TR/Obfuscated.29996C

#16 das sieht doch schon mal nach was aus.

öffne den arbeitsplatz, öffne c:
dort ist ein ordner avenger.
den packen, mit winrar oder winzip, sollte über rechtsklick klappen
www.file-upload.net
dort das archiv hochladen, link an mich als private nachicht.

#17 hatt geklappt.
lösche combofix.exe
bitte rufe das combofix tutorial erneut auf, rechtsklick auf einen der download links, ziehl speichern unter.
bei namen
lösche
combofix.exe
schreibe
3456.com
speichern und erneut ausführen, log posten

#18 Wieder diesselbe Zeile nach dem Anfang, auch im abgesicherten Modus..

Nachdem ich PC im abgesicherten Modus und danach wieder normal gestartet habe, sind folgende Fehlermeldungen erschienen (siehe Anhang)

#19 Fehlermeldung nach dem Normalstart

#20 download malwarebytes:
http://www.malwarebytes.org/
instalieren, öffnen, registerkarte aktualisierung, programm updaten.
schalte alle laufenden programme ab, trenne die internetverbindung.
registerkarte scanner, komplett scan, funde entfernen, log posten.

#21 bei diesen ganzen PUP.Dealio dateien waren nach dem scan automatisch keine häckchen dran, also hab ich es so gelassen und auf entfernen geklickt. war das richtig? oder muss man sie auch entfernen?

Code

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 5854

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.11

2011.02.23 23:02:34
mbam-log-2011-02-23 (23-02-34).txt

Art des Suchlaufs: Vollständiger Suchlauf (A:\|C:\|D:\|)
Durchsuchte Objekte: 282463
Laufzeit: 1 Stunde(n), 15 Minute(n), 37 Sekunde(n)

Infizierte Speicherprozesse: 3
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 23
Infizierte Registrierungswerte: 18
Infizierte Dateiobjekte der Registrierung: 7
Infizierte Verzeichnisse: 19
Infizierte Dateien: 96

Infizierte Speicherprozesse:
c:\documents and settings\vartotojas\application data\x3shn1oupjkoo1asvrnbhrnxkvk2c2nq2\svcnost.exe (Spyware.Passwords.XGen) -> 1988 -> Unloaded process successfully.
c:\program files\application updater\applicationupdater.exe (PUP.Dealio) -> 2080 -> Not selected for removal.
c:\program files\common files\Spigot\search settings\searchsettings.exe (PUP.Dealio) -> 1924 -> Not selected for removal.

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Application Updater (PUP.Dealio) -> Not selected for removal.
HKEY_CLASSES_ROOT\CLSID\{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} (PUP.Dealio) -> Not selected for removal.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} (PUP.Dealio) -> Not selected for removal.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} (PUP.Dealio) -> Not selected for removal.
HKEY_CLASSES_ROOT\CLSID\{147A976F-EEE1-4377-8EA7-4716E4CDD239} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{D518921A-4A03-425E-9873-B9A71756821E} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{CF54BE1C-9359-4395-8533-1657CF209CFE} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF1-072E-44CF-8957-5838F569A31D} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA1-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{E312764E-7706-43F1-8DAB-FCDD2B1E416D} (PUP.Dealio) -> Not selected for removal.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59C7FC09-1C83-4648-B3E6-003D2BBC7481} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68AF847F-6E91-45dd-9B68-D6A12C30E5D7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170B96C-28D4-4626-8358-27E6CAEEF907} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D1A71FA0-FF48-48dd-9B6D-7A13A3E42127} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DDB1968E-EAD6-40fd-8DAE-FF14757F60C7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F138D901-86F0-4383-99B6-9CDD406036DA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Dealio (PUP.Dealio) -> Not selected for removal.
HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mssend (Spyware.Passwords.XGen) -> Value: mssend -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\PROGRAM FILES\APPLICATION UPDATER\APPLICATIONUPDATER.EXE (PUP.Dealio) -> Value: APPLICATIONUPDATER.EXE -> Not selected for removal.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} (PUP.Dealio) -> Value: {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} -> Not selected for removal.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} (PUP.Dealio) -> Value: {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} -> Not selected for removal.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} (PUP.Dealio) -> Value: {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} -> Not selected for removal.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} (PUP.Dealio) -> Value: {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} -> Not selected for removal.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\PROGRAM FILES\COMMON FILES\SPIGOT\WTXPCOM\COMPONENTS\WIDGITOOLBARFF.DLL (Adware.WidgiToolbar) -> Value: WIDGITOOLBARFF.DLL -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\DEALIO@MYBROWSERBAR.COM (PUP.Dealio) -> Value: DEALIO@MYBROWSERBAR.COM -> Not selected for removal.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\braviax (Trojan.Downloader) -> Value: braviax -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\setiasworld (Malware.Trace) -> Value: setiasworld -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\bk (Malware.Trace) -> Value: bk -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Regedit32 (Trojan.Agent) -> Value: Regedit32 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\braviax (Trojan.Downloader) -> Value: braviax -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\SearchSettings (PUP.Dealio) -> Value: SearchSettings -> Not selected for removal.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\PROGRAM FILES\COMMON FILES\SPIGOT\SEARCH SETTINGS\SEARCHSETTINGS.EXE (PUP.Dealio) -> Value: SEARCHSETTINGS.EXE -> Not selected for removal.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\PROGRAM FILES\DEALIO TOOLBAR\FF\CHROME.MANIFEST (PUP.Dealio) -> Value: CHROME.MANIFEST -> Not selected for removal.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\PROGRAM FILES\DEALIO TOOLBAR\FF\INSTALL.RDF (PUP.Dealio) -> Value: INSTALL.RDF -> Not selected for removal.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\PROGRAM FILES\DEALIO TOOLBAR\FF\CHROME\LOCALE\EN-US\WIDGITOOLBARPLUGIN.PROPERTIES (PUP.Dealio) -> Value: WIDGITOOLBARPLUGIN.PROPERTIES -> Not selected for removal.

