Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   antimalware doctor: wirklich weg? (https://www.trojaner-board.de/90083-antimalware-doctor-wirklich-weg.html)

orku 27.08.2010 03:31
antimalware doctor: wirklich weg?
 
Hallo,

ich scheine ja nicht der einzige zu sein, den dieses scheißteil in den letzten tagen (stunden?) erwischt hat. dank der bereits vorhandenen threads war ich auch schon in der lage, das problem in den griff zu bekommen fürs erste (dankeschön dafür - großartig!), aber ich würde gerne sichergehen, dass es wirklich verschwunden ist.

habe so eine attacke noch nie erlebt - 20 fünde konnte antivir blocken, antimalware doctor ist durchgekommen, oder hat die fünde erst verursacht.

ich danke schonmal für die hilfe, hier die letzten aktionen.

mbam
Code:
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4487

Windows 6.0.6001 Service Pack 1 (Safe Mode)
Internet Explorer 7.0.6001.18000

27.08.2010 02:20:00
mbam-log-2010-08-27 (02-20-00).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 270349
Laufzeit: 45 Minute(n), 32 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 2
Infizierte Registrierungswerte: 2
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 5

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_CURRENT_USER\Software\Antimalware Doctor Inc (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Antimalware Doctor (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\csrnxoeamw.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\newsecureapp70700.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
C:\Users\X\AppData\Local\Temp\csrnxoeamw.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Users\X\AppData\Roaming\F636CE315779D393EDB28493FB2F9933\newsecureapp70700.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Users\X\AppData\Local\Temp\mkcxhunr.exe (Trojan.FakeAlert.Gen) -> Quarantined and deleted successfully.
C:\Users\X\AppData\Local\Windows\winhelp.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
C:\Users\X\AppData\Roaming\Microsoft\Windows\Templates\memory.tmp (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
tasklist
[code]
Code:

                        $$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$
                        º                                    º
                                    hjtscanlist v2.0             
                        º                                    º
                        $$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$

Microsoft Windows [Version 6.0.6001]
 
 
C:

C:\hiberfil.sys
C:\pagefile.sys
C:\Windows
C:\Config.Msi
C:\rkill.log
C:\System Volume Information
C:\ProgramData
C:\Program Files
C:\temp
C:\Meine Webseiten
C:\vpnclient
C:\BlueJ
C:\drivers
C:\Downloads
C:\PS.log
C:\Acer
C:\Elements
C:\$RECYCLE.BIN
C:\Users
C:\Programme
C:\Dokumente und Einstellungen
C:\Book
C:\preload.rev
C:\RHDSetup.log
C:\Patch.rev
C:\MSOCache
C:\Intel
C:\BOOTSECT.BAK
C:\Boot
C:\PerfLogs
C:\bootmgr
C:\Documents and Settings
C:\config.sys
C:\autoexec.bat
----------------------------------------

 
C:\Windows

C:\Windows\WindowsUpdate.log
C:\Windows\bootstat.dat
C:\Windows\PFRO.log
C:\Windows\Lexstat.ini
C:\Windows\VPNUnInstall.MIF
C:\Windows\ODBC.INI
C:\Windows\ulead32.ini
C:\Windows\VPNInstall.MIF
C:\Windows\USER.XML
C:\Windows\explorer.exe
C:\Windows\AceSto02.cfg
C:\Windows\Factory.xml
C:\Windows\GridV.UNI
C:\Windows\LManager.UNI
C:\Windows\DIFxAPI.dll
C:\Windows\HideWin.exe
C:\Windows\CSUP.txt
C:\Windows\AcerStore.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\LaunApp.exe
C:\Windows\Interop.IWshRuntimeLibrary.dll
C:\Windows\Prelaunch.ini
C:\Windows\ocsetup_install_OEMHelpCustomization.etl
C:\Windows\ocsetup_cbs_install_OEMHelpCustomization.perf
C:\Windows\ocsetup_cbs_install_OEMHelpCustomization.dpx
C:\Windows\ALVIS100AWWBIT.cfg
C:\Windows\PLAUNCH100D.cfg
C:\Windows\PLaunch.exe
C:\Windows\Capsule.dll
C:\Windows\PATCHFUL.EXE
C:\Windows\RtlUpd.exe
C:\Windows\agrsmdel.exe
C:\Windows\RTKVADDA.EXE
C:\Windows\RtlExUpd.dll
C:\Windows\RtDefLvl.ini
C:\Windows\WindowsShell.Manifest
C:\Windows\regedit.exe
C:\Windows\bfsvc.exe
C:\Windows\fveupdate.exe
C:\Windows\HelpPane.exe
C:\Windows\notepad.exe
C:\Windows\GVUni.exe
C:\Windows\UNINST32.EXE
C:\Windows\SkyTel.exe
C:\Windows\USetup.iss
C:\Windows\AlchemyXML.dll
C:\Windows\win.ini
C:\Windows\WMSysPr9.prx
C:\Windows\twunk_16.exe
C:\Windows\twain_32.dll
C:\Windows\twunk_32.exe
C:\Windows\twain.dll
C:\Windows\winhlp32.exe
C:\Windows\hh.exe
C:\Windows\mib.bin
C:\Windows\HomePremium.xml
C:\Windows\system.ini
C:\Windows\_default.pif
C:\Windows\winhelp.exe
C:\Windows\msdfmap.ini
C:\Windows\libxml2.dll
C:\Windows\iconv.dll
C:\Windows\WMPrfDeu.prx
C:\Windows\WMPrfCht.prx
C:\Windows\WMPrfFra.prx
C:\Windows\WMPrfIta.prx
C:\Windows\WMPrfJpn.prx
C:\Windows\WMPrfKor.prx
C:\Windows\WMPrfEsp.prx
C:\Windows\WMPrfChs.prx
----------------------------------------

 
C:\Windows\System

C:\Windows\System\DriveIcon.dll
C:\Windows\System\mciseq.drv
C:\Windows\System\mciwave.drv
C:\Windows\System\avicap.dll
C:\Windows\System\avifile.dll
C:\Windows\System\mciavi.drv
C:\Windows\System\msvideo.dll
C:\Windows\System\OLESVR.DLL
C:\Windows\System\WFWNET.DRV
C:\Windows\System\COMMDLG.DLL
C:\Windows\System\TIMER.DRV
C:\Windows\System\MMSYSTEM.DLL
C:\Windows\System\mmtask.tsk
C:\Windows\System\mouse.drv
C:\Windows\System\vga.drv
C:\Windows\System\sound.drv
C:\Windows\System\keyboard.drv
C:\Windows\System\SHELL.DLL
C:\Windows\System\system.drv
C:\Windows\System\ver.dll
C:\Windows\System\olecli.dll
C:\Windows\System\lzexpand.dll
C:\Windows\System\stdole.tlb
C:\Windows\System\MyMulti.ico
----------------------------------------

 
C:\Windows\System32

C:\Windows\system32\perfh009.dat
C:\Windows\system32\perfc007.dat
C:\Windows\system32\perfc009.dat
C:\Windows\system32\perfh007.dat
C:\Windows\system32\PerfStringBackup.INI
C:\Windows\system32\LogConfigTemp.xml
C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
C:\Windows\system32\agent.log
C:\Windows\system32\drivers
C:\Windows\system32\jupdate-1.6.0_21-b07.log
C:\Windows\system32\Tasks
C:\Windows\system32\FNTCACHE.DAT
C:\Windows\system32\javaws.exe
C:\Windows\system32\javaw.exe
C:\Windows\system32\java.exe
C:\Windows\system32\deployJava1.dll
C:\Windows\system32\catroot2
C:\Windows\system32\catroot
C:\Windows\system32\de-DE
C:\Windows\system32\wbem
C:\Windows\system32\mrt.exe
C:\Windows\system32\atmlib.dll
C:\Windows\system32\atmfd.dll
C:\Windows\system32\MpSigStub.exe
C:\Windows\system32\wininet.dll
C:\Windows\system32\urlmon.dll
C:\Windows\system32\occache.dll
C:\Windows\system32\mstime.dll
C:\Windows\system32\mshtmled.dll
C:\Windows\system32\mshtml.dll
C:\Windows\system32\msfeeds.dll
C:\Windows\system32\jsproxy.dll
C:\Windows\system32\iertutil.dll
C:\Windows\system32\iepeers.dll
C:\Windows\system32\ieframe.dll
C:\Windows\system32\ieencode.dll
C:\Windows\system32\iedkcs32.dll
C:\Windows\system32\ieapfltr.dll
C:\Windows\system32\ieaksie.dll
C:\Windows\system32\html.iec
C:\Windows\system32\ieUnatt.exe
C:\Windows\system32\mshtml.tlb
C:\Windows\system32\win32k.sys
C:\Windows\system32\tzres.dll
C:\Windows\system32\WDI
C:\Windows\system32\quartz.dll
C:\Windows\system32\asycfilt.dll
C:\Windows\system32\vbscript.dll
C:\Windows\system32\nshhttp.dll
C:\Windows\system32\httpapi.dll
C:\Windows\system32\ntoskrnl.exe
C:\Windows\system32\ntkrnlpa.exe
C:\Windows\system32\iphlpsvc.dll
C:\Windows\system32\browserchoice.exe
C:\Windows\system32\inetcomm.dll
C:\Windows\system32\l3codeca.acm
C:\Windows\system32\manifeststore
C:\Windows\system32\cabview.dll
C:\Windows\system32\tsbyuv.dll
C:\Windows\system32\msyuv.dll
C:\Windows\system32\msvidc32.dll
C:\Windows\system32\msvfw32.dll
C:\Windows\system32\msrle32.dll
C:\Windows\system32\mciavi32.dll
C:\Windows\system32\iyuv_32.dll
C:\Windows\system32\avifil32.dll
C:\Windows\system32\avicap32.dll
C:\Windows\system32\wintrust.dll
C:\Windows\system32\jupdate-1.6.0_17-b04.log
C:\Windows\system32\QuickTime.qts
C:\Windows\system32\QuickTimeVR.qtx
C:\Windows\system32\PresentationHostProxy.dll
C:\Windows\system32\dfshim.dll
C:\Windows\system32\mscoree.dll
C:\Windows\system32\PresentationHost.exe
C:\Windows\system32\netfxperf.dll
C:\Windows\system32\t2embed.dll
C:\Windows\system32\fontsub.dll
C:\Windows\system32\rastls.dll
C:\Windows\system32\raschap.dll
C:\Windows\system32\msv1_0.dll
C:\Windows\system32\D3DX9_42.dll
C:\Windows\system32\msasn1.dll
C:\Windows\system32\jupdate-1.6.0_15-b03.log
C:\Windows\system32\netiohlp.dll
C:\Windows\system32\netevent.dll
C:\Windows\system32\TCPSVCS.EXE
C:\Windows\system32\ROUTE.EXE
C:\Windows\system32\MRINFO.EXE
C:\Windows\system32\NETSTAT.EXE
C:\Windows\system32\ARP.EXE
C:\Windows\system32\HOSTNAME.EXE
C:\Windows\system32\finger.exe
C:\Windows\system32\WSDApi.dll
C:\Windows\system32\msxml6.dll
C:\Windows\system32\msxml3.dll
C:\Windows\system32\wups.dll
C:\Windows\system32\wups2.dll
C:\Windows\system32\wuauclt.exe
----------------------------------------

