90120000-001B-0407-0000-0000000FF1CE} /uninstall {38472199-D7B6-4833-A949-10E4EE6365A1}
Update für Microsoft Office Word 2007 Help (KB963665)-->msiexec /package {90120000-001B-0407-0000-0000000FF1CE} /uninstall {38472199-D7B6-4833-A949-10E4EE6365A1}
VC80CRTRedist - 8.0.50727.4053-->MsiExec.exe /I{5EE7D259-D137-4438-9A5F-42F432EC0421}
Warner Bros. Digital Copy Manager-->msiexec /qb /x {0E6EC2D7-5C9B-28B7-C848-171EDACB9625}
Warner Bros. Digital Copy Manager-->MsiExec.exe /I{0E6EC2D7-5C9B-28B7-C848-171EDACB9625}
Winamp-->"C:\Program Files (x86)\Winamp\UninstWA.exe"
Windows Live Anmelde-Assistent-->MsiExec.exe /I{83E2CFA9-E0EB-4E08-9F85-43E577FF3D60}
Windows Live Call-->MsiExec.exe /I{835686C5-8650-49EB-8CA0-4528B4035495}
Windows Live Communications Platform-->MsiExec.exe /I{F69E83CF-B440-43F8-89E6-6EA80712109B}
Windows Live Essentials-->C:\Program Files (x86)\Windows Live\Installer\wlarp.exe
Windows Live Essentials-->MsiExec.exe /I{DF5F687F-8018-4542-9F98-7084E9022917}
Windows Live Fotogalerie-->MsiExec.exe /X{6B96DADA-1A27-4A04-8CB2-CC45168D05FA}
Windows Live Mail-->MsiExec.exe /I{5A166C0B-9557-4364-A057-F946D674E6AC}
Windows Live Messenger-->MsiExec.exe /X{837B6259-6FF5-4E66-87C1-A5A15ED36FF4}
Windows Live Sync-->MsiExec.exe /X{8C1E2925-14F8-45AA-B999-1E2A74BF5607}
Windows Live Toolbar-->MsiExec.exe /X{566BAEC0-74CB-4ACC-9E18-8779AC974FB0}
Windows Live Writer-->MsiExec.exe /X{81821BF8-DA20-4F8C-AA87-F70A274828D4}
Windows Live-Uploadtool-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
Zylom Games Player Plugin-->"C:\Program Files (x86)\Zylom Games\UninstallPlugin.exe" --uninstall

======Security center information======

AS: Windows Defender

======System event log======

Computer Name: ****************
Event Code: 10029
Message: DCOM hat den Dienst BITS mit den Argumenten "" gestartet, um den Server auszuführen:
{4991D34B-80A1-4291-83B6-3328366B9097}
Record Number: 52673
Source Name: Microsoft-Windows-DistributedCOM
Time Written: 20091013155518.000000-000
Event Type: Informationen
User: 

Computer Name: ****************
Event Code: 7036
Message: Dienst "Google Update Service (gupdate)" befindet sich jetzt im Status "Beendet".
Record Number: 52672
Source Name: Service Control Manager
Time Written: 20091013155506.000000-000
Event Type: Informationen
User: 

Computer Name: ****************
Event Code: 7036
Message: Dienst "Windows Search" befindet sich jetzt im Status "Ausgeführt".
Record Number: 52671
Source Name: Service Control Manager
Time Written: 20091013155506.000000-000
Event Type: Informationen
User: 

Computer Name: ****************
Event Code: 7036
Message: Dienst "Avira AntiVir Guard" befindet sich jetzt im Status "Ausgeführt".
Record Number: 52670
Source Name: Service Control Manager
Time Written: 20091013155506.000000-000
Event Type: Informationen
User: 

Computer Name: ****************
Event Code: 7036
Message: Dienst "IPsec-Richtlinien-Agent" befindet sich jetzt im Status "Ausgeführt".
Record Number: 52669
Source Name: Service Control Manager
Time Written: 20091013155506.000000-000
Event Type: Informationen
User: 

