Hallo cosinus,

hier ist die OTL-Log

Code: Alles auswählenAufklappen

ATTFilter

========== OTL ==========
ADS C:\Users\Mia\Desktop\Foto.eml:OECustomProperty deleted successfully.
ADS C:\P1160392.MOV.MPG:TOC.WMV deleted successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.24.0 log created on 06232011_221018
         

Bitte nun dieses Tool von Kaspersky ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Das Tool so einstellen wie unten im Bild angegeben - also beide Haken setzen, auf Start scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.




Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, Verknüpfungen auf dem Desktop oder im Startmenü unter "alle Programme" fehlen, bitte unhide ausführen:
Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop.
Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )
Windows-Vista und Windows-7-User müssen das Tool per Rechtsklick als Administrator ausführen!

Scan ausgeführt.
Bekomme allerdings nach dem Scan keine Logdatei, wenn ich auf report klicke.

Der Scan sieht so aus

Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix

• Lade dir ComboFix hier herunter auf deinen Desktop. Benenne es beim Runterladen um in cofi.exe.

• Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.

• Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
  Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.

• Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.

Wichtiger Hinweis:

Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

so, hier kommt nun endlich die Logdatei von combofix

Combofix Logfile:

Code: Alles auswählenAufklappen

ATTFilter

ComboFix 11-07-05.02 - Mia 05.07.2011  18:12:20.1.2 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.49.1031.18.2037.1170 [GMT 2:00]
ausgeführt von:: c:\users\Mia\Desktop\cofi.exe
AV: AntiVir Desktop *Disabled/Outdated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Outdated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\unin0407.exe
.
.
(((((((((((((((((((((((((((((((((((((((   Treiber/Dienste   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_usnjsvc
.
.
(((((((((((((((((((((((   Dateien erstellt von 2011-06-05 bis 2011-07-05  ))))))))))))))))))))))))))))))
.
.
2011-07-05 16:25 . 2011-07-05 16:25	--------	d-----w-	c:\users\Default\AppData\Local\temp
2011-07-05 16:06 . 2011-07-05 16:07	--------	d-----w-	C:\32788R22FWJFW
2011-06-29 18:42 . 2011-04-29 15:59	276992	----a-w-	c:\windows\system32\schannel.dll
2011-06-23 20:10 . 2011-06-23 20:10	--------	d-----w-	C:\_OTL
2011-06-15 18:15 . 2011-06-15 18:15	--------	d-----w-	c:\users\Mia\AppData\Roaming\Malwarebytes
2011-06-15 18:14 . 2011-05-29 07:11	39984	----a-w-	c:\windows\system32\drivers\mbamswissarmy.sys
2011-06-15 18:14 . 2011-06-15 18:14	--------	d-----w-	c:\programdata\Malwarebytes
2011-06-15 18:14 . 2011-05-29 07:11	22712	----a-w-	c:\windows\system32\drivers\mbam.sys
2011-06-15 18:12 . 2011-06-17 07:52	--------	d-----w-	c:\program files\anti-malware
2011-06-15 17:08 . 2011-04-29 13:25	146432	----a-w-	c:\windows\system32\drivers\srv2.sys
2011-06-15 17:08 . 2011-04-29 13:25	102400	----a-w-	c:\windows\system32\drivers\srvnet.sys
2011-06-15 17:08 . 2011-04-21 13:58	273408	----a-w-	c:\windows\system32\drivers\afd.sys
2011-06-15 17:08 . 2011-05-02 17:19	766464	----a-w-	c:\program files\Common Files\Microsoft Shared\vgx\VGX.dll
2011-06-15 17:08 . 2010-12-20 16:35	563712	----a-w-	c:\windows\system32\oleaut32.dll
2011-06-15 17:08 . 2011-05-02 17:16	739328	----a-w-	c:\windows\system32\inetcomm.dll
2011-06-15 17:08 . 2011-04-29 13:24	214016	----a-w-	c:\windows\system32\drivers\mrxsmb10.sys
2011-06-15 17:08 . 2011-04-29 13:24	79872	----a-w-	c:\windows\system32\drivers\mrxsmb20.sys
2011-06-15 17:08 . 2011-04-29 13:24	106496	----a-w-	c:\windows\system32\drivers\mrxsmb.sys
2011-06-15 17:07 . 2011-05-02 12:02	2409784	----a-w-	c:\program files\Windows Mail\OESpamFilter.dat
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-03 18:01 . 2010-04-22 20:21	66616	----a-w-	c:\windows\system32\drivers\avgntflt.sys
2011-07-03 18:01 . 2010-04-22 20:21	138192	----a-w-	c:\windows\system32\drivers\avipbb.sys
2011-06-07 15:55 . 2011-07-01 08:36	7074640	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{65A9A8B3-022D-4E51-B78A-059E4B056B0A}\mpengine.dll
2011-05-24 17:14 . 2009-10-02 23:37	222080	------w-	c:\windows\system32\MpSigStub.exe
2006-05-03 09:06	163328	--sh--r-	c:\windows\System32\flvDX.dll
2007-02-21 10:47	31232	--sh--r-	c:\windows\System32\msfDX.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 152872]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"msnmsgr"="c:\progra~1\MSNMES~1\msnmsgr.exe" [2007-01-19 5674352]
"PhonostarAgent"="c:\program files\Internetradio phonostar\phonostar\ps_agent.exe" [2007-12-05 98304]
"PhonostarTimer"="c:\program files\Internetradio phonostar\phonostar\ps_timer.exe" [2007-12-05 126976]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-04-29 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2007-02-15 4390912]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-02-15 857648]
"TVBroadcast"="c:\program files\Sceneo\Bonavista\Services\ODSBC\ODSBCApp.exe" [2007-05-08 790016]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2006-11-15 151552]
"LaunchAp"="c:\program files\Launch Manager\LaunchAp.exe" [2005-07-25 32768]
"HotkeyApp"="c:\program files\Launch Manager\HotkeyApp.exe" [2006-12-14 192512]
"LMgrOSD"="c:\program files\Launch Manager\OSD.exe" [2006-12-26 180224]
"Wbutton"="c:\program files\Launch Manager\Wbutton.exe" [2006-11-09 86016]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-08-24 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-08-24 154136]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-08-24 129560]
"toolbar_eula_launcher"="c:\program files\GoogleEULA\EULALauncher.exe" [2007-02-09 16896]
"SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2006-11-22 630784]
"UVS10 Preload"="c:\program files\Ulead Systems\Ulead VideoStudio SE DVD\uvPL.exe" [2006-08-10 36864]
"QuickTime Task"="c:\program files\Quicktime Apple\QTTask.exe" [2007-12-11 286720]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2007-03-12 663552]
"ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2007-01-26 65536]
"VMware hqtray"="c:\program files\VMware\VMware Player\hqtray.exe" [2008-10-28 64048]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-11-05 281768]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2010-9-9 113664]
Adobe Reader - Schnellstart.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-4-23 29696]
Microsoft Office.lnk - c:\program files\frontpage\Office\OSA9.EXE [1999-2-17 65588]
WinManager.lnk - c:\program files\Fujitsu Siemens\WinManager\WinManager.exe [2008-5-3 61440]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
2007-07-16 18:35	220160	----a-w-	c:\program files\Google\Google Desktop Search\GoogleDesktop.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2007-01-19 10:55	5674352	----a-w-	c:\program files\MSN Messenger\msnmsgr.exe
.
R1 mailKmd;mailKmd; [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-21 135664]
R3 Emdepa;Emdepa; [x]
R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\ALDI Sued Foto Service\Common\Database\bin\fbserver.exe [2005-11-17 1527900]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-21 135664]
R3 PDNMp50;PDNMp50 NDIS Protocol Driver;c:\windows\system32\drivers\PDNMp50.sys [2006-11-28 28224]
R3 PDNSp50;PDNSp50 NDIS Protocol Driver;c:\windows\system32\drivers\PDNSp50.sys [2006-11-28 27072]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2011-05-08 136360]
S2 ClipInc001;ClipInc 001;c:\program files\Radio\Tobit ClipInc\Server\ClipInc-Server.exe 001 [x]
S2 GnabService;GnabService;c:\program files\common files\gnab\service\servicecontroller.exe [2007-04-13 36864]
S2 srvcPVR;Sceneo PVR Service;c:\program files\Sceneo\Bonavista\Services\PVR\PVRService.exe [2007-05-04 1600512]
S2 vmci;VMware vmci;c:\windows\system32\Drivers\vmci.sys [2008-10-28 54960]
S3 RTL8187B;Realtek RTL8187B Wireless 802.11g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8187B.sys [2007-07-05 277504]
S3 tap0801;TAP-Win32 Adapter V8;c:\windows\system32\DRIVERS\tap0801.sys [2006-10-01 26624]
S3 UDXTTM6000;DTV-DVB UDXTTM6000 - USB 2.0 Receiver;c:\windows\system32\Drivers\UDXTTM6000.sys [2007-06-21 320384]
S3 UDXTTM6000HID;UDXTTM6000HID - HID Driver;c:\windows\system32\drivers\UDXTTM6000HID.sys [2006-06-29 17408]
S3 WisLMSvc;WisLMSvc;c:\program files\Launch Manager\WisLMSvc.exe [2006-11-17 118784]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation	REG_MULTI_SZ   	FontCache
.
Inhalt des "geplante Tasks" Ordners
.
2011-07-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-21 21:58]
.
2011-07-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-21 21:58]
.
2011-07-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-967124566-3105974339-2490099070-1003Core.job
- c:\users\Mia\AppData\Local\Google\Update\GoogleUpdate.exe [2008-09-02 20:41]
.
2011-07-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-967124566-3105974339-2490099070-1003UA.job
- c:\users\Mia\AppData\Local\Google\Update\GoogleUpdate.exe [2008-09-02 20:41]
.
2011-07-05 c:\windows\Tasks\User_Feed_Synchronization-{8E21E027-9A81-475C-B74E-F815515A4C7B}.job
- c:\windows\system32\msfeedssync.exe [2008-09-29 07:33]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.web.de/
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: {{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-1170-17534-22/4
LSP: c:\program files\VMware\VMware Player\vsocklib.dll
TCP: Interfaces\{C06D1B59-E6AC-492E-8A4C-75DD60A75F7D}: NameServer = 0.0.0.0
TCP: Interfaces\{EB2E3AE0-276B-4FE5-815E-CD5B1CB1AE8D}: NameServer = 62.109.123.6 213.191.92.87
FF - ProfilePath - c:\users\Mia\AppData\Roaming\Mozilla\Firefox\Profiles\o2tx0ldy.default\
FF - prefs.js: browser.search.selectedEngine - Google.de
FF - prefs.js: browser.startup.homepage - hxxp://www.web.de/
FF - prefs.js: network.proxy.type - 2
FF - Ext: Domain Details: {152455DE-7B40-4bcf-B5B4-C68A1BE85A91} - %profile%\extensions\{152455DE-7B40-4bcf-B5B4-C68A1BE85A91}
FF - Ext: MeasureIt: {75CEEE46-9B64-46f8-94BF-54012DE155F0} - %profile%\extensions\{75CEEE46-9B64-46f8-94BF-54012DE155F0}
FF - Ext: Firebug: firebug@software.joehewitt.com - %profile%\extensions\firebug@software.joehewitt.com
FF - Ext: FireShot: {0b457cAA-602d-484a-8fe7-c1d894a011ba} - %profile%\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}
FF - Ext: Split Browser: {29c4afe1-db19-4298-8785-fcc94d1d6c1d} - %profile%\extensions\{29c4afe1-db19-4298-8785-fcc94d1d6c1d}
FF - Ext: TinyUrl Creator: {89736E8E-4B14-4042-8C75-AD00B6BD3900} - %profile%\extensions\{89736E8E-4B14-4042-8C75-AD00B6BD3900}
FF - Ext: FoxTab: {ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a} - %profile%\extensions\{ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}
FF - Ext: Pinger: janetka@pinger - %profile%\extensions\janetka@pinger
FF - Ext: Diigo Bookmarks and Web Annotations: {fc2b8f80-d9a5-4f51-8076-7c7ce3c67ee3} - %profile%\extensions\{fc2b8f80-d9a5-4f51-8076-7c7ce3c67ee3}
FF - Ext: Zotero: zotero@chnm.gmu.edu - %profile%\extensions\zotero@chnm.gmu.edu
FF - Ext: WOT: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} - %profile%\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKLM-Run-CtrlVol - c:\program files\Launch Manager\CtrlVol.exe
HKLM-Run-openvpn-gui - c:\program files\Wlan\OpenVPN\bin\openvpn-gui.exe
MSConfigStartUp-BGNewsAgent - c:\program files\BullGuard Software\BullGuard\BgNewsUI.exe
MSConfigStartUp-BullGuard - c:\program files\BullGuard Software\BullGuard\bullguard.exe
AddRemove-OpenVPN - c:\program files\Wlan\OpenVPN\Uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2011-07-05 18:33
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse... 
.
Scanne versteckte Autostarteinträge... 
.
Scanne versteckte Dateien... 
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'Explorer.exe'(1124)
c:\program files\WinSCP\DragExt.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\conime.exe
c:\windows\RtHDVCpl.exe
c:\windows\system32\igfxsrvc.exe
c:\windows\ehome\ehmsas.exe
c:\windows\PEV.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Radio\Tobit ClipInc\Server\ClipInc-Server.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\program files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\program files\Medion\MEDIONbox\Program\GCS.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\windows\system32\vmnat.exe
c:\program files\VMware\VMware Player\vmware-authd.exe
c:\windows\system32\vmnetdhcp.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Common Files\Ahead\Lib\NMIndexingService.exe
c:\program files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2011-07-05  18:40:52 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2011-07-05 16:40
.
Vor Suchlauf: 26 Verzeichnis(se), 11.628.449.792 Bytes frei
Nach Suchlauf: 30 Verzeichnis(se), 11.616.702.464 Bytes frei
.
- - End Of File - - 54A26D94F2C4FAC5D12FDFA9B39FAC5C
         

