Sinowal ?!

gerd076 · 26.10.2011, 08:56

Combofix Logfile:

Code:

ATTFilter

ComboFix 11-10-26.01 - gk 26.10.2011   9:33.1.2 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6001.1.1252.49.1031.18.2813.1756 [GMT 2:00]
ausgeführt von:: c:\users\gk\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\IsUn0407.exe
c:\windows\system32\CddbCdda.dll
.
.
(((((((((((((((((((((((((((((((((((((((   Treiber/Dienste   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_RKHIT
-------\Service_RkHit
.
.
(((((((((((((((((((((((   Dateien erstellt von 2011-09-26 bis 2011-10-26  ))))))))))))))))))))))))))))))
.
.
2011-10-26 07:42 . 2011-10-26 07:42	56200	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{98D18A51-9D08-4474-B6CE-B1CC87B8234A}\offreg.dll
2011-10-26 07:40 . 2011-10-26 07:40	--------	d-----w-	c:\users\Default\AppData\Local\temp
2011-10-25 14:16 . 2011-10-25 14:16	--------	d-----w-	C:\_OTL
2011-10-24 20:00 . 2011-10-24 20:00	--------	d-----w-	c:\program files\ESET
2011-10-24 10:03 . 2011-10-24 10:03	--------	d-----w-	c:\program files\Common Files\Java
2011-10-24 10:02 . 2011-10-03 03:06	476904	----a-w-	c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
2011-10-24 10:02 . 2011-10-03 03:06	472808	----a-w-	c:\windows\system32\deployJava1.dll
2011-10-23 20:07 . 2011-10-23 20:08	--------	d-----w-	C:\log2
2011-10-23 19:43 . 2011-10-23 19:43	--------	d-----w-	c:\users\gk\AppData\Roaming\Malwarebytes
2011-10-23 19:42 . 2011-10-23 19:42	--------	d-----w-	c:\programdata\Malwarebytes
2011-10-23 19:42 . 2011-10-23 19:42	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2011-10-23 19:42 . 2011-08-31 15:00	22216	----a-w-	c:\windows\system32\drivers\mbam.sys
2011-10-23 17:46 . 2011-10-25 14:20	--------	d-----w-	C:\logs
2011-10-23 14:00 . 2011-10-24 09:44	--------	d-----w-	c:\program files\NetPeeker
2011-10-23 14:00 . 2011-10-23 14:00	236400	----a-w-	c:\windows\system32\drivers\netpeeker.sys
2011-10-23 13:59 . 2011-10-23 13:59	--------	d-----w-	C:\Neuer Ordner
2011-10-22 21:46 . 2011-07-15 09:35	21312	----a-w-	c:\windows\system32\authuitu.dll
2011-10-22 21:46 . 2011-07-15 09:35	30016	----a-w-	c:\windows\system32\uxtuneup.dll
2011-10-22 06:04 . 2011-10-22 06:04	--------	d-----w-	c:\programdata\Uniblue
2011-10-22 06:04 . 2011-10-22 06:04	--------	d-----w-	c:\programdata\Canneverbe Limited
2011-10-22 06:04 . 2011-10-22 06:04	--------	d-----w-	c:\users\gk\AppData\Roaming\Canneverbe Limited
2011-10-22 06:04 . 2011-10-22 06:04	--------	d-----w-	c:\program files\CDBurnerXP
2011-10-22 06:04 . 2011-10-22 06:04	--------	d-----w-	c:\users\gk\AppData\Roaming\OpenCandy
2011-10-22 06:03 . 2011-10-22 06:03	--------	d-----w-	c:\program files\Conduit
2011-10-22 06:03 . 2011-10-25 14:16	--------	d-----w-	c:\program files\Winload
2011-10-22 06:03 . 2011-10-22 06:03	--------	d-----w-	c:\users\gk\AppData\Local\Conduit
2011-10-21 20:33 . 2011-10-21 20:33	--------	d-----w-	c:\windows\Profiles
2011-10-21 20:06 . 2011-10-21 20:06	--------	d-----w-	c:\users\gk\AppData\Roaming\Avira
2011-10-21 20:00 . 2011-10-11 13:06	74640	----a-w-	c:\windows\system32\drivers\avgntflt.sys
2011-10-21 20:00 . 2011-10-11 13:06	36000	----a-w-	c:\windows\system32\drivers\avkmgr.sys
2011-10-21 20:00 . 2011-10-11 13:06	134344	----a-w-	c:\windows\system32\drivers\avipbb.sys
2011-10-21 20:00 . 2011-10-21 22:58	--------	d-----w-	c:\programdata\Avira
2011-10-21 20:00 . 2011-10-21 20:00	--------	d-----w-	c:\program files\Avira
2011-10-21 06:57 . 2011-10-07 03:48	6668624	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{98D18A51-9D08-4474-B6CE-B1CC87B8234A}\mpengine.dll
2011-10-21 06:51 . 2011-05-28 06:09	638232	----a-w-	c:\program files\Internet Explorer\iexplore.exe
2011-10-21 06:51 . 2010-05-27 19:16	81920	----a-w-	c:\windows\system32\iccvid.dll
2011-10-21 06:51 . 2010-10-19 04:27	7680	----a-w-	c:\program files\Internet Explorer\iecompat.dll
2011-10-21 06:51 . 2010-08-17 13:32	126464	----a-w-	c:\windows\system32\spoolsv.exe
2011-10-21 06:51 . 2010-09-06 16:24	125952	----a-w-	c:\windows\system32\srvsvc.dll
2011-10-21 06:51 . 2010-09-06 16:23	17920	----a-w-	c:\windows\system32\netevent.dll
2011-10-21 06:49 . 2011-02-18 13:31	304640	----a-w-	c:\windows\system32\drivers\srv.sys
2011-10-21 06:49 . 2011-04-14 14:24	75264	----a-w-	c:\windows\system32\drivers\dfsc.sys
2011-10-21 06:49 . 2010-10-12 15:48	33280	----a-w-	c:\program files\Windows Mail\wabfind.dll
2011-10-21 06:49 . 2010-10-12 13:52	66048	----a-w-	c:\program files\Windows Mail\wabmig.exe
2011-10-21 06:49 . 2010-10-12 13:52	515584	----a-w-	c:\program files\Windows Mail\wab.exe
2011-10-21 06:49 . 2011-02-22 12:51	69632	----a-w-	c:\windows\system32\drivers\bowser.sys
2011-10-21 06:49 . 2010-10-18 14:01	81920	----a-w-	c:\windows\system32\consent.exe
2011-10-21 06:49 . 2011-04-30 06:09	758784	----a-w-	c:\program files\Common Files\Microsoft Shared\vgx\VGX.dll
2011-10-21 06:44 . 2010-12-28 14:57	409600	----a-w-	c:\windows\system32\odbc32.dll
2011-10-21 06:44 . 2010-12-28 14:56	708608	----a-w-	c:\program files\Common Files\System\ado\msado15.dll
2011-10-21 06:44 . 2010-12-28 14:56	57344	----a-w-	c:\program files\Common Files\System\msadc\msadcs.dll
2011-10-21 06:44 . 2010-12-28 14:56	253952	----a-w-	c:\program files\Common Files\System\ado\msadox.dll
2011-10-21 06:44 . 2010-12-28 14:56	241664	----a-w-	c:\program files\Common Files\System\ado\msadomd.dll
2011-10-21 06:44 . 2010-12-28 14:56	180224	----a-w-	c:\program files\Common Files\System\msadc\msadco.dll
2011-10-21 06:43 . 2010-12-17 16:43	2067456	----a-w-	c:\windows\system32\mstscax.dll
2011-10-21 06:43 . 2010-12-17 15:06	677888	----a-w-	c:\windows\system32\mstsc.exe
2011-10-21 06:43 . 2010-08-31 15:40	531968	----a-w-	c:\windows\system32\comctl32.dll
2011-10-21 06:42 . 2011-04-29 14:54	276992	----a-w-	c:\windows\system32\schannel.dll
2011-10-21 05:47 . 2011-10-21 05:47	--------	d-----w-	c:\windows\system32\IO
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-09-30 06:38 . 2011-06-23 21:17	404640	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ICQ"="c:\program files\ICQ7.4\ICQ.exe" [2011-03-28 119608]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-03-12 68856]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2008-10-31 6609440]
"Acer ePower Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2008-12-18 690720]
"BkupTray"="c:\program files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe" [2008-04-25 28672]
"PLFSetI"="c:\windows\PLFSetI.exe" [2008-07-29 200704]
"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2009-01-09 870920]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-01-09 1418536]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-12-11 13560352]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-12-11 92704]
"MobileConnect"="c:\program files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe" [2008-07-04 2072576]
"FreePDF Assistant"="c:\program files\FreePDF_XP\fpassist.exe" [2009-09-05 385024]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-10-11 258512]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ehTray.exe"=c:\windows\ehome\ehTray.exe
"TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe"
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
"NvCplDaemonTool"=rundll32.exe _IWMPEvents
"WMPNSCFG"=c:\program files\Windows Media Player\WMPNSCFG.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"PlayMovie"="c:\program files\Acer Arcade Deluxe\PlayMovie\PMVService.exe"
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe"
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe"
"CLMLServer"="c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe"
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"Windows Mobile-based device management"=%windir%\WindowsMobile\wmdSync.exe
"WinampAgent"="c:\program files\Winamp\winampa.exe"
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"ArcadeDeluxeAgent"="c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe"
"Ocs_SM"=c:\users\gk\AppData\Roaming\OCS\SM\SearchAnonymizer.exe
"Windows Defender"=%ProgramFiles%\Windows Defender\MSASCui.exe -hide
.
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-06 135664]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-06 135664]
R3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2008-12-29 109920]
R3 netr28;Ralink 802.11n Wireless Driver for Windows Vista;c:\windows\system32\DRIVERS\netr28.sys [2008-08-09 419328]
R3 s0016bus;Sony Ericsson Device 0016 driver (WDM);c:\windows\system32\DRIVERS\s0016bus.sys [2008-05-16 89256]
R3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s0016mdfl.sys [2008-05-16 15016]
R3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s0016mdm.sys [2008-05-16 120744]
R3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s0016mgmt.sys [2008-05-16 114216]
R3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS);c:\windows\system32\DRIVERS\s0016nd5.sys [2008-05-16 25512]
R3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s0016obex.sys [2008-05-16 110632]
R3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM);c:\windows\system32\DRIVERS\s0016unic.sys [2008-05-16 115752]
R3 s1039bus;Sony Ericsson Device 1039 driver (WDM);c:\windows\system32\DRIVERS\s1039bus.sys [2010-03-15 98672]
R3 s1039mdfl;Sony Ericsson Device 1039 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s1039mdfl.sys [2010-03-15 14960]
R3 s1039mdm;Sony Ericsson Device 1039 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s1039mdm.sys [2010-03-15 124016]
R3 s1039mgmt;Sony Ericsson Device 1039 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s1039mgmt.sys [2010-03-15 117872]
R3 s1039nd5;Sony Ericsson Device 1039 USB Ethernet Emulation (NDIS);c:\windows\system32\DRIVERS\s1039nd5.sys [2010-03-15 25456]
R3 s1039obex;Sony Ericsson Device 1039 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s1039obex.sys [2010-03-15 113904]
R3 s1039unic;Sony Ericsson Device 1039 USB Ethernet Emulation (WDM);c:\windows\system32\DRIVERS\s1039unic.sys [2010-03-15 123504]
R3 Sony Ericsson PCCompanion;Sony Ericsson PCCompanion;c:\program files\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe [2011-02-10 150528]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2011-10-11 36000]
S1 NetPeeker;Net-Peeker Kernel Driver;c:\windows\system32\DRIVERS\netpeeker.sys [2011-10-23 236400]
S2 AntiVirMailService;Avira Email Schutz;c:\program files\Avira\AntiVir Desktop\avmailc.exe [2011-10-11 342480]
S2 AntiVirSchedulerService;Avira Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2011-10-11 86224]
S2 AntiVirWebService;Avira Browser Schutz;c:\program files\Avira\AntiVir Desktop\AVWEBGRD.EXE [2011-10-11 463824]
S2 BUNAgentSvc;NTI Backup Now 5 Agent Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe [2008-03-03 16384]
S2 CLHNService;CLHNService;c:\program files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe [2008-10-04 69632]
S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [2008-12-18 653856]
S2 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2008-04-25 45056]
S2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2008-04-25 131072]
S2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [2010-08-24 92008]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [2011-07-15 1052480]
S2 VMCService;Vodafone Mobile Connect Service;c:\program files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe [2008-07-04 14336]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2008-09-29 223232]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2008-09-05 45600]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys [2009-10-14 10064]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile	REG_MULTI_SZ   	wcescomm rapimgr
LocalServiceRestricted	REG_MULTI_SZ   	WcesComm RapiMgr
HPZ12	REG_MULTI_SZ   	Pml Driver HPZ12 Net Driver HPZ12
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
UxTuneUp
.
Inhalt des "geplante Tasks" Ordners
.
2011-10-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-06 23:09]
.
2011-10-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-06 23:09]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = 
mStart Page = 
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
IE: Felder mit Bestellhelfer ausfüllen - file://c:\program files\DHL\DHL Bestellhelfer\fillFormContext.html
IE: Felder mit Bestellhelfer merken - file://c:\program files\DHL\DHL Bestellhelfer\assignContext.html
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
LSP: c:\program files\Avira\AntiVir Desktop\avsda.dll
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\gk\AppData\Roaming\Mozilla\Firefox\Profiles\ysoa0361.default\
FF - prefs.js: browser.search.defaulturl - 
FF - prefs.js: browser.search.selectedEngine - 
FF - prefs.js: network.proxy.type - 0
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
BHO-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
AddRemove-FRITZ!DSL - c:\windows\IsUn0407.exe
.
.
.
**************************************************************************
Scanne versteckte Prozesse... 
.
Scanne versteckte Autostarteinträge... 
.
Scanne versteckte Dateien... 
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'Explorer.exe'(1356)
c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_ger.nlr
c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\windows\system32\rundll32.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\FRITZ!DSL\IGDCTRL.EXE
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\acer\Mobility Center\MobilityService.exe
c:\program files\Cyberlink\Shared files\RichVideo.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
c:\windows\system32\conime.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2011-10-26  09:50:43 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2011-10-26 07:50
.
Vor Suchlauf: 13 Verzeichnis(se), 92.838.678.528 Bytes frei
Nach Suchlauf: 20 Verzeichnis(se), 92.480.536.576 Bytes frei
.
- - End Of File - - E677ACAE66776C03C5508E4987343E16