=====Application event log=====

Computer Name: ****************
Event Code: 0
Message: Consent #2 Handled
Record Number: 587
Source Name: DellStart
Time Written: 20090721103705.000000-000
Event Type: Informationen
User: 

Computer Name: ****************
Event Code: 0
Message: Provider ID: DellSupportCenter
Record Number: 586
Source Name: DellStart
Time Written: 20090721103705.000000-000
Event Type: Informationen
User: 

Computer Name: ****************
Event Code: 0
Message: Administrator verified
Record Number: 585
Source Name: DellStart
Time Written: 20090721103705.000000-000
Event Type: Informationen
User: 

Computer Name: ****************
Event Code: 5000
Message: 
Record Number: 584
Source Name: McLogEvent
Time Written: 20090721103330.000000-000
Event Type: Informationen
User: NT-AUTORITÄT\SYSTEM

Computer Name: ****************
Event Code: 1
Message: Der Windows-Sicherheitscenterdienst wurde gestartet.
Record Number: 583
Source Name: SecurityCenter
Time Written: 20090721103234.000000-000
Event Type: Informationen
User: 

=====Security event log=====

Computer Name: ****************
Event Code: 4648
Message: Anmeldeversuch mit expliziten Anmeldeinformationen.

Antragsteller:
	Sicherheits-ID:		S-1-5-18
	Kontoname:		D5S8TVJ1$
	Kontodomäne:		WORKGROUP
	Anmelde-ID:		0x3e7
	Anmelde-GUID:		{00000000-0000-0000-0000-000000000000}

Konto, dessen Anmeldeinformationen verwendet wurden:
	Kontoname:		SYSTEM
	Kontodomäne:		NT-AUTORITÄT
	Anmelde-GUID:		{00000000-0000-0000-0000-000000000000}

Zielserver:
	Zielservername:	localhost
	Weitere Informationen:	localhost

Prozessinformationen:
	Prozess-ID:		0x254
	Prozessname:		C:\Windows\System32\services.exe

Netzwerkinformationen:
	Netzwerkadresse:	-
	Port:			-

Dieses Ereignis wird bei einem Anmeldeversuch durch einen Prozess generiert, wenn ausdrücklich die Anmeldeinformationen des Kontos angegeben werden.  Dies ist normalerweise der Fall in Batch-Konfigurationen, z. B. bei geplanten Aufgaben oder wenn der Befehl "runas" verwendet wird.
Record Number: 1107
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090721105222.006958-000
Event Type: Überwachung erfolgreich
User: 

Computer Name: ****************
Event Code: 4672
Message: Einer neuen Anmeldung wurden besondere Rechte zugewiesen.

Antragsteller:
	Sicherheits-ID:		S-1-5-18
	Kontoname:		SYSTEM
	Kontodomäne:		NT-AUTORITÄT
	Anmelde-ID:		0x3e7

Berechtigungen:		SeAssignPrimaryTokenPrivilege
			SeTcbPrivilege
			SeSecurityPrivilege
			SeTakeOwnershipPrivilege
			SeLoadDriverPrivilege
			SeBackupPrivilege
			SeRestorePrivilege
			SeDebugPrivilege
			SeAuditPrivilege
			SeSystemEnvironmentPrivilege
			SeImpersonatePrivilege
Record Number: 1106
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090721105221.804158-000
Event Type: Überwachung erfolgreich
User: 

Computer Name: ****************
Event Code: 4624
Message: Ein Konto wurde erfolgreich angemeldet.