--- --- ---

Combofix - Scripten

1. Starte das Notepad (Start / Ausführen / notepad[Enter])

2. Jetzt füge mit copy/paste den ganzen Inhalt der untenstehenden Codebox in das Notepad Fenster ein.

Code: Alles auswählenAufklappen

ATTFilter

Driver::
mailKmd
Emdepa
         

3. Speichere im Notepad als CFScript.txt auf dem Desktop.

4. Deaktivere den Guard Deines Antivirenprogramms und eine eventuell vorhandene Software Firewall.
(Auch Guards von Ad-, Spyware Programmen und den Tea Timer (wenn vorhanden) !)

5. Dann ziehe die CFScript.txt auf die cofi.exe, so wie es im unteren Bild zu sehen ist. Damit wird Combofix neu gestartet.



6. Nach dem Neustart (es wird gefragt ob Du neustarten willst), poste bitte die folgenden Log Dateien:
Combofix.txt

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

Combofix Logfile:

Code: Alles auswählenAufklappen

ATTFilter

ComboFix 11-07-07.06 - Mia 08.07.2011  10:05:50.2.2 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.49.1031.18.2037.972 [GMT 2:00]
ausgeführt von:: c:\users\Mia\Desktop\cofi.exe
Benutzte Befehlsschalter :: c:\users\Mia\Desktop\CFScript.txt
AV: AntiVir Desktop *Disabled/Outdated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Outdated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
(((((((((((((((((((((((((((((((((((((((   Treiber/Dienste   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_Emdepa
-------\Service_mailKmd
.
.
(((((((((((((((((((((((   Dateien erstellt von 2011-06-08 bis 2011-07-08  ))))))))))))))))))))))))))))))
.
.
2011-07-05 16:07 . 2011-07-05 16:41	--------	d-----w-	C:\cofi
2011-06-29 18:42 . 2011-04-29 15:59	276992	----a-w-	c:\windows\system32\schannel.dll
2011-06-23 20:10 . 2011-06-23 20:10	--------	d-----w-	C:\_OTL
2011-06-15 18:15 . 2011-06-15 18:15	--------	d-----w-	c:\users\Mia\AppData\Roaming\Malwarebytes
2011-06-15 18:14 . 2011-05-29 07:11	39984	----a-w-	c:\windows\system32\drivers\mbamswissarmy.sys
2011-06-15 18:14 . 2011-06-15 18:14	--------	d-----w-	c:\programdata\Malwarebytes
2011-06-15 18:14 . 2011-05-29 07:11	22712	----a-w-	c:\windows\system32\drivers\mbam.sys
2011-06-15 18:12 . 2011-06-17 07:52	--------	d-----w-	c:\program files\anti-malware
2011-06-15 17:08 . 2011-04-29 13:25	146432	----a-w-	c:\windows\system32\drivers\srv2.sys
2011-06-15 17:08 . 2011-04-29 13:25	102400	----a-w-	c:\windows\system32\drivers\srvnet.sys
2011-06-15 17:08 . 2011-04-21 13:58	273408	----a-w-	c:\windows\system32\drivers\afd.sys
2011-06-15 17:08 . 2011-05-02 17:19	766464	----a-w-	c:\program files\Common Files\Microsoft Shared\vgx\VGX.dll
2011-06-15 17:08 . 2010-12-20 16:35	563712	----a-w-	c:\windows\system32\oleaut32.dll
2011-06-15 17:08 . 2011-05-02 17:16	739328	----a-w-	c:\windows\system32\inetcomm.dll
2011-06-15 17:08 . 2011-04-29 13:24	214016	----a-w-	c:\windows\system32\drivers\mrxsmb10.sys
2011-06-15 17:08 . 2011-04-29 13:24	79872	----a-w-	c:\windows\system32\drivers\mrxsmb20.sys
2011-06-15 17:08 . 2011-04-29 13:24	106496	----a-w-	c:\windows\system32\drivers\mrxsmb.sys
2011-06-15 17:07 . 2011-05-02 12:02	2409784	----a-w-	c:\program files\Windows Mail\OESpamFilter.dat
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-03 18:01 . 2010-04-22 20:21	66616	----a-w-	c:\windows\system32\drivers\avgntflt.sys
2011-07-03 18:01 . 2010-04-22 20:21	138192	----a-w-	c:\windows\system32\drivers\avipbb.sys
2011-05-24 17:14 . 2009-10-02 23:37	222080	------w-	c:\windows\system32\MpSigStub.exe
2006-05-03 09:06	163328	--sh--r-	c:\windows\System32\flvDX.dll
2007-02-21 10:47	31232	--sh--r-	c:\windows\System32\msfDX.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 152872]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"msnmsgr"="c:\progra~1\MSNMES~1\msnmsgr.exe" [2007-01-19 5674352]
"PhonostarAgent"="c:\program files\Internetradio phonostar\phonostar\ps_agent.exe" [2007-12-05 98304]
"PhonostarTimer"="c:\program files\Internetradio phonostar\phonostar\ps_timer.exe" [2007-12-05 126976]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-04-29 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2007-02-15 4390912]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-02-15 857648]
"TVBroadcast"="c:\program files\Sceneo\Bonavista\Services\ODSBC\ODSBCApp.exe" [2007-05-08 790016]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2006-11-15 151552]
"LaunchAp"="c:\program files\Launch Manager\LaunchAp.exe" [2005-07-25 32768]
"HotkeyApp"="c:\program files\Launch Manager\HotkeyApp.exe" [2006-12-14 192512]
"LMgrOSD"="c:\program files\Launch Manager\OSD.exe" [2006-12-26 180224]
"Wbutton"="c:\program files\Launch Manager\Wbutton.exe" [2006-11-09 86016]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-08-24 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-08-24 154136]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-08-24 129560]
"toolbar_eula_launcher"="c:\program files\GoogleEULA\EULALauncher.exe" [2007-02-09 16896]
"SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2006-11-22 630784]
"UVS10 Preload"="c:\program files\Ulead Systems\Ulead VideoStudio SE DVD\uvPL.exe" [2006-08-10 36864]
"QuickTime Task"="c:\program files\Quicktime Apple\QTTask.exe" [2007-12-11 286720]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2007-03-12 663552]
"ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2007-01-26 65536]
"VMware hqtray"="c:\program files\VMware\VMware Player\hqtray.exe" [2008-10-28 64048]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-11-05 281768]
"CtrlVol"="c:\program files\Launch Manager\CtrlVol.exe" [BU]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2010-9-9 113664]
Adobe Reader - Schnellstart.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-4-23 29696]
Microsoft Office.lnk - c:\program files\frontpage\Office\OSA9.EXE [1999-2-17 65588]
WinManager.lnk - c:\program files\Fujitsu Siemens\WinManager\WinManager.exe [2008-5-3 61440]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
2007-07-16 18:35	220160	----a-w-	c:\program files\Google\Google Desktop Search\GoogleDesktop.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2007-01-19 10:55	5674352	----a-w-	c:\program files\MSN Messenger\msnmsgr.exe
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-21 135664]
R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\ALDI Sued Foto Service\Common\Database\bin\fbserver.exe [2005-11-17 1527900]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-21 135664]
R3 PDNMp50;PDNMp50 NDIS Protocol Driver;c:\windows\system32\drivers\PDNMp50.sys [2006-11-28 28224]
R3 PDNSp50;PDNSp50 NDIS Protocol Driver;c:\windows\system32\drivers\PDNSp50.sys [2006-11-28 27072]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2011-05-08 136360]
S2 ClipInc001;ClipInc 001;c:\program files\Radio\Tobit ClipInc\Server\ClipInc-Server.exe 001 [x]
S2 GnabService;GnabService;c:\program files\common files\gnab\service\servicecontroller.exe [2007-04-13 36864]
S2 srvcPVR;Sceneo PVR Service;c:\program files\Sceneo\Bonavista\Services\PVR\PVRService.exe [2007-05-04 1600512]
S2 vmci;VMware vmci;c:\windows\system32\Drivers\vmci.sys [2008-10-28 54960]
S3 RTL8187B;Realtek RTL8187B Wireless 802.11g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8187B.sys [2007-07-05 277504]
S3 tap0801;TAP-Win32 Adapter V8;c:\windows\system32\DRIVERS\tap0801.sys [2006-10-01 26624]
S3 UDXTTM6000;DTV-DVB UDXTTM6000 - USB 2.0 Receiver;c:\windows\system32\Drivers\UDXTTM6000.sys [2007-06-21 320384]
S3 UDXTTM6000HID;UDXTTM6000HID - HID Driver;c:\windows\system32\drivers\UDXTTM6000HID.sys [2006-06-29 17408]
S3 WisLMSvc;WisLMSvc;c:\program files\Launch Manager\WisLMSvc.exe [2006-11-17 118784]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation	REG_MULTI_SZ   	FontCache
.
Inhalt des "geplante Tasks" Ordners
.
2011-07-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-21 21:58]
.
2011-07-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-21 21:58]
.
2011-07-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-967124566-3105974339-2490099070-1003Core.job
- c:\users\Mia\AppData\Local\Google\Update\GoogleUpdate.exe [2008-09-02 20:41]
.
2011-07-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-967124566-3105974339-2490099070-1003UA.job
- c:\users\Mia\AppData\Local\Google\Update\GoogleUpdate.exe [2008-09-02 20:41]
.
2011-07-08 c:\windows\Tasks\User_Feed_Synchronization-{8E21E027-9A81-475C-B74E-F815515A4C7B}.job
- c:\windows\system32\msfeedssync.exe [2008-09-29 07:33]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.web.de/
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: {{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-1170-17534-22/4
LSP: c:\program files\VMware\VMware Player\vsocklib.dll
TCP: Interfaces\{C06D1B59-E6AC-492E-8A4C-75DD60A75F7D}: NameServer = 0.0.0.0
TCP: Interfaces\{EB2E3AE0-276B-4FE5-815E-CD5B1CB1AE8D}: NameServer = 62.109.123.196 213.191.74.18
FF - ProfilePath - c:\users\Mia\AppData\Roaming\Mozilla\Firefox\Profiles\o2tx0ldy.default\
FF - prefs.js: browser.search.selectedEngine - Google.de
FF - prefs.js: browser.startup.homepage - hxxp://www.web.de/
FF - prefs.js: network.proxy.type - 2
FF - Ext: Domain Details: {152455DE-7B40-4bcf-B5B4-C68A1BE85A91} - %profile%\extensions\{152455DE-7B40-4bcf-B5B4-C68A1BE85A91}
FF - Ext: MeasureIt: {75CEEE46-9B64-46f8-94BF-54012DE155F0} - %profile%\extensions\{75CEEE46-9B64-46f8-94BF-54012DE155F0}
FF - Ext: Firebug: firebug@software.joehewitt.com - %profile%\extensions\firebug@software.joehewitt.com
FF - Ext: FireShot: {0b457cAA-602d-484a-8fe7-c1d894a011ba} - %profile%\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}
FF - Ext: Split Browser: {29c4afe1-db19-4298-8785-fcc94d1d6c1d} - %profile%\extensions\{29c4afe1-db19-4298-8785-fcc94d1d6c1d}
FF - Ext: TinyUrl Creator: {89736E8E-4B14-4042-8C75-AD00B6BD3900} - %profile%\extensions\{89736E8E-4B14-4042-8C75-AD00B6BD3900}
FF - Ext: FoxTab: {ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a} - %profile%\extensions\{ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}
FF - Ext: Pinger: janetka@pinger - %profile%\extensions\janetka@pinger
FF - Ext: Diigo Bookmarks and Web Annotations: {fc2b8f80-d9a5-4f51-8076-7c7ce3c67ee3} - %profile%\extensions\{fc2b8f80-d9a5-4f51-8076-7c7ce3c67ee3}
FF - Ext: Zotero: zotero@chnm.gmu.edu - %profile%\extensions\zotero@chnm.gmu.edu
FF - Ext: WOT: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} - %profile%\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2011-07-08 10:22
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse... 
.
Scanne versteckte Autostarteinträge... 
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
  CtrlVol = c:\program files\Launch Manager\CtrlVol.exe?????H????????6??????*e?w????????????0???$???????d??????w????????Rs?w?s?w?????6???6??Cb?v????4???&??v?????????6??t???? A?????????? A????#Cb?v|????????a@?H??????????? ?A??Z?#????? A???@??6???x@??6?????#??@??7????? 
.
Scanne versteckte Dateien... 
.
.
c:\users\Mia\AppData\Local\Temp\catchme.dll 53248 bytes executable
c:\windows\TEMP\TMP0000000E231CC3E1CB447A64 524288 bytes
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 2
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'Explorer.exe'(4764)
c:\program files\WinSCP\DragExt.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\RtHDVCpl.exe
c:\windows\system32\igfxsrvc.exe
c:\windows\ehome\ehmsas.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Radio\Tobit ClipInc\Server\ClipInc-Server.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\program files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
c:\program files\Medion\MEDIONbox\Program\GCS.exe
c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\windows\system32\vmnat.exe
c:\program files\VMware\VMware Player\vmware-authd.exe
c:\windows\system32\vmnetdhcp.exe
c:\program files\Common Files\Ahead\Lib\NMIndexingService.exe
c:\program files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
c:\windows\system32\wbem\unsecapp.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2011-07-08  10:37:54 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2011-07-08 08:37
ComboFix2.txt  2011-07-05 16:40
.
Vor Suchlauf: 29 Verzeichnis(se), 11.772.448.768 Bytes frei
Nach Suchlauf: 31 Verzeichnis(se), 10.938.888.192 Bytes frei
.
- - End Of File - - 8E51B1624A7DF9160510FA249D0A8D70
         

--- --- ---

Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.

Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM!

Downloade Dir danach bitte MBRCheck (by a_d_13) und speichere die Datei auf dem Desktop.

• Doppelklick auf die MBRCheck.exe.
  Vista und Win7 User mit Rechtsklick "als Administrator starten"
• Das Tool braucht nur wenige Sekunden.
• Danach solltest du eine MBRCheck_<Datum>_<Uhrzeit>.txt auf dem Desktop finden.

Poste mir bitte den Inhalt des .txt Dokumentes

GMER hat nicht funktioniert. Das Programm ist zweimal abgestürzt und dann habe ich es gelassen.

Hier die Log von OSAM
OSAM Logfile:

Code: Alles auswählenAufklappen

ATTFilter

Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 10:47:39 on 09.07.2011

OS: Windows Vista Home Premium Edition Service Pack 2 (Build 6002), 32-bit
Default Browser: Mozilla Corporation Firefox 3.6.18

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[AppInit DLLs]
-----( HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows )-----
"AppInit_DLLs" - "Google" - C:\PROGRA~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll

[Common]
-----( %SystemRoot%\Tasks )-----
"GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"GoogleUpdateTaskUserS-1-5-21-967124566-3105974339-2490099070-1003Core.job" - "Google Inc." - C:\Users\Mia\AppData\Local\Google\Update\GoogleUpdate.exe
"GoogleUpdateTaskUserS-1-5-21-967124566-3105974339-2490099070-1003UA.job" - "Google Inc." - C:\Users\Mia\AppData\Local\Google\Update\GoogleUpdate.exe

[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"ddbaccpl.cpl" - "DataDesign AG" - C:\Windows\system32\ddbaccpl.cpl
"ddbacctm.cpl" - "DataDesign AG" - C:\Windows\system32\ddbacctm.cpl
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"Nero BurnRights" - "Nero AG" - C:\Program Files\Nero\Nero 7\Nero Toolkit\NeroBurnRights.cpl
"QuickTime" - "Apple Inc." - C:\Program Files\Quicktime Apple\QTSystem\QuickTime.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"avgntflt" (avgntflt) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avgntflt.sys
"avipbb" (avipbb) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avipbb.sys
"catchme" (catchme) - ? - C:\cofi28445c\catchme.sys  (File not found)
"Hotkey" (Hotkey) - ? - C:\Windows\system32\drivers\Hotkey.sys  (File found, but it contains no detailed information)
"IP in IP Tunnel Driver" (IpInIp) - ? - C:\Windows\System32\DRIVERS\ipinip.sys  (File not found)
"IPX Traffic Filter Driver" (NwlnkFlt) - ? - C:\Windows\System32\DRIVERS\nwlnkflt.sys  (File not found)
"IPX Traffic Forwarder Driver" (NwlnkFwd) - ? - C:\Windows\System32\DRIVERS\nwlnkfwd.sys  (File not found)
"IVI ASPI Shell" (Iviaspi) - "InterVideo, Inc." - C:\Windows\System32\drivers\iviaspi.sys
"PDNMp50 NDIS Protocol Driver" (PDNMp50) - "Printing Communications Assoc., Inc. (PCAUSA)" - C:\Windows\system32\drivers\PDNMp50.sys
"PDNSp50 NDIS Protocol Driver" (PDNSp50) - "Printing Communications Assoc., Inc. (PCAUSA)" - C:\Windows\system32\drivers\PDNSp50.sys
"ssmdrv" (ssmdrv) - "Avira GmbH" - C:\Windows\System32\DRIVERS\ssmdrv.sys
"TAP-Win32 Adapter V8" (tap0801) - "The OpenVPN Project" - C:\Windows\System32\DRIVERS\tap0801.sys
"VMware hcmon" (hcmon) - "VMware, Inc." - C:\Windows\system32\drivers\hcmon.sys
"VMware kbd" (vmkbd) - "VMware, Inc." - C:\Windows\system32\drivers\VMkbd.sys
"VMware Network Application Interface" (VMnetuserif) - "VMware, Inc." - C:\Windows\system32\drivers\vmnetuserif.sys
"VMware vmci" (vmci) - "VMware, Inc." - C:\Windows\system32\Drivers\vmci.sys
"VMware vmx86" (vmx86) - "VMware, Inc." - C:\Windows\system32\Drivers\vmx86.sys
"Vstor2 WS60 Virtual Storage Driver" (vstor2-ws60) - "VMware, Inc." - C:\Program Files\VMware\VMware Player\vstor2-ws60.sys