--- --- ---

MfG Gerd

cosinus · 26.10.2011, 12:00

Combofix - Scripten

1. Starte das Notepad (Start / Ausführen / notepad[Enter])

2. Jetzt füge mit copy/paste den ganzen Inhalt der untenstehenden Codebox in das Notepad Fenster ein.

Code:

ATTFilter

Folder::
c:\program files\Conduit
c:\program files\Winload
c:\users\gk\AppData\Local\Conduit

3. Speichere im Notepad als CFScript.txt auf dem Desktop.

4. Deaktivere den Guard Deines Antivirenprogramms und eine eventuell vorhandene Software Firewall.
(Auch Guards von Ad-, Spyware Programmen und den Tea Timer (wenn vorhanden) !)

5. Dann ziehe die CFScript.txt auf die cofi.exe, so wie es im unteren Bild zu sehen ist. Damit wird Combofix neu gestartet.

6. Nach dem Neustart (es wird gefragt ob Du neustarten willst), poste bitte die folgenden Log Dateien:
Combofix.txt

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

gerd076 · 26.10.2011, 13:31

Combofix Logfile:

Code:

ATTFilter

ComboFix 11-10-26.01 - gk 26.10.2011  14:15:36.2.2 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6001.1.1252.49.1031.18.2813.1797 [GMT 2:00]
ausgeführt von:: c:\users\gk\Desktop\ComboFix.exe
Benutzte Befehlsschalter :: c:\users\gk\Desktop\CFScript.txt
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Conduit
c:\program files\Conduit\Community Alerts\Alert.dll
c:\program files\Winload
c:\program files\Winload\GottenAppsContextMenu.xml
c:\program files\Winload\OtherAppsContextMenu.xml
c:\program files\Winload\SharedAppsContextMenu.xml
c:\program files\Winload\tbWinl.dll
c:\program files\Winload\toolbar.cfg
c:\program files\Winload\ToolbarContextMenu.xml
c:\program files\Winload\uninstall.exe
c:\program files\Winload\UNWISE.INI
c:\program files\Winload\WinloadToolbarHelper.exe
c:\users\gk\AppData\Local\Conduit
c:\users\gk\AppData\Local\Conduit\CT2319825\WinloadAutoUpdateHelper.exe
.
.
(((((((((((((((((((((((   Dateien erstellt von 2011-09-26 bis 2011-10-26  ))))))))))))))))))))))))))))))
.
.
2011-10-26 12:21 . 2011-10-26 12:21	--------	d-----w-	c:\users\Default\AppData\Local\temp
2011-10-26 11:53 . 2011-10-26 11:53	56200	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{98D18A51-9D08-4474-B6CE-B1CC87B8234A}\offreg.dll
2011-10-26 07:50 . 2011-10-26 12:22	--------	d-----w-	c:\users\gk\AppData\Local\temp
2011-10-25 14:16 . 2011-10-25 14:16	--------	d-----w-	C:\_OTL
2011-10-24 20:00 . 2011-10-24 20:00	--------	d-----w-	c:\program files\ESET
2011-10-24 10:03 . 2011-10-24 10:03	--------	d-----w-	c:\program files\Common Files\Java
2011-10-24 10:02 . 2011-10-03 03:06	476904	----a-w-	c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
2011-10-24 10:02 . 2011-10-03 03:06	472808	----a-w-	c:\windows\system32\deployJava1.dll
2011-10-23 20:07 . 2011-10-23 20:08	--------	d-----w-	C:\log2
2011-10-23 19:43 . 2011-10-23 19:43	--------	d-----w-	c:\users\gk\AppData\Roaming\Malwarebytes
2011-10-23 19:42 . 2011-10-23 19:42	--------	d-----w-	c:\programdata\Malwarebytes
2011-10-23 19:42 . 2011-10-23 19:42	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2011-10-23 19:42 . 2011-08-31 15:00	22216	----a-w-	c:\windows\system32\drivers\mbam.sys
2011-10-23 17:46 . 2011-10-25 14:20	--------	d-----w-	C:\logs
2011-10-23 14:00 . 2011-10-24 09:44	--------	d-----w-	c:\program files\NetPeeker
2011-10-23 14:00 . 2011-10-23 14:00	236400	----a-w-	c:\windows\system32\drivers\netpeeker.sys
2011-10-23 13:59 . 2011-10-23 13:59	--------	d-----w-	C:\Neuer Ordner
2011-10-22 21:46 . 2011-07-15 09:35	21312	----a-w-	c:\windows\system32\authuitu.dll
2011-10-22 21:46 . 2011-07-15 09:35	30016	----a-w-	c:\windows\system32\uxtuneup.dll
2011-10-22 06:04 . 2011-10-22 06:04	--------	d-----w-	c:\programdata\Uniblue
2011-10-22 06:04 . 2011-10-22 06:04	--------	d-----w-	c:\programdata\Canneverbe Limited
2011-10-22 06:04 . 2011-10-22 06:04	--------	d-----w-	c:\users\gk\AppData\Roaming\Canneverbe Limited
2011-10-22 06:04 . 2011-10-22 06:04	--------	d-----w-	c:\program files\CDBurnerXP
2011-10-22 06:04 . 2011-10-22 06:04	--------	d-----w-	c:\users\gk\AppData\Roaming\OpenCandy
2011-10-22 06:03 . 2011-10-25 14:17	--------	d-----w-	c:\program files\ConduitEngine
2011-10-21 20:33 . 2011-10-21 20:33	--------	d-----w-	c:\windows\Profiles
2011-10-21 20:06 . 2011-10-21 20:06	--------	d-----w-	c:\users\gk\AppData\Roaming\Avira
2011-10-21 20:00 . 2011-10-11 13:06	74640	----a-w-	c:\windows\system32\drivers\avgntflt.sys
2011-10-21 20:00 . 2011-10-11 13:06	36000	----a-w-	c:\windows\system32\drivers\avkmgr.sys
2011-10-21 20:00 . 2011-10-11 13:06	134344	----a-w-	c:\windows\system32\drivers\avipbb.sys
2011-10-21 20:00 . 2011-10-21 22:58	--------	d-----w-	c:\programdata\Avira
2011-10-21 20:00 . 2011-10-21 20:00	--------	d-----w-	c:\program files\Avira
2011-10-21 06:57 . 2011-10-07 03:48	6668624	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{98D18A51-9D08-4474-B6CE-B1CC87B8234A}\mpengine.dll
2011-10-21 06:51 . 2011-05-28 06:09	638232	----a-w-	c:\program files\Internet Explorer\iexplore.exe
2011-10-21 06:51 . 2010-05-27 19:16	81920	----a-w-	c:\windows\system32\iccvid.dll
2011-10-21 06:51 . 2010-10-19 04:27	7680	----a-w-	c:\program files\Internet Explorer\iecompat.dll
2011-10-21 06:51 . 2010-08-17 13:32	126464	----a-w-	c:\windows\system32\spoolsv.exe
2011-10-21 06:51 . 2010-09-06 16:24	125952	----a-w-	c:\windows\system32\srvsvc.dll
2011-10-21 06:51 . 2010-09-06 16:23	17920	----a-w-	c:\windows\system32\netevent.dll
2011-10-21 06:49 . 2011-02-18 13:31	304640	----a-w-	c:\windows\system32\drivers\srv.sys
2011-10-21 06:49 . 2011-04-14 14:24	75264	----a-w-	c:\windows\system32\drivers\dfsc.sys
2011-10-21 06:49 . 2010-10-12 15:48	33280	----a-w-	c:\program files\Windows Mail\wabfind.dll
2011-10-21 06:49 . 2010-10-12 13:52	66048	----a-w-	c:\program files\Windows Mail\wabmig.exe
2011-10-21 06:49 . 2010-10-12 13:52	515584	----a-w-	c:\program files\Windows Mail\wab.exe
2011-10-21 06:49 . 2011-02-22 12:51	69632	----a-w-	c:\windows\system32\drivers\bowser.sys
2011-10-21 06:49 . 2010-10-18 14:01	81920	----a-w-	c:\windows\system32\consent.exe
2011-10-21 06:49 . 2011-04-30 06:09	758784	----a-w-	c:\program files\Common Files\Microsoft Shared\vgx\VGX.dll
2011-10-21 06:44 . 2010-12-28 14:57	409600	----a-w-	c:\windows\system32\odbc32.dll
2011-10-21 06:44 . 2010-12-28 14:56	708608	----a-w-	c:\program files\Common Files\System\ado\msado15.dll
2011-10-21 06:44 . 2010-12-28 14:56	57344	----a-w-	c:\program files\Common Files\System\msadc\msadcs.dll
2011-10-21 06:44 . 2010-12-28 14:56	253952	----a-w-	c:\program files\Common Files\System\ado\msadox.dll
2011-10-21 06:44 . 2010-12-28 14:56	241664	----a-w-	c:\program files\Common Files\System\ado\msadomd.dll
2011-10-21 06:44 . 2010-12-28 14:56	180224	----a-w-	c:\program files\Common Files\System\msadc\msadco.dll
2011-10-21 06:43 . 2010-12-17 16:43	2067456	----a-w-	c:\windows\system32\mstscax.dll
2011-10-21 06:43 . 2010-12-17 15:06	677888	----a-w-	c:\windows\system32\mstsc.exe
2011-10-21 06:43 . 2010-08-31 15:40	531968	----a-w-	c:\windows\system32\comctl32.dll
2011-10-21 06:42 . 2011-04-29 14:54	276992	----a-w-	c:\windows\system32\schannel.dll
2011-10-21 05:47 . 2011-10-21 05:47	--------	d-----w-	c:\windows\system32\IO
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-09-30 06:38 . 2011-06-23 21:17	404640	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ICQ"="c:\program files\ICQ7.4\ICQ.exe" [2011-03-28 119608]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-03-12 68856]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2008-10-31 6609440]
"Acer ePower Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2008-12-18 690720]