Antragsteller:
	Sicherheits-ID:		S-1-5-18
	Kontoname:		D5S8TVJ1$
	Kontodomäne:		WORKGROUP
	Anmelde-ID:		0x3e7

Anmeldetyp:			5

Neue Anmeldung:
	Sicherheits-ID:		S-1-5-18
	Kontoname:		SYSTEM
	Kontodomäne:		NT-AUTORITÄT
	Anmelde-ID:		0x3e7
	Anmelde-GUID:		{00000000-0000-0000-0000-000000000000}

Prozessinformationen:
	Prozess-ID:		0x254
	Prozessname:		C:\Windows\System32\services.exe

Netzwerkinformationen:
	Arbeitsstationsname:	
	Quellnetzwerkadresse:	-
	Quellport:		-

Detaillierte Authentifizierungsinformationen:
	Anmeldeprozess:		Advapi  
	Authentifizierungspaket:	Negotiate
	Übertragene Dienste:	-
	Paketname (nur NTLM):	-
	Schlüssellänge:		0

Dieses Ereignis wird beim Erstellen einer Anmeldesitzung generiert. Es wird auf dem Computer generiert, auf den zugegriffen wurde.

Die Antragstellerfelder geben das Konto auf dem lokalen System an, von dem die Anmeldung angefordert wurde. Dies ist meistens ein Dienst wie der Serverdienst oder ein lokaler Prozess wie "Winlogon.exe" oder "Services.exe".

Das Anmeldetypfeld gibt den jeweiligen Anmeldetyp an. Die häufigsten Typen sind 2 (interaktiv) und 3 (Netzwerk).

Die Felder für die neue Anmeldung geben das Konto an, für das die Anmeldung erstellt wurde, d. h. das angemeldete Konto.

Die Netzwerkfelder geben die Quelle einer Remoteanmeldeanforderung an. der Arbeitsstationsname ist nicht immer verfügbar und kann in manchen Fällen leer bleiben.

Die Felder für die Authentifizierungsinformationen enthalten detaillierte Informationen zu dieser speziellen Anmeldeanforderung.
	 - Die Anmelde-GUID ist ein eindeutiger Bezeichner, der verwendet werden kann, um dieses Ereignis mit einem KDC-Ereignis zu korrelieren.
	- Die übertragenen Dienste geben an, welche Zwischendienste an der Anmeldeanforderung beteiligt waren.
	- Der Paketname gibt das in den NTLM-Protokollen verwendete Unterprotokoll an.
	- Die Schlüssellänge gibt die Länge des generierten Sitzungsschlüssels an. Wenn kein Sitzungsschlüssel angefordert wurde, ist dieser Wert 0.
Record Number: 1105
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090721105221.804158-000
Event Type: Überwachung erfolgreich
User: 

Computer Name: ****************
Event Code: 4648
Message: Anmeldeversuch mit expliziten Anmeldeinformationen.

Antragsteller:
	Sicherheits-ID:		S-1-5-18
	Kontoname:		D5S8TVJ1$
	Kontodomäne:		WORKGROUP
	Anmelde-ID:		0x3e7
	Anmelde-GUID:		{00000000-0000-0000-0000-000000000000}

Konto, dessen Anmeldeinformationen verwendet wurden:
	Kontoname:		SYSTEM
	Kontodomäne:		NT-AUTORITÄT
	Anmelde-GUID:		{00000000-0000-0000-0000-000000000000}

Zielserver:
	Zielservername:	localhost
	Weitere Informationen:	localhost

Prozessinformationen:
	Prozess-ID:		0x254
	Prozessname:		C:\Windows\System32\services.exe

Netzwerkinformationen:
	Netzwerkadresse:	-
	Port:			-

Dieses Ereignis wird bei einem Anmeldeversuch durch einen Prozess generiert, wenn ausdrücklich die Anmeldeinformationen des Kontos angegeben werden.  Dies ist normalerweise der Fall in Batch-Konfigurationen, z. B. bei geplanten Aufgaben oder wenn der Befehl "runas" verwendet wird.
Record Number: 1104
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090721105221.804158-000
Event Type: Überwachung erfolgreich
User: 

Computer Name: ***************
Event Code: 1102
Message: Das Überwachungsprotokoll wurde gelöscht.
Subjekt:
	Sicherheits- ID:	******************
	Kontoname:	**************
	Domänenname:	***********
	Logon-ID:	**************
Record Number: 1103
Source Name: Microsoft-Windows-Eventlog
Time Written: 20090721103204.325758-000
Event Type: Überwachung erfolgreich
User: 