[Explorer]
-----( HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{BDEADF00-C265-11d0-BCED-00A0C90AB50F} "Webordner" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{7D4D6379-F301-4311-BEBA-E26EB0561882} "NeroDigitalColumnHandler Class" - "Nero AG" - C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll
-----( HKLM\Software\Classes\Protocols\Filter )-----
{807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
-----( HKLM\Software\Classes\Protocols\Handler )-----
{314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
{828030A1-22C1-4009-854F-8E305202313F} "livecall" - "Microsoft Corporation" - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
{0A9007C0-4076-11D3-8789-0000F8105754} "Microsoft Infotech Storage Protocol for IE 4.0" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll
{828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{911051fa-c21c-4246-b470-070cd8df6dc4} ".cab or .zip files" - ? -   (File not found | COM-object registry key not found)
{1b24a030-9b20-49bc-97ac-1be4426f9e59} "ActiveDirectory Folder" - ? -   (File not found | COM-object registry key not found)
{34449847-FD14-4fc8-A75A-7432F5181EFB} "ActiveDirectory Folder" - ? -   (File not found | COM-object registry key not found)
{0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48} "Contacts folder" - ? -   (File not found | COM-object registry key not found)
{2C2577C2-63A7-40e3-9B7F-586602617ECB} "Explorer Query Band" - ? -   (File not found | COM-object registry key not found)
{B988C8B2-373B-11CF-B6E0-00AA00BBBA9E} "ImageComposer.CompositionPropertyPage" - "Microsoft Corporation" - C:\Program Files\Microsoft Image Composer\SERVER.DLL
{00020d75-0000-0000-c000-000000000046} "lnkfile" - ? -   (File not found | COM-object registry key not found)
{73B24247-042E-4EF5-ADC2-42F62E6FD654} "MCLiteShellExt Class" - ? - C:\Program Files\ICQLite\ICQLiteShell.dll
{FC9FB64A-1EB2-4CCF-AF5E-1A497A9B5C2D} "Meine freigegebenen Ordner" - "Microsoft Corporation" - C:\Program Files\MSN Messenger\fsshext.8.1.0178.00.dll
{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\msohevi.dll
{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C} "Microsoft Office OneNote Namespace Extension for Windows Desktop Search" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\ONFILTER.DLL
{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{97F68CE3-7146-45FF-BE24-D9A7DD7CB8A2} "NeroCoverEdLiveIcons Class" - "Nero AG" - C:\Program Files\Nero\Nero 7\Nero CoverDesigner\CoverEdExtension.dll
{B327765E-D724-4347-8B16-78AE18552FC3} "NeroDigitalIconHandler Class" - "Nero AG" - C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll
{7F1CF152-04F8-453A-B34C-E609530A9DC8} "NeroDigitalPropSheetHandler Class" - "Nero AG" - C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll
{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} "RealOne Player Context Menu Class" - "RealNetworks, Inc." - C:\Program Files\Real\RealPlayer\rpshell.dll
{C8494E42-ACDD-4739-B0FB-217361E4894F} "Sam Account Folder" - ? -   (File not found | COM-object registry key not found)
{E29F9716-5C08-4FCD-955A-119FDB5A522D} "Sam Account Folder" - ? -   (File not found | COM-object registry key not found)
{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\shlext.dll
{DBD8E168-244D-448C-9922-25508950D1DC} "USIShellExt Class" - "Ulead Systems, Inc." - C:\Program Files\Common Files\Ulead Systems\DVD\USIShex.dll
{da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" - ? -   (File not found | COM-object registry key not found)
{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - "Alexander Roshal" - C:\Program Files\WinRAR\rarext.dll

[Internet Explorer]
-----( HKCU\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
"eBay - Der weltweite Online-Marktplatz" - ? - hxxp://rover.ebay.com/rover/1/707-1170-17534-22/4  (HTTP value)
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
<binary data> "Google Toolbar" - "Google Inc." - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
<binary data> "ITBar7Layout" - ? -   (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} "Java Plug-in 1.6.0_03" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} "Java Plug-in 1.6.0_05" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_20" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} "Java Plug-in 1.6.0_20" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_20" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_20.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
{6E32070A-766D-4EE6-879C-DC1FA91D2FC3} "MUWebControl Class" - "Microsoft Corporation" - C:\Windows\system32\muweb.dll / hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1183949065925
{05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} "Office Genuine Advantage Validation Tool" - ? - C:\Windows\system32\OGACheckControl.DLL / hxxp://download.microsoft.com/download/e/7/3/e7345c16-80aa-4488-ae10-9ac6be844f99/OGAControl.cab
{D27CDB6E-AE6D-11CF-96B8-444553540000} "Shockwave Flash Object" - "Adobe Systems, Inc." - C:\Windows\system32\Macromed\Flash\Flash10e.ocx / hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
{3D3B42C2-11BF-4732-A304-A01384B70D68} "UploadListView Class" - "Google, Inc." - C:\Windows\Downloaded Program Files\UploaderX.dll / hxxp://picasaweb.google.com/s/v/57.11/uploader2.cab
{17492023-C23A-453E-A040-C7C580BBF700} "Windows Genuine Advantage Validation Tool" - "Microsoft Corporation" - C:\Windows\system32\LegitCheckControl.DLL / hxxp://download.microsoft.com/download/5/b/0/5b0d4654-aa20-495c-b89f-c1c34c691085/LegitCheckControl.cab
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C} "{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}" - ? -   (File not found | COM-object registry key not found) / hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
{E2883E8F-472F-4FB0-9522-AC9BF37916A7} "{E2883E8F-472F-4FB0-9522-AC9BF37916A7}" - ? -   (File not found | COM-object registry key not found) / hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
{48E73304-E1D6-4330-914C-F5F514E3486C} "An OneNote senden" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
"eBay - Der weltweite Online-Marktplatz" - ? - hxxp://rover.ebay.com/rover/1/707-1170-17534-22/4  (HTTP value)
"ICQ Lite" - ? - C:\Program Files\ICQLite\ICQLite.exe  (File not found)
"ICQ7.2" - "ICQ, LLC." - C:\Program Files\ICQ\version 7\ICQ7.2\ICQ.exe
{FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )-----
{6E6E744E-4D20-4ce3-9A7A-26DFFFE22F68} "FireShot" - ? - C:\Users\Mia\AppData\Roaming\Mozilla\Firefox\Profiles\o2tx0ldy.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}\library\fsaddin-0.78.dll  (File not found)
<binary data> "Google Toolbar" - "Google Inc." - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} "Adobe PDF Reader Link Helper" - "Adobe Systems Incorporated" - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
{AA58ED58-01DD-4d91-8333-CF10577473F7} "Google Toolbar Helper" - "Google Inc." - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} "Google Toolbar Notifier BHO" - "Google Inc." - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll
{3049C3E9-B461-4BC5-8870-4C09146192CA} "RealPlayer Download and Record Plugin for Internet Explorer" - "RealPlayer" - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
{7E853D72-626A-48EC-A868-BA8D5E23E045} "{7E853D72-626A-48EC-A868-BA8D5E23E045}" - ? -   (File not found | COM-object registry key not found)

[Logon]
-----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\Users\Mia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"Adobe Gamma Loader.lnk" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe  (Shortcut exists | File exists)
"Adobe Reader - Schnellstart.lnk" - "Adobe Systems Incorporated" - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe  (Shortcut exists | File exists)
"desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
"Microsoft Office.lnk" - "Microsoft Corporation" - C:\Program Files\frontpage\Office\OSA9.EXE  (Shortcut exists | File exists)
"WinManager.lnk" - ? - C:\Program Files\Fujitsu Siemens\WinManager\WinManager.exe  (Shortcut exists | File exists)
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}" - "Nero AG" - "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
"msnmsgr" - "Microsoft Corporation" - "C:\PROGRA~1\MSNMES~1\msnmsgr.exe" /background
"PhonostarAgent" - ? - C:\Program Files\Internetradio phonostar\phonostar\ps_agent.exe
"PhonostarTimer" - ? - C:\Program Files\Internetradio phonostar\phonostar\ps_timer.exe
"swg" - "Google Inc." - "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
-----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )-----
"StartupPrograms" - ? - rdpclip  (File not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"avgnt" - "Avira GmbH" - "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
"BrMfcWnd" - "Brother Industries, Ltd." - C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
"ControlCenter3" - "Brother Industries, Ltd." - C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
"CtrlVol" - ? - C:\Program Files\Launch Manager\CtrlVol.exe  (File not found)
"HotkeyApp" - "Wistron" - "C:\Program Files\Launch Manager\HotkeyApp.exe"
"IAAnotif" - "Intel Corporation" - "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
"LaunchAp" - ? - "C:\Program Files\Launch Manager\LaunchAp.exe"
"LMgrOSD" - "Wistron Corp." - "C:\Program Files\Launch Manager\OSD.exe"
"NeroFilterCheck" - "Nero AG" - C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
"QuickTime Task" - "Apple Inc." - "C:\Program Files\Quicktime Apple\QTTask.exe" -atboottime
"SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
"toolbar_eula_launcher" - " " - C:\Program Files\GoogleEULA\EULALauncher.exe
"TVBroadcast" - "ODSoft multimedia" - C:\Program Files\Sceneo\Bonavista\Services\ODSBC\ODSBCApp.exe
"UVS10 Preload" - "Ulead Systems, Inc." - C:\Program Files\Ulead Systems\Ulead VideoStudio SE DVD\uvPL.exe
"VMware hqtray" - "VMware, Inc." - "C:\Program Files\VMware\VMware Player\hqtray.exe"
"Wbutton" - ? - "C:\Program Files\Launch Manager\Wbutton.exe"

[Print Monitors]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----
"Microsoft Document Imaging Writer Monitor" - "Microsoft Corporation" - C:\Windows\system32\mdimon.dll
"Send To Microsoft OneNote Monitor" - "Microsoft Corporation" - C:\Windows\system32\msonpmon.dll