"BkupTray"="c:\program files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe" [2008-04-25 28672]
"PLFSetI"="c:\windows\PLFSetI.exe" [2008-07-29 200704]
"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2009-01-09 870920]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-01-09 1418536]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-12-11 13560352]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-12-11 92704]
"MobileConnect"="c:\program files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe" [2008-07-04 2072576]
"FreePDF Assistant"="c:\program files\FreePDF_XP\fpassist.exe" [2009-09-05 385024]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-10-11 258512]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ehTray.exe"=c:\windows\ehome\ehTray.exe
"TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe"
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
"NvCplDaemonTool"=rundll32.exe _IWMPEvents
"WMPNSCFG"=c:\program files\Windows Media Player\WMPNSCFG.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"PlayMovie"="c:\program files\Acer Arcade Deluxe\PlayMovie\PMVService.exe"
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe"
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe"
"CLMLServer"="c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe"
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"Windows Mobile-based device management"=%windir%\WindowsMobile\wmdSync.exe
"WinampAgent"="c:\program files\Winamp\winampa.exe"
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"ArcadeDeluxeAgent"="c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe"
"Ocs_SM"=c:\users\gk\AppData\Roaming\OCS\SM\SearchAnonymizer.exe
"Windows Defender"=%ProgramFiles%\Windows Defender\MSASCui.exe -hide
.
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-06 135664]
R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2008-04-25 131072]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-06 135664]
R3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2008-12-29 109920]
R3 netr28;Ralink 802.11n Wireless Driver for Windows Vista;c:\windows\system32\DRIVERS\netr28.sys [2008-08-09 419328]
R3 s0016bus;Sony Ericsson Device 0016 driver (WDM);c:\windows\system32\DRIVERS\s0016bus.sys [2008-05-16 89256]
R3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s0016mdfl.sys [2008-05-16 15016]
R3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s0016mdm.sys [2008-05-16 120744]
R3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s0016mgmt.sys [2008-05-16 114216]
R3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS);c:\windows\system32\DRIVERS\s0016nd5.sys [2008-05-16 25512]
R3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s0016obex.sys [2008-05-16 110632]
R3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM);c:\windows\system32\DRIVERS\s0016unic.sys [2008-05-16 115752]
R3 s1039bus;Sony Ericsson Device 1039 driver (WDM);c:\windows\system32\DRIVERS\s1039bus.sys [2010-03-15 98672]
R3 s1039mdfl;Sony Ericsson Device 1039 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s1039mdfl.sys [2010-03-15 14960]
R3 s1039mdm;Sony Ericsson Device 1039 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s1039mdm.sys [2010-03-15 124016]
R3 s1039mgmt;Sony Ericsson Device 1039 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s1039mgmt.sys [2010-03-15 117872]
R3 s1039nd5;Sony Ericsson Device 1039 USB Ethernet Emulation (NDIS);c:\windows\system32\DRIVERS\s1039nd5.sys [2010-03-15 25456]
R3 s1039obex;Sony Ericsson Device 1039 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s1039obex.sys [2010-03-15 113904]
R3 s1039unic;Sony Ericsson Device 1039 USB Ethernet Emulation (WDM);c:\windows\system32\DRIVERS\s1039unic.sys [2010-03-15 123504]
R3 Sony Ericsson PCCompanion;Sony Ericsson PCCompanion;c:\program files\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe [2011-02-10 150528]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2011-10-11 36000]
S1 NetPeeker;Net-Peeker Kernel Driver;c:\windows\system32\DRIVERS\netpeeker.sys [2011-10-23 236400]
S2 AntiVirMailService;Avira Email Schutz;c:\program files\Avira\AntiVir Desktop\avmailc.exe [2011-10-11 342480]
S2 AntiVirSchedulerService;Avira Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2011-10-11 86224]
S2 AntiVirWebService;Avira Browser Schutz;c:\program files\Avira\AntiVir Desktop\AVWEBGRD.EXE [2011-10-11 463824]
S2 BUNAgentSvc;NTI Backup Now 5 Agent Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe [2008-03-03 16384]
S2 CLHNService;CLHNService;c:\program files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe [2008-10-04 69632]
S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [2008-12-18 653856]
S2 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2008-04-25 45056]
S2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [2010-08-24 92008]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [2011-07-15 1052480]
S2 VMCService;Vodafone Mobile Connect Service;c:\program files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe [2008-07-04 14336]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2008-09-29 223232]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2008-09-05 45600]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys [2009-10-14 10064]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile	REG_MULTI_SZ   	wcescomm rapimgr
LocalServiceRestricted	REG_MULTI_SZ   	WcesComm RapiMgr
HPZ12	REG_MULTI_SZ   	Pml Driver HPZ12 Net Driver HPZ12
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
UxTuneUp
.
Inhalt des "geplante Tasks" Ordners
.
2011-10-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-06 23:09]
.
2011-10-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-06 23:09]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = 
mStart Page = 
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
IE: Felder mit Bestellhelfer ausfüllen - file://c:\program files\DHL\DHL Bestellhelfer\fillFormContext.html
IE: Felder mit Bestellhelfer merken - file://c:\program files\DHL\DHL Bestellhelfer\assignContext.html
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
LSP: c:\program files\Avira\AntiVir Desktop\avsda.dll
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\gk\AppData\Roaming\Mozilla\Firefox\Profiles\ysoa0361.default\
FF - prefs.js: browser.search.defaulturl - 
FF - prefs.js: browser.search.selectedEngine - 
FF - prefs.js: network.proxy.type - 0
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
AddRemove-Winload Toolbar - c:\progra~1\Winload\UNINST~1.EXE
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2011-10-26 14:22
Windows 6.0.6001 Service Pack 1 NTFS
.
Scanne versteckte Prozesse... 
.
Scanne versteckte Autostarteinträge... 
.
Scanne versteckte Dateien... 
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Zeit der Fertigstellung: 2011-10-26  14:25:10
ComboFix-quarantined-files.txt  2011-10-26 12:25
ComboFix2.txt  2011-10-26 07:50
.
Vor Suchlauf: 19 Verzeichnis(se), 92.411.940.864 Bytes frei
Nach Suchlauf: 19 Verzeichnis(se), 92.378.664.960 Bytes frei
.
- - End Of File - - 6E62319D8E4AB88BCAD67F2184221FB3

--- --- ---

MfG Gerd

cosinus · 26.10.2011, 14:44

Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.

Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM!

Downloade dir bitte

aswMBR.exe und speichere die Datei auf deinem Desktop.

Starte die aswMBR.exe - (aswMBR.exe Anleitung)
Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
Klicke auf Scan.
Warte bitte bis Scan finished successfully im DOS-Fenster steht.
Drücke auf Save Log und speichere diese auf dem Desktop.

Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).

gerd076 · 26.10.2011, 17:21

Also GMER ging absolut nicht.

