Komm die anderen Logs auch noch?

Hallo nach kuzen Urlaub hier das GMER Log, Beim OSMA log habe ich Scwierigkeitem
n. Nach dem Start kommt die Meldung osam.exe Systemfehler. osam -gui.dll fehlt. Eine empfolende Neuinstallation Bringt das Gleiche.

Gruß Günter
GMER Logfile:

Code: Alles auswählenAufklappen

ATTFilter

GMER 1.0.15.15640 - GMER - Rootkit Detector and Remover
Rootkit scan 2011-06-06 18:15:04
Windows 6.1.7600  Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD3200BEVT-22ZCT0 rev.11.01A11
Running: 1pe6m1eq.exe; Driver: C:\Users\Guenter\AppData\Local\Temp\fwtcipob.sys


---- Kernel code sections - GMER 1.0.15 ----

.text           ntoskrnl.exe!ZwSaveKeyEx + 13B1                                                                                                                                8304D8A9 1 Byte  [06]
.text           ntoskrnl.exe!KiDispatchInterrupt + 5A2                                                                                                                         8306D2F2 19 Bytes  [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
PAGE            peauth.sys                                                                                                                                                     9D973B9B 72 Bytes  JMP E6B47621 

---- User code sections - GMER 1.0.15 ----

.text           C:\Program Files\Tobit Radio.fx\Server\rfx-server.exe[1944] kernel32.dll!SetUnhandledExceptionFilter                                                           77A13162 5 Bytes  JMP 00637580 C:\Program Files\Tobit Radio.fx\Server\rfx-server.exe
.text           C:\Program Files\Mozilla Firefox\firefox.exe[4656] ntdll.dll!LdrLoadDll                                                                                        778CF5B5 5 Bytes  JMP 00831410 C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation)
.text           C:\Program Files\Mozilla Firefox\plugin-container.exe[4872] USER32.dll!SetWindowLongA                                                                          776AB1E3 5 Bytes  JMP 5D9C8DD9 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text           C:\Program Files\Mozilla Firefox\plugin-container.exe[4872] USER32.dll!SetWindowLongW                                                                          776B6614 5 Bytes  JMP 5D9C8D6B C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text           C:\Program Files\Mozilla Firefox\plugin-container.exe[4872] USER32.dll!GetWindowInfo                                                                           776B6A82 5 Bytes  JMP 5D7F7187 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text           C:\Program Files\Mozilla Firefox\plugin-container.exe[4872] USER32.dll!TrackPopupMenu                                                                          776D4B3B 5 Bytes  JMP 5D7F7781 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)

---- Devices - GMER 1.0.15 ----

AttachedDevice  \Driver\kbdclass \Device\KeyboardClass0                                                                                                                        Wdf01000.sys (Kernelmodustreiber-Frameworklaufzeit/Microsoft Corporation)
AttachedDevice  \Driver\kbdclass \Device\KeyboardClass1                                                                                                                        Wdf01000.sys (Kernelmodustreiber-Frameworklaufzeit/Microsoft Corporation)

Device          \Driver\ACPI_HAL \Device\00000049                                                                                                                              halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

AttachedDevice  \Driver\volmgr \Device\HarddiskVolume1                                                                                                                         fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume2                                                                                                                         fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume3                                                                                                                         fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume4                                                                                                                         fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \FileSystem\fastfat \Fat                                                                                                                                       fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg             HKCU\Software\Microsoft\Windows Live\Photo Gallery\Library\MDSyncInFlight\Active\.JPG@\\NSDC03A9E\sh_daten\ Günter\xb4s 60. Geburtstag\Günter 60\HPIM0280.JPG  1
Reg             HKCU\Software\Microsoft\Windows Live\Photo Gallery\Library\MDSyncInFlight\Active\.JPG@\\NSDC03A9E\sh_daten\ Günter\xb4s 60. Geburtstag\Günter 60\HPIM0276.JPG  1
Reg             HKCU\Software\Microsoft\Windows Live\Photo Gallery\Library\MDSyncInFlight\Active\.JPG@\\NSDC03A9E\sh_daten\ Günter\xb4s 60. Geburtstag\Günter 60\HPIM0320.JPG  1

---- EOF - GMER 1.0.15 ----
         

--- --- ---

Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden!