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files (x86)\Common Files\Roxio Shared\DLLShared\;C:\Program Files (x86)\Common Files\Roxio Shared\10.0\DLLShared\;C:\Program Files (x86)\Common Files\DivX Shared\;C:\Program Files (x86)\QuickTime\QTSystem\
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=AMD64
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=Intel64 Family 6 Model 23 Stepping 10, GenuineIntel
"PROCESSOR_REVISION"=170a
"NUMBER_OF_PROCESSORS"=2
"TRACE_FORMAT_SEARCH_PATH"=\\NTREL202.ntdev.corp.microsoft.com\34FB5F65-FFEB-4B61-BF0E-A6A76C450FAA\TraceFormat
"DFSTRACINGON"=FALSE
"RoxioCentral"=C:\Program Files (x86)\Common Files\Roxio Shared\10.0\Roxio Central36\
"CLASSPATH"=.;C:\Program Files (x86)\Java\jre6\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files (x86)\Java\jre6\lib\ext\QTJava.zip

-----------------EOF-----------------
         
Diese beiden Logfiles (eine davon im vorherigen Post)haben sich nach dem scan geöffnet. Was soll ich jetzt nochmal bei Avira machen?

Alt 12.02.2010, 19:51   #12
Kiyoshi
 
TR/Agent.AN.1033 Malware gefunden, Antivir springt an - Frage

TR/Agent.AN.1033 Malware gefunden, Antivir springt an



Werde gleich nach dem Log schauen.
Scanne nun mit Avira, falls schon konfiguriert wie in der Anleitung. Poste dann das Ergebnis komplett hier hinein

Alt 12.02.2010, 20:09   #13
Kiyoshi
 
TR/Agent.AN.1033 Malware gefunden, Antivir springt an - Standard

TR/Agent.AN.1033 Malware gefunden, Antivir springt an



Hey,
bitte tu noch folgendes:
Öffne HiJackThis, scanne und fixe folgendes:

Code:
ATTFilter
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
         
Code:
ATTFilter
R3 - URLSearchHook: (no name) - - (no file)
         
Falls etwas nach dem fixen nicht mehr funktioniert, kannst du die gefixten Einträge wiederherstellen- hierzu muss jedoch HJT in einem separaten Ordner laufen.(Bsp C:\HJT\ )

Hast du Avira wie hier ( http://www.trojaner-board.de/54192-anleitung-avira-antivir-agressive-einstellungen.html ) eingestellt ? Dann scanne folgendermaßen: Öffne Avira, updaten, lokaler Schutz und dann auf lokale Laufwerke. Vista und Win 7 User bitte rechtsklick auf lokale Laufwerk und als admin ausführen

Alt 12.02.2010, 20:32   #14
pe__ka
 
TR/Agent.AN.1033 Malware gefunden, Antivir springt an - Standard

TR/Agent.AN.1033 Malware gefunden, Antivir springt an



Ich habe die Einstellungen bei Avira vorgenommen, dann aber auf normalen Scan gedrückt, ohne Update usw. Werde es aber wie beschrieben gleich noch durchführen.
Zitat:
Zitat von Kiyoshi Beitrag anzeigen
scanne und fixe folgendes:

Code:
ATTFilter
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
         
Code:
ATTFilter
R3 - URLSearchHook: (no name) - - (no file)
         
Falls etwas nach dem fixen nicht mehr funktioniert, kannst du die gefixten Einträge wiederherstellen- hierzu muss jedoch HJT in einem separaten Ordner laufen.(Bsp C:\HJT\ )
Keine Ahnung wie das gemacht wird. Kannst du das genauer beschreiben? Und was bewirkt das? Bin leicht verunsichert...
Danke!