OSAM Logfile:

Code:

ATTFilter

Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 17:56:43 on 26.10.2011

OS: Windows Vista Home Premium Edition Service Pack 1 (Build 6001), 32-bit
Default Browser: Mozilla Corporation Firefox 3.6.23

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Common]
-----( %SystemRoot%\Tasks )-----
"GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe

[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"FlashPlayerCPLApp.cpl" - "Adobe Systems Incorporated" - C:\Windows\system32\FlashPlayerCPLApp.cpl
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"mlcfg32.cpl" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\MLCFG32.CPL
"NokiaConnectionManager" - "Nokia" - C:\PROGRA~1\Nokia\NOKIAP~1\CONNEC~1.CPL
"QuickTime" - "Apple Inc." - C:\Program Files\QuickTime\QTSystem\QuickTime.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"avgntflt" (avgntflt) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avgntflt.sys
"avipbb" (avipbb) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avipbb.sys
"avkmgr" (avkmgr) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avkmgr.sys
"catchme" (catchme) - ? - C:\Users\gk\AppData\Local\Temp\catchme.sys  (File not found)
"Dritek General Port I/O" (DritekPortIO) - "Dritek System Inc." - C:\PROGRA~1\LAUNCH~1\DPortIO.sys
"IP in IP Tunnel Driver" (IpInIp) - ? - C:\Windows\System32\DRIVERS\ipinip.sys  (File not found)
"IPX Traffic Filter Driver" (NwlnkFlt) - ? - C:\Windows\System32\DRIVERS\nwlnkflt.sys  (File not found)
"IPX Traffic Forwarder Driver" (NwlnkFwd) - ? - C:\Windows\System32\DRIVERS\nwlnkfwd.sys  (File not found)
"pgtdqpoc" (pgtdqpoc) - ? - C:\Users\gk\AppData\Local\Temp\pgtdqpoc.sys  (Hidden registry entry, rootkit activity | File not found)
"ssmdrv" (ssmdrv) - "Avira GmbH" - C:\Windows\System32\DRIVERS\ssmdrv.sys
"TuneUpUtilitiesDrv" (TuneUpUtilitiesDrv) - "TuneUp Software" - C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys
"UBHelper" (UBHelper) - "NewTech Infosystems Corporation" - C:\Windows\system32\drivers\UBHelper.sys
"Upper Class Filter Driver" (NTIDrvr) - "NewTech Infosystems, Inc." - C:\Windows\System32\DRIVERS\NTIDrvr.sys
"VClone" (VClone) - ? - C:\Windows\System32\DRIVERS\VClone.sys  (File not found)

[Explorer]
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
-----( HKLM\Software\Classes\Protocols\Filter )-----
{807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
-----( HKLM\Software\Classes\Protocols\Handler )-----
{314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
{828030A1-22C1-4009-854F-8E305202313F} "livecall" - "Microsoft Corporation" - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
{88FED34C-F0CA-4636-A375-3CB6248B04CD} "Local Groove Web Services Protocol" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
{0A9007C0-4076-11D3-8789-0000F8105754} "Microsoft Infotech Storage Protocol for IE 4.0" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll
{828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
{91774881-D725-4E58-B298-07617B9B86A8} "Skype IE add-on Pluggable Protocol" - "Skype Technologies S.A." - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
{03C514A3-1EFB-4856-9F99-10D7BE1653C0} "Windows Live Mail HTML Asynchronous Pluggable Protocol Handler" - "Microsoft Corporation" - C:\Program Files\Windows Live\Mail\mailcomm.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )-----
{B5A7F190-DDA6-4420-B3BA-52453494E6CD} "Groove GFS Stub Execution Hook" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{911051fa-c21c-4246-b470-070cd8df6dc4} ".cab or .zip files" - ? -   (File not found | COM-object registry key not found)
{23170F69-40C1-278A-1000-000100020000} "7-Zip Shell Extension" - "Igor Pavlov" - C:\Program Files\7-Zip\7-zip.dll
{1b24a030-9b20-49bc-97ac-1be4426f9e59} "ActiveDirectory Folder" - ? -   (File not found | COM-object registry key not found)
{34449847-FD14-4fc8-A75A-7432F5181EFB} "ActiveDirectory Folder" - ? -   (File not found | COM-object registry key not found)
{0563DB41-F538-4B37-A92D-4659049B7766} "CLSID_WLMCMimeFilter" - "Microsoft Corporation" - C:\Program Files\Windows Live\Mail\mailcomm.dll
{0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48} "Contacts folder" - ? -   (File not found | COM-object registry key not found)
{2C2577C2-63A7-40e3-9B7F-586602617ECB} "Explorer Query Band" - ? -   (File not found | COM-object registry key not found)
{99FD978C-D287-4F50-827F-B2C658EDA8E7} "Groove Explorer Icon Overlay 1 (GFS Unread Stub)" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} "Groove Explorer Icon Overlay 2 (GFS Stub)" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{920E6DB1-9907-4370-B3A0-BAFC03D81399} "Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{16F3DD56-1AF5-4347-846D-7C10C4192619} "Groove Explorer Icon Overlay 3 (GFS Folder)" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{2916C86E-86A6-43FE-8112-43ABE6BF8DCC} "Groove Explorer Icon Overlay 4 (GFS Unread Mark)" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{2A541AE1-5BF6-4665-A8A3-CFA9672E4291} "Groove Folder Synchronization" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{72853161-30C5-4D22-B7F9-0BBC1D38A37E} "Groove GFS Browser Helper" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{6C467336-8281-4E60-8204-430CED96822D} "Groove GFS Context Menu Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{B5A7F190-DDA6-4420-B3BA-52453494E6CD} "Groove GFS Stub Execution Hook" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{A449600E-1DC6-4232-B948-9BD794D62056} "Groove GFS Stub Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{387E725D-DC16-4D76-B310-2C93ED4752A0} "Groove XML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} "IE User Assist" - ? -   (File not found | COM-object registry key not found)
{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\msohevi.dll
{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{00020d75-0000-0000-c000-000000000046} "Microsoft Office Outlook" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\MLSHEXT.DLL
{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{416651E4-9C3C-11D9-8BDE-F66BAD1E3F3A} "Nokia Phone Browser" - "Nokia" - C:\Program Files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
{0006F045-0000-0000-C000-000000000046} "Outlook File Icon Extension" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\OLKFSTUB.DLL
{C8494E42-ACDD-4739-B0FB-217361E4894F} "Sam Account Folder" - ? -   (File not found | COM-object registry key not found)
{E29F9716-5C08-4FCD-955A-119FDB5A522D} "Sam Account Folder" - ? -   (File not found | COM-object registry key not found)
{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira Operations GmbH & Co. KG" - C:\Program Files\Avira\AntiVir Desktop\shlext.dll
{4838CD50-7E5D-4811-9B17-C47A85539F28} "TuneUp Disk Space Explorer Shell Extension" - "TuneUp Software" - C:\Program Files\TuneUp Utilities 2010\DseShExt-x86.dll
{4858E7D9-8E12-45a3-B6A3-1CD128C9D403} "TuneUp Shredder Shell Extension" - "TuneUp Software" - C:\Program Files\TuneUp Utilities 2010\SDShelEx-win32.dll
{44440D00-FF19-4AFC-B765-9A0970567D97} "TuneUp Theme Extension" - "TuneUp Software" - C:\Windows\System32\uxtuneup.dll
{2BE99FD4-A181-4996-BFA9-58C5FFD11F6C} "Windows Live Photo Gallery Autoplay Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F30F64-AC33-42F5-8FD1-5DC2D3FDE06C} "Windows Live Photo Gallery Editor Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F3712A-CA79-45B4-9E4D-D7891E7F8B9D} "Windows Live Photo Gallery Editor Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F30F90-3E96-453B-AFCD-D71989ECC2C7} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F33137-EE26-412F-8D71-F84E4C2C6625} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F374B7-B390-4884-B372-2FC349F2172B} "Windows Live Photo Gallery Viewer Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F346CB-35A4-465B-8B8F-65A29DBAB1F6} "Windows Live Photo Gallery Viewer Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
{da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" - ? -   (File not found | COM-object registry key not found)
{06A2568A-CED6-4187-BB20-400B8C02BE5A} "{06A2568A-CED6-4187-BB20-400B8C02BE5A}" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoAcquireWizard.exe

[Internet Explorer]
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
<binary data> "Google Toolbar" - "Google Inc." - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
ITBar7Height "ITBar7Height" - ? -   (File not found | COM-object registry key not found)
<binary data> "ITBar7Layout" - ? -   (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_29" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} "Java Plug-in 1.6.0_29" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_29" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_29.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
{02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} "QuickTime Object" - "Apple Inc." - C:\Program Files\QuickTime\QTPlugin.ocx / hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
{898EA8C8-E7FF-479B-8935-AEC46303B9E5} "Click to call with Skype" - "Skype Technologies S.A." - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
{23BC42E9-46AB-481f-A200-69524B689A6B} "DHL Bestellhelfer" - ? -   (File not found | COM-object registry key not found)
{5F7B1267-94A9-47F5-98DB-E99415F33AEC} "In Blog veröffentlichen" - "Microsoft Corporation" - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
{FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )-----
<binary data> "Google Toolbar" - "Google Inc." - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
{AA58ED58-01DD-4d91-8333-CF10577473F7} "Google Toolbar Helper" - "Google Inc." - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} "Google Toolbar Notifier BHO" - "Google Inc." - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll
{72853161-30C5-4D22-B7F9-0BBC1D38A37E} "Groove GFS Browser Helper" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll
{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} "Skype Browser Helper" - "Skype Technologies S.A." - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
{9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live Anmelde-Hilfsprogramm" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

[Logon]
-----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\Users\gk\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----
"ICQ" - "ICQ, LLC." - "C:\Program Files\ICQ7.4\ICQ.exe" silent loginmode=4
"swg" - "Google Inc." - "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
-----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )-----
"StartupPrograms" - ? - rdpclip  (File not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"Acer ePower Management" - "Acer Incorporated" - C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
"avgnt" - "Avira Operations GmbH & Co. KG" - "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
"BkupTray" - ? - "C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe"
"FreePDF Assistant" - "shbox.de" - C:\Program Files\FreePDF_XP\fpassist.exe
"GrooveMonitor" - "Microsoft Corporation" - "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
"LManager" - "Dritek System Inc." - C:\PROGRA~1\LAUNCH~1\LManager.exe
"MobileConnect" - "Vodafone" - %programfiles%\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe /silent
"PLFSetI" - ? - C:\Windows\PLFSetI.exe
"SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

[Print Monitors]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----
"Redirected Port" - ? - C:\Windows\system32\redmonnt.dll  (File found, but it contains no detailed information)