Geschafft, hier das LOG von osma.exe:
OSAM Logfile:

Code: Alles auswählenAufklappen

ATTFilter

Report of OSAM: Autorun Manager v5.0.11926.0
Online Solutions. Complex Protection for Information Systems
Saved at 13:02:04 on 07.06.2011

OS: Windows 7 Home Premium Edition (Build 7600), 32-bit
Default Browser: Mozilla Corporation Firefox 4.0.1

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[AppInit DLLs]
-----( HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows )-----
"AppInit_DLLs" - "Discordia, LTD" - C:\PROGRA~1\WI3C8A~1\Datamngr\datamngr.dll
"AppInit_DLLs" - "Discordia, LTD" - C:\PROGRA~1\WI3C8A~1\Datamngr\IEBHO.dll

[Common]
-----( %SystemRoot%\Tasks )-----
"GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"Schirmfoto.job" - "Abelssoft GmbH" - C:\Program Files\Schirmfoto\schirmfoto.exe

[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"FlashPlayerCPLApp.cpl" - "Adobe Systems Incorporated" - C:\Windows\system32\FlashPlayerCPLApp.cpl
"nvcpl.cpl" - "NVIDIA Corporation" - C:\Windows\system32\nvcpl.cpl
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"PROSet Tools" - "Intel(R) Corporation" - C:\Program Files\Intel\WiFi\bin\iproset.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"avgntflt" (avgntflt) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avgntflt.sys
"avipbb" (avipbb) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avipbb.sys
"catchme" (catchme) - ? - C:\Users\Guenter\AppData\Local\Temp\catchme.sys  (File not found)
"cpuz132" (cpuz132) - ? - C:\Users\Guenter\AppData\Local\Temp\cpuz132\cpuz132_x32.sys  (File not found)
"esgiguard" (esgiguard) - ? - C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys  (File not found)
"NetGroup Packet Filter Driver (devolo)" (NPF_devolo) - "CACE Technologies" - C:\Windows\system32\drivers\npf_devolo.sys
"SASDIFSV" (SASDIFSV) - "SUPERAdBlocker.com and SUPERAntiSpyware.com" - C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
"SASKUTIL" (SASKUTIL) - "SUPERAdBlocker.com and SUPERAntiSpyware.com" - C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
"ssmdrv" (ssmdrv) - "Avira GmbH" - C:\Windows\System32\DRIVERS\ssmdrv.sys

[Explorer]
-----( HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components )-----
{10880D85-AAD9-4558-ABDC-2AB1552D831F} "LightScribe Control Panel" - "Hewlett-Packard Company" - "C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"
{A8D647C8-65AC-409F-B7B2-3C0FEE1A32F2} "PixiePack Codec Pack 1.1.1200.0" - ? - C:\Program Files\PixiePack Codec Pack\InstallerHelper.exe
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
-----( HKLM\Software\Classes\Protocols\Handler )-----
{3D9F03FA-7A94-11D3-BE81-0050048385D1} "Data Page Pluggable Protocol mso-offdap Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{23170F69-40C1-278A-1000-000100020000} "7-Zip Shell Extension" - "Igor Pavlov" - C:\Program Files\7-Zip\7-zip.dll
{A70C977A-BF00-412C-90B7-034C51DA2439} "DesktopContext Class" - "NVIDIA Corporation" - C:\Windows\system32\nvcpl.dll
{693BE9C0-BEC3-11D2-B4C1-C33BBD3AD64B} "Fast Explorer Shell Extension" - "Alex Yakovlev" - C:\Users\Guenter\AppData\Roaming\AllDup\FEShlExt.dll
{2B3453E4-49DF-11D3-8229-0080BE509050} "GMail Drive" - "Bjarke Viksoe" - C:\Windows\system32\ShellExt\GMailFS.dll
{2B3453E4-49DF-11D3-8229-0080BE509056} "GMailFS Context Menu" - "Bjarke Viksoe" - C:\Windows\system32\ShellExt\GMailFS.dll
{2B3453E4-49DF-11D3-8229-0080BE509054} "GMailFS Drop Handler" - "Bjarke Viksoe" - C:\Windows\system32\ShellExt\GMailFS.dll
{2B3453E4-49DF-11D3-8229-0080BE509052} "GMailFS Property Sheet" - "Bjarke Viksoe" - C:\Windows\system32\ShellExt\GMailFS.dll
{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office10\msohev.dll
{3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} "NVIDIA CPL Context Menu Extension" - "NVIDIA Corporation" - C:\Windows\system32\nvshext.dll
{FFB699E0-306A-11d3-8BD1-00104B6F7516} "NVIDIA CPL Extension" - "NVIDIA Corporation" - C:\Windows\system32\nvcpl.dll
{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\shlext.dll
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} "Webordner" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
{2BE99FD4-A181-4996-BFA9-58C5FFD11F6C} "Windows Live Photo Gallery Autoplay Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F30F64-AC33-42F5-8FD1-5DC2D3FDE06C} "Windows Live Photo Gallery Editor Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F3712A-CA79-45B4-9E4D-D7891E7F8B9D} "Windows Live Photo Gallery Editor Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F30F90-3E96-453B-AFCD-D71989ECC2C7} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F33137-EE26-412F-8D71-F84E4C2C6625} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F374B7-B390-4884-B372-2FC349F2172B} "Windows Live Photo Gallery Viewer Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F346CB-35A4-465B-8B8F-65A29DBAB1F6} "Windows Live Photo Gallery Viewer Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
{06A2568A-CED6-4187-BB20-400B8C02BE5A} "{06A2568A-CED6-4187-BB20-400B8C02BE5A}" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoAcquireWizard.exe