Infizierte Dateiobjekte der Registrierung:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Hijack.Shell) -> Bad: (explorer.exe "C:\Documents and Settings\Vartotojas\Application Data\ock2jnpys2jgd2ntqdvlbqapln3jmlv2\csrss.exe") Good: (Explorer.exe) -> Quarantined and deleted successfully.

Infizierte Verzeichnisse:
c:\program files\funwebproducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\funwebproducts\screensaver (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\funwebproducts\screensaver\Images (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\Settings (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\dealio toolbar (PUP.Dealio) -> Not selected for removal.
c:\program files\dealio toolbar\FF (PUP.Dealio) -> Not selected for removal.
c:\program files\dealio toolbar\FF\chrome (PUP.Dealio) -> Not selected for removal.
c:\program files\dealio toolbar\FF\chrome\content (PUP.Dealio) -> Not selected for removal.
c:\program files\dealio toolbar\FF\chrome\locale (PUP.Dealio) -> Not selected for removal.
c:\program files\dealio toolbar\FF\chrome\locale\EN-US (PUP.Dealio) -> Not selected for removal.
c:\program files\dealio toolbar\FF\chrome\skin (PUP.Dealio) -> Not selected for removal.
c:\program files\dealio toolbar\IE (PUP.Dealio) -> Not selected for removal.
c:\program files\dealio toolbar\IE\4.1 (PUP.Dealio) -> Not selected for removal.
c:\program files\dealio toolbar\Res (PUP.Dealio) -> Not selected for removal.
c:\documents and settings\vartotojas\application data\Dealio (PUP.Dealio) -> Not selected for removal.
c:\documents and settings\vartotojas\application data\Dealio\res (PUP.Dealio) -> Not selected for removal.
c:\documents and settings\vartotojas\application data\Dealio\temp (PUP.Dealio) -> Not selected for removal.