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"@%SystemRoot%\System32\uxtuneup.dll,-4096" (UxTuneUp) - "TuneUp Software" - C:\Windows\System32\uxtuneup.dll
"@C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe,-1" (TuneUp.Defrag) - "TuneUp Software" - C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe
"Acer ePower Service" (ePowerSvc) - "Acer Incorporated" - C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
"Avira Browser Schutz" (AntiVirWebService) - "Avira Operations GmbH & Co. KG" - C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
"Avira Echtzeit Scanner" (AntiVirService) - "Avira Operations GmbH & Co. KG" - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
"Avira Email Schutz" (AntiVirMailService) - "Avira Operations GmbH & Co. KG" - C:\Program Files\Avira\AntiVir Desktop\avmailc.exe
"Avira Planer" (AntiVirSchedulerService) - "Avira Operations GmbH & Co. KG" - C:\Program Files\Avira\AntiVir Desktop\sched.exe
"AVM FRITZ!web Routing Service" (de_serv) - "AVM Berlin" - C:\Program Files\Common Files\AVM\de_serv.exe
"AVM IGD CTRL Service" (AVM IGD CTRL Service) - "AVM Berlin" - C:\Program Files\FRITZ!DSL\IGDCTRL.EXE
"CLHNService" (CLHNService) - ? - C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe
"Cyberlink RichVideo Service(CRVS)" (RichVideo) - ? - C:\Program Files\Cyberlink\Shared files\RichVideo.exe
"Google Software Updater" (gusvc) - "Google" - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
"Google Update Service (gupdate)" (gupdate) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"Google Update-Dienst (gupdatem)" (gupdatem) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"LightScribeService Direct Disc Labeling Service" (LightScribeService) - "Hewlett-Packard Company" - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
"Microsoft Office Diagnostics Service" (odserv) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
"Microsoft Office Groove Audit Service" (Microsoft Office Groove Audit Service) - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
"MobilityService" (MobilityService) - ? - C:\Acer\Mobility Center\MobilityService.exe
"Net Driver HPZ12" (Net Driver HPZ12) - "Hewlett-Packard" - C:\Windows\system32\HPZinw12.dll
"NTI Backup Now 5 Agent Service" (BUNAgentSvc) - "NewTech Infosystems, Inc." - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
"NTI Backup Now 5 Backup Service" (NTIBackupSvc) - "NewTech InfoSystems, Inc." - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
"NTI Backup Now 5 Scheduler Service" (NTISchedulerSvc) - ? - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe  (File found, but it contains no detailed information)
"Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
"Pml Driver HPZ12" (Pml Driver HPZ12) - "Hewlett-Packard" - C:\Windows\system32\HPZipm12.dll
"ServiceLayer" (ServiceLayer) - "Nokia." - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
"Sony Ericsson PCCompanion" (Sony Ericsson PCCompanion) - "Avanquest Software" - C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe
"TomTomHOMEService" (TomTomHOMEService) - "TomTom" - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
"TuneUp Utilities Service" (TuneUp.UtilitiesSvc) - "TuneUp Software" - C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
"Vodafone Mobile Connect Service" (VMCService) - "Vodafone" - C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe

[Winsock Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries )-----
"AVSDA" - "Avira Operations GmbH & Co. KG" - C:\Program Files\Avira\AntiVir Desktop\avsda.dll

===[ Logfile end ]=========================================[ Logfile end ]===

--- --- ---

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru

aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
Run date: 2011-10-26 18:02:13
-----------------------------
18:02:13.723 OS Version: Windows 6.0.6001 Service Pack 1
18:02:13.723 Number of processors: 2 586 0x170A
18:02:13.723 ComputerName: GK-PC UserName: gk
18:02:30.384 Initialize success
18:03:54.164 AVAST engine defs: 11102600
18:04:04.476 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\000000a4
18:04:04.476 Disk 0 Vendor: Hitachi_ FB4O Size: 305245MB BusType: 3
18:04:06.519 Disk 0 MBR read successfully
18:04:06.519 Disk 0 MBR scan
18:04:06.551 Disk 0 Windows VISTA default MBR code
18:04:06.566 Disk 0 scanning sectors +625139712
18:04:06.660 Disk 0 scanning C:\Windows\system32\drivers
18:04:24.990 Service scanning
18:04:26.222 Modules scanning
18:04:33.117 Disk 0 trace - called modules:
18:04:33.149 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll storport.sys nvstor32.sys
18:04:33.149 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x852fe4f0]
18:04:33.149 3 CLASSPNP.SYS[895de745] -> nt!IofCallDriver -> [0x85188700]
18:04:33.164 5 acpi.sys[8069e6a0] -> nt!IofCallDriver -> \Device\000000a4[0x84d72900]
18:04:34.194 AVAST engine scan C:\Windows
18:04:42.743 AVAST engine scan C:\Windows\system32
18:07:50.052 AVAST engine scan C:\Windows\system32\drivers
18:08:02.017 AVAST engine scan C:\Users\gk
18:12:42.177 AVAST engine scan C:\ProgramData
18:15:22.998 Scan finished successfully
18:15:39.393 Disk 0 MBR has been saved successfully to "C:\Users\gk\Desktop\MBR.dat"
18:15:39.393 The log file has been saved successfully to "C:\Users\gk\Desktop\aswMBR.txt"

MfG Gerd

gerd076 · 26.10.2011, 18:47

Hab das mit GMER doch noch hingekriegt:

GMER Logfile:

Code:

ATTFilter

GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2011-10-26 19:44:12
Windows 6.0.6001 Service Pack 1 Harddisk0\DR0 -> \Device\000000a4 Hitachi_ rev.FB4O
Running: 34hi7d1i.exe; Driver: C:\Users\gk\AppData\Local\Temp\pgtdqpoc.sys


---- System - GMER 1.0.15 ----

SSDT            8B3C9626                                   ZwCreateSection
SSDT            8B3C95FE                                   ZwCreateSymbolicLinkObject
SSDT            8B3C9603                                   ZwLoadDriver
SSDT            8B3C95F9                                   ZwOpenSection
SSDT            8B3C9630                                   ZwRequestWaitReplyPort
SSDT            8B3C962B                                   ZwSetContextThread
SSDT            8B3C9635                                   ZwSetSecurityObject
SSDT            8B3C9608                                   ZwSetSystemInformation
SSDT            8B3C963A                                   ZwSystemDebugControl
SSDT            8B3C95C7                                   ZwTerminateProcess
SSDT            8B3C95C2                                   ZwWriteVirtualMemory

---- Kernel code sections - GMER 1.0.15 ----

.text           ntkrnlpa.exe!KeSetTimerEx + 448            81CECB0C 4 Bytes  [26, 96, 3C, 8B]
.text           ntkrnlpa.exe!KeSetTimerEx + 450            81CECB14 4 Bytes  [FE, 95, 3C, 8B]
.text           ntkrnlpa.exe!KeSetTimerEx + 5B0            81CECC74 4 Bytes  [03, 96, 3C, 8B]
.text           ntkrnlpa.exe!KeSetTimerEx + 630            81CECCF4 4 Bytes  [F9, 95, 3C, 8B] {STC ; XCHG EBP, EAX; CMP AL, 0x8b}
.text           ntkrnlpa.exe!KeSetTimerEx + 76C            81CECE30 4 Bytes  [30, 96, 3C, 8B]
.text           ...                                        
.text           C:\Windows\system32\DRIVERS\nvlddmkm.sys   section is writeable [0x8D207340, 0x3F97E7, 0xE8000020]
?               C:\Users\gk\AppData\Local\Temp\aswMBR.sys  Das System kann die angegebene Datei nicht finden. !

---- Devices - GMER 1.0.15 ----

AttachedDevice  \Driver\kbdclass \Device\KeyboardClass0    Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice  \Driver\kbdclass \Device\KeyboardClass1    Wdf01000.sys (WDF Dynamic/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----

--- --- ---

cosinus · 26.10.2011, 19:57

Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!

Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt:

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

gerd076 · 27.10.2011, 08:11

So, hier sind die Logfiles:

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Datenbank Version: 8025

Windows 6.0.6001 Service Pack 1
Internet Explorer 8.0.6001.19088

27.10.2011 00:28:30
mbam-log-2011-10-27 (00-28-30).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 300818
Laufzeit: 51 Minute(n), 11 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com

Generated 10/27/2011 at 02:06 AM

Application Version : 5.0.1134

Core Rules Database Version : 7854
Trace Rules Database Version: 5666

Scan type : Complete Scan
Total Scan Time : 01:25:24

Operating System Information
Windows Vista Home Premium 32-bit, Service Pack 1 (Build 6.00.6001)
UAC On - Administrator

Memory items scanned : 794
Memory threats detected : 0
Registry items scanned : 38553
Registry threats detected : 0
File items scanned : 138400
File threats detected : 173