 
C:\Windows\Prefetch

----------------------------------------

 
C:\Windows\Tasks

C:\Windows\Tasks\Google Software Updater.job
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\Tasks\SA.DAT
C:\Windows\Tasks\SCHEDLGU.TXT
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
----------------------------------------

 
C:\Windows\Temp

C:\Windows\Temp\dneinst.log
C:\Windows\Temp\coinlog.log
----------------------------------------

 
C:\Users\Tobias\AppData\Local\Temp

C:\Users\X\AppData\Local\Temp\jusched.log
C:\Users\X\AppData\Local\Temp\rtdrvmon.exe
C:\Users\X\AppData\Local\Temp\eDatasecurity
C:\Users\X\AppData\Local\Temp\AdobeARM.log
C:\Users\X\AppData\Local\Temp\WPDNSE
C:\Users\X\AppData\Local\Temp\RtkBtMnt.exe
----------------------------------------

 
C:\Program Files

C:\Program Files\Spybot - Search & Destroy
C:\Program Files\Common Files
C:\Program Files\Java
C:\Program Files\Ask.com
C:\Program Files\Malwarebytes' Anti-Malware
C:\Program Files\CCleaner
C:\Program Files\CDBurnerXP
C:\Program Files\Windows Mail
C:\Program Files\Movie Maker
C:\Program Files\Internet Explorer
C:\Program Files\ICQ6.5
C:\Program Files\Microsoft Office
C:\Program Files\Winamp
C:\Program Files\Google
C:\Program Files\Audacity 1.3 Beta (Unicode)
C:\Program Files\eclipse-SDK-3.5.2-win32
C:\Program Files\Skype
C:\Program Files\Adobe
C:\Program Files\QuickTime
C:\Program Files\Apple Software Update
C:\Program Files\Windows Media Player
C:\Program Files\GIMP-2.0
C:\Program Files\AviSynth 2.5
C:\Program Files\eRightSoft
C:\Program Files\WinHTTrack
C:\Program Files\Brice Lambson
C:\Program Files\Mozilla Firefox
C:\Program Files\Avira
C:\Program Files\Lexmark 1200 Series
C:\Program Files\Audacity
C:\Program Files\Sun
C:\Program Files\Free Download Manager
C:\Program Files\InstallShield Installation Information
C:\Program Files\Corel
C:\Program Files\SCHLECKER
C:\Program Files\PDFCreator
C:\Program Files\Cisco Systems
C:\Program Files\Acer GameZone
C:\Program Files\Acer Arcade Deluxe
C:\Program Files\eSobi
C:\Program Files\7-Zip
C:\Program Files\OpenOffice.org 3
C:\Program Files\MSXML 4.0
C:\Program Files\Acer
C:\Program Files\Windows NT
C:\Program Files\Gemeinsame Dateien
C:\Program Files\Acer Inc
C:\Program Files\Launch Manager
C:\Program Files\Realtek
C:\Program Files\Windows Calendar
C:\Program Files\Windows Sidebar
C:\Program Files\Windows Photo Gallery
C:\Program Files\Windows Journal
C:\Program Files\Windows Collaboration
C:\Program Files\Windows Defender
C:\Program Files\Cyberlink
C:\Program Files\NewTech Infosystems
C:\Program Files\Big Kahuna Reef
C:\Program Files\Activation Assistant for the 2007 Microsoft Office suites
C:\Program Files\Microsoft Works
C:\Program Files\Microsoft.NET
C:\Program Files\Acer Incorporated
C:\Program Files\Synaptics
C:\Program Files\Marvell
C:\Program Files\Intel
C:\Program Files\desktop.ini
C:\Program Files\Uninstall Information
C:\Program Files\Microsoft Games
C:\Program Files\MSBuild
C:\Program Files\Reference Assemblies
----------------------------------------

 
C:\ProgramData\..

X
Public   
Default   
desktop.ini   
Default User   
All Users   
----------------------------------------

 
C:\Windows\system32\drivers\etc\hosts

#      38.25.63.10    x.acme.com              # x client host
127.0.0.1      localhost
::1            localhost
# Start of entries inserted by Spybot - Search & Destroy
127.0.0.1        www.007guard.com
127.0.0.1        007guard.com
127.0.0.1        008i.com
127.0.0.1        www.008k.com
127.0.0.1        008k.com
127.0.0.1        www.00hq.com
127.0.0.1        00hq.com
127.0.0.1        010402.com
127.0.0.1        www.032439.com
127.0.0.1        032439.com
127.0.0.1        www.0scan.com
127.0.0.1        0scan.com
127.0.0.1        1000gratisproben.com
127.0.0.1        www.1000gratisproben.com
127.0.0.1        www.1001namen.com
127.0.0.1        1001namen.com
127.0.0.1        100888290cs.com
127.0.0.1        www.100888290cs.com
127.0.0.1        100sexlinks.com
127.0.0.1        www.100sexlinks.com

----------------------------------------



Abbildname                    PID Sitzungsname      Sitz.-Nr. Speichernutzung
========================= ======== ================ =========== ===============
System Idle Process              0 Services                  0            24 K
System                          4 Services                  0        2.768 K
smss.exe                      448 Services                  0          736 K
csrss.exe                      584 Services                  0        6.528 K
wininit.exe                    628 Services                  0        4.000 K
csrss.exe                      640 Console                    1        8.656 K
services.exe                  672 Services                  0        6.924 K
lsass.exe                      688 Services                  0        1.952 K
lsm.exe                        696 Services                  0        3.880 K
winlogon.exe                  780 Console                    1        5.568 K
svchost.exe                    884 Services                  0        6.072 K
svchost.exe                    964 Services                  0        6.488 K
svchost.exe                  1000 Services                  0        43.912 K
svchost.exe                  1100 Services                  0        11.992 K
svchost.exe                  1128 Services                  0        68.576 K
svchost.exe                  1160 Services                  0        27.060 K
audiodg.exe                  1264 Services                  0        17.872 K
SLsvc.exe                    1296 Services                  0        10.544 K
svchost.exe                  1328 Services                  0        13.168 K
svchost.exe                  1468 Services                  0        19.180 K
spoolsv.exe                  1740 Services                  0        10.704 K
sched.exe                    1764 Services                  0        1.688 K
svchost.exe                  1796 Services                  0        15.824 K
agrsmsvc.exe                  1980 Services                  0        2.436 K
avguard.exe                  2012 Services                  0        13.192 K
Agentsvc.exe                  2024 Services                  0        4.892 K
cvpnd.exe                    2040 Services                  0        6.552 K
eDSService.exe                276 Services                  0        4.164 K
ETService.exe                  272 Services                  0        22.168 K
LSSrvc.exe                    1420 Services                  0        3.404 K
lxczcoms.exe                  1680 Services                  0        4.580 K
MobilityService.exe          1868 Services                  0        10.148 K
NMSAccessU.exe                1676 Services                  0        2.580 K
BackupSvc.exe                2056 Services                  0        7.564 K
SchedulerSvc.exe              2100 Services                  0        5.872 K
svchost.exe                  2140 Services                  0        5.400 K
PSIService.exe                2156 Services                  0        3.668 K
svchost.exe                  2212 Services                  0        6.540 K
svchost.exe                  2308 Services                  0        2.272 K
SearchIndexer.exe            2328 Services                  0        18.744 K
taskeng.exe                  2656 Services                  0        5.456 K
dwm.exe                      2696 Console                    1        42.824 K
explorer.exe                  2740 Console                    1        54.680 K
WUDFHost.exe                  2772 Services                  0        5.984 K
MSASCui.exe                  2872 Console                    1        15.808 K
SynTPEnh.exe                  2880 Console                    1        13.172 K
BkupTray.exe                  2896 Console                    1        3.704 K
igfxtray.exe                  2916 Console                    1        5.004 K
hkcmd.exe                    2932 Console                    1        5.136 K
igfxpers.exe                  2952 Console                    1        4.868 K
RtHDVCpl.exe                  2960 Console                    1        10.592 K
taskeng.exe                  3084 Console                    1        10.644 K
igfxsrvc.exe                  3364 Console                    1        5.840 K
unsecapp.exe                  3552 Services                  0        3.940 K
WmiPrvSE.exe                  3572 Services                  0        6.000 K
RtkBtMnt.exe                  3660 Console                    1        4.232 K
LManager.exe                  4036 Console                    1        9.192 K
eDSLoader.exe                4044 Console                    1        14.960 K
ePower_DMC.exe                4052 Console                    1        17.952 K
Monitor.exe                  4072 Console                    1        6.380 K
LXCZbmgr.exe                  4080 Console                    1        3.864 K
avgnt.exe                    4088 Console                    1        3.424 K
jusched.exe                  1776 Console                    1        3.528 K
LXCZbmon.exe                  2136 Console                    1        3.388 K
TeaTimer.exe                  1088 Console                    1        90.580 K
unsecapp.exe                  3908 Console                    1        5.220 K
igfxext.exe                  2728 Console                    1        3.964 K
igfxsrvc.exe                  1188 Console                    1        4.324 K
SynTPHelper.exe              1116 Console                    1        2.640 K
firefox.exe                    744 Console                    1      112.960 K
taskeng.exe                  2088 Console                    1        4.628 K
fdm.exe                      1784 Console                    1        27.768 K
SearchProtocolHost.exe        488 Services                  0        9.628 K
SearchFilterHost.exe          3168 Services                  0        5.012 K
cmd.exe                        260 Console                    1        4.088 K
conime.exe                    2116 Console                    1        3.788 K
tasklist.exe                  3272 Console                    1        4.692 K
WmiPrvSE.exe                  2172 Services                  0        5.988 K