Infizierte Dateien:
c:\documents and settings\vartotojas\application data\x3shn1oupjkoo1asvrnbhrnxkvk2c2nq2\svcnost.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
c:\program files\application updater\applicationupdater.exe (PUP.Dealio) -> Not selected for removal.
c:\program files\dealio toolbar\IE\4.1\dealiotoolbarie.dll (PUP.Dealio) -> Not selected for removal.
c:\3456.com\catchme.cfxxe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\vartotojas\application data\xc3k23kzl3wat3nqtmi1cangqqnmqh2a2\svcnost.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
c:\program files\klausimanija\klausimanija.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\program files\Fonts\hlbl___(2).exe (Spyware.Passwords) -> Quarantined and deleted successfully.
c:\program files\Fonts\hlbl___.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
c:\program files\Fonts\hlbl___(2)\hlbl___.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
c:\program files\common files\Spigot\wtxpcom\components\widgitoolbarff.dll (Adware.WidgiToolbar) -> Quarantined and deleted successfully.
c:\program files\dealio toolbar\widgihelper.exe (PUP.Dealio) -> Not selected for removal.
c:\system volume information\_restore{9ec48f2a-1efc-4ff2-82c1-6a9231e29772}\RP302\A0057822.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
c:\system volume information\_restore{9ec48f2a-1efc-4ff2-82c1-6a9231e29772}\RP302\A0057823.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
c:\system volume information\_restore{9ec48f2a-1efc-4ff2-82c1-6a9231e29772}\RP302\A0057824.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
c:\system volume information\_restore{9ec48f2a-1efc-4ff2-82c1-6a9231e29772}\RP302\A0057825.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
c:\system volume information\_restore{9ec48f2a-1efc-4ff2-82c1-6a9231e29772}\RP302\A0057828.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\system volume information\_restore{9ec48f2a-1efc-4ff2-82c1-6a9231e29772}\RP302\A0057838.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\program files\mozilla firefox\extensions\dealio@mybrowserbar.com (PUP.Dealio) -> Not selected for removal.
c:\documents and settings\vartotojas\application data\avdrn.dat (Malware.Trace) -> Quarantined and deleted successfully.
c:\documents and settings\vartotojas\application data\wiaserva.log (Malware.Trace) -> Quarantined and deleted successfully.
c:\documents and settings\vartotojas\oashdihasidhasuidhiasdhiashdiuasdhasd (Malware.Trace) -> Quarantined and deleted successfully.
c:\program files\common files\Spigot\search settings\searchsettings.exe (PUP.Dealio) -> Not selected for removal.
c:\program files\mywebsearch\bar\Settings\s_pid.dat (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\dealio toolbar\FF\chrome.manifest (PUP.Dealio) -> Not selected for removal.
c:\program files\dealio toolbar\FF\install.rdf (PUP.Dealio) -> Not selected for removal.
c:\program files\dealio toolbar\FF\chrome\content\chevron.js (PUP.Dealio) -> Not selected for removal.
c:\program files\dealio toolbar\FF\chrome\content\chevron.xul (PUP.Dealio) -> Not selected for removal.
c:\program files\dealio toolbar\FF\chrome\content\login.js (PUP.Dealio) -> Not selected for removal.
c:\program files\dealio toolbar\FF\chrome\content\login.xul (PUP.Dealio) -> Not selected for removal.
c:\program files\dealio toolbar\FF\chrome\content\parser.js (PUP.Dealio) -> Not selected for removal.
c:\program files\dealio toolbar\FF\chrome\content\rsstickerwidget.js (PUP.Dealio) -> Not selected for removal.
c:\program files\dealio toolbar\FF\chrome\content\searchbox.js (PUP.Dealio) -> Not selected for removal.
c:\program files\dealio toolbar\FF\chrome\content\searchbox.xul (PUP.Dealio) -> Not selected for removal.
c:\program files\dealio toolbar\FF\chrome\content\utils.js (PUP.Dealio) -> Not selected for removal.
c:\program files\dealio toolbar\FF\chrome\content\widgichevron.js (PUP.Dealio) -> Not selected for removal.
c:\program files\dealio toolbar\FF\chrome\content\widgicomm.js (PUP.Dealio) -> Not selected for removal.
c:\program files\dealio toolbar\FF\chrome\content\widgihandling.js (PUP.Dealio) -> Not selected for removal.
c:\program files\dealio toolbar\FF\chrome\content\widgilisteners.js (PUP.Dealio) -> Not selected for removal.
c:\program files\dealio toolbar\FF\chrome\content\widgitoolbarplugin.js (PUP.Dealio) -> Not selected for removal.
c:\program files\dealio toolbar\FF\chrome\content\widgitoolbarplugin.xul (PUP.Dealio) -> Not selected for removal.
c:\program files\dealio toolbar\FF\chrome\content\widgiui.js (PUP.Dealio) -> Not selected for removal.
c:\program files\dealio toolbar\FF\chrome\locale\EN-US\searchbox.dtd (PUP.Dealio) -> Not selected for removal.
c:\program files\dealio toolbar\FF\chrome\locale\EN-US\widgitoolbarplugin.dtd (PUP.Dealio) -> Not selected for removal.
c:\program files\dealio toolbar\FF\chrome\locale\EN-US\widgitoolbarplugin.properties (PUP.Dealio) -> Not selected for removal.
c:\program files\dealio toolbar\FF\chrome\locale\EN-US\yahoo-search.gif (PUP.Dealio) -> Not selected for removal.
c:\program files\dealio toolbar\FF\chrome\skin\amazon.gif (PUP.Dealio) -> Not selected for removal.