Adware.Tracking Cookie
C:\Users\gk\AppData\Roaming\Microsoft\Windows\Cookies\gk@ad.adc-serv[2].txt [ /ad.adc-serv ]
C:\Users\gk\AppData\Roaming\Microsoft\Windows\Cookies\gk@ad.adnet[2].txt [ /ad.adnet ]
C:\Users\gk\AppData\Roaming\Microsoft\Windows\Cookies\gk@ad.yieldmanager[1].txt [ /ad.yieldmanager ]
C:\Users\gk\AppData\Roaming\Microsoft\Windows\Cookies\gk@ad.yieldmanager[2].txt [ /ad.yieldmanager ]
C:\Users\gk\AppData\Roaming\Microsoft\Windows\Cookies\gk@ad.zanox[2].txt [ /ad.zanox ]
C:\Users\gk\AppData\Roaming\Microsoft\Windows\Cookies\gk@ad1.adfarm1.adition[1].txt [ /ad1.adfarm1.adition ]
C:\Users\gk\AppData\Roaming\Microsoft\Windows\Cookies\gk@ad2.adfarm1.adition[2].txt [ /ad2.adfarm1.adition ]
C:\Users\gk\AppData\Roaming\Microsoft\Windows\Cookies\gk@ad3.adfarm1.adition[1].txt [ /ad3.adfarm1.adition ]
C:\Users\gk\AppData\Roaming\Microsoft\Windows\Cookies\gk@ad3.adfarm1.adition[2].txt [ /ad3.adfarm1.adition ]
C:\Users\gk\AppData\Roaming\Microsoft\Windows\Cookies\gk@ad3.adfarm1.adition[3].txt [ /ad3.adfarm1.adition ]
C:\Users\gk\AppData\Roaming\Microsoft\Windows\Cookies\gk@adfarm1.adition[1].txt [ /adfarm1.adition ]
C:\Users\gk\AppData\Roaming\Microsoft\Windows\Cookies\gk@ads.creative-serving[2].txt [ /ads.creative-serving ]
C:\Users\gk\AppData\Roaming\Microsoft\Windows\Cookies\gk@adserv.kwick[2].txt [ /adserv.kwick ]
C:\Users\gk\AppData\Roaming\Microsoft\Windows\Cookies\gk@adserver.traffictrack[2].txt [ /adserver.traffictrack ]
C:\Users\gk\AppData\Roaming\Microsoft\Windows\Cookies\gk@adservercentral[2].txt [ /adservercentral ]
C:\Users\gk\AppData\Roaming\Microsoft\Windows\Cookies\gk@adtech[1].txt [ /adtech ]
C:\Users\gk\AppData\Roaming\Microsoft\Windows\Cookies\gk@advertising[2].txt [ /advertising ]
C:\Users\gk\AppData\Roaming\Microsoft\Windows\Cookies\gk@apmebf[1].txt [ /apmebf ]
C:\Users\gk\AppData\Roaming\Microsoft\Windows\Cookies\gk@atdmt.combing[2].txt [ /atdmt.combing ]
C:\Users\gk\AppData\Roaming\Microsoft\Windows\Cookies\gk@atdmt[1].txt [ /atdmt ]
C:\Users\gk\AppData\Roaming\Microsoft\Windows\Cookies\gk@atwola[2].txt [ /atwola ]
C:\Users\gk\AppData\Roaming\Microsoft\Windows\Cookies\gk@bs.serving-sys[1].txt [ /bs.serving-sys ]
C:\Users\gk\AppData\Roaming\Microsoft\Windows\Cookies\gk@content.yieldmanager[2].txt [ /content.yieldmanager ]
C:\Users\gk\AppData\Roaming\Microsoft\Windows\Cookies\gk@content.yieldmanager[3].txt [ /content.yieldmanager ]
C:\Users\gk\AppData\Roaming\Microsoft\Windows\Cookies\gk@content.yieldmanager[4].txt [ /content.yieldmanager ]
C:\Users\gk\AppData\Roaming\Microsoft\Windows\Cookies\gk@content.yieldmanager[5].txt [ /content.yieldmanager ]
C:\Users\gk\AppData\Roaming\Microsoft\Windows\Cookies\gk@doubleclick[1].txt [ /doubleclick ]
C:\Users\gk\AppData\Roaming\Microsoft\Windows\Cookies\gk@eyewonder[2].txt [ /eyewonder ]
C:\Users\gk\AppData\Roaming\Microsoft\Windows\Cookies\gk@fastclick[1].txt [ /fastclick ]
C:\Users\gk\AppData\Roaming\Microsoft\Windows\Cookies\gk@googleads.g.doubleclick[1].txt [ /googleads.g.doubleclick ]
C:\Users\gk\AppData\Roaming\Microsoft\Windows\Cookies\gk@imrworldwide[2].txt [ /imrworldwide ]
C:\Users\gk\AppData\Roaming\Microsoft\Windows\Cookies\gk@invitemedia[1].txt [ /invitemedia ]
C:\Users\gk\AppData\Roaming\Microsoft\Windows\Cookies\gk@mediaplex[2].txt [ /mediaplex ]
C:\Users\gk\AppData\Roaming\Microsoft\Windows\Cookies\gk@microsoftwllivemkt.112.2o7[1].txt [ /microsoftwllivemkt.112.2o7 ]
C:\Users\gk\AppData\Roaming\Microsoft\Windows\Cookies\gk@questionmarket[2].txt [ /questionmarket ]
C:\Users\gk\AppData\Roaming\Microsoft\Windows\Cookies\gk@revsci[2].txt [ /revsci ]
C:\Users\gk\AppData\Roaming\Microsoft\Windows\Cookies\gk@serving-sys[1].txt [ /serving-sys ]
C:\Users\gk\AppData\Roaming\Microsoft\Windows\Cookies\gk@sevenoneintermedia.112.2o7[1].txt [ /sevenoneintermedia.112.2o7 ]
C:\Users\gk\AppData\Roaming\Microsoft\Windows\Cookies\gk@smartadserver[2].txt [ /smartadserver ]
C:\Users\gk\AppData\Roaming\Microsoft\Windows\Cookies\gk@tacoda[1].txt [ /tacoda ]
C:\Users\gk\AppData\Roaming\Microsoft\Windows\Cookies\gk@tracking.hannoversche[2].txt [ /tracking.hannoversche ]
C:\Users\gk\AppData\Roaming\Microsoft\Windows\Cookies\gk@tracking.mindshare[1].txt [ /tracking.mindshare ]
C:\Users\gk\AppData\Roaming\Microsoft\Windows\Cookies\gk@tracking.quisma[2].txt [ /tracking.quisma ]
C:\Users\gk\AppData\Roaming\Microsoft\Windows\Cookies\gk@tradedoubler[1].txt [ /tradedoubler ]
C:\Users\gk\AppData\Roaming\Microsoft\Windows\Cookies\gk@tradedoubler[2].txt [ /tradedoubler ]
C:\Users\gk\AppData\Roaming\Microsoft\Windows\Cookies\gk@tradedoubler[3].txt [ /tradedoubler ]
C:\Users\gk\AppData\Roaming\Microsoft\Windows\Cookies\gk@tradedoubler[4].txt [ /tradedoubler ]
C:\Users\gk\AppData\Roaming\Microsoft\Windows\Cookies\gk@traffictrack[1].txt [ /traffictrack ]
C:\Users\gk\AppData\Roaming\Microsoft\Windows\Cookies\gk@vdwp.solution.weborama[2].txt [ /vdwp.solution.weborama ]
C:\Users\gk\AppData\Roaming\Microsoft\Windows\Cookies\gk@webmasterplan[2].txt [ /webmasterplan ]
C:\Users\gk\AppData\Roaming\Microsoft\Windows\Cookies\gk@weborama[1].txt [ /weborama ]
C:\Users\gk\AppData\Roaming\Microsoft\Windows\Cookies\gk@www.active-tracking[1].txt [ /www.active-tracking ]
C:\Users\gk\AppData\Roaming\Microsoft\Windows\Cookies\gk@www.adservercentral[1].txt [ /www.adservercentral ]
C:\Users\gk\AppData\Roaming\Microsoft\Windows\Cookies\gk@www.zanox-affiliate[1].txt [ /www.zanox-affiliate ]
C:\Users\gk\AppData\Roaming\Microsoft\Windows\Cookies\gk@zanox-affiliate[2].txt [ /zanox-affiliate ]
C:\Users\gk\AppData\Roaming\Microsoft\Windows\Cookies\gk@zanox[1].txt [ /zanox ]
C:\Users\gk\AppData\Roaming\Microsoft\Windows\Cookies\gk@zbox.zanox[2].txt [ /zbox.zanox ]
C:\USERS\GK\AppData\Roaming\Microsoft\Windows\Cookies\gk@adsonar[2].txt [ Cookie:gk@adsonar.com/adserving ]
C:\USERS\GK\AppData\Roaming\Microsoft\Windows\Cookies\Low\gk@tracking.klicktel[2].txt [ Cookie:gk@tracking.klicktel.de/ ]
C:\USERS\GK\AppData\Roaming\Microsoft\Windows\Cookies\Low\gk@www.zanox-affiliate[2].txt [ Cookie:gk@www.zanox-affiliate.de/ ]
C:\USERS\GK\AppData\Roaming\Microsoft\Windows\Cookies\Low\gk@fr.sitestat[2].txt [ Cookie:gk@fr.sitestat.com/renault-group/ ]
C:\USERS\GK\AppData\Roaming\Microsoft\Windows\Cookies\Low\gk@zanox[2].txt [ Cookie:gk@zanox.com/ ]
C:\USERS\GK\AppData\Roaming\Microsoft\Windows\Cookies\Low\gk@zanox-affiliate[2].txt [ Cookie:gk@zanox-affiliate.de/ ]
C:\USERS\GK\AppData\Roaming\Microsoft\Windows\Cookies\Low\gk@specificclick[1].txt [ Cookie:gk@specificclick.net/ ]
C:\USERS\GK\AppData\Roaming\Microsoft\Windows\Cookies\Low\gk@www.googleadservices[2].txt [ Cookie:gk@www.googleadservices.com/pagead/conversion/1043602441/ ]
C:\USERS\GK\AppData\Roaming\Microsoft\Windows\Cookies\Low\gk@webmasterplan[1].txt [ Cookie:gk@webmasterplan.com/ ]
C:\USERS\GK\AppData\Roaming\Microsoft\Windows\Cookies\Low\gk@tradedoubler[1].txt [ Cookie:gk@tradedoubler.com/ ]
C:\USERS\GK\AppData\Roaming\Microsoft\Windows\Cookies\Low\gk@atdmt[1].txt [ Cookie:gk@atdmt.com/ ]
C:\USERS\GK\AppData\Roaming\Microsoft\Windows\Cookies\Low\gk@doubleclick[2].txt [ Cookie:gk@doubleclick.net/ ]
C:\USERS\GK\AppData\Roaming\Microsoft\Windows\Cookies\Low\gk@tracking.mlsat02[1].txt [ Cookie:gk@tracking.mlsat02.de/tmobile/ ]
C:\USERS\GK\AppData\Roaming\Microsoft\Windows\Cookies\Low\gk@rotator.adjuggler[1].txt [ Cookie:gk@rotator.adjuggler.com/ ]
C:\USERS\GK\AppData\Roaming\Microsoft\Windows\Cookies\Low\gk@traffictrack[1].txt [ Cookie:gk@traffictrack.de/ ]
C:\USERS\GK\AppData\Roaming\Microsoft\Windows\Cookies\Low\gk@ww251.smartadserver[1].txt [ Cookie:gk@ww251.smartadserver.com/ ]
C:\USERS\GK\AppData\Roaming\Microsoft\Windows\Cookies\Low\gk@tracking.quisma[2].txt [ Cookie:gk@tracking.quisma.com/ ]
C:\USERS\GK\AppData\Roaming\Microsoft\Windows\Cookies\Low\gk@ad.adnet[1].txt [ Cookie:gk@ad.adnet.de/ ]
C:\USERS\GK\AppData\Roaming\Microsoft\Windows\Cookies\Low\gk@www.googleadservices[5].txt [ Cookie:gk@www.googleadservices.com/pagead/conversion/1066732035/ ]
C:\USERS\GK\AppData\Roaming\Microsoft\Windows\Cookies\Low\gk@112.2o7[2].txt [ Cookie:gk@112.2o7.net/ ]
C:\USERS\GK\AppData\Roaming\Microsoft\Windows\Cookies\Low\gk@adxpose[1].txt [ Cookie:gk@adxpose.com/ ]
C:\USERS\GK\AppData\Roaming\Microsoft\Windows\Cookies\Low\gk@bs.serving-sys[1].txt [ Cookie:gk@bs.serving-sys.com/ ]
C:\USERS\GK\AppData\Roaming\Microsoft\Windows\Cookies\Low\gk@advertising[1].txt [ Cookie:gk@advertising.com/ ]
C:\USERS\GK\AppData\Roaming\Microsoft\Windows\Cookies\Low\gk@eas.apm.emediate[2].txt [ Cookie:gk@eas.apm.emediate.eu/ ]
C:\USERS\GK\AppData\Roaming\Microsoft\Windows\Cookies\Low\gk@www.googleadservices[3].txt [ Cookie:gk@www.googleadservices.com/pagead/conversion/1059341893/ ]
C:\USERS\GK\AppData\Roaming\Microsoft\Windows\Cookies\Low\gk@ad.adserver01[1].txt [ Cookie:gk@ad.adserver01.de/ ]
C:\USERS\GK\AppData\Roaming\Microsoft\Windows\Cookies\Low\gk@statse.webtrendslive[2].txt [ Cookie:gk@statse.webtrendslive.com/ ]