 
***** Ende des Scans 27.08.2010 um  3:12:48,91 ***
ccleaner install
Code:
7-Zip 4.57                16.11.2008        2,86MB       
Acer eDataSecurity Management        Egis Inc.        30.09.2008        69,3MB        3.0.3062
Acer Empowering Technology        Acer Incorporated        06.05.2008        142,7MB        3.0.3006
Acer ePower Management        Acer Incorporated        30.09.2008        9,70MB        3.0.3012
Acer eRecovery Management        Acer Incorporated        30.09.2008        27,5MB        3.0.3013
Acer eSettings Management        Acer Incorporated        30.09.2008        27,4MB        3.0.3007
Acer GridVista                30.09.2008        1,51MB        2.72.317
Acer Mobility Center Plug-In        Acer Inc.        30.09.2008        4,13MB        3.0.3000
Acer ScreenSaver        Acer Incorporated        06.05.2008                1.11.0805
Activation Assistant for the 2007 Microsoft Office suites        Microsoft Corporation        30.09.2008        14,0MB       
Adobe Flash Player 10 ActiveX        Adobe Systems Incorporated        10.09.2009                10.0.32.18
Adobe Flash Player 10 Plugin        Adobe Systems Incorporated        30.11.2009                10.0.32.18
Adobe Reader 8.2.4        Adobe Systems Incorporated        26.08.2010        87,1MB        8.2.4
Agere Systems HDA Modem        Agere Systems        30.09.2008               
Apple Application Support        Apple Inc.        23.01.2010        32,4MB        1.1.0
Apple Software Update        Apple Inc.        23.01.2010        2,16MB        2.1.1.116
Ask Toolbar        Ask.com        25.08.2010        4,90MB        1.9.0.0
Audacity 1.2.6                19.04.2009        8,91MB       
Audacity 1.3.12 (Unicode)        Audacity Team        11.05.2010        34,5MB       
Avira AntiVir Personal - Free Antivirus        Avira GmbH        02.06.2009        65,8MB       
BlueJ 2.5.0        Deakin University        14.04.2009        8,80MB       
CCleaner        Piriform        03.08.2010        1,41MB        2.34
CDBurnerXP        CDBurnerXP        02.08.2010        6,48MB        4.3.7.2316
Cisco Systems VPN Client 5.0.04.0300        Cisco Systems, Inc.        19.01.2009        12,3MB        5.0.4
Corel Painter Essentials 3        Corel Corporation        25.03.2009        83,7MB       
DHTML Editing Component        Microsoft Corporation        25.03.2009        0,45MB        6.02.0001
eMule                13.11.2008        10,6MB       
Free Download Manager 3.0        FreeDownloadManager.ORG        09.04.2009        18,5MB       
GIMP 2.6.7                06.01.2010        87,0MB       
Google Earth        Google        14.05.2010        73,2MB        5.2.0.5932
Google Updater        Google Inc.        24.03.2009        3,59MB        2.4.1536.6592
ICQ6.5        ICQ        13.01.2009        46,2MB        6.5
Image Resizer Powertoy Clone for Windows        Brice Lambson        01.12.2009        37,00KB        2.0.0.0
Intel(R) Graphics Media Accelerator Driver        Intel Corporation        30.09.2008               
Java DB 10.4.1.3        Sun Microsystems, Inc        14.04.2009        28,0MB        10.4.1.3
Java(TM) 6 Update 21        Sun Microsystems, Inc.        02.02.2009        94,4MB        6.0.210
Java(TM) SE Development Kit 6 Update 13        Sun Microsystems, Inc.        14.04.2009        131,8MB        1.6.0.130
Launch Manager                30.09.2008        2,35MB       
LECTURNITY Player        imc AG        27.01.2010        83,8MB        4.0.0000
Lexmark 1200 Series        Lexmark International, Inc.        24.05.2009        75,6MB       
LogTek Puzzle Maker                10.03.2010        0,77MB       
Malwarebytes' Anti-Malware        Malwarebytes Corporation        25.08.2010        3,90MB       
Marvell Miniport Driver        Marvell        30.09.2008        2,27MB        10.55.3.3
Microsoft .NET Framework 3.5 SP1        Microsoft Corporation        31.03.2009        27,8MB       
Microsoft Office Home and Student 2007        Microsoft Corporation        06.05.2008        298,1MB        12.0.6215.1000
Microsoft Visual C++ 2005 Redistributable        Microsoft Corporation        29.04.2008        0,41MB        8.0.56336
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17        Microsoft Corporation        02.06.2009        0,58MB        9.0.30729
Microsoft Word 2000        Microsoft Corporation        03.08.2009        84,7MB        9.00.2816
Microsoft Works        Microsoft Corporation        06.05.2008                08.05.0822
Mozilla Firefox (3.5.5)        Mozilla        30.11.2009        26,1MB        3.5.5 (de)
MSXML 4.0 SP2 (KB954430)        Microsoft Corporation        11.11.2008        1,28MB        4.20.9870.0
MSXML 4.0 SP2 (KB973688)        Microsoft Corporation        15.01.2010        1,34MB        4.20.9876.0
NTI Backup Now 5        NewTech Infosystems        06.05.2008        28,6MB        5.1.2.503
NTI Media Maker 8        NewTech Infosystems        06.05.2008        181,5MB        8.0.2.6322
OpenOffice.org 3.0        OpenOffice.org        15.11.2008        332,9MB        3.0.9358
PDFCreator        Frank Heindörfer, Philip Chinery        28.02.2009        19,8MB        0.9.6
PhotoNow!        CyberLink Corp.        30.09.2008        1,65MB        1.1.4619
PowerDirector        CyberLink Corp.        06.05.2008        199,6MB        6.5.2713
Qtpfsgui 1.9.3        Qtpfsgui Dev Team        12.05.2010        36,4MB       
QuickTime        Apple Inc.        23.01.2010        77,3MB        7.65.17.80
Realtek High Definition Audio Driver        Realtek Semiconductor Corp.        30.09.2008        26,1MB        6.0.1.5643
Realtek USB 2.0 Card Reader        Realtek Semiconductor Corp.        30.09.2008        6,57MB        3.0.1.3
SCHLECKER Foto Digital Service                08.03.2009        129,2MB       
Scribus 1.3.3.13        The Scribus Team        22.11.2009        69,4MB        1.3.3.13
Skype Toolbars        Skype Technologies S.A.        21.02.2010        5,25MB        1.0.4051
Skype™ 4.1        Skype Technologies S.A.        21.02.2010        31,1MB        4.1.179
Spelling Dictionaries Support For Adobe Reader 8        Adobe Systems        28.10.2009        32,5MB        8.0.0
Spybot - Search & Destroy        Safer Networking Limited        31.03.2009        54,7MB        1.6.2
SUPER © Version 2009.bld.36 (June 10, 2009)        eRightSoft        14.12.2009        27,2MB        Version 2009.bld.36 (June 10, 2009)
Synaptics Pointing Device Driver        Synaptics        30.09.2008        14,4MB        11.1.4.0
Ulead PhotoImpact X3        Corel        25.03.2009        765,1MB        1.00.0000
VLC media player 1.0.1        VideoLAN Team        15.08.2009        49,5MB        1.0.1
Winamp        Nullsoft, Inc        21.05.2010        31,8MB        5.572
WinHTTrack Website Copier 3.43-7        HTTrack        08.12.2009        11,2MB        3.43.7
XMedia Recode 2.1.9.1        Sebastian Dörfler        18.02.2010        11,5MB        2.1.9.1
Zattoo 3.3.3 Beta        Zattoo Inc.        19.03.2009        18,7MB        3.3.3 Beta
superantispyware
Code:

SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com

Generated 08/27/2010 at 03:51 AM

Application Version : 4.42.1000

Core Rules Database Version : 5411
Trace Rules Database Version: 3223

Scan type      : Complete Scan
Total Scan Time : 00:32:10

Memory items scanned      : 712
Memory threats detected  : 0
Registry items scanned    : 9104
Registry threats detected : 0
File items scanned        : 26220
File threats detected    : 5

Rogue.AntiMalwareDoctor
        C:\Users\X\AppData\Roaming\F636CE315779D393EDB28493FB2F9933

Trojan.Agent/Gen-Cryptor[Egun]
        D:\PROGRAM FILES\LOGTEK PUZZLE MAKER\PUZZLER.EXE
        C:\PROGRAMDATA\MICROSOFT\WINDOWS\START MENU\PROGRAMS\LOGTEK PUZZLE MAKER\LOGTEK PUZZLER.LNK

Adware.Tracking Cookie
        ia.media-imdb.com [ C:\Users\X\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\NWE4FB5P ]

Trojan.Agent/CDesc[Generic]
        C:\USERS\X\DESKTOP\EIGENE DATEIEN\ANM24I\ANTWAIN.DLL


ich bedanke mich schonmal für die hilfe!

lg
orku

kira 27.08.2010 05:34
Hallo und Herzlich Willkommen! :)

Bevor wir unsere Zusammenarbeit beginnen, [Bitte Vollständig lesen]:
Zitat:
  • "Fernbehandlungen/Fernhilfe" und die damit verbundenen Haftungsrisken:
    - da die Fehlerprüfung und Handlung werden über große Entfernungen durchgeführt, besteht keine Haftung unsererseits für die daraus entstehenden Folgen.
    - also, jede Haftung für die daraus entstandene Schäden wird ausgeschlossen, ANWEISUNGEN UND DEREN BEFOLGUNG, ERFOLGT AUF DEINE EIGENE VERANTWORTUNG!
  • Charakteristische Merkmale/Profilinformationen:
    - aus der verwendeten Loglisten oder Logdateien - wie z.B. deinen Realnamen, Seriennummer in Programm etc)- kannst Du herauslöschen oder durch [X] ersetzen
  • Die Systemprüfung und Bereinigung:
    - kann einige Zeit in Anspruch nehmen (je nach Art der Infektion), kann aber sogar so stark kompromittiert sein, so dass eine wirkungsvolle technische Säuberung ist nicht mehr möglich bzw Du es neu installieren musst
  • Innerhalb der Betreuungszeit:
    - ohne Abspräche bitte nicht auf eigene Faust handeln!- bei Problemen nachfragen.
  • Die Reihenfolge:
    - genau so wie beschrieben bitte einhalten, nicht selbst die Reihenfolge wählen!
  • Ansonsten unsere Forumsregeln:
    - Bitte erst lesen, dann posten!-> Für alle Hilfesuchenden! Was muss ich vor der Eröffnung eines Themas beachten?
1.
Code:
eMule
Zitat:
Internet-Tauschbörsen gehören leider zu den unseriösesten Anbietern, und dort werden sehr viele Schädlinge verbreitet, hierbei sollte deshalb, wenn überhaupt, nur ganz besonders vorsichtig umgegangen werden ! Laut Studien sind bei den Tauschbörsen bei 45% der zum Download angebotenen Dateien, Viren oder Würmer und sonstige Schädlinge enthalten!
Hinzu kommt noch, dass die meisten Downloads von diesen Tauschbörsen eh illegal sind, und damit die Nutzer verleitet werden, „Straftaten“ zu begehen!
Selbst wenn du ein „sicheres“ P2P Programm verwendest, ist es nur das Programm, das sicher ist.Du wirst Daten von "uncertified Quellen" teilen, und diese werden häufig angesteckt...;)

2.
Deinstalliere unter `Start→ Systemsteuereung→ Ändern/Entfernen...`
Code:
Ask Toolbar - Adware -Toolbar
3.
- Lade dir Random's System Information Tool (RSIT) von random/random herunter
- an einen Ort deiner Wahl und führe die rsit.exe aus
- wird "Hijackthis" auch von Rsit installiert und ausgeführt
- RSIT erstellt 2 Logfiles (C:\rsit\log.txt und C:\rsit\info.txt) mit erweiterten Infos von deinem System - diese beide bitte komplett hier posten
**Kannst Du das Log in Textdatei speichern und hier anhängen (auf "Erweitert" klicken)

Zitat:
Damit dein Thread übersichtlicher und schön lesbar bleibt, am besten nutze den Code-Tags für deinen Post:
→ vor dein Log schreibst Du (also am Anfang des Logfiles):[code]
hier kommt dein Logfile rein - z.B hjtsanlist o. sonstiges
→ dahinter - also am Ende der Logdatei: [/code]
gruß
Coverflow

orku 27.08.2010 08:32
gutem morgen und dankeschön für die schnelle und kompetente antwort! die bescheuerte ask toolbar, ja. das geht recht schnell wenn man nicht aufpasst.

log:
RSIT Logfile:
Code:
Logfile of random's system information tool 1.08 (written by random/random)
Run by X at 2010-08-27 09:15:29
Microsoft® Windows Vista™ Home Premium  Service Pack 1
System drive C: has 63 GB (43%) free of 148 GB
Total RAM: 3000 MB (57% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 09:15:57, on 27.08.2010
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18470)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\system32\igfxsrvc.exe
C:\Users\Tobias\AppData\Local\Temp\RtkBtMnt.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\Program Files\Common Files\Ulead Systems\AutoDetector\Monitor.exe
C:\Program Files\Lexmark 1200 Series\LXCZbmgr.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Lexmark 1200 Series\lxczbmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Windows\system32\igfxext.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Internet Explorer\IEUser.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\PROGRA~1\FREEDO~1\fdm.exe
C:\Users\Tobias\Desktop\RSIT.exe
C:\Program Files\trend micro\Tobias.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.imdb.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=1008&m=aspire_5735
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [BkupTray] "C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe
O4 - HKLM\..\Run: [ePower_DMC] C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Program Files\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [Ulead AutoDetector v2] C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe
O4 - HKLM\..\Run: [lxczbmgr.exe] "C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: VPN Client.lnk = ?
O8 - Extra context menu item: Alles mit FDM herunterladen - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Auswahl mit FDM herunterladen - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Datei mit FDM herunterladen - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: Videos mit FDM herunterladen - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{20FF681B-171D-4505-817B-6119EC5AE65E}: NameServer = 10.1.0.1,217.137.149.161
O17 - HKLM\System\CS1\Services\Tcpip\..\{20FF681B-171D-4505-817B-6119EC5AE65E}: NameServer = 10.1.0.1,217.137.149.161
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: NTI Backup Now 5 Agent Service (BUNAgentSvc) - NewTech Infosystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: eDataSecurity Service - Egis Incorporated - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
O23 - Service: Empowering Technology Service (ETService) - Unknown owner - C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
O23 - Service: Google Update Service (gupdate1c99a9f1b1b2860) (gupdate1c99a9f1b1b2860) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: lxcz_device -  - C:\Windows\system32\lxczcoms.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - Unknown owner - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\Windows\system32\PSIService.exe

--
End of file - 9823 bytes

======Scheduled tasks folder======

C:\Windows\tasks\Google Software Updater.job
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2010-06-17 61888]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{83A2F9B1-01A2-4AA5-87D1-45B6B8505E96}]
ShowBarObj Class - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll [2008-05-14 312880]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll [2009-03-25 668656]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CC59E0F9-7E43-44FA-9FAA-8377850BF205}]
FDMIECookiesBHO Class - C:\Program Files\Free Download Manager\iefdm2.dll [2008-12-30 98304]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-08-04 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{0BF43445-2F28-4351-9252-17FE6E806AA0}
{5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - Acer eDataSecurity Management - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll [2008-05-14 142896]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-21 1008184]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2008-04-25 1049896]
"BkupTray"=C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe [2008-04-06 34040]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2008-07-17 150040]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2008-07-17 170520]
"Persistence"=C:\Windows\system32\igfxpers.exe [2008-07-17 145944]
"RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2008-06-13 6183456]
"Skytel"=C:\Windows\Skytel.exe [2007-11-21 1826816]
"LManager"=C:\PROGRA~1\LAUNCH~1\LManager.exe [2008-09-11 809480]
"eDataSecurity Loader"=C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe [2008-05-14 526896]
"ePower_DMC"=C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe [2008-06-11 409600]
"eRecoveryService"= []
"WarReg_PopUp"=C:\Program Files\Acer\WR_PopUp\WarReg_PopUp.exe [2008-01-29 303104]
"Ulead AutoDetector v2"=C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe [2007-08-02 95504]
"lxczbmgr.exe"=C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe [2007-04-19 74672]
"avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2009-03-02 209153]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-05-14 248552]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2009-11-11 417792]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2010-06-17 40368]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-06-09 976832]
"Malwarebytes Anti-Malware (reboot)"=C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [2010-04-29 1090952]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2009-03-05 2260480]
"SUPERAntiSpyware"=C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [2010-08-25 2424560]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WindowsWelcomeCenter]
oobefldr.dll,ShowWelcomeCenter []