c:\program files\dealio toolbar\FF\chrome\skin\apple.gif (PUP.Dealio) -> Not selected for removal.
c:\program files\dealio toolbar\FF\chrome\skin\barnes.gif (PUP.Dealio) -> Not selected for removal.
c:\program files\dealio toolbar\FF\chrome\skin\bestbuy.gif (PUP.Dealio) -> Not selected for removal.
c:\program files\dealio toolbar\FF\chrome\skin\chevron.gif (PUP.Dealio) -> Not selected for removal.
c:\program files\dealio toolbar\FF\chrome\skin\dealio_logo.gif (PUP.Dealio) -> Not selected for removal.
c:\program files\dealio toolbar\FF\chrome\skin\dealio_logo_hover.gif (PUP.Dealio) -> Not selected for removal.
c:\program files\dealio toolbar\FF\chrome\skin\ebay.gif (PUP.Dealio) -> Not selected for removal.
c:\program files\dealio toolbar\FF\chrome\skin\icon_settings.gif (PUP.Dealio) -> Not selected for removal.
c:\program files\dealio toolbar\FF\chrome\skin\macys.gif (PUP.Dealio) -> Not selected for removal.
c:\program files\dealio toolbar\FF\chrome\skin\newegg.gif (PUP.Dealio) -> Not selected for removal.
c:\program files\dealio toolbar\FF\chrome\skin\overstock.gif (PUP.Dealio) -> Not selected for removal.
c:\program files\dealio toolbar\FF\chrome\skin\search-button-hover.gif (PUP.Dealio) -> Not selected for removal.
c:\program files\dealio toolbar\FF\chrome\skin\search-button.gif (PUP.Dealio) -> Not selected for removal.
c:\program files\dealio toolbar\FF\chrome\skin\search-chevron-hover.gif (PUP.Dealio) -> Not selected for removal.
c:\program files\dealio toolbar\FF\chrome\skin\search-chevron.gif (PUP.Dealio) -> Not selected for removal.
c:\program files\dealio toolbar\FF\chrome\skin\searchbox.css (PUP.Dealio) -> Not selected for removal.
c:\program files\dealio toolbar\FF\chrome\skin\search_amazon.gif (PUP.Dealio) -> Not selected for removal.
c:\program files\dealio toolbar\FF\chrome\skin\search_dealio.gif (PUP.Dealio) -> Not selected for removal.
c:\program files\dealio toolbar\FF\chrome\skin\search_ebay.gif (PUP.Dealio) -> Not selected for removal.
c:\program files\dealio toolbar\FF\chrome\skin\search_yahoo.gif (PUP.Dealio) -> Not selected for removal.
c:\program files\dealio toolbar\FF\chrome\skin\splitter.gif (PUP.Dealio) -> Not selected for removal.
c:\program files\dealio toolbar\FF\chrome\skin\target.gif (PUP.Dealio) -> Not selected for removal.
c:\program files\dealio toolbar\FF\chrome\skin\walmart.gif (PUP.Dealio) -> Not selected for removal.
c:\program files\dealio toolbar\FF\chrome\skin\widgitoolbarplugin.css (PUP.Dealio) -> Not selected for removal.
c:\program files\dealio toolbar\IE\4.1\config.ini (PUP.Dealio) -> Not selected for removal.
c:\program files\dealio toolbar\Res\amazon.gif (PUP.Dealio) -> Not selected for removal.
c:\program files\dealio toolbar\Res\apple.gif (PUP.Dealio) -> Not selected for removal.
c:\program files\dealio toolbar\Res\barnes.gif (PUP.Dealio) -> Not selected for removal.
c:\program files\dealio toolbar\Res\bestbuy.gif (PUP.Dealio) -> Not selected for removal.
c:\program files\dealio toolbar\Res\dealio_logo.gif (PUP.Dealio) -> Not selected for removal.
c:\program files\dealio toolbar\Res\dealio_logo_hover.gif (PUP.Dealio) -> Not selected for removal.
c:\program files\dealio toolbar\Res\ebay.gif (PUP.Dealio) -> Not selected for removal.
c:\program files\dealio toolbar\Res\icon_settings.gif (PUP.Dealio) -> Not selected for removal.
c:\program files\dealio toolbar\Res\macys.gif (PUP.Dealio) -> Not selected for removal.
c:\program files\dealio toolbar\Res\newegg.gif (PUP.Dealio) -> Not selected for removal.
c:\program files\dealio toolbar\Res\overstock.gif (PUP.Dealio) -> Not selected for removal.
c:\program files\dealio toolbar\Res\search-button-hover.gif (PUP.Dealio) -> Not selected for removal.
c:\program files\dealio toolbar\Res\search-button.gif (PUP.Dealio) -> Not selected for removal.
c:\program files\dealio toolbar\Res\search-chevron-hover.gif (PUP.Dealio) -> Not selected for removal.
c:\program files\dealio toolbar\Res\search-chevron.gif (PUP.Dealio) -> Not selected for removal.
c:\program files\dealio toolbar\Res\search_amazon.gif (PUP.Dealio) -> Not selected for removal.
c:\program files\dealio toolbar\Res\search_dealio.gif (PUP.Dealio) -> Not selected for removal.
c:\program files\dealio toolbar\Res\search_ebay.gif (PUP.Dealio) -> Not selected for removal.
c:\program files\dealio toolbar\Res\search_yahoo.gif (PUP.Dealio) -> Not selected for removal.
c:\program files\dealio toolbar\Res\target.gif (PUP.Dealio) -> Not selected for removal.
c:\program files\dealio toolbar\Res\walmart.gif (PUP.Dealio) -> Not selected for removal.
c:\program files\dealio toolbar\Res\widgets.xml (PUP.Dealio) -> Not selected for removal.
c:\documents and settings\vartotojas\application data\Dealio\res\widgets.xml (PUP.Dealio) -> Not selected for removal.
c:\documents and settings\vartotojas\application data\Dealio\temp\http___www_dealio_com_rss_coupons-deals_dotd_.xml (PUP.Dealio) -> Not selected for removal.
c:\documents and settings\vartotojas\application data\Dealio\temp\http___www_dealio_com_rss_coupons-deals_top_7days__cnid=[channel_id]&ccv=[code_ver]&isn=[isn].xml (PUP.Dealio) -> Not selected for removal.