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"@c:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100" (WPFFontCache_v0400) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
"Adobe LM Service" (Adobe LM Service) - ? - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
"Avira AntiVir Guard" (AntiVirService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
"Avira AntiVir Planer" (AntiVirSchedulerService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\sched.exe
"ClipInc 001" (ClipInc001) - ? - c:\Program Files\Radio\Tobit ClipInc\Server\ClipInc-Server.exe
"Firebird Server - MAGIX Instance" (FirebirdServerMAGIXInstance) - "MAGIX®" - C:\Program Files\ALDI Sued Foto Service\Common\Database\bin\fbserver.exe
"GnabService" (GnabService) - "Empolis GmbH" - c:\program files\common files\gnab\service\servicecontroller.exe
"Google Software Updater" (gusvc) - "Google" - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
"Google Update Service (gupdate)" (gupdate) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"Google Update-Dienst (gupdatem)" (gupdatem) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"InstallDriver Table Manager" (IDriverT) - "Macrovision Corporation" - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
"Intel(R) Matrix Storage Event Monitor" (IAANTMON) - "Intel Corporation" - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
"IviRegMgr" (IviRegMgr) - "InterVideo" - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
"LightScribeService Direct Disc Labeling Service" (LightScribeService) - "Hewlett-Packard Company" - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
"Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
"Microsoft Office Diagnostics Service" (odserv) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
"NBService" (NBService) - "Nero AG" - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
"NMIndexingService" (NMIndexingService) - "Nero AG" - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
"Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
"OpenVPN Service" (OpenVPNService) - ? - C:\Program Files\Wlan\OpenVPN\bin\openvpnserv.exe  (File not found)
"Sceneo PVR Service" (srvcPVR) - "Buhl Data Service GmbH" - C:\Program Files\Sceneo\Bonavista\Services\PVR\PVRService.exe
"Ulead Burning Helper" (UleadBurningHelper) - "Ulead Systems, Inc." - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
"VMware Agent Service" (ufad-ws60) - "VMware, Inc." - C:\Program Files\VMware\VMware Player\vmware-ufad.exe
"VMware Authorization Service" (VMAuthdService) - "VMware, Inc." - C:\Program Files\VMware\VMware Player\vmware-authd.exe
"VMware DHCP Service" (VMnetDHCP) - "VMware, Inc." - C:\Windows\system32\vmnetdhcp.exe
"VMware NAT Service" (VMware NAT Service) - "VMware, Inc." - C:\Windows\system32\vmnat.exe
"WisLMSvc" (WisLMSvc) - "Wistron Corp." - C:\Program Files\Launch Manager\WisLMSvc.exe

[Winsock Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries )-----
"VMCI sockets DGRAM" - "VMware, Inc." - C:\Program Files\VMware\VMware Player\vsocklib.dll
"VMCI sockets STREAM" - "VMware, Inc." - C:\Program Files\VMware\VMware Player\vsocklib.dll

===[ Logfile end ]=========================================[ Logfile end ]===

--- --- ---

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru
         

Logs von MBRCheck

Code: Alles auswählenAufklappen

ATTFilter

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:			
Windows Version:		Windows Vista Home Premium Edition
Windows Information:		Service Pack 2 (build 6002), 32-bit
Base Board Manufacturer:	MEDION
BIOS Manufacturer:		Phoenix Technologies LTD
System Manufacturer:		MEDION
System Product Name:		WIM2160
Logical Drives Mask:		0x0000001c

Kernel Drivers (total 163):
  0x8241A000 \SystemRoot\system32\ntoskrnl.exe
  0x827C5000 \SystemRoot\system32\hal.dll
  0x82C09000 \SystemRoot\system32\kdcom.dll
  0x82C10000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
  0x82C80000 \SystemRoot\system32\PSHED.dll
  0x82C91000 \SystemRoot\system32\BOOTVID.dll
  0x82C99000 \SystemRoot\system32\CLFS.SYS
  0x82CDA000 \SystemRoot\system32\CI.dll
  0x82DBA000 \SystemRoot\system32\drivers\Wdf01000.sys
  0x82E36000 \SystemRoot\system32\drivers\WDFLDR.SYS
  0x82E43000 \SystemRoot\system32\drivers\acpi.sys
  0x82E89000 \SystemRoot\system32\drivers\WMILIB.SYS
  0x82E92000 \SystemRoot\system32\drivers\msisadrv.sys
  0x82E9A000 \SystemRoot\system32\drivers\pci.sys
  0x82EC1000 \SystemRoot\System32\drivers\partmgr.sys
  0x82ED0000 \SystemRoot\system32\DRIVERS\compbatt.sys
  0x82ED3000 \SystemRoot\system32\DRIVERS\BATTC.SYS
  0x82EDD000 \SystemRoot\system32\drivers\volmgr.sys
  0x82EEC000 \SystemRoot\System32\drivers\volmgrx.sys
  0x82F36000 \SystemRoot\system32\drivers\intelide.sys
  0x82F3D000 \SystemRoot\system32\drivers\PCIIDEX.SYS
  0x82F4B000 \SystemRoot\System32\drivers\mountmgr.sys
  0x88002000 \SystemRoot\system32\DRIVERS\iaStor.sys
  0x880BA000 \SystemRoot\system32\drivers\atapi.sys
  0x880C2000 \SystemRoot\system32\drivers\ataport.SYS
  0x880E0000 \SystemRoot\system32\drivers\fltmgr.sys
  0x88112000 \SystemRoot\system32\drivers\fileinfo.sys
  0x88122000 \SystemRoot\System32\Drivers\ksecdd.sys
  0x88193000 \SystemRoot\system32\drivers\ndis.sys
  0x8829E000 \SystemRoot\system32\drivers\msrpc.sys
  0x882C9000 \SystemRoot\system32\drivers\NETIO.SYS
  0x88304000 \SystemRoot\System32\drivers\tcpip.sys
  0x82F5B000 \SystemRoot\System32\drivers\fwpkclnt.sys
  0x88401000 \SystemRoot\System32\Drivers\Ntfs.sys
  0x88511000 \SystemRoot\system32\drivers\volsnap.sys
  0x8854A000 \SystemRoot\system32\DRIVERS\uagp35.sys
  0x8855B000 \SystemRoot\System32\Drivers\spldr.sys
  0x88563000 \SystemRoot\System32\Drivers\mup.sys
  0x88572000 \SystemRoot\System32\drivers\ecache.sys
  0x88599000 \SystemRoot\system32\drivers\disk.sys
  0x885AA000 \SystemRoot\system32\drivers\CLASSPNP.SYS
  0x885CB000 \SystemRoot\system32\drivers\crcdisk.sys
  0x88699000 \SystemRoot\system32\DRIVERS\tunnel.sys
  0x886A4000 \SystemRoot\system32\DRIVERS\tunmp.sys
  0x886AD000 \SystemRoot\system32\DRIVERS\intelppm.sys
  0x886BC000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
  0x8C808000 \SystemRoot\system32\DRIVERS\igdkmd32.sys
  0x8CE33000 \SystemRoot\System32\drivers\dxgkrnl.sys
  0x8CED3000 \SystemRoot\System32\drivers\watchdog.sys
  0x8CEDF000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
  0x8CF6C000 \SystemRoot\system32\DRIVERS\Rtlh86.sys
  0x8CF84000 \SystemRoot\system32\DRIVERS\usbuhci.sys
  0x8CF8F000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
  0x8CFCD000 \SystemRoot\system32\DRIVERS\usbehci.sys
  0x8CFDC000 \SystemRoot\system32\DRIVERS\ohci1394.sys
  0x8CFEC000 \SystemRoot\system32\DRIVERS\1394BUS.SYS
  0x886C5000 \SystemRoot\system32\DRIVERS\sdbus.sys
  0x886DF000 \SystemRoot\system32\DRIVERS\rimmptsk.sys
  0x886ED000 \SystemRoot\system32\DRIVERS\rimsptsk.sys
  0x88701000 \SystemRoot\system32\DRIVERS\rixdptsk.sys
  0x8CFFA000 \SystemRoot\system32\DRIVERS\CmBatt.sys
  0x88752000 \SystemRoot\system32\DRIVERS\i8042prt.sys
  0x88765000 \SystemRoot\system32\DRIVERS\kbdclass.sys
  0x8C800000 \??\C:\Windows\system32\drivers\VMkbd.sys
  0x88770000 \SystemRoot\system32\DRIVERS\SynTP.sys
  0x8C805000 \SystemRoot\system32\DRIVERS\USBD.SYS
  0x8879B000 \SystemRoot\system32\DRIVERS\mouclass.sys
  0x887A6000 \SystemRoot\system32\drivers\iviaspi.sys
  0x887A9000 \SystemRoot\system32\DRIVERS\cdrom.sys
  0x887C1000 \SystemRoot\system32\DRIVERS\msiscsi.sys
  0x82F76000 \SystemRoot\system32\DRIVERS\storport.sys
  0x887F0000 \SystemRoot\system32\DRIVERS\TDI.SYS
  0x82FB7000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
  0x883EE000 \SystemRoot\system32\DRIVERS\ndistapi.sys
  0x82FCE000 \SystemRoot\system32\DRIVERS\ndiswan.sys
  0x82FF1000 \SystemRoot\system32\DRIVERS\raspppoe.sys
  0x8D40B000 \SystemRoot\system32\DRIVERS\raspptp.sys
  0x8D41F000 \SystemRoot\system32\DRIVERS\rassstp.sys
  0x8D434000 \SystemRoot\system32\DRIVERS\tap0801.sys
  0x8D43F000 \SystemRoot\system32\DRIVERS\termdd.sys
  0x8D44F000 \SystemRoot\system32\DRIVERS\swenum.sys
  0x8D451000 \SystemRoot\system32\DRIVERS\ks.sys
  0x8D47B000 \SystemRoot\system32\DRIVERS\mssmbios.sys
  0x8D485000 \SystemRoot\system32\DRIVERS\umbus.sys
  0x8D492000 \SystemRoot\system32\DRIVERS\vmnetadapter.sys
  0x8D495000 \SystemRoot\system32\DRIVERS\VMNET.SYS
  0x8D498000 \SystemRoot\system32\DRIVERS\usbhub.sys
  0x8D4CD000 \SystemRoot\System32\Drivers\NDProxy.SYS
  0x8D4DE000 \SystemRoot\system32\drivers\RTKVHDA.sys
  0x8D686000 \SystemRoot\system32\drivers\portcls.sys
  0x8D6B3000 \SystemRoot\system32\drivers\drmk.sys
  0x8D6D8000 \SystemRoot\system32\DRIVERS\smserial.sys
  0x8D7C8000 \SystemRoot\system32\drivers\modem.sys
  0x8D7D5000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
  0x8D7DE000 \SystemRoot\System32\Drivers\Null.SYS
  0x8D7E5000 \SystemRoot\System32\Drivers\Beep.SYS
  0x8D7F5000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
  0x8D80B000 \SystemRoot\System32\drivers\vga.sys
  0x8D817000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
  0x8D838000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
  0x8D840000 \SystemRoot\system32\drivers\rdpencdd.sys
  0x8D848000 \SystemRoot\System32\Drivers\Msfs.SYS
  0x8D853000 \SystemRoot\System32\Drivers\Npfs.SYS
  0x8D861000 \SystemRoot\System32\DRIVERS\rasacd.sys
  0x8D86A000 \SystemRoot\system32\DRIVERS\tdx.sys
  0x8D880000 \SystemRoot\system32\DRIVERS\smb.sys
  0x8D894000 \SystemRoot\system32\drivers\afd.sys
  0x8D8DC000 \SystemRoot\System32\DRIVERS\netbt.sys
  0x8D90E000 \SystemRoot\system32\drivers\ws2ifsl.sys
  0x8D917000 \SystemRoot\system32\DRIVERS\pacer.sys
  0x8D92D000 \SystemRoot\system32\DRIVERS\netbios.sys
  0x8D93B000 \SystemRoot\system32\DRIVERS\wanarp.sys
  0x8D94E000 \SystemRoot\system32\DRIVERS\ssmdrv.sys
  0x8D954000 \SystemRoot\system32\DRIVERS\rdbss.sys
  0x8D990000 \SystemRoot\system32\drivers\nsiproxy.sys
  0x8D99A000 \SystemRoot\System32\Drivers\Hotkey.SYS
  0x8D99D000 \SystemRoot\System32\Drivers\dfsc.sys
  0x8D9B4000 \SystemRoot\system32\DRIVERS\avipbb.sys
  0x8D9DB000 \SystemRoot\System32\Drivers\fastfat.SYS
  0x8DA03000 \SystemRoot\System32\Drivers\UDXTTM6000.sys
  0x8DA52000 \SystemRoot\System32\Drivers\BdaSup.SYS
  0x8DA55000 \SystemRoot\system32\drivers\UDXTTM6000HID.sys
  0x8DA5D000 \SystemRoot\system32\drivers\HIDCLASS.SYS
  0x8DA6D000 \SystemRoot\system32\DRIVERS\kbdhid.sys
  0x8EC06000 \SystemRoot\system32\DRIVERS\snp2uvc.sys
  0x8EDAD000 \SystemRoot\system32\DRIVERS\STREAM.SYS
  0x8EDBA000 \SystemRoot\system32\DRIVERS\sncduvc.SYS
  0x8EDC1000 \SystemRoot\system32\DRIVERS\RTL8187B.sys
  0x8EE0E000 \SystemRoot\System32\Drivers\crashdmp.sys
  0x8EE1B000 \SystemRoot\System32\Drivers\dump_iaStor.sys
  0x924E0000 \SystemRoot\System32\win32k.sys
  0x8EED3000 \SystemRoot\System32\drivers\Dxapi.sys
  0x8EEDD000 \SystemRoot\system32\DRIVERS\monitor.sys
  0x92700000 \SystemRoot\System32\TSDDD.dll
  0x92720000 \SystemRoot\System32\cdd.dll
  0x8EEEC000 \SystemRoot\system32\drivers\luafv.sys
  0x8EF07000 \SystemRoot\system32\DRIVERS\avgntflt.sys
  0x8EF26000 \SystemRoot\system32\drivers\spsys.sys
  0x8EFD6000 \SystemRoot\system32\DRIVERS\vmnetbridge.sys
  0x8EFDC000 \SystemRoot\system32\DRIVERS\lltdio.sys
  0x8DA76000 \SystemRoot\system32\DRIVERS\nwifi.sys
  0x8EFEC000 \SystemRoot\system32\DRIVERS\ndisuio.sys
  0x8DAA0000 \SystemRoot\system32\DRIVERS\rspndr.sys
  0x8DAB3000 \SystemRoot\system32\drivers\HTTP.sys
  0x8DB20000 \SystemRoot\System32\DRIVERS\srvnet.sys
  0x8DB3D000 \SystemRoot\system32\DRIVERS\bowser.sys
  0x8DB56000 \SystemRoot\System32\drivers\mpsdrv.sys
  0x8DB6B000 \SystemRoot\system32\drivers\mrxdav.sys
  0x8DB8C000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
  0x8DBAB000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
  0x8DBE4000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
  0x885D4000 \SystemRoot\System32\DRIVERS\srv2.sys
  0x885FC000 \SystemRoot\System32\DRIVERS\srv.sys
  0x8EFF6000 \??\C:\Windows\system32\drivers\hcmon.sys
  0x8864B000 \??\C:\Windows\system32\Drivers\vmci.sys
  0xB9C07000 \??\C:\Windows\system32\Drivers\vmx86.sys
  0xB9CD7000 \SystemRoot\system32\drivers\peauth.sys
  0xB9DB5000 \SystemRoot\System32\Drivers\secdrv.SYS
  0xB9DBF000 \SystemRoot\System32\drivers\tcpipreg.sys
  0xB9DCB000 \??\C:\Windows\system32\drivers\vmnetuserif.sys
  0xB9DD0000 \??\C:\Program Files\VMware\VMware Player\vstor2-ws60.sys
  0xB9DD4000 \SystemRoot\system32\DRIVERS\cdfs.sys
  0x77400000 \Windows\System32\ntdll.dll