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE
VPN Client.lnk - C:\Windows\Installer\{51FB15F4-AD27-43BC-AD4B-DD0354FB6BBD}\Icon3E5562ED7.ico

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2008-07-11 208896]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======List of files/folders created in the last 1 months======

2010-08-27 09:15:29 ----D---- C:\rsit
2010-08-27 09:15:29 ----D---- C:\Program Files\trend micro
2010-08-27 03:16:51 ----D---- C:\Users\Tobias\AppData\Roaming\SUPERAntiSpyware.com
2010-08-27 03:16:51 ----D---- C:\ProgramData\SUPERAntiSpyware.com
2010-08-27 03:16:46 ----D---- C:\Program Files\SUPERAntiSpyware
2010-08-27 02:21:31 ----ASH---- C:\hiberfil.sys
2010-08-27 00:43:09 ----D---- C:\ProgramData\Sun
2010-08-27 00:43:08 ----D---- C:\Program Files\Common Files\Java
2010-08-27 00:42:46 ----A---- C:\Windows\system32\javaws.exe
2010-08-27 00:42:46 ----A---- C:\Windows\system32\javaw.exe
2010-08-27 00:42:46 ----A---- C:\Windows\system32\java.exe
2010-08-27 00:42:46 ----A---- C:\Windows\system32\deployJava1.dll
2010-08-26 21:44:16 ----D---- C:\Users\Tobias\AppData\Roaming\Malwarebytes
2010-08-26 21:44:06 ----A---- C:\Windows\system32\drivers\mbamswissarmy.sys
2010-08-26 21:44:04 ----D---- C:\ProgramData\Malwarebytes
2010-08-26 21:44:03 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-08-26 21:44:03 ----A---- C:\Windows\system32\drivers\mbam.sys
2010-08-21 18:25:51 ----D---- C:\Users\Tobias\AppData\Roaming\fltk.org
2010-08-03 10:25:55 ----D---- C:\Users\Tobias\AppData\Roaming\Canneverbe Limited
2010-08-03 10:25:55 ----D---- C:\ProgramData\Canneverbe Limited
2010-08-03 10:25:04 ----A---- C:\Windows\system32\drivers\StarOpen.sys

======List of files/folders modified in the last 1 months======

2010-08-27 09:15:41 ----D---- C:\Windows\Prefetch
2010-08-27 09:15:36 ----D---- C:\Windows\Temp
2010-08-27 09:15:29 ----RD---- C:\Program Files
2010-08-27 09:12:37 ----SHD---- C:\Windows\Installer
2010-08-27 09:12:37 ----SHD---- C:\Config.Msi
2010-08-27 09:11:04 ----SHD---- C:\System Volume Information
2010-08-27 09:06:53 ----D---- C:\Windows\System32
2010-08-27 09:06:53 ----D---- C:\Windows\inf
2010-08-27 09:06:53 ----A---- C:\Windows\system32\PerfStringBackup.INI
2010-08-27 03:56:29 ----D---- C:\Windows\Tasks
2010-08-27 03:53:06 ----D---- C:\Users\Tobias\AppData\Roaming\Free Download Manager
2010-08-27 03:16:51 ----HD---- C:\ProgramData
2010-08-27 02:59:33 ----D---- C:\Windows
2010-08-27 02:33:26 ----D---- C:\ProgramData\Spybot - Search & Destroy
2010-08-27 02:21:20 ----D---- C:\Windows\system32\drivers
2010-08-27 02:20:50 ----D---- C:\Windows\PLA
2010-08-27 01:17:57 ----D---- C:\Program Files\Spybot - Search & Destroy
2010-08-27 00:50:58 ----D---- C:\Windows\system32\drivers\etc
2010-08-27 00:50:11 ----D---- C:\ProgramData\Google Updater
2010-08-27 00:43:58 ----D---- C:\Windows\winsxs
2010-08-27 00:43:36 ----D---- C:\ProgramData\Adobe
2010-08-27 00:43:08 ----D---- C:\Program Files\Common Files
2010-08-27 00:42:43 ----D---- C:\Program Files\Java
2010-08-27 00:28:48 ----D---- C:\Windows\Debug
2010-08-26 22:58:43 ----D---- C:\Windows\ACER
2010-08-26 22:08:14 ----D---- C:\Windows\system32\Tasks
2010-08-26 20:34:27 ----D---- C:\Users\Tobias\AppData\Roaming\vlc
2010-08-25 17:24:58 ----D---- C:\Users\Tobias\AppData\Roaming\dvdcss
2010-08-12 20:34:52 ----RSD---- C:\Windows\Fonts
2010-08-12 12:29:10 ----D---- C:\Users\Tobias\AppData\Roaming\Skype
2010-08-12 10:35:33 ----D---- C:\Users\Tobias\AppData\Roaming\skypePM
2010-08-04 22:37:39 ----D---- C:\Program Files\CCleaner
2010-08-03 10:25:07 ----D---- C:\Program Files\CDBurnerXP

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 PSDFilter;PSDFilter; C:\Windows\system32\DRIVERS\psdfilter.sys [2008-05-14 18992]
R0 UBHelper;UBHelper; C:\Windows\system32\drivers\UBHelper.sys [2008-01-31 13824]
R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys [2009-02-13 11608]
R1 avipbb;avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [2009-03-30 96104]
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872]
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [2010-05-10 67656]
R1 ssmdrv;ssmdrv; C:\Windows\system32\DRIVERS\ssmdrv.sys [2009-06-09 28520]
R2 avgntflt;avgntflt; C:\Windows\system32\DRIVERS\avgntflt.sys [2009-12-07 56816]
R2 CVPNDRVA;Cisco Systems Inc. IPSec Driver; \??\C:\Windows\system32\Drivers\CVPNDRVA.sys [2008-08-29 306299]
R2 int15;int15; \??\C:\Windows\system32\drivers\int15.sys [2008-03-21 15392]
R2 irda;IrDA Protocol; C:\Windows\system32\DRIVERS\irda.sys [2008-01-21 95744]
R2 PSDNServ;PSDNServ; C:\Windows\system32\DRIVERS\PSDNServ.sys [2008-05-14 16944]
R2 psdvdisk;PSDVdisk; C:\Windows\system32\DRIVERS\PSDVdisk.sys [2008-05-14 60464]
R3 AgereSoftModem;Agere Systems Soft Modem; C:\Windows\system32\DRIVERS\AGRSM.sys [2008-03-01 1202560]
R3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athr.sys [2008-04-27 909824]
R3 DKbFltr;Dritek Keyboard Filter Driver; C:\Windows\system32\DRIVERS\DKbFltr.sys [2006-11-03 21264]
R3 DNE;Deterministic Network Enhancer Miniport; C:\Windows\system32\DRIVERS\dne2000.sys [2008-03-29 125328]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd32.sys [2008-07-11 2381312]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2008-06-14 2152344]
R3 NTIDrvr;Upper Class Filter Driver; C:\Windows\system32\DRIVERS\NTIDrvr.sys [2008-01-31 14848]
R3 RTSTOR;Realtek USB 2.0 Card Reader; C:\Windows\system32\drivers\RTSTOR.SYS [2008-08-12 61440]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2008-04-25 199472]
R3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller; C:\Windows\system32\DRIVERS\yk60x86.sys [2008-02-21 299008]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2008-01-21 179712]
S3 CVirtA;Cisco Systems VPN Adapter; C:\Windows\system32\DRIVERS\CVirtA.sys [2007-01-18 5275]
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2008-01-21 5632]
S3 HdAudAddService;Microsoft 1.1 UAA-Funktionstreiber für High Definition Audio-Dienst; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 HSF_DPV;HSF_DPV; C:\Windows\system32\DRIVERS\VSTDPV3.SYS [2008-01-21 987648]
S3 HSFHWAZL;HSFHWAZL; C:\Windows\system32\DRIVERS\VSTAZL3.SYS [2008-01-21 200704]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-21 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-21 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-21 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-21 6016]
S3 NSCIRDA;NSC Infrared Device Driver; C:\Windows\system32\DRIVERS\nscirda.sys [2008-01-21 30720]
S3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2008-01-21 88576]
S3 StarOpen;StarOpen; C:\Windows\system32\drivers\StarOpen.sys [2009-11-12 7168]
S3 usbscan;USB-Scannertreiber; C:\Windows\system32\DRIVERS\usbscan.sys [2008-01-21 35328]
S3 usbvideo;USB Video Device (WDM); C:\Windows\System32\Drivers\usbvideo.sys [2008-01-21 134016]
S3 winachsf;winachsf; C:\Windows\system32\DRIVERS\VSTCNXT3.SYS [2008-01-21 654336]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2008-01-21 39936]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-21 83328]
S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-01-21 6656]
S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [2008-01-21 386616]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AgereModemAudio;Agere Modem Call Progress Audio; C:\Windows\system32\agrsmsvc.exe [2008-03-18 13312]
R2 AntiVirSchedulerService;Avira AntiVir Planer; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2009-06-09 108289]
R2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2009-08-05 185089]
R2 BUNAgentSvc;NTI Backup Now 5 Agent Service; C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe [2008-03-03 16384]
R2 CVPND;Cisco Systems, Inc. VPN Service; C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe [2008-08-29 1528608]
R2 eDataSecurity Service;eDataSecurity Service; C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe [2008-05-14 500784]
R2 ETService;Empowering Technology Service; C:\Program Files\Acer\Empowering Technology\Service\ETService.exe [2008-03-21 24576]
R2 Irmon;@%SystemRoot%\System32\irmon.dll,-2000; C:\Windows\system32\svchost.exe [2008-01-21 21504]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2007-01-17 61440]
R2 lxcz_device;lxcz_device; C:\Windows\system32\lxczcoms.exe [2007-04-19 537520]
R2 MobilityService;MobilityService; C:\Acer\Mobility Center\MobilityService.exe [2007-12-06 110592]
R2 NMSAccessU;NMSAccessU; C:\Program Files\CDBurnerXP\NMSAccessU.exe [2008-10-20 71096]
R2 NTIBackupSvc;NTI Backup Now 5 Backup Service; C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2008-04-06 50424]
R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service; C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2008-04-04 131072]
R2 ProtexisLicensing;ProtexisLicensing; C:\Windows\system32\PSIService.exe [2006-11-02 174656]
S2 gupdate1c99a9f1b1b2860;Google Update Service (gupdate1c99a9f1b1b2860); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-03-01 133104]
S2 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-25 183280]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
S3 ose;Office  Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2009-09-26 149336]