#22 Heute avira wieder den TR gemeldet:

Guard (2011.02.24, 10:28:05):

Code

Virus or unwanted program 'TR/Trash.Gen [trojan]'
detected in file 'C:\System Volume Information\_restore{9EC48F2A-1EFC-4FF2-82C1-6A9231E29772}\RP302\A0058055.exe.
Action performed: Deny access

Scanner (2011.02.24, 10:28:57):

Code

The file 'C:\System Volume Information\_restore{9EC48F2A-1EFC-4FF2-82C1-6A9231E29772}\RP302\A0058055.exe'
contained a virus or unwanted program 'TR/Trash.Gen' [trojan]
Action(s) taken:
The file was moved to the quarantine directory under the name '4fe8b79e.qua'.

#23 alles entfernen bitte.

#24 hab gemacht. log:

Code

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 5864

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.11

2011.02.24 14:26:11
mbam-log-2011-02-24 (14-26-11).txt

Art des Suchlaufs: Vollständiger Suchlauf (A:\|C:\|D:\|)
Durchsuchte Objekte: 283026
Laufzeit: 1 Stunde(n), 23 Minute(n), 34 Sekunde(n)

Infizierte Speicherprozesse: 2
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 6
Infizierte Registrierungswerte: 11
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 13
Infizierte Dateien: 78

Infizierte Speicherprozesse:
c:\program files\application updater\applicationupdater.exe (PUP.Dealio) -> 1468 -> Unloaded process successfully.
c:\program files\common files\Spigot\search settings\searchsettings.exe (PUP.Dealio) -> 2016 -> Unloaded process successfully.

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Application Updater (PUP.Dealio) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} (PUP.Dealio) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} (PUP.Dealio) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} (PUP.Dealio) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{E312764E-7706-43F1-8DAB-FCDD2B1E416D} (PUP.Dealio) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Dealio (PUP.Dealio) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\PROGRAM FILES\APPLICATION UPDATER\APPLICATIONUPDATER.EXE (PUP.Dealio) -> Value: APPLICATIONUPDATER.EXE -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} (PUP.Dealio) -> Value: {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} (PUP.Dealio) -> Value: {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} (PUP.Dealio) -> Value: {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} (PUP.Dealio) -> Value: {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\DEALIO@MYBROWSERBAR.COM (PUP.Dealio) -> Value: DEALIO@MYBROWSERBAR.COM -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\SearchSettings (PUP.Dealio) -> Value: SearchSettings -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\PROGRAM FILES\COMMON FILES\SPIGOT\SEARCH SETTINGS\SEARCHSETTINGS.EXE (PUP.Dealio) -> Value: SEARCHSETTINGS.EXE -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\PROGRAM FILES\DEALIO TOOLBAR\FF\CHROME.MANIFEST (PUP.Dealio) -> Value: CHROME.MANIFEST -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\PROGRAM FILES\DEALIO TOOLBAR\FF\INSTALL.RDF (PUP.Dealio) -> Value: INSTALL.RDF -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\PROGRAM FILES\DEALIO TOOLBAR\FF\CHROME\LOCALE\EN-US\WIDGITOOLBARPLUGIN.PROPERTIES (PUP.Dealio) -> Value: WIDGITOOLBARPLUGIN.PROPERTIES -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
c:\program files\dealio toolbar (PUP.Dealio) -> Quarantined and deleted successfully.
c:\program files\dealio toolbar\FF (PUP.Dealio) -> Quarantined and deleted successfully.
c:\program files\dealio toolbar\FF\chrome (PUP.Dealio) -> Quarantined and deleted successfully.
c:\program files\dealio toolbar\FF\chrome\content (PUP.Dealio) -> Quarantined and deleted successfully.
c:\program files\dealio toolbar\FF\chrome\locale (PUP.Dealio) -> Quarantined and deleted successfully.
c:\program files\dealio toolbar\FF\chrome\locale\EN-US (PUP.Dealio) -> Quarantined and deleted successfully.
c:\program files\dealio toolbar\FF\chrome\skin (PUP.Dealio) -> Quarantined and deleted successfully.
c:\program files\dealio toolbar\IE (PUP.Dealio) -> Quarantined and deleted successfully.
c:\program files\dealio toolbar\IE\4.1 (PUP.Dealio) -> Quarantined and deleted successfully.
c:\program files\dealio toolbar\Res (PUP.Dealio) -> Quarantined and deleted successfully.
c:\documents and settings\vartotojas\application data\Dealio (PUP.Dealio) -> Quarantined and deleted successfully.
c:\documents and settings\vartotojas\application data\Dealio\res (PUP.Dealio) -> Quarantined and deleted successfully.
c:\documents and settings\vartotojas\application data\Dealio\temp (PUP.Dealio) -> Quarantined and deleted successfully.