C:\USERS\GK\AppData\Roaming\Microsoft\Windows\Cookies\Low\gk@bluestreak[1].txt [ Cookie:gk@bluestreak.com/ ]
C:\USERS\GK\AppData\Roaming\Microsoft\Windows\Cookies\Low\gk@ehg-systemax.hitbox[1].txt [ Cookie:gk@ehg-systemax.hitbox.com/ ]
C:\USERS\GK\AppData\Roaming\Microsoft\Windows\Cookies\Low\gk@mediaplex[2].txt [ Cookie:gk@mediaplex.com/ ]
C:\USERS\GK\AppData\Roaming\Microsoft\Windows\Cookies\Low\gk@www.googleadservices[4].txt [ Cookie:gk@www.googleadservices.com/pagead/conversion/1029724545/ ]
C:\USERS\GK\AppData\Roaming\Microsoft\Windows\Cookies\Low\gk@fr.sitestat[1].txt [ Cookie:gk@fr.sitestat.com/renault-group/renault-de/ ]
C:\USERS\GK\AppData\Roaming\Microsoft\Windows\Cookies\Low\gk@vodafonegroup.122.2o7[1].txt [ Cookie:gk@vodafonegroup.122.2o7.net/ ]
C:\USERS\GK\AppData\Roaming\Microsoft\Windows\Cookies\Low\gk@apmebf[1].txt [ Cookie:gk@apmebf.com/ ]
C:\USERS\GK\AppData\Roaming\Microsoft\Windows\Cookies\Low\gk@www.googleadservices[1].txt [ Cookie:gk@www.googleadservices.com/pagead/conversion/1019406294/ ]
C:\USERS\GK\AppData\Roaming\Microsoft\Windows\Cookies\Low\gk@ero-advertising[1].txt [ Cookie:gk@ero-advertising.com/ ]
C:\USERS\GK\AppData\Roaming\Microsoft\Windows\Cookies\Low\gk@media6degrees[1].txt [ Cookie:gk@media6degrees.com/ ]
C:\USERS\GK\AppData\Roaming\Microsoft\Windows\Cookies\Low\gk@serving-sys[1].txt [ Cookie:gk@serving-sys.com/ ]
C:\USERS\GK\AppData\Roaming\Microsoft\Windows\Cookies\Low\gk@e-2dj6wgliald5ofo.stats.esomniture[2].txt [ Cookie:gk@e-2dj6wgliald5ofo.stats.esomniture.com/ ]
C:\USERS\GK\AppData\Roaming\Microsoft\Windows\Cookies\Low\gk@track.effiliation[1].txt [ Cookie:gk@track.effiliation.com/servlet/ ]
C:\USERS\GK\AppData\Roaming\Microsoft\Windows\Cookies\Low\gk@adfarm1.adition[1].txt [ Cookie:gk@adfarm1.adition.com/ ]
C:\USERS\GK\AppData\Roaming\Microsoft\Windows\Cookies\Low\gk@ad1.power-media[1].txt [ Cookie:gk@ad1.power-media.net/ ]
C:\USERS\GK\AppData\Roaming\Microsoft\Windows\Cookies\Low\gk@im.banner.t-online[1].txt [ Cookie:gk@im.banner.t-online.de/ ]
C:\USERS\GK\AppData\Roaming\Microsoft\Windows\Cookies\Low\gk@xiti[1].txt [ Cookie:gk@xiti.com/ ]
C:\USERS\GK\AppData\Roaming\Microsoft\Windows\Cookies\Low\gk@content.yieldmanager[3].txt [ Cookie:gk@content.yieldmanager.com/ak/ ]
C:\USERS\GK\AppData\Roaming\Microsoft\Windows\Cookies\Low\gk@ad.yieldmanager[1].txt [ Cookie:gk@ad.yieldmanager.com/ ]
C:\USERS\GK\AppData\Roaming\Microsoft\Windows\Cookies\Low\gk@cdn5.specificclick[1].txt [ Cookie:gk@cdn5.specificclick.net/ ]
C:\USERS\GK\AppData\Roaming\Microsoft\Windows\Cookies\Low\gk@gemoneysdenac.112.2o7[1].txt [ Cookie:gk@gemoneysdenac.112.2o7.net/ ]
C:\USERS\GK\AppData\Roaming\Microsoft\Windows\Cookies\Low\gk@ad.zanox[2].txt [ Cookie:gk@ad.zanox.com/ ]
C:\USERS\GK\AppData\Roaming\Microsoft\Windows\Cookies\Low\gk@hitbox[2].txt [ Cookie:gk@hitbox.com/ ]
C:\USERS\GK\AppData\Roaming\Microsoft\Windows\Cookies\Low\gk@de.sitestat[2].txt [ Cookie:gk@de.sitestat.com/cicero/freies-wort/ ]
C:\USERS\GK\AppData\Roaming\Microsoft\Windows\Cookies\Low\gk@daimlerag.122.2o7[1].txt [ Cookie:gk@daimlerag.122.2o7.net/ ]
C:\USERS\GK\AppData\Roaming\Microsoft\Windows\Cookies\Low\gk@www.etracker[1].txt [ Cookie:gk@www.etracker.de/ ]
C:\USERS\GK\AppData\Roaming\Microsoft\Windows\Cookies\Low\gk@ad2.adfarm1.adition[1].txt [ Cookie:gk@ad2.adfarm1.adition.com/ ]
C:\USERS\GK\AppData\Roaming\Microsoft\Windows\Cookies\Low\gk@secmedia[1].txt [ Cookie:gk@secmedia.de/ ]
C:\USERS\GK\Cookies\gk@www.zanox-affiliate[1].txt [ Cookie:gk@www.zanox-affiliate.de/ ]
C:\USERS\GK\Cookies\gk@smartadserver[2].txt [ Cookie:gk@smartadserver.com/ ]
C:\USERS\GK\Cookies\gk@zanox[1].txt [ Cookie:gk@zanox.com/ ]
C:\USERS\GK\Cookies\gk@zanox-affiliate[2].txt [ Cookie:gk@zanox-affiliate.de/ ]
C:\USERS\GK\Cookies\gk@www.active-tracking[1].txt [ Cookie:gk@www.active-tracking.de/ ]
C:\USERS\GK\Cookies\gk@webmasterplan[2].txt [ Cookie:gk@webmasterplan.com/ ]
C:\USERS\GK\Cookies\gk@adserv.kwick[2].txt [ Cookie:gk@adserv.kwick.de/ ]
C:\USERS\GK\Cookies\gk@tradedoubler[4].txt [ Cookie:gk@tradedoubler.com/ ]
C:\USERS\GK\Cookies\gk@atdmt[1].txt [ Cookie:gk@atdmt.com/ ]
C:\USERS\GK\Cookies\gk@sevenoneintermedia.112.2o7[1].txt [ Cookie:gk@sevenoneintermedia.112.2o7.net/ ]
C:\USERS\GK\Cookies\gk@doubleclick[1].txt [ Cookie:gk@doubleclick.net/ ]
C:\USERS\GK\Cookies\gk@traffictrack[1].txt [ Cookie:gk@traffictrack.de/ ]
C:\USERS\GK\Cookies\gk@tracking.quisma[2].txt [ Cookie:gk@tracking.quisma.com/ ]
C:\USERS\GK\Cookies\gk@ad.adnet[2].txt [ Cookie:gk@ad.adnet.de/ ]
C:\USERS\GK\Cookies\gk@adsonar[2].txt [ Cookie:gk@adsonar.com/adserving ]
C:\USERS\GK\Cookies\gk@revsci[2].txt [ Cookie:gk@revsci.net/ ]
C:\USERS\GK\Cookies\gk@questionmarket[2].txt [ Cookie:gk@questionmarket.com/ ]
C:\USERS\GK\Cookies\gk@googleads.g.doubleclick[1].txt [ Cookie:gk@googleads.g.doubleclick.net/ ]
C:\USERS\GK\Cookies\gk@bs.serving-sys[1].txt [ Cookie:gk@bs.serving-sys.com/ ]
C:\USERS\GK\Cookies\gk@advertising[2].txt [ Cookie:gk@advertising.com/ ]
C:\USERS\GK\Cookies\gk@adservercentral[2].txt [ Cookie:gk@adservercentral.info/ ]
C:\USERS\GK\Cookies\gk@weborama[1].txt [ Cookie:gk@weborama.fr/ ]
C:\USERS\GK\Cookies\gk@www.adservercentral[1].txt [ Cookie:gk@www.adservercentral.info/ ]
C:\USERS\GK\Cookies\gk@mediaplex[2].txt [ Cookie:gk@mediaplex.com/ ]
C:\USERS\GK\Cookies\gk@apmebf[1].txt [ Cookie:gk@apmebf.com/ ]
C:\USERS\GK\Cookies\gk@invitemedia[1].txt [ Cookie:gk@invitemedia.com/ ]
C:\USERS\GK\Cookies\gk@tracking.mindshare[1].txt [ Cookie:gk@tracking.mindshare.de/ ]
C:\USERS\GK\Cookies\gk@microsoftwllivemkt.112.2o7[1].txt [ Cookie:gk@microsoftwllivemkt.112.2o7.net/ ]
C:\USERS\GK\Cookies\gk@serving-sys[1].txt [ Cookie:gk@serving-sys.com/ ]
C:\USERS\GK\Cookies\gk@atdmt.combing[2].txt [ Cookie:gk@atdmt.combing.com/ ]
C:\USERS\GK\Cookies\gk@atwola[2].txt [ Cookie:gk@atwola.com/ ]
C:\USERS\GK\Cookies\gk@adfarm1.adition[1].txt [ Cookie:gk@adfarm1.adition.com/ ]
C:\USERS\GK\Cookies\gk@content.yieldmanager[5].txt [ Cookie:gk@content.yieldmanager.com/ak/ ]
C:\USERS\GK\Cookies\gk@ad2.adfarm1.adition[2].txt [ Cookie:gk@ad2.adfarm1.adition.com/ ]
C:\USERS\GK\Cookies\gk@zbox.zanox[2].txt [ Cookie:gk@zbox.zanox.com/ ]
C:\USERS\GK\Cookies\gk@ad.yieldmanager[1].txt [ Cookie:gk@ad.yieldmanager.com/ ]
C:\USERS\GK\Cookies\gk@tacoda[1].txt [ Cookie:gk@tacoda.net/ ]
C:\USERS\GK\Cookies\gk@ad.zanox[2].txt [ Cookie:gk@ad.zanox.com/ ]
C:\USERS\GK\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\GK@WWW.TRAFFICTRACK[1].TXT [ /WWW.TRAFFICTRACK ]
C:\USERS\GK\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\GK@WWW.GOOGLEADSERVICES[6].TXT [ /WWW.GOOGLEADSERVICES ]
C:\USERS\GK\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\GK@TRACK.EFFILIATION[3].TXT [ /TRACK.EFFILIATION ]
C:\USERS\GK\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\GK@TRACK.ADFORM[2].TXT [ /TRACK.ADFORM ]
C:\USERS\GK\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\GK@ADS.IMMOBILIENSCOUT24[1].TXT [ /ADS.IMMOBILIENSCOUT24 ]
C:\USERS\GK\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\GK@2.BFUGMEDIA[2].TXT [ /2.BFUGMEDIA ]
C:\USERS\GK\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\GK@2O7[1].TXT [ /2O7 ]
C:\USERS\GK\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\GK@AD.BOREUS[2].TXT [ /AD.BOREUS ]
C:\USERS\GK\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\GK@AD.AD-SRV[2].TXT [ /AD.AD-SRV ]
C:\USERS\GK\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\GK@AD3.ADFARM1.ADITION[1].TXT [ /AD3.ADFARM1.ADITION ]
C:\USERS\GK\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\GK@ADS.MEDIENHAUS[1].TXT [ /ADS.MEDIENHAUS ]
C:\USERS\GK\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\GK@ADFORM[1].TXT [ /ADFORM ]
C:\USERS\GK\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\GK@ADS.WEBMASTERPROFITCENTER[2].TXT [ /ADS.WEBMASTERPROFITCENTER ]
C:\USERS\GK\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\GK@ADTECH[1].TXT [ /ADTECH ]
C:\USERS\GK\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\GK@ADVIVA[2].TXT [ /ADVIVA ]
C:\USERS\GK\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\GK@CONTENT.YIELDMANAGER[2].TXT [ /CONTENT.YIELDMANAGER ]
C:\USERS\GK\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\GK@DEUTSCHEPOSTAG.112.2O7[1].TXT [ /DEUTSCHEPOSTAG.112.2O7 ]
C:\USERS\GK\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\GK@EYEWONDER[1].TXT [ /EYEWONDER ]
C:\USERS\GK\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\GK@FASTCLICK[1].TXT [ /FASTCLICK ]
C:\USERS\GK\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\GK@IMRWORLDWIDE[2].TXT [ /IMRWORLDWIDE ]
C:\USERS\GK\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\GK@STUDIVZ.ADFARM1.ADITION[1].TXT [ /STUDIVZ.ADFARM1.ADITION ]
C:\USERS\GK\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\GK@TRACKING.HANNOVERSCHE[2].TXT [ /TRACKING.HANNOVERSCHE ]
C:\USERS\GK\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\GK@UNITYMEDIA[1].TXT [ /UNITYMEDIA ]