-----------------EOF-----------------
--- --- ---


info
[code]
info.txtRSIT Logfile:
Code:
logfile of random's system information tool 1.08 2010-08-27 09:15:59

======Uninstall list======

2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0016-0407-0000-0000000FF1CE} /uninstall {DCBECE36-8F23-4B33-925E-A1C6183C0DBD}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0018-0407-0000-0000000FF1CE} /uninstall {DCBECE36-8F23-4B33-925E-A1C6183C0DBD}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001B-0407-0000-0000000FF1CE} /uninstall {DCBECE36-8F23-4B33-925E-A1C6183C0DBD}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0407-0000-0000000FF1CE} /uninstall {2AB528A5-BB1B-4EBE-8E51-AD0C4CD33CA9}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {430971B1-C31E-45DA-81E0-72C095BAB72C}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0410-0000-0000000FF1CE} /uninstall {58FC5E37-DD28-4D4A-A549-125744C6763C}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-006E-0407-0000-0000000FF1CE} /uninstall {888B9AC7-8F5C-456B-A27A-157A6C310E52}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-00A1-0407-0000-0000000FF1CE} /uninstall {DCBECE36-8F23-4B33-925E-A1C6183C0DBD}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419}
7-Zip 4.57-->"C:\Program Files\7-Zip\Uninstall.exe"
Acer eDataSecurity Management-->C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSnstHelper.exe -Operation UNINSTALL
Acer Empowering Technology-->"C:\Program Files\InstallShield Installation Information\{8F1B6239-FEA0-450A-A950-B05276CE177C}\setup.exe" -runfromtemp -l0x0007 -removeonly
Acer ePower Management-->"C:\Program Files\InstallShield Installation Information\{58E5844B-7CE2-413D-83D1-99294BF6C74F}\setup.exe" -runfromtemp -l0x0007 -removeonly
Acer eRecovery Management-->"C:\Program Files\InstallShield Installation Information\{7F811A54-5A09-4579-90E1-C93498E230D9}\setup.exe" -runfromtemp -l0x0007 -removeonly
Acer eSettings Management-->"C:\Program Files\InstallShield Installation Information\{13D85C14-2B85-419F-AC41-C7F21E68B25D}\setup.exe" -runfromtemp -l0x0007 -removeonly
Acer GridVista-->C:\Windows\GVUni.exe GridV.UNI
Acer Mobility Center Plug-In-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{11316260-6666-467B-AC34-183FCB5D4335}\setup.exe" -l0x7  -removeonly
Acer ScreenSaver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}\setup.exe" -l0x9  -removeonly
Activation Assistant for the 2007 Microsoft Office suites-->"C:\ProgramData\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}\Microsoft Office Activation Assistant.exe" REMOVE=TRUE MODIFY=FALSE
Adobe Flash Player 10 ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 8.2.4-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A82000000003}
Agere Systems HDA Modem-->agrsmdel
Apple Application Support-->MsiExec.exe /I{3FA365DF-2D68-45ED-8F83-8C8A33E65143}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Audacity 1.2.6-->"C:\Program Files\Audacity\unins000.exe"
Audacity 1.3.12 (Unicode)-->"C:\Program Files\Audacity 1.3 Beta (Unicode)\unins000.exe"
Avira AntiVir Personal - Free Antivirus-->C:\Program Files\Avira\AntiVir Desktop\setup.exe /REMOVE
BlueJ 2.5.0-->"C:\BlueJ\uninst\unins000.exe"
CCleaner-->"C:\Program Files\CCleaner\uninst.exe"
CDBurnerXP-->"C:\Program Files\CDBurnerXP\unins000.exe"
Cisco Systems VPN Client 5.0.04.0300-->MsiExec.exe /X{51FB15F4-AD27-43BC-AD4B-DD0354FB6BBD}
Corel Painter Essentials 3-->C:\Program Files\Corel\Corel Painter Essentials 3\MSILauncher {0C180787-F8C8-42FD-A9D3-689BA44BEAAF} C:\Users\Tobias\AppData\Local\Temp\PainterEssentials3.log
Corel Painter Essentials 3-->MsiExec.exe /I{0C180787-F8C8-42FD-A9D3-689BA44BEAAF}
DHTML Editing Component-->MsiExec.exe /I{2EA870FA-585F-4187-903D-CB9FFD21E2E0}
eMule-->"D:\Programme\eMule\Uninstall.exe"
Free Download Manager 3.0-->"C:\Program Files\Free Download Manager\unins000.exe"
GIMP 2.6.7-->"C:\Program Files\GIMP-2.0\setup\unins000.exe"
Google Earth-->MsiExec.exe /X{F7B0939E-58DF-11DF-B3A6-005056806466}
Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
Google Updater-->"C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall  /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
ICQ6.5-->"C:\Program Files\InstallShield Installation Information\{60DE4033-9503-48D1-A483-7846BD217CA9}\setup.exe" -runfromtemp -l0x0009 -removeonly
Image Resizer Powertoy Clone for Windows-->MsiExec.exe /X{FF3FA9BC-3F96-44F1-9E8F-0544A2226432}
Intel(R) Graphics Media Accelerator Driver-->C:\Windows\system32\igxpun.exe -uninstall
Java DB 10.4.1.3-->MsiExec.exe /X{998D6972-F58E-479D-9248-8F179E55AE38}
Java(TM) 6 Update 21-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF}
Java(TM) SE Development Kit 6 Update 13-->MsiExec.exe /I{32A3A4F4-B792-11D6-A78A-00B0D0160130}
Launch Manager-->C:\Windows\UNINST32.EXE LManager.UNI
LECTURNITY Player-->MsiExec.exe /X{8624888C-A959-45A5-98F4-292E956325EA}
Lexmark 1200 Series-->C:\Program Files\Lexmark 1200 Series\Install\x86\Uninst.exe
LogTek Puzzle Maker-->D:\Program Files\LogTek Puzzle Maker\Uninstal.exe
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Marvell Miniport Driver-->C:\Program Files\Marvell\Miniport Driver\Uninst.exe
Microsoft .NET Framework 3.5 SP1-->C:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Office Excel MUI (German) 2007-->MsiExec.exe /X{90120000-0016-0407-0000-0000000FF1CE}
Microsoft Office Home and Student 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall HOMESTUDENTR /dll OSETUP.DLL
Microsoft Office Home and Student 2007-->MsiExec.exe /X{91120000-002F-0000-0000-0000000FF1CE}
Microsoft Office OneNote MUI (German) 2007-->MsiExec.exe /X{90120000-00A1-0407-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (German) 2007-->MsiExec.exe /X{90120000-0018-0407-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (German) 2007-->MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}
Microsoft Office Proof (Italian) 2007-->MsiExec.exe /X{90120000-001F-0410-0000-0000000FF1CE}
Microsoft Office Proofing (German) 2007-->MsiExec.exe /X{90120000-002C-0407-0000-0000000FF1CE}
Microsoft Office Shared MUI (German) 2007-->MsiExec.exe /X{90120000-006E-0407-0000-0000000FF1CE}
Microsoft Office Word MUI (German) 2007-->MsiExec.exe /X{90120000-001B-0407-0000-0000000FF1CE}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Microsoft Word 2000-->MsiExec.exe /I{00170407-78E1-11D2-B60F-006097C998E7}
Microsoft Works-->MsiExec.exe /I{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}
Mozilla Firefox (3.5.5)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
NTI Backup Now 5-->C:\Program Files\InstallShield Installation Information\{12EFA1A4-AC3B-443C-8143-237EDE760403}\setup.exe -runfromtemp -l0x0407
NTI Media Maker 8-->C:\Program Files\InstallShield Installation Information\{2413930C-8309-47A6-BC61-5EF27A4222BC}\setup.exe -runfromtemp -l0x0407
OpenOffice.org 3.0-->MsiExec.exe /I{04B45310-A5FE-4425-BFCA-1A6D8920DE74}
PDFCreator-->C:\Program Files\PDFCreator\unins000.exe
PhotoNow!-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D36DD326-7280-11D8-97C8-000129760CBE}\Setup.exe"  -uninstall
PowerDirector-->"C:\Program Files\InstallShield Installation Information\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}\setup.exe" /z-uninstall
Qtpfsgui 1.9.3-->"D:\Program Files\Qtpfsgui\unins000.exe"
QuickTime-->MsiExec.exe /I{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}
Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe"  -removeonly
Realtek USB 2.0 Card Reader-->C:\Program Files\InstallShield Installation Information\{DC24971E-1946-445D-8A82-CE685433FA7D}\setup.exe -runfromtemp -l0x0007 -removeonly
SCHLECKER Foto Digital Service-->"C:\Program Files\SCHLECKER\SCHLECKER Foto Digital Service\uninstall.exe"
Scribus 1.3.3.13-->D:\Program Files\Scribus 1.3.3.13\uninst.exe
Skype Toolbars-->MsiExec.exe /I{981029E0-7FC9-4CF3-AB39-6F133621921A}
Skype™ 4.1-->MsiExec.exe /X{D103C4BA-F905-437A-8049-DB24763BBE36}
Spelling Dictionaries Support For Adobe Reader 8-->MsiExec.exe /I{AC76BA86-7AD7-5464-3428-800000000003}
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
SUPER © Version 2009.bld.36 (June 10, 2009)-->C:\PROGRA~1\ERIGHT~1\SUPER\Setup.exe /remove /q0
SUPERAntiSpyware-->"C:\Program Files\SUPERAntiSpyware\Uninstall.exe"
Synaptics Pointing Device Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
Ulead PhotoImpact X3-->C:\Program Files\InstallShield Installation Information\{15803703-25FA-4C01-A062-3F4A59937E87}\setup.exe -runfromtemp -l0x0407
Update for Office 2007 (KB946691)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278}
VLC media player 1.0.1-->D:\Program Files\VideoLAN\VLC\uninstall.exe
Winamp-->"C:\Program Files\Winamp\UninstWA.exe"
WinHTTrack Website Copier 3.43-7-->"C:\Program Files\WinHTTrack\unins000.exe"
XMedia Recode 2.1.9.1-->D:\Program Files\XMedia Recode\uninst.exe
Zattoo 3.3.3 Beta-->D:\Program Files\Zattoo\uninst.exe