Infizierte Dateien:
c:\program files\application updater\applicationupdater.exe (PUP.Dealio) -> Quarantined and deleted successfully.
c:\program files\dealio toolbar\IE\4.1\dealiotoolbarie.dll (PUP.Dealio) -> Quarantined and deleted successfully.
c:\program files\dealio toolbar\widgihelper.exe (PUP.Dealio) -> Quarantined and deleted successfully.
c:\program files\mozilla firefox\extensions\dealio@mybrowserbar.com (PUP.Dealio) -> Quarantined and deleted successfully.
c:\program files\common files\Spigot\search settings\searchsettings.exe (PUP.Dealio) -> Quarantined and deleted successfully.
c:\program files\dealio toolbar\FF\chrome.manifest (PUP.Dealio) -> Quarantined and deleted successfully.
c:\program files\dealio toolbar\FF\install.rdf (PUP.Dealio) -> Quarantined and deleted successfully.
c:\program files\dealio toolbar\FF\chrome\content\chevron.js (PUP.Dealio) -> Quarantined and deleted successfully.
c:\program files\dealio toolbar\FF\chrome\content\chevron.xul (PUP.Dealio) -> Quarantined and deleted successfully.
c:\program files\dealio toolbar\FF\chrome\content\login.js (PUP.Dealio) -> Quarantined and deleted successfully.
c:\program files\dealio toolbar\FF\chrome\content\login.xul (PUP.Dealio) -> Quarantined and deleted successfully.
c:\program files\dealio toolbar\FF\chrome\content\parser.js (PUP.Dealio) -> Quarantined and deleted successfully.
c:\program files\dealio toolbar\FF\chrome\content\rsstickerwidget.js (PUP.Dealio) -> Quarantined and deleted successfully.
c:\program files\dealio toolbar\FF\chrome\content\searchbox.js (PUP.Dealio) -> Quarantined and deleted successfully.
c:\program files\dealio toolbar\FF\chrome\content\searchbox.xul (PUP.Dealio) -> Quarantined and deleted successfully.
c:\program files\dealio toolbar\FF\chrome\content\utils.js (PUP.Dealio) -> Quarantined and deleted successfully.
c:\program files\dealio toolbar\FF\chrome\content\widgichevron.js (PUP.Dealio) -> Quarantined and deleted successfully.
c:\program files\dealio toolbar\FF\chrome\content\widgicomm.js (PUP.Dealio) -> Quarantined and deleted successfully.
c:\program files\dealio toolbar\FF\chrome\content\widgihandling.js (PUP.Dealio) -> Quarantined and deleted successfully.
c:\program files\dealio toolbar\FF\chrome\content\widgilisteners.js (PUP.Dealio) -> Quarantined and deleted successfully.
c:\program files\dealio toolbar\FF\chrome\content\widgitoolbarplugin.js (PUP.Dealio) -> Quarantined and deleted successfully.
c:\program files\dealio toolbar\FF\chrome\content\widgitoolbarplugin.xul (PUP.Dealio) -> Quarantined and deleted successfully.
c:\program files\dealio toolbar\FF\chrome\content\widgiui.js (PUP.Dealio) -> Quarantined and deleted successfully.
c:\program files\dealio toolbar\FF\chrome\locale\EN-US\searchbox.dtd (PUP.Dealio) -> Quarantined and deleted successfully.
c:\program files\dealio toolbar\FF\chrome\locale\EN-US\widgitoolbarplugin.dtd (PUP.Dealio) -> Quarantined and deleted successfully.
c:\program files\dealio toolbar\FF\chrome\locale\EN-US\widgitoolbarplugin.properties (PUP.Dealio) -> Quarantined and deleted successfully.
c:\program files\dealio toolbar\FF\chrome\locale\EN-US\yahoo-search.gif (PUP.Dealio) -> Quarantined and deleted successfully.
c:\program files\dealio toolbar\FF\chrome\skin\amazon.gif (PUP.Dealio) -> Quarantined and deleted successfully.
c:\program files\dealio toolbar\FF\chrome\skin\apple.gif (PUP.Dealio) -> Quarantined and deleted successfully.
c:\program files\dealio toolbar\FF\chrome\skin\barnes.gif (PUP.Dealio) -> Quarantined and deleted successfully.
c:\program files\dealio toolbar\FF\chrome\skin\bestbuy.gif (PUP.Dealio) -> Quarantined and deleted successfully.
c:\program files\dealio toolbar\FF\chrome\skin\chevron.gif (PUP.Dealio) -> Quarantined and deleted successfully.
c:\program files\dealio toolbar\FF\chrome\skin\dealio_logo.gif (PUP.Dealio) -> Quarantined and deleted successfully.
c:\program files\dealio toolbar\FF\chrome\skin\dealio_logo_hover.gif (PUP.Dealio) -> Quarantined and deleted successfully.
c:\program files\dealio toolbar\FF\chrome\skin\ebay.gif (PUP.Dealio) -> Quarantined and deleted successfully.
c:\program files\dealio toolbar\FF\chrome\skin\icon_settings.gif (PUP.Dealio) -> Quarantined and deleted successfully.
c:\program files\dealio toolbar\FF\chrome\skin\macys.gif (PUP.Dealio) -> Quarantined and deleted successfully.
c:\program files\dealio toolbar\FF\chrome\skin\newegg.gif (PUP.Dealio) -> Quarantined and deleted successfully.
c:\program files\dealio toolbar\FF\chrome\skin\overstock.gif (PUP.Dealio) -> Quarantined and deleted successfully.
c:\program files\dealio toolbar\FF\chrome\skin\search-button-hover.gif (PUP.Dealio) -> Quarantined and deleted successfully.
c:\program files\dealio toolbar\FF\chrome\skin\search-button.gif (PUP.Dealio) -> Quarantined and deleted successfully.
c:\program files\dealio toolbar\FF\chrome\skin\search-chevron-hover.gif (PUP.Dealio) -> Quarantined and deleted successfully.
c:\program files\dealio toolbar\FF\chrome\skin\search-chevron.gif (PUP.Dealio) -> Quarantined and deleted successfully.
c:\program files\dealio toolbar\FF\chrome\skin\searchbox.css (PUP.Dealio) -> Quarantined and deleted successfully.
c:\program files\dealio toolbar\FF\chrome\skin\search_amazon.gif (PUP.Dealio) -> Quarantined and deleted successfully.
c:\program files\dealio toolbar\FF\chrome\skin\search_dealio.gif (PUP.Dealio) -> Quarantined and deleted successfully.
c:\program files\dealio toolbar\FF\chrome\skin\search_ebay.gif (PUP.Dealio) -> Quarantined and deleted successfully.
c:\program files\dealio toolbar\FF\chrome\skin\search_yahoo.gif (PUP.Dealio) -> Quarantined and deleted successfully.
c:\program files\dealio toolbar\FF\chrome\skin\splitter.gif (PUP.Dealio) -> Quarantined and deleted successfully.
c:\program files\dealio toolbar\FF\chrome\skin\target.gif (PUP.Dealio) -> Quarantined and deleted successfully.
c:\program files\dealio toolbar\FF\chrome\skin\walmart.gif (PUP.Dealio) -> Quarantined and deleted successfully.
c:\program files\dealio toolbar\FF\chrome\skin\widgitoolbarplugin.css (PUP.Dealio) -> Quarantined and deleted successfully.
c:\program files\dealio toolbar\IE\4.1\config.ini (PUP.Dealio) -> Quarantined and deleted successfully.
c:\program files\dealio toolbar\Res\amazon.gif (PUP.Dealio) -> Quarantined and deleted successfully.
c:\program files\dealio toolbar\Res\apple.gif (PUP.Dealio) -> Quarantined and deleted successfully.
c:\program files\dealio toolbar\Res\barnes.gif (PUP.Dealio) -> Quarantined and deleted successfully.
c:\program files\dealio toolbar\Res\bestbuy.gif (PUP.Dealio) -> Quarantined and deleted successfully.
c:\program files\dealio toolbar\Res\dealio_logo.gif (PUP.Dealio) -> Quarantined and deleted successfully.
c:\program files\dealio toolbar\Res\dealio_logo_hover.gif (PUP.Dealio) -> Quarantined and deleted successfully.
c:\program files\dealio toolbar\Res\ebay.gif (PUP.Dealio) -> Quarantined and deleted successfully.
c:\program files\dealio toolbar\Res\icon_settings.gif (PUP.Dealio) -> Quarantined and deleted successfully.
c:\program files\dealio toolbar\Res\macys.gif (PUP.Dealio) -> Quarantined and deleted successfully.
c:\program files\dealio toolbar\Res\newegg.gif (PUP.Dealio) -> Quarantined and deleted successfully.
c:\program files\dealio toolbar\Res\overstock.gif (PUP.Dealio) -> Quarantined and deleted successfully.
c:\program files\dealio toolbar\Res\search-button-hover.gif (PUP.Dealio) -> Quarantined and deleted successfully.
c:\program files\dealio toolbar\Res\search-button.gif (PUP.Dealio) -> Quarantined and deleted successfully.
c:\program files\dealio toolbar\Res\search-chevron-hover.gif (PUP.Dealio) -> Quarantined and deleted successfully.
c:\program files\dealio toolbar\Res\search-chevron.gif (PUP.Dealio) -> Quarantined and deleted successfully.
c:\program files\dealio toolbar\Res\search_amazon.gif (PUP.Dealio) -> Quarantined and deleted successfully.
c:\program files\dealio toolbar\Res\search_dealio.gif (PUP.Dealio) -> Quarantined and deleted successfully.
c:\program files\dealio toolbar\Res\search_ebay.gif (PUP.Dealio) -> Quarantined and deleted successfully.
c:\program files\dealio toolbar\Res\search_yahoo.gif (PUP.Dealio) -> Quarantined and deleted successfully.
c:\program files\dealio toolbar\Res\target.gif (PUP.Dealio) -> Quarantined and deleted successfully.
c:\program files\dealio toolbar\Res\walmart.gif (PUP.Dealio) -> Quarantined and deleted successfully.
c:\program files\dealio toolbar\Res\widgets.xml (PUP.Dealio) -> Quarantined and deleted successfully.
c:\documents and settings\vartotojas\application data\Dealio\res\widgets.xml (PUP.Dealio) -> Quarantined and deleted successfully.
c:\documents and settings\vartotojas\application data\Dealio\temp\http___www_dealio_com_rss_coupons-deals_dotd_.xml (PUP.Dealio) -> Quarantined and deleted successfully.
c:\documents and settings\vartotojas\application data\Dealio\temp\http___www_dealio_com_rss_coupons-deals_top_7days__cnid=[channel_id]&ccv=[code_ver]&isn=[isn].xml (PUP.Dealio) -> Quarantined and deleted successfully.