[Internet Explorer]
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
ITBar7Height "ITBar7Height" - ? -   (File not found | COM-object registry key not found)
<binary data> "ITBar7Layout" - ? -   (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_24" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} "Java Plug-in 1.6.0_24" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_24" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_24.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll
{9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live Anmelde-Hilfsprogramm" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

[Logon]
-----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\Users\Guenter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
"Microsoft Office.lnk" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office10\OSA.EXE  (Shortcut exists | File exists)
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----
"dradio-RecorderTimer" - ? - C:\Program Files\dradio-Recorder\phonostarTimer.exe  (File found, but it contains no detailed information)
"SUPERAntiSpyware" - "SUPERAntiSpyware.com" - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon )-----
"Userinit" - "Soluto" - C:\Program Files\Soluto\soluto.exe
-----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )-----
"StartupPrograms" - ? - rdpclip  (File not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"Adobe ARM" - "Adobe Systems Incorporated" - "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"Adobe Reader Speed Launcher" - "Adobe Systems Incorporated" - "C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe"
"avgnt" - "Avira GmbH" - "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
"DATAMNGR" - "Discordia, LTD" - C:\PROGRA~1\WI3C8A~1\Datamngr\DATAMN~1.EXE
"LanguageShortcut" - ? - "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
"NvCplDaemon" - "NVIDIA Corporation" - RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
"RemoteControl" - "Cyberlink Corp." - "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
"rfagent" - "KsL Software" - "C:\Program Files\RFA\rfagent.exe"
"SSBkgdUpdate" - "Nuance Communications, Inc." - "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
"SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

[Print Monitors]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----
"avm:" - "AVM Berlin GmbH" - C:\Windows\system32\avmprmon.dll

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"Avira AntiVir Guard" (AntiVirService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
"Avira AntiVir Planer" (AntiVirSchedulerService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\sched.exe
"Cyberlink RichVideo Service(CRVS)" (RichVideo) - ? - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
"FABS - Helping agent for MAGIX media database" (Fabs) - "MAGIX AG" - C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe
"Firebird Server - MAGIX Instance" (FirebirdServerMAGIXInstance) - "MAGIX®" - C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe
"Google Update Service (gupdate1cac1d9d507289e)" (gupdate1cac1d9d507289e) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"Google Update-Dienst (gupdatem)" (gupdatem) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"Intel(R) PROSet/Wireless Event Log" (EvtEng) - "Intel(R) Corporation" - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
"Intel(R) PROSet/Wireless Registry Service" (RegSrvc) - "Intel