======Hosts File======

127.0.0.1        www.007guard.com
127.0.0.1        007guard.com
127.0.0.1        008i.com
127.0.0.1        www.008k.com
127.0.0.1        008k.com
127.0.0.1        www.00hq.com
127.0.0.1        00hq.com
127.0.0.1        010402.com
127.0.0.1        www.032439.com
127.0.0.1        032439.com

======Security center information======

AS: Windows Defender
AS: SUPERAntiSpyware

======System event log======

Computer Name: X
Event Code: 17
Message: AVGNTFLT successfully loaded
Record Number: 104259
Source Name: avgntflt
Time Written: 20100827002137.107732-000
Event Type: Informationen
User:

Computer Name: X
Event Code: 17
Message: AVGNTFLT successfully loaded
Record Number: 104260
Source Name: avgntflt
Time Written: 20100827002707.301307-000
Event Type: Informationen
User:

Computer Name: X
Event Code: 17
Message: AVGNTFLT successfully loaded
Record Number: 104261
Source Name: avgntflt
Time Written: 20100827005937.504109-000
Event Type: Informationen
User:

Computer Name: X
Event Code: 17
Message: AVGNTFLT successfully loaded
Record Number: 104262
Source Name: avgntflt
Time Written: 20100827015357.348108-000
Event Type: Informationen
User:

Computer Name: X
Event Code: 18
Message: TIMEOUT<wmplayer.exe> C:\...eRecovery\HidChk.exe
Record Number: 104263
Source Name: avgntflt
Time Written: 20100827070556.546800-000
Event Type: Warnung
User:

=====Application event log=====

Computer Name: X
Event Code: 10001
Message: Sitzung wird beendet: 1. 2010-08-27T07:11:06.865Z wird gestartet.
Record Number: 15091
Source Name: Microsoft-Windows-RestartManager
Time Written: 20100827071237.989200-000
Event Type: Informationen
User: X/X

Computer Name: X
Event Code: 10007
Message: Die Anwendung oder der Dienst "Internet Explorer" konnte nicht neu gestartet werden.
Record Number: 15092
Source Name: Microsoft-Windows-RestartManager
Time Written: 20100827071238.004800-000
Event Type: Fehler
User: X/X

Computer Name: X
Event Code: 10001
Message: Sitzung wird beendet: 1. 2010-08-27T07:11:15.538Z wird gestartet.
Record Number: 15093
Source Name: Microsoft-Windows-RestartManager
Time Written: 20100827071238.004800-000
Event Type: Informationen
User: X/X

Computer Name: X
Event Code: 8224
Message: Der VSS-Dienst wird aufgrund eines Leerlaufzeitlimits heruntergefahren.
Record Number: 15094
Source Name: VSS
Time Written: 20100827071429.000000-000
Event Type: Informationen
User:

Computer Name: X
Event Code: 5
Message: Unsupported service control request (see data below)
Record Number: 15095
Source Name: LightScribeService
Time Written: 20100827071559.000000-000
Event Type: Informationen
User:

=====Security event log=====

Computer Name: X
Event Code: 5038
Message: Die Codeintegrität hat festgestellt, dass der Abbildhash einer Datei nicht gültig ist. Die Datei wurde möglicherweise durch eine nicht autorisierte Änderung beschädigt. Dieses Problem kann auch auf einen potenziellen Fehler des Datenträgergeräts hinweisen.

Dateiname:        \Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys       
Record Number: 51987
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100827071556.505600-000
Event Type: Überwachung gescheitert
User:

Computer Name: X
Event Code: 5038
Message: Die Codeintegrität hat festgestellt, dass der Abbildhash einer Datei nicht gültig ist. Die Datei wurde möglicherweise durch eine nicht autorisierte Änderung beschädigt. Dieses Problem kann auch auf einen potenziellen Fehler des Datenträgergeräts hinweisen.

Dateiname:        \Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys       
Record Number: 51988
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100827071556.568000-000
Event Type: Überwachung gescheitert
User:

Computer Name: X
Event Code: 5038
Message: Die Codeintegrität hat festgestellt, dass der Abbildhash einer Datei nicht gültig ist. Die Datei wurde möglicherweise durch eine nicht autorisierte Änderung beschädigt. Dieses Problem kann auch auf einen potenziellen Fehler des Datenträgergeräts hinweisen.

Dateiname:        \Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys       
Record Number: 51989
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100827071556.630400-000
Event Type: Überwachung gescheitert
User:

Computer Name: X
Event Code: 5038
Message: Die Codeintegrität hat festgestellt, dass der Abbildhash einer Datei nicht gültig ist. Die Datei wurde möglicherweise durch eine nicht autorisierte Änderung beschädigt. Dieses Problem kann auch auf einen potenziellen Fehler des Datenträgergeräts hinweisen.

Dateiname:        \Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys       
Record Number: 51990
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100827071556.708400-000
Event Type: Überwachung gescheitert
User:

Computer Name: X
Event Code: 5038
Message: Die Codeintegrität hat festgestellt, dass der Abbildhash einer Datei nicht gültig ist. Die Datei wurde möglicherweise durch eine nicht autorisierte Änderung beschädigt. Dieses Problem kann auch auf einen potenziellen Fehler des Datenträgergeräts hinweisen.

Dateiname:        \Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys       
Record Number: 51991
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100827071556.770800-000
Event Type: Überwachung gescheitert
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"DFSTRACINGON"=FALSE
"FP_NO_HOST_CHECK"=NO
"NTIPath"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\NewTech Infosystems\NTI Backup Now 5\;
"NUMBER_OF_PROCESSORS"=2
"OS"=Windows_NT
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Acer\Empowering Technology\eDataSecurity\;C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86;C:\Program Files\Acer\Empowering Technology\eDataSecurity\x64;C:\Program Files\QuickTime\QTSystem\
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"Pathtem"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 13, GenuineIntel
"PROCESSOR_LEVEL"=6
"PROCESSOR_REVISION"=0f0d
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"TRACE_FORMAT_SEARCH_PATH"=\\NTREL202.ntdev.corp.microsoft.com\4F18C3A5-CA09-4DBD-B6FC-219FDD4C6BE0\TraceFormat
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"CLASSPATH"=.;C:\Program Files\Java\jre6\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre6\lib\ext\QTJava.zip

-----------------EOF-----------------
--- --- ---


dankeschön und lg

orku

kira 27.08.2010 11:56
Vista nicht aktuell..Adobe auch nicht...!
telekom-pesse.at]Immer am neuesten Stand
Software wie Betriebssysteme, Browser und E-Mail Clients werden laufend weiterentwickelt. Gleichzeitig arbeiten jedoch auch Hacker daran, ständig neue Sicherheitslücken zu finden und auszunutzen. Was heute noch keine Schlupflücke für Viren und Würmer ist, kann morgen bereits zur Gefahr werden, wenn der entsprechende Schädling programmiert wurde. Das führt dazu, dass es relativ häufig zu Meldungen über neue Sicherheitsanfälligkeiten kommt, auch wenn diese noch nicht durch Hacker entdeckt wurden. Denn selbstverständlich suchen auch Sicherheitsspezialisten nach potenziellen Angriffsmöglichkeiten. Updates der Softwareentwickler sorgen dafür, dass der User immer die aktuellste und sicherste Version des Betriebssystems und der installierten Software nutzen kann.