Processes (total 89):
       0 System Idle Process
       4 System
     480 C:\Windows\System32\smss.exe
     628 csrss.exe
     672 C:\Windows\System32\wininit.exe
     680 csrss.exe
     716 C:\Windows\System32\services.exe
     744 C:\Windows\System32\lsass.exe
     752 C:\Windows\System32\lsm.exe
     824 C:\Windows\System32\winlogon.exe
     936 C:\Windows\System32\svchost.exe
    1004 C:\Windows\System32\svchost.exe
    1044 C:\Windows\System32\svchost.exe
    1136 C:\Windows\System32\svchost.exe
    1196 C:\Windows\System32\svchost.exe
    1224 C:\Windows\System32\svchost.exe
    1292 C:\Windows\System32\audiodg.exe
    1324 C:\Windows\System32\SLsvc.exe
    1368 C:\Windows\System32\svchost.exe
    1572 C:\Windows\System32\svchost.exe
    1796 C:\Windows\System32\spoolsv.exe
    1820 C:\Program Files\Avira\AntiVir Desktop\sched.exe
    1832 C:\Windows\System32\svchost.exe
    1348 C:\Windows\System32\dwm.exe
    1568 C:\Windows\System32\taskeng.exe
    1588 C:\Windows\explorer.exe
     920 C:\Windows\System32\taskeng.exe
    2056 C:\Windows\RtHDVCpl.exe
    2064 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    2116 C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
    2148 C:\Program Files\Launch Manager\LaunchAp.exe
    2164 C:\Program Files\Launch Manager\HotkeyApp.exe
    2188 C:\Program Files\Launch Manager\OSD.exe
    2196 C:\Program Files\Launch Manager\WButton.exe
    2208 C:\Program Files\Common Files\Java\Java Update\jusched.exe
    2304 C:\Windows\System32\hkcmd.exe
    2312 C:\Windows\System32\igfxpers.exe
    2328 C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
    2360 C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
    2376 C:\Program Files\VMware\VMware Player\hqtray.exe
    2388 C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
    2412 C:\Program Files\Windows Sidebar\sidebar.exe
    2420 C:\Windows\System32\igfxsrvc.exe
    2428 C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
    2452 C:\Windows\ehome\ehtray.exe
    2508 C:\Program Files\MSN Messenger\msnmsgr.exe
    2540 C:\Program Files\Internetradio phonostar\phonostar\ps_agent.exe
    2568 C:\Program Files\Internetradio phonostar\phonostar\ps_timer.exe
    2600 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    2664 C:\Program Files\Fujitsu Siemens\WinManager\WinManager.exe
    2740 C:\Windows\ehome\ehmsas.exe
    2988 C:\Program Files\Windows Sidebar\sidebar.exe
    3100 C:\Program Files\Brother\Brmfcmon\BrMfcMon.exe
    3204 C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    3252 C:\Program Files\radio\Tobit ClipInc\Server\ClipInc-Server.exe
    3276 C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
    3320 C:\Program Files\Common Files\Gnab\Service\ServiceController.exe
    3452 C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
    3464 C:\Program Files\Medion\MEDIONbox\Program\GCS.exe
    3496 C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
    3520 C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    3576 C:\Windows\System32\svchost.exe
    3620 C:\Program Files\Sceneo\Bonavista\Services\PVR\pvrservice.exe
    3740 C:\Windows\System32\svchost.exe
    3800 C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
    3972 C:\Windows\System32\vmnat.exe
    3992 C:\Windows\System32\svchost.exe
    4044 C:\Windows\System32\SearchIndexer.exe
     472 C:\Program Files\VMware\VMware Player\vmware-authd.exe
    1556 C:\Windows\System32\vmnetdhcp.exe
    2900 C:\Program Files\Launch Manager\WisLMSvc.exe
     736 C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
    3188 WmiPrvSE.exe
    3556 C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
    5708 C:\Windows\System32\wbem\unsecapp.exe
    6052 C:\Program Files\Windows Mail\WinMail.exe
    4412 C:\Windows\System32\svchost.exe
    4492 C:\Program Files\Windows Media Player\wmpnscfg.exe
    4240 C:\Program Files\Windows Media Player\wmpnetwk.exe
    4956 C:\Program Files\Mozilla Firefox\firefox.exe
    5204 C:\Program Files\Mozilla Firefox\plugin-container.exe
    3596 C:\Windows\System32\wuauclt.exe
    5852 C:\Users\Mia\Desktop\osam.exe
    3348 C:\Users\Mia\Desktop\osam_autorun_manager_5_0_portable\osam.exe
    5208 C:\Program Files\notepad++\notepad++.exe
    1172 C:\Windows\System32\SearchProtocolHost.exe
    2876 C:\Windows\System32\SearchFilterHost.exe
    5228 C:\Users\Mia\Desktop\MBRCheck.exe
    4108 C:\Windows\System32\conime.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00  (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x0000001d`bfc6da00  (FAT32)

PhysicalDrive0 Model Number: WDCWD1600BEVS-22RST0, Rev: 04.01G04

      Size  Device Name          MBR Status
  --------------------------------------------
    149 GB  \\.\PhysicalDrive0   Windows 2008 MBR code detected
            SHA1: 8DF43F2BDE2D9451948FA14B5279969C777A7979


Done!
         

Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!


Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt:


ESET Online Scanner

• Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
• Lade und starte Eset Online Scanner
• Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
• Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
• Klicke auf Starten.
• Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
• Klicke am Ende des Suchlaufs auf Fertig stellen.
• Schließe das Fenster von ESET.
• Explorer öffnen.
• C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
• Logfile hier posten.
• Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
• Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

so, hier sind die Logs.

Den Online-Scan mache ich noch.