#25 lade den ccleaner slim:
[url=http://www.piriform.com/ccleaner/builds]Piriform - Builds[/url]
falls der ccleaner bereits instaliert, überspringen.
instalieren, öffnen, extras, liste der instalierten programme, als txt speichern. öffnen.
hinter, jedes von dir benötigte programm, schreibe notwendig.
hinter, jedes, von dir nicht benötigte, unnötig.
hinter, dir unbekannte, unbekannt.
liste posten.

#26 also ich bin wirklich nicht gut in Computer-Sachen plus das ist ein PC, den die ganze Familie jahrelang benutzt hat. Deswegen gibt es da Programme, die jemand mal installiert hat und ich nicht sicher bin, wofür die gut sind. Und vor allem, es gibt Programme, wo ich nicht wirklich weiss, was genau sie tun, aber mir denken kann, dass sie schon wichtig sind, vor allem wo im Namen Windows oder Microsoft steht. Also die alle hab ich mit "nicht sicher" markiert, weil ganz "unbekannt" kann ich dazu auch nicht sagen.. bitte auch nicht lachen, falls ich i-ein wesentliches Programm als "unnötig" markiert habe.


nicht sicher ABBYY eFormFiller 2.5 v5 6.5.1.178
nicht sicher ABBYY FineReader 7.0 Professional Edition ABBYY Software House 7.00.543.3645
unbekannt Ace Poster 2002.1.20
unbekannt Ad-Aware 2007 Lavasoft 7.0.2.6
notwendig Adobe Flash Player 10 Plugin Adobe Systems Incorporated 10.1.102.64
notwendig Adobe Flash Player 9 ActiveX Adobe Systems 9
notwendig Adobe Photoshop 6.0 Adobe Systems, Inc. 6.0
notwendig Adobe Reader 8.1.2 Adobe Systems Incorporated 8.1.2
notwendig Adobe SVG Viewer Adobe Systems, Inc. 1.0
notwendig ALKONAS UAB „Fotonija“ 1.0.2.224
unnötig AnyDVD SlySoft
unbekannt AP Tuner 3.08
nicht sicher Apple Application Support Apple Inc. 1.1.0
nicht sicher Apple Mobile Device Support Apple Inc. 2.6.0.32
nicht sicher Apple Software Update Apple Inc. 2.1.1.116
nicht sicher ArcSoft PhotoStudio 5.5 ArcSoft
notwendig Avira AntiVir Personal - Free Antivirus Avira GmbH 10.0.0.611
unbekannt Bonjour Apple Inc. 1.0.106
notwendig Canon CanoScan Toolbox 4.9
notwendig Canon ScanGear Starter
notwendig CCleaner Piriform 3.04
notwendig Corel Paint Shop Pro 9 Jasc Software Inc 9.02.0000
unbekannt Dealio Toolbar v4.1 Spigot, Inc. 4.1
unbekannt Dev-C++ 5 beta 9 release (4.9.9.2)
notwendig Die Kunst des Mordens - Geheimakte FBI City Interactive
notwendig DivX Codec DivX, Inc. 6.8.5
notwendig DivX Converter DivX, Inc. 7.0.0
notwendig DivX Player DivX, Inc. 7.0.0
notwendig DivX Plus DirectShow Filters DivX, Inc.
notwendig DivX Web Player DivX,Inc. 1.4.2
unbekannt FPS 0.6.4a Rimga 0.6.4a
unbekannt Freecorder Applian Technologies Inc. 4.1
nicht sicher Google Toolbar for Internet Explorer
unbekannt GPL Ghostscript 8.60
unbekannt GPL Ghostscript Fonts
unbekannt Graph 4.3 Ivan Johansen
unbekannt GSview 4.8
unbekannt High Definition Audio Driver Package - KB888111 Microsoft Corporation 20040219.000000
nicht sicher HijackThis 2.0.0 TrendMicro 2.0.0
unbekannt HP OrderReminder 2.1
nicht sicher HP Photosmart Essential HP 1.9.1.2
nicht sicher ImTOO iPod Movie Converter ImTOO 5.1.26.1012
notwendig iTunes Apple Inc. 9.0.3.15
notwendig Java(TM) 6 Update 21 Sun Microsystems, Inc. 6.0.210
notwendig Java(TM) 6 Update 3 Sun Microsystems, Inc. 1.6.0.30
notwendig Java(TM) 6 Update 5 Sun Microsystems, Inc. 1.6.0.50
notwendig Java(TM) 6 Update 7 Sun Microsystems, Inc. 1.6.0.70
unbekannt K-Lite Codec Pack 4.1.4 (Full) 4.1.4
unbekannt LaserJet 1018
unnötig Last.fm 1.5.2.38918 Last.fm
notwendig League of Legends Riot Games 1.02.0000
unbekannt Lizardtech DjVu Control
notwendig Logitech QuickCam Logitech Inc. 10.00.1439
notwendig Logitech® Camera Driver
notwendig Malwarebytes' Anti-Malware Malwarebytes Corporation
nicht sicher Manual CanoScan LiDE 25
nicht sicher Microsoft .NET Framework 2.0 Service Pack 2 Microsoft Corporation 2.2.30729
nicht sicher Microsoft .NET Framework 3.0 Service Pack 2 Microsoft Corporation 3.2.30729
nicht sicher Microsoft .NET Framework 3.5 SP1 Microsoft Corporation
nicht sicher Microsoft Compression Client Pack 1.0 for Windows XP Microsoft Corporation 1
nicht sicher Microsoft Expression Web Microsoft Corporation 12.0.6215.1000
notwendig Microsoft Office Enterprise 2007 Microsoft Corporation 12.0.6425.1000
notwendig Microsoft Office Project Professional 2007 Microsoft Corporation 12.0.6425.1000
notwendig Microsoft Office Visio Professional 2007 Microsoft Corporation 12.0.6425.1000
nicht sicher Microsoft Silverlight Microsoft Corporation 4.0.60129.0
nicht sicher Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Corporation 3.1.0000
nicht sicher Microsoft User-Mode Driver Framework Feature Pack 1.0 Microsoft Corporation
nicht sicher Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Corporation 8.0.50727.4053
nicht sicher Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 8.0.56336
nicht sicher Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 Microsoft Corporation 9.0.30729.4148
nicht sicher Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Corporation 9.0.30729
nicht sicher Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Corporation 9.0.30729.4148
unbekannt MobileMe Control Panel Apple Inc. 2.6.0.29
notwendig Mozilla Firefox (3.6.13) Mozilla 3.6.13 (lt)
nicht sicher MSXML 4.0 SP2 (KB936181) Microsoft Corporation 4.20.9848.0
nicht sicher MSXML 4.0 SP2 (KB954430) Microsoft Corporation 4.20.9870.0
nicht sicher MSXML 4.0 SP2 (KB973688) Microsoft Corporation 4.20.9876.0
notwendig Nero Suite
nicht sicher NVIDIA Drivers
notwendig OpenOffice.org 3.0 OpenOffice.org 3.0.9379
unbekannt Pando Media Booster Pando Networks Inc. 2.3.5.2
notwendig PENTAX Digital Camera Utility
nicht sicher Philips Device Manager Philips 10.6.8.0
notwendig Photo Story 3 for Windows Microsoft Corporation 3.0.1115.11
notwendig Picasa 3 Google, Inc. 3.8
unnötig PM Stitch Creator 3 Trial
unnötig Poker Superstars II GameHouse, Inc. 1.0.0.141
nicht sicher PowerDVD
unbekannt PrimoPDF activePDF 4.1.0.9
unbekannt PunkBuster Services Even Balance, Inc. 0.986
unnötig Puntotek V2
unbekannt QuickTime Apple Inc. 7.65.17.80
nicht sicher REALTEK GbE & FE Ethernet PCI-E NIC Driver Realtek 1.00.0000
nicht sicher Realtek High Definition Audio Driver
unnötig Safari Apple Inc. 5.31.21.10
unbekannt ScanSoft OmniPage SE 4.0 Nuance Communications, Inc. 15.00.0020
notwendig ScummVM 0.8.0
notwendig Skype Toolbars Skype Technologies S.A. 5.0.4137
notwendig Skype™ 5.1 Skype Technologies S.A. 5.1.112
unnötig Stitch Art Easy! 4.0 Alpha 3 Ravlyk.net
unnötig Stitch Art Easy! version 3.0.1/Premiere Ravlyk Software 3.0.1/Premiere
unnötig Stitch Art Easy! version 3.1/E Ravlyk.net 3.1/E
unbekannt Supaplex 3000 HiTec Games, Inc.
unbekannt ToggleEN Toolbar
notwendig VideoLAN VLC media player 0.8.6h VideoLAN Team 0.8.6h
nicht sicher WavePad Sound Editor NCH Software
nicht sicher Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray Microsoft Corporation 1.0
nicht sicher Windows Genuine Advantage Validation Tool (KB892130) Microsoft Corporation
unnötig Windows Internet Explorer 7 Microsoft Corporation 20061107.210142
unnötig Windows Live Essentials Microsoft Corporation 14.0.8089.0726
unnötig Windows Live Sign-in Assistant Microsoft Corporation 5.000.818.6
unnötig Windows Live Sync Microsoft Corporation 14.0.8089.726
unnötig Windows Live Upload Tool Microsoft Corporation 14.0.8014.1029
nicht sicher Windows Media Format 11 runtime
notwendig Windows Media Player 11
nicht sicher Windows Rights Management Client Backwards Compatibility SP2 Microsoft 5.2.70
nicht sicher Windows Rights Management Client with Service Pack 2 Microsoft 5.2.70
nicht sicher Windows XP Service Pack 3 Microsoft Corporation 20080414.031525
notwendig WinRAR archyvu programa
unnötig Yahoo! Install Manager
notwendig µTorrent 2.2.0
unbekannt Ģīķīļīėč˙ 3