1.
Adobe Reader aktualisieren :
Adobe Reader
Oder: Adobe starten-> gehe auf "Hilfe"-> "Nach Update suchen..."

2.
alle Anwendungen schließen → Ordner für temporäre Dateien bitte leeren
lösche nur den Inhalt der Ordner, nicht die Ordner selbst! - Dateien, die noch in Benutzung sind,nicht löschbar.
c:\windows\temp
- anschließend den Papierkorb leeren

3.
reinige dein System mit Ccleaner:
  • "Cleaner"→ "Analysieren"→ Klick auf den Button "Start CCleaner"
  • "Registry""Fehler suchen"→ "Fehler beheben"→ "Alle beheben"
  • Starte dein System neu auf

4.
Auch auf USB-Sticks, selbstgebrannten Datenträgern, externen Festplatten und anderen Datenträgern können Viren transportiert werden. Man muss daher durch regelmäßige Prüfungen auf Schäden, die durch Malware verursacht worden sein können, überwacht werden. Hierfür sind ser gut geegnet und empfohlen, die auf dem Speichermedium gesicherten Daten, mit Hilfe des kostenlosen Online Scanners zu prüfen.
Also alle vorhandenen externen Laufwerke inkl. evtl. vorhandener USB-Sticks an den Rechner anschließen, aber dabei die Shift-Taste gedrückt halten, damit die Autorun-Funktion nicht ausgeführt wird.
Außerdem kann man die Autostarteigenschaft auch ausschalten:
Windows-Sicherheit: Datenträger-Autorun deaktivieren- bebilderte Anleitung v.Leonidas/3dcenter.org
Autorun/Autoplay gezielt für Laufwerkstypen oder -buchstaben abschalten/wintotal.de
→ Diese Silly -Beschreibung stützt die Annahme, dass er über einen USB-Stick kam. Die Ursache ist durch formatieren des Sticks aus der Welt geschafft, Du solltest darauf achten, dass dort keine Datei autorun.inf wieder auftaucht und etwas wählerisch sein, wo Du deinen Stick reinsteckst.
Achtung!:
>>Du sollst das Programm nicht installieren, sondern dein System nur online scannen<<
→ Den kompletten Rechner (also das ganze System) zu überprüfen (Systemprüfung ohne Säuberung) mit Kaspersky Online Scanner/klicke hier
→ um mit dem Vorgang fortzufahren klicke auf "Accept"
→ dann wähle "My computer" aus - Es dauert einige Zeit, bis ein Komplett-Scan durch gelaufen ist, also bitte um Geduld!
Es kann einige Zeit dauern, bis der Scan abgeschlossen ist - je nach Größe der Festplatte eine oder mehrere Stunden - also Geduld...
→ Report angezeigt, klicke auf "Save as" - den bitte kopieren und in deinem Thread hier einfügen
Vor dem Scan Einstellungen im Internet Explorer:
→ "Extras→ InternetoptionenSicherheit":
→ alles auf Standardstufe stellen
Active X erlauben - damit die neue Virendefinitionen installiert werden können

orku 27.08.2010 16:35
ok, das sieht nicht gut aus, anscheinend ist java komplett befallen :(((((

Code:
Friday, August 27, 2010
Operating system: Microsoft Windows Vista Home Premium Edition, 32-bit Service Pack 1 (build 6001)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Friday, August 27, 2010 07:07:04
Records in database: 4161681
Scan settings
scan using the following database        extended
Scan archives        yes
Scan e-mail databases        yes
Scan area        My Computer
C:\
D:\
E:\
F:\
Scan statistics
Objects scanned        149123
Threats found        11
Infected objects found        29
Suspicious objects found        0
Scan duration        03:10:26

File name        Threat        Threats count
C:\Users\Tobias\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12\1dd6a40c-7fa35ab5        Infected: Exploit.Java.Agent.f        1       
C:\Users\Tobias\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12\72a4ab4c-1ad7580d        Infected: Trojan-Downloader.Java.Agent.ft        1       
C:\Users\Tobias\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12\72a4ab4c-1ad7580d        Infected: Trojan-Downloader.Java.Agent.fu        1       
C:\Users\Tobias\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12\72a4ab4c-1ad7580d        Infected: Trojan-Downloader.Java.Agent.fv        1       
C:\Users\Tobias\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\27\1b7dee5b-79e91342        Infected: Exploit.Java.Agent.f        1       
C:\Users\Tobias\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\27\1b7dee5b-79e91342        Infected: Trojan-Downloader.Java.Agent.cd        1       
C:\Users\Tobias\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\27\1b7dee5b-79e91342        Infected: Trojan-Downloader.Java.OpenStream.al        1       
C:\Users\Tobias\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\28\30554cdc-6840a964        Infected: Trojan-Downloader.Java.Agent.fx        1       
C:\Users\Tobias\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\28\30554cdc-6840a964        Infected: Exploit.Java.Agent.f        1       
C:\Users\Tobias\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\28\30554cdc-6840a964        Infected: Trojan-Downloader.Java.Agent.fy        1       
C:\Users\Tobias\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\29\7adbb65d-67f2f519        Infected: Exploit.Java.Agent.f        1       
C:\Users\Tobias\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\34\6aed6d62-15ebf7ed        Infected: Exploit.Java.Agent.f        1       
C:\Users\Tobias\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\4\2651c104-5fa5ebb3        Infected: Exploit.Java.Agent.f        1       
C:\Users\Tobias\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\4\2651c104-5fa5ebb3        Infected: Trojan-Downloader.Java.Agent.cd        1       
C:\Users\Tobias\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\4\2651c104-5fa5ebb3        Infected: Trojan-Downloader.Java.OpenStream.al        1       
C:\Users\Tobias\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\4\265a2144-66ec67d2        Infected: Exploit.Java.Agent.f        1       
C:\Users\Tobias\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\4\265a2144-66ec67d2        Infected: Trojan-Downloader.Java.Agent.cd        1       
C:\Users\Tobias\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\4\265a2144-66ec67d2        Infected: Trojan-Downloader.Java.OpenStream.al        1       
C:\Users\Tobias\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\4\567e7c4-76fa18e7        Infected: Exploit.Java.Agent.f        1       
C:\Users\Tobias\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\4\567e7c4-76fa18e7        Infected: Trojan-Downloader.Java.Agent.ay        2       
C:\Users\Tobias\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\40\578ce568-33a82f4e        Infected: Trojan-Downloader.Java.Agent.ab        1       
C:\Users\Tobias\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\49\2e6d2c31-48b079dd        Infected: Exploit.OSX.Smid.c        1       
C:\Users\Tobias\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\56\e668b8-606b89d0        Infected: Trojan-Downloader.Java.Agent.ft        1       
C:\Users\Tobias\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\56\e668b8-606b89d0        Infected: Trojan-Downloader.Java.Agent.fu        1       
C:\Users\Tobias\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\56\e668b8-606b89d0        Infected: Trojan-Downloader.Java.Agent.fv        1       
C:\Users\Tobias\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\63\391d9e7f-58fa13ca        Infected: Trojan-Downloader.Java.Agent.ft        1       
C:\Users\Tobias\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\63\391d9e7f-58fa13ca        Infected: Trojan-Downloader.Java.Agent.fu        1       
C:\Users\Tobias\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\63\391d9e7f-58fa13ca        Infected: Trojan-Downloader.Java.Agent.fv        1       
Selected area has been scanned.
alles in java

kira 31.08.2010 06:10
hi

1.
den Java-Cache leeren - wie unter Punkt 7. u. 8. beschrieben *klick
über Systemsteuerung -> Java...

2.
Deine Javaversion ist nicht aktuell!
Da aufgrund alter Sicherheitslücken ist Java sehr anfällig, deinstalliere zunächst alle vorhandenen Java-Versionen:
→ Systemsteuerung → Software → deinstallieren...
→ Rechner neu aufstarten
→ Downloade nun die Offline-Version von Java Version 6 Update 21 von Oracle herunter
Achte darauf, eventuell angebotene Toolbars abwählen (den Haken bei der Toolbar entfernen)!

3.
>>Du sollst das Programm nicht installieren, sondern dein System nur online scannen<<

- Führe dann einen Komplett-Systemcheck mit Nod32 durch
- folgendes bitte anhaken > "Remove found threads" und "Scan archives"
- die Scanergebnis als *.txt Dateien speichern)
- meistens "C:\Programme\Eset\EsetOnlineScanner\log.txt"
- (ESET Online Scanner
Vor dem Scan Einstellungen im Internet Explorer:
- "Extras→ Internetoptionen→ Sicherheit":
- alles auf Standardstufe stellen
- Active X erlauben


Alle Zeitangaben in WEZ +1. Es ist jetzt 14:12 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19