Code: Alles auswählenAufklappen

ATTFilter

Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Datenbank Version: 7074

Windows 6.0.6002 Service Pack 2
Internet Explorer 7.0.6002.18005

11.07.2011 21:08:05
mbam-log-2011-07-11 (21-08-05).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 416794
Laufzeit: 1 Stunde(n), 37 Minute(n), 54 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
         

und

Code: Alles auswählenAufklappen

ATTFilter

SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com

Generated 07/12/2011 at 02:24 AM

Application Version : 4.55.1000

Core Rules Database Version : 7396
Trace Rules Database Version: 5208

Scan type       : Complete Scan
Total Scan Time : 04:28:02

Memory items scanned      : 791
Memory threats detected   : 0
Registry items scanned    : 10383
Registry threats detected : 0
File items scanned        : 275779
File threats detected     : 164

Adware.Tracking Cookie
	C:\Users\Mia\AppData\Roaming\Microsoft\Windows\Cookies\mia@atdmt[1].txt
	C:\Users\Mia\AppData\Roaming\Microsoft\Windows\Cookies\mia@ad.yieldmanager[1].txt
	C:\Users\Mia\AppData\Roaming\Microsoft\Windows\Cookies\mia@zedo[1].txt
	C:\Users\Mia\AppData\Roaming\Microsoft\Windows\Cookies\mia@partypoker[1].txt
	C:\Users\Mia\AppData\Roaming\Microsoft\Windows\Cookies\mia@adsrv1.admediate[1].txt
	C:\Users\Mia\AppData\Roaming\Microsoft\Windows\Cookies\mia@www.banneradmin.rai[1].txt
	C:\Users\Mia\AppData\Roaming\Microsoft\Windows\Cookies\mia@content.yieldmanager[3].txt
	C:\Users\Mia\AppData\Roaming\Microsoft\Windows\Cookies\mia@ad.ambiweb[1].txt
	C:\Users\Mia\AppData\Roaming\Microsoft\Windows\Cookies\mia@kontera[2].txt
	C:\Users\Mia\AppData\Roaming\Microsoft\Windows\Cookies\mia@www.googleadservices[1].txt
	C:\Users\Mia\AppData\Roaming\Microsoft\Windows\Cookies\mia@ehg-idg.hitbox[2].txt
	C:\Users\Mia\AppData\Roaming\Microsoft\Windows\Cookies\mia@xiti[1].txt
	C:\Users\Mia\AppData\Roaming\Microsoft\Windows\Cookies\mia@ads.ak.facebook[1].txt
	C:\Users\Mia\AppData\Roaming\Microsoft\Windows\Cookies\mia@sevenoneintermedia.112.2o7[1].txt
	C:\Users\Mia\AppData\Roaming\Microsoft\Windows\Cookies\mia@zbox.zanox[1].txt
	C:\Users\Mia\AppData\Roaming\Microsoft\Windows\Cookies\mia@www.burstnet[2].txt
	C:\Users\Mia\AppData\Roaming\Microsoft\Windows\Cookies\mia@a6.adserver01[2].txt
	C:\Users\Mia\AppData\Roaming\Microsoft\Windows\Cookies\mia@adserver.myvideo[1].txt
	C:\Users\Mia\AppData\Roaming\Microsoft\Windows\Cookies\mia@www.w3counter[1].txt
	C:\Users\Mia\AppData\Roaming\Microsoft\Windows\Cookies\mia@ad.studenten-wg[2].txt
	C:\Users\Mia\AppData\Roaming\Microsoft\Windows\Cookies\mia@at.atwola[1].txt
	C:\Users\Mia\AppData\Roaming\Microsoft\Windows\Cookies\mia@statcounter[1].txt
	C:\Users\Mia\AppData\Roaming\Microsoft\Windows\Cookies\mia@adopt.specificclick[2].txt
	C:\Users\Mia\AppData\Roaming\Microsoft\Windows\Cookies\mia@track.webtrekk[2].txt
	C:\Users\Mia\AppData\Roaming\Microsoft\Windows\Cookies\mia@ad2.adfarm1.adition[1].txt
	C:\Users\Mia\AppData\Roaming\Microsoft\Windows\Cookies\mia@www.etracker[1].txt
	C:\Users\Mia\AppData\Roaming\Microsoft\Windows\Cookies\mia@pro-market[1].txt
	C:\Users\Mia\AppData\Roaming\Microsoft\Windows\Cookies\mia@adfarm1.adition[2].txt
	C:\Users\Mia\AppData\Roaming\Microsoft\Windows\Cookies\mia@realmedia[2].txt
	C:\Users\Mia\AppData\Roaming\Microsoft\Windows\Cookies\mia@www.zanox-affiliate[1].txt
	C:\Users\Mia\AppData\Roaming\Microsoft\Windows\Cookies\mia@ehg-dig.hitbox[2].txt
	C:\Users\Mia\AppData\Roaming\Microsoft\Windows\Cookies\mia@adsrv.admediate[2].txt
	C:\Users\Mia\AppData\Roaming\Microsoft\Windows\Cookies\mia@stat.www[1].txt
	C:\Users\Mia\AppData\Roaming\Microsoft\Windows\Cookies\mia@hbxtracking.sueddeutsche[1].txt
	C:\Users\Mia\AppData\Roaming\Microsoft\Windows\Cookies\mia@adserver1.mokono[1].txt
	C:\Users\Mia\AppData\Roaming\Microsoft\Windows\Cookies\mia@adviva[1].txt
	C:\Users\Mia\AppData\Roaming\Microsoft\Windows\Cookies\mia@trafficmp[1].txt
	C:\Users\Mia\AppData\Roaming\Microsoft\Windows\Cookies\mia@apmebf[1].txt
	C:\Users\Mia\AppData\Roaming\Microsoft\Windows\Cookies\mia@ad-hoc-news[2].txt
	C:\Users\Mia\AppData\Roaming\Microsoft\Windows\Cookies\mia@cdn.at.atwola[1].txt
	C:\Users\Mia\AppData\Roaming\Microsoft\Windows\Cookies\mia@tribalfusion[2].txt
	C:\Users\Mia\AppData\Roaming\Microsoft\Windows\Cookies\mia@tracking.quisma[1].txt
	C:\Users\Mia\AppData\Roaming\Microsoft\Windows\Cookies\mia@ehg-legonewyorkinc.hitbox[2].txt
	C:\Users\Mia\AppData\Roaming\Microsoft\Windows\Cookies\mia@vesseltracker[1].txt
	C:\Users\Mia\AppData\Roaming\Microsoft\Windows\Cookies\mia@serving-sys[1].txt
	C:\Users\Mia\AppData\Roaming\Microsoft\Windows\Cookies\mia@advertising[2].txt
	C:\Users\Mia\AppData\Roaming\Microsoft\Windows\Cookies\mia@eas.apm.emediate[2].txt
	C:\Users\Mia\AppData\Roaming\Microsoft\Windows\Cookies\mia@247realmedia[2].txt
	C:\Users\Mia\AppData\Roaming\Microsoft\Windows\Cookies\mia@msnportal.112.2o7[1].txt
	C:\Users\Mia\AppData\Roaming\Microsoft\Windows\Cookies\mia@stat.vattenfall[1].txt
	C:\Users\Mia\AppData\Roaming\Microsoft\Windows\Cookies\mia@rotator.adjuggler[1].txt
	C:\Users\Mia\AppData\Roaming\Microsoft\Windows\Cookies\mia@content.yieldmanager[2].txt
	C:\Users\Mia\AppData\Roaming\Microsoft\Windows\Cookies\mia@tto2.traffictrack[1].txt
	C:\Users\Mia\AppData\Roaming\Microsoft\Windows\Cookies\mia@socialmedia[1].txt
	C:\Users\Mia\AppData\Roaming\Microsoft\Windows\Cookies\mia@livestat.derstandard[1].txt
	C:\Users\Mia\AppData\Roaming\Microsoft\Windows\Cookies\mia@fastclick[1].txt
	C:\Users\Mia\AppData\Roaming\Microsoft\Windows\Cookies\mia@track.webtrekk[1].txt
	C:\Users\Mia\AppData\Roaming\Microsoft\Windows\Cookies\mia@de.sitestat[2].txt
	C:\Users\Mia\AppData\Roaming\Microsoft\Windows\Cookies\mia@ads.doodle[2].txt
	C:\Users\Mia\AppData\Roaming\Microsoft\Windows\Cookies\mia@rambler[2].txt
	C:\Users\Mia\AppData\Roaming\Microsoft\Windows\Cookies\mia@richmedia.yahoo[2].txt
	C:\Users\Mia\AppData\Roaming\Microsoft\Windows\Cookies\mia@hamburgerabendblatt.122.2o7[1].txt
	C:\Users\Mia\AppData\Roaming\Microsoft\Windows\Cookies\mia@de.sitestat[3].txt
	C:\Users\Mia\AppData\Roaming\Microsoft\Windows\Cookies\mia@mediaplex[2].txt
	C:\Users\Mia\AppData\Roaming\Microsoft\Windows\Cookies\mia@data.coremetrics[1].txt
	C:\Users\Mia\AppData\Roaming\Microsoft\Windows\Cookies\mia@tracking.mindshare[1].txt
	C:\Users\Mia\AppData\Roaming\Microsoft\Windows\Cookies\mia@zanox-affiliate[1].txt
	C:\Users\Mia\AppData\Roaming\Microsoft\Windows\Cookies\mia@overture[1].txt
	C:\Users\Mia\AppData\Roaming\Microsoft\Windows\Cookies\mia@count.spring[1].txt
	C:\Users\Mia\AppData\Roaming\Microsoft\Windows\Cookies\mia@statse.webtrendslive[1].txt
	C:\Users\Mia\AppData\Roaming\Microsoft\Windows\Cookies\mia@hitbox[1].txt
	C:\Users\Mia\AppData\Roaming\Microsoft\Windows\Cookies\mia@microsoftwga.112.2o7[1].txt
	C:\Users\Mia\AppData\Roaming\Microsoft\Windows\Cookies\mia@revsci[1].txt
	C:\Users\Mia\AppData\Roaming\Microsoft\Windows\Cookies\mia@questionmarket[2].txt
	C:\Users\Mia\AppData\Roaming\Microsoft\Windows\Cookies\mia@media.adrevolver[2].txt
	C:\Users\Mia\AppData\Roaming\Microsoft\Windows\Cookies\mia@doubleclick[1].txt
	C:\Users\Mia\AppData\Roaming\Microsoft\Windows\Cookies\mia@weborama[2].txt
	C:\Users\Mia\AppData\Roaming\Microsoft\Windows\Cookies\mia@hasenet.122.2o7[1].txt
	C:\Users\Mia\AppData\Roaming\Microsoft\Windows\Cookies\mia@ads.sesameworkshop[1].txt