#27 deinstaliere:
Ace Poster
Ad-Aware
Adobe Flash Player 9


Adobe Reader 8.1.2
ersetzen:
http://get.adobe.com/de/reader/

bitte den mcafee security scan nicht mit instalieren.
öffne den adobe reader, bearbeiten, voreinstellungen, javascript, dort den haken raus, internet, ebenfalls alle haken raus.
so werden keine pdfs mehr automatisch geladen und es kann dir kein schadcode mehr auf diese weise untergeschoben werden.
unter allgemein, nur zertifizierte zusatzmodule verwenden anhaken.
unter update, auf instalieren stellen.
klicke übernehmen /ok
deinstaliere.
AnyDVD
AP Tuner
ArcSoft PhotoStudio
Bonjour
Dealio Toolbar
FPS 0
Freecorder
Google Toolbar
GPL beide.
Graph 4
GSview
ImTOO iPod Movie Converter
update itunes!
http://www.apple.com/de/itunes/download/
Java alle versionen runter, neue version laden.
http://www.chip.de/downloads/Java-Runtime-Environment-32-Bit_13014576.html
deinstaliere:
K-Lite
LaserJet 1018 (alter drucker) falls nicht benötigt weg.
Last.fm
Manual CanoScan
Microsoft Silverlight
Microsoft SQL Server 2005
MobileMe
PM Stitch Creator
Poker Superstars
PowerDVD
PrimoPDF
Puntotek
Safari
Skype Toolbars toolbars sind ein risiko, weg damit
Stitch alle
Supaplex
ToggleEN Toolbar
VideoLAN dringenst upgraden.
http://www.videolan.org/vlc/download-windows.html
deinstaliere weiter.
WavePad
Windows Live alle.
Yahoo! Install Manager
Ģīķīļīėč˙

bereinige jetzt mit dem ccleaner.

#28 alles soweit gemacht, nur Adobe Flash Player 9 konnte ich nicht deinstallieren, kam ne Meldung:

Zitat

The system cannot find the file specified

#29 ok dass lassen wir erst mal so.
scanne jetzt mal mit gmer.
http://www.paules-pc-forum.de/forum/4-pc-sicherheit/125153-gmer-rootkitscanner.html

#30 nur scannen, noch nichts selbst entfernen?