gerd076 · 27.10.2011, 08:13

Und noch das eset-log

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=9f386078d47c7046b93e80d79bfb20a0
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-10-24 09:31:07
# local_time=2011-10-24 11:31:07 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.0.6001 NT Service Pack 1
# compatibility_mode=1792 16777215 100 0 259378 259378 0 0
# compatibility_mode=5892 16776573 100 100 449 157019320 0 0
# compatibility_mode=8192 67108863 100 0 144 144 0 0
# scanned=149065
# found=0
# cleaned=0
# scan_time=5275
ESETSmartInstaller@High as downloader log:
Can not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internet# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=9f386078d47c7046b93e80d79bfb20a0
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-10-27 07:00:21
# local_time=2011-10-27 09:00:21 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.0.6001 NT Service Pack 1
# compatibility_mode=1792 16777215 100 0 465757 465757 0 0
# compatibility_mode=5892 16776573 100 100 28346 157225699 0 0
# compatibility_mode=8192 67108863 100 0 206523 206523 0 0
# scanned=146196
# found=0
# cleaned=0
# scan_time=5850

Kannst Du mir bitte mal noch kurz schreiben, was nun eigentlich so richtig los war auf meinem Rechner ? Gibt's irgendwas besonderes zu beachten ?

Vielen Dank erstmal.

MfG Gerd

cosinus · 27.10.2011, 11:20

Sieht ok aus, da wurden nur Cookies gefunden.
Noch Probleme oder weitere Funde in der Zwischenzeit?

gerd076 · 27.10.2011, 11:40

Also Probleme gibt's eigentlich keine weiter. Der Rechner ist wieder auffällig schneller. Aufgefallen ist mir nur: Wenn ich AntiVir starte, steht das Programm einige Sekunden lang. Also ich kann da nichts anklicken oder so. Weiß nicht, ob das wesentlich ist.

Interessieren würde mich nur noch, was nun eigentlich so auf meinem Rechner los war. Und was hatte es mit diesem Sinowal-Fund auf sich ? Kann ich einigermaßen sicher davon ausgehen, dass in dieser Hinsicht keine Gefahr mehr besteht ?

Welche der durchgeführten Scans sollte man denn routinemäßig ab und zu durchführen ?

Auf jeden Fall hast Du mir sehr geholfen ! Vielen Dank dafür !

MfG Gerd

cosinus · 27.10.2011, 12:52

Zitat:

Wenn ich AntiVir starte, steht das Programm einige Sekunden lang. Also ich kann da nichts anklicken oder so. Weiß nicht, ob das wesentlich ist.

Überleg dir gut, ob du in Zukunft weiterhin bei AntiVir bleiben willst. Die haben eine sehr fragwürdige Entscheidung getroffen, was nicht gerade seriös wirkt => http://www.trojaner-board.de/100374-...e-und-ask.html

Dann wären wir durch!

Die Programme, die hier zum Einsatz kamen, können alle wieder runter. CF kann über Start, Ausführen mit combofix /uninstall entfernt werden. Melde dich falls es da Fehlermeldungen zu gibt.
Malwarebytes zu behalten ist kein Fehler. Kannst ja 1x im Monat damit scannen, aber immer vorher ans Update denken.

Bitte abschließend die Updates prüfen, unten mein Leitfaden dazu. Um in Zukunft die Aktualität der installierten Programme besser im Überblick zu halten, kannst du zB Secunia PSI verwenden.
Für noch mehr Sicherheit solltest Du nach der beseitigten Infektion auch möglichst alle Passwörter ändern.

Microsoftupdate

Windows XP: Besuch mit dem IE die MS-Updateseite und lass Dir alle wichtigen Updates installieren.

Windows Vista/7: Anleitung Windows-Update

PDF-Reader aktualisieren
Ein veralteter AdobeReader stellt ein großes Sicherheitsrisiko dar. Du solltest daher besser alte Versionen vom AdobeReader über Systemsteuerung => Software bzw. Programme und Funktionen deinstallieren, indem Du dort auf "Adobe Reader x.0" klickst und das Programm entfernst. (falls du AdobeReader installiert hast)

Ich empfehle einen alternativen PDF-Reader wie PDF Xchange Viewer, SumatraPDF oder Foxit PDF Reader, die sind sehr viel schlanker und flotter als der AdobeReader.

Bitte überprüf bei der Gelegenheit auch die Aktualität des Flashplayers, hier der direkte Downloadlink:

Mozilla und andere Browser => http://filepony.de/?q=Flash+Player
Internet Explorer => http://fpdownload.adobe.com/get/flas..._player_ax.exe

Natürlich auch darauf achten, dass andere installierte Browser wie zB Firefox, Opera oder Chrome aktuell sind.

Java-Update
Veraltete Java-Installationen sind ein Sicherheitsrisiko, daher solltest Du die alten Versionen löschen (falls vorhanden, am besten mit JavaRa) und auf die neuste aktualisieren. Beende dazu alle Programme (v.a. die Browser), klick danach auf Start, Systemsteuerung, Software und deinstalliere darüber alle aufgelisteten Java-Versionen. Lad Dir danach von hier das aktuelle Java SE Runtime Environment (JRE) herunter und installiere es.

gerd076 · 27.10.2011, 14:25

Ok, hab das mal soweit alles befolgt.
Hoffentlich bleib ich jetzt mal ne Weile verschont.
Auf jeden Fall nochmal vielen Dank. Wenn ich mich irgendwann mal wieder traue, Online-banking zu machen

ist euch eine Spende sicher.

Bis demnächst mal.
MfG Gerd

cosinus · 27.10.2011, 15:00

Zitat:

ist euch eine Spende sicher.

27.10.2011, 11:20	#25
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Sinowal ?! Sieht ok aus, da wurden nur Cookies gefunden. Noch Probleme oder weitere Funde in der Zwischenzeit? __________________ Logfiles bitte immer in CODE-Tags posten

Sinowal ?!

Plagegeister aller Art und deren Bekämpfung: Sinowal ?!

Sinowal ?!

Sinowal ?!

Sinowal ?!

Sinowal ?!

Sinowal ?!

Sinowal ?!

Sinowal ?!

Sinowal ?!

Sinowal ?!

Sinowal ?!

Sinowal ?!

Sinowal ?!

Sinowal ?!

Sinowal ?!

Ähnliche Themen: Sinowal ?!

27.10.2011, 14:25	#28
gerd076	Sinowal ?! Ok, hab das mal soweit alles befolgt. Hoffentlich bleib ich jetzt mal ne Weile verschont. Auf jeden Fall nochmal vielen Dank. Wenn ich mich irgendwann mal wieder traue, Online-banking zu machen ist euch eine Spende sicher. Bis demnächst mal. MfG Gerd