	C:\Users\Mia\AppData\Roaming\Microsoft\Windows\Cookies\mia@ad.adnet[2].txt
	C:\Users\Mia\AppData\Roaming\Microsoft\Windows\Cookies\mia@bluestreak[1].txt
	C:\Users\Mia\AppData\Roaming\Microsoft\Windows\Cookies\mia@atwola[2].txt
	C:\Users\Mia\AppData\Roaming\Microsoft\Windows\Cookies\mia@hamburgerabendblattdedev.122.2o7[1].txt
	C:\Users\Mia\AppData\Roaming\Microsoft\Windows\Cookies\mia@casalemedia[1].txt
	C:\Users\Mia\AppData\Roaming\Microsoft\Windows\Cookies\mia@de.sitestat[1].txt
	C:\Users\Mia\AppData\Roaming\Microsoft\Windows\Cookies\mia@im.banner.t-online[2].txt
	C:\Users\Mia\AppData\Roaming\Microsoft\Windows\Cookies\mia@ads.revsci[1].txt
	C:\Users\Mia\AppData\Roaming\Microsoft\Windows\Cookies\mia@traffic.mpnrs[1].txt
	C:\Users\Mia\AppData\Roaming\Microsoft\Windows\Cookies\mia@adopt.euroclick[2].txt
	C:\Users\Mia\AppData\Roaming\Microsoft\Windows\Cookies\mia@tacoda[2].txt
	C:\Users\Mia\AppData\Roaming\Microsoft\Windows\Cookies\mia@ar.atwola[2].txt
	C:\Users\Mia\AppData\Roaming\Microsoft\Windows\Cookies\mia@kaboose.112.2o7[1].txt
	C:\Users\Mia\AppData\Roaming\Microsoft\Windows\Cookies\mia@gamblingplanetde.122.2o7[1].txt
	C:\Users\Mia\AppData\Roaming\Microsoft\Windows\Cookies\mia@ads.dk-online[2].txt
	C:\Users\Mia\AppData\Roaming\Microsoft\Windows\Cookies\mia@bs.serving-sys[1].txt
	C:\Users\Mia\AppData\Roaming\Microsoft\Windows\Cookies\mia@adserver.easyad[1].txt
	C:\Users\Mia\AppData\Roaming\Microsoft\Windows\Cookies\mia@keyword-advertising.web[2].txt
	C:\Users\Mia\AppData\Roaming\Microsoft\Windows\Cookies\mia@axelspringer.122.2o7[1].txt
	C:\Users\Mia\AppData\Roaming\Microsoft\Windows\Cookies\mia@ads.vrm[1].txt
	C:\Users\Mia\AppData\Roaming\Microsoft\Windows\Cookies\mia@tracking.hannoversche[1].txt
	C:\Users\Mia\AppData\Roaming\Microsoft\Windows\Cookies\mia@ad.salebroker[2].txt
	C:\Users\Mia\AppData\Roaming\Microsoft\Windows\Cookies\system@doubleclick[1].txt
	C:\Users\Mia\AppData\Roaming\Microsoft\Windows\Cookies\mia@ad4.adfarm1.adition[2].txt
	C:\Users\Mia\AppData\Roaming\Microsoft\Windows\Cookies\mia@track.webtrekk[3].txt
	C:\Users\Mia\AppData\Roaming\Microsoft\Windows\Cookies\mia@adx.chip[1].txt
	C:\Users\Mia\AppData\Roaming\Microsoft\Windows\Cookies\mia@ad3.adfarm1.adition[1].txt
	C:\Users\Mia\AppData\Roaming\Microsoft\Windows\Cookies\mia@ads.jurablogs[1].txt
	C:\Users\Mia\AppData\Roaming\Microsoft\Windows\Cookies\mia@ad.boreus[1].txt
	C:\Users\Mia\AppData\Roaming\Microsoft\Windows\Cookies\mia@track.adform[1].txt
	C:\Users\Mia\AppData\Roaming\Microsoft\Windows\Cookies\mia@ehg-aidacruises.hitbox[1].txt
	C:\Users\Mia\AppData\Roaming\Microsoft\Windows\Cookies\mia@adserver.vesseltracker[1].txt
	C:\Users\Mia\AppData\Roaming\Microsoft\Windows\Cookies\mia@ad.httpool[1].txt
	C:\Users\Mia\AppData\Roaming\Microsoft\Windows\Cookies\mia@specificclick[1].txt
	C:\Users\Mia\AppData\Roaming\Microsoft\Windows\Cookies\mia@de.sitestat[4].txt
	C:\Users\Mia\AppData\Roaming\Microsoft\Windows\Cookies\mia@ads.bucklink[1].txt
	C:\Users\Mia\AppData\Roaming\Microsoft\Windows\Cookies\mia@e-2dj6wjmyuoc5agp.stats.esomniture[2].txt
	C:\Users\Mia\AppData\Roaming\Microsoft\Windows\Cookies\mia@youngmediaconcepts.122.2o7[1].txt
	C:\Users\Mia\AppData\Roaming\Microsoft\Windows\Cookies\mia@a7.adserver01[1].txt
	C:\Users\Mia\AppData\Roaming\Microsoft\Windows\Cookies\mia@estat[1].txt
	C:\Users\Mia\AppData\Roaming\Microsoft\Windows\Cookies\mia@smartadserver[1].txt
	C:\Users\Mia\AppData\Roaming\Microsoft\Windows\Cookies\mia@media6degrees[1].txt
	C:\Users\Mia\AppData\Roaming\Microsoft\Windows\Cookies\mia@ad.adnet[3].txt
	C:\Users\Mia\AppData\Roaming\Microsoft\Windows\Cookies\mia@www.socialtrack[1].txt
	C:\Users\Mia\AppData\Roaming\Microsoft\Windows\Cookies\mia@webmasterplan[2].txt
	C:\Users\Mia\AppData\Roaming\Microsoft\Windows\Cookies\mia@tradedoubler[2].txt
	C:\Users\Mia\AppData\Roaming\Microsoft\Windows\Cookies\mia@ads.creative-serving[2].txt
	ad.de.doubleclick.net [ C:\Users\Mia\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\JC2V4ABR ]
	adserv.quality-channel.de [ C:\Users\Mia\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\JC2V4ABR ]
	adserver.new-directions.de [ C:\Users\Mia\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\JC2V4ABR ]
	akamai.smartadserver.com [ C:\Users\Mia\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\JC2V4ABR ]
	cdn1.eyewonder.com [ C:\Users\Mia\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\JC2V4ABR ]
	cdn5.specificclick.net [ C:\Users\Mia\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\JC2V4ABR ]
	creatives.doubleclick.net [ C:\Users\Mia\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\JC2V4ABR ]
	de.screensaver-planet.com [ C:\Users\Mia\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\JC2V4ABR ]
	ds.serving-sys.com [ C:\Users\Mia\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\JC2V4ABR ]
	googleads.g.doubleclick.net [ C:\Users\Mia\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\JC2V4ABR ]
	imagesrv.adition.com [ C:\Users\Mia\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\JC2V4ABR ]
	img-cdn.mediaplex.com [ C:\Users\Mia\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\JC2V4ABR ]
	interclick.com [ C:\Users\Mia\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\JC2V4ABR ]
	m.de.2mdn.net [ C:\Users\Mia\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\JC2V4ABR ]
	m.doubleclick.net [ C:\Users\Mia\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\JC2V4ABR ]
	m1.emea.2mdn.net [ C:\Users\Mia\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\JC2V4ABR ]
	macromedia.com [ C:\Users\Mia\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\JC2V4ABR ]
	media.kyte.tv [ C:\Users\Mia\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\JC2V4ABR ]
	media.loc.gov [ C:\Users\Mia\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\JC2V4ABR ]
	media.mtvnservices.com [ C:\Users\Mia\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\JC2V4ABR ]
	media.tattomedia.com [ C:\Users\Mia\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\JC2V4ABR ]
	media01.kyte.tv [ C:\Users\Mia\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\JC2V4ABR ]
	memecounter.com [ C:\Users\Mia\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\JC2V4ABR ]
	navtracks.com [ C:\Users\Mia\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\JC2V4ABR ]
	objects.tremormedia.com [ C:\Users\Mia\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\JC2V4ABR ]
	oddcast.com [ C:\Users\Mia\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\JC2V4ABR ]
	pagead2.googleadservices.com [ C:\Users\Mia\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\JC2V4ABR ]
	s0.2mdn.net [ C:\Users\Mia\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\JC2V4ABR ]
	secure-us.imrworldwide.com [ C:\Users\Mia\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\JC2V4ABR ]
	spe.atdmt.com [ C:\Users\Mia\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\JC2V4ABR ]
	swrmediathek.de [ C:\Users\Mia\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\JC2V4ABR ]
	track.webgains.com [ C:\Users\Mia\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\JC2V4ABR ]
	www.ardmediathek.de [ C:\Users\Mia\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\JC2V4ABR ]
	www.crossmedia2.de [ C:\Users\Mia\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\JC2V4ABR ]
	www.secmedia.de [ C:\Users\Mia\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\JC2V4ABR ]