Alt 12.02.2010, 20:53   #15
Kiyoshi
 
TR/Agent.AN.1033 Malware gefunden, Antivir springt an - Standard

TR/Agent.AN.1033 Malware gefunden, Antivir springt an



mach erstmal den Avira - Scan wenn du den hast kümmern wir um uns um den rest

Geändert von Kiyoshi (12.02.2010 um 20:59 Uhr) Grund: Deutsche Sprache, schwere Sprache ;)

Antwort

Themen zu TR/Agent.AN.1033 Malware gefunden, Antivir springt an
adobe, antivir, antivir guard, avg, avira, bho, browser, central, defender, desktop, explorer, gupdate, hijackthis, icq, internet, internet explorer, local\temp, logfile, lsass.exe, malware, malware gefunden, microsoft, rundll, senden, software, syswow64, temp, vista, windows, wmp



Ähnliche Themen: TR/Agent.AN.1033 Malware gefunden, Antivir springt an


  1. TR/Agent.379392.F, TR/Drop.Agent.dil, TR/Crypt.ZPACK.Gen2 bei AntiVir gefunden
    Plagegeister aller Art und deren Bekämpfung - 25.12.2011 (43)
  2. AntiVir hat Malware gefunden; HEUR/HTML.Malware
    Plagegeister aller Art und deren Bekämpfung - 17.12.2011 (3)
  3. Spy.Agent.zcb u. Dropper.Gen bei AntiVir gefunden
    Plagegeister aller Art und deren Bekämpfung - 15.02.2011 (25)
  4. Antivir hat Malware Programm EXP/Pidief.LY gefunden
    Plagegeister aller Art und deren Bekämpfung - 08.09.2010 (6)
  5. HEUR/HTML.Malware von Avira AntiVir gefunden
    Plagegeister aller Art und deren Bekämpfung - 08.05.2010 (1)
  6. Antivir 10 hat TR/agent.ruo gefunden, OSAM log erstellt
    Plagegeister aller Art und deren Bekämpfung - 11.04.2010 (8)
  7. RKIT/Agent.ahc in C:\...\A0142523.sys von Antivir gefunden
    Plagegeister aller Art und deren Bekämpfung - 15.08.2009 (7)
  8. HILFE! Antivir meldet Malware RKIT/Agent.ahc
    Log-Analyse und Auswertung - 13.08.2009 (1)
  9. Tr/Dldr.Agent.bjuv von Antivir gefunden
    Plagegeister aller Art und deren Bekämpfung - 16.03.2009 (1)
  10. Antivir hat Trojaner TR/Agent.btxi gefunden
    Log-Analyse und Auswertung - 14.03.2009 (28)
  11. TR/Agent.3228896.A von Antivir gefunden
    Log-Analyse und Auswertung - 30.01.2009 (2)
  12. Antivir hat TR.Agent.126976.F gefunden
    Plagegeister aller Art und deren Bekämpfung - 22.01.2009 (2)
  13. Antivir hat Malware gefunden - Explorer.exe weg!!!
    Log-Analyse und Auswertung - 27.07.2008 (2)
  14. Antivir hat Malware BDS/Agent.ZNC Gefunden
    Plagegeister aller Art und deren Bekämpfung - 17.07.2008 (2)
  15. AntiVir springt bei öffnen des IE an
    Log-Analyse und Auswertung - 27.09.2007 (7)
  16. TR/Agent.amp von ANtivir gefunden was nun?
    Log-Analyse und Auswertung - 25.07.2007 (3)
  17. Antivir hat TR/proxy.agent.LY.13 gefunden, was tun???
    Plagegeister aller Art und deren Bekämpfung - 24.02.2007 (11)

Zum Thema TR/Agent.AN.1033 Malware gefunden, Antivir springt an - Hallo, mein Antivir springt ständig an und meldet Malware. Auch der Windows Defender hat einmal reagiert. Habe den CCleaner benutzt und einen Hijack-Scan gemacht. Hier die logfile: Code: Alles auswählen - TR/Agent.AN.1033 Malware gefunden, Antivir springt an...
Archiv
Du betrachtest: TR/Agent.AN.1033 Malware gefunden, Antivir springt an auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.