Trojan.Agent/Gen-BanLoad
	C:\PROGRAM FILES\MOZILLA.ORG\SEAMONKEY\UNINSTALL\SEAMONKEYUNINSTALL.EXE
	C:\WINDOWS\SEAMONKEYUNINSTALL.EXE

Trojan.Agent/Gen-Bancos
	C:\PROGRAM FILES\SCENEO\BONAVISTA\BDSUPDATE.DLL
         

Nur Cookies und Fehlalarme IMHO. Machst du auch net ESET?

Log von ESET

Code: Alles auswählenAufklappen

ATTFilter

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6528
# api_version=3.0.2
# EOSSerial=a6617bf5a8aff846b152461826fd856d
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-07-12 11:31:31
# local_time=2011-07-13 01:31:31 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=1797 16775165 100 94 777451 47037846 1378459 0
# compatibility_mode=5892 16776573 100 100 222 148033718 0 0
# compatibility_mode=8192 67108863 100 0 129 129 0 0
# scanned=270636
# found=2
# cleaned=0
# scan_time=12501
C:\Program Files\Internetradio phonostar\ps_radio2012.exe	a variant of Win32/Adware.ADON application (unable to clean)	00000000000000000000000000000000	I
C:\Program Files\Nero\Nero-7.10.1.2_all_update.exe	Win32/Toolbar.AskSBar application (unable to clean)	00000000000000000000000000000000	I
         

Fehlalarme.
Rechner wieder im Lot?

Es scheint alles wieder rnormal zu funktionieren.
Vielen, vielen Dank für deine tolle Hilfe.

Wenn jetzt noch mein zweiter Rechner wieder heile ist, dann bin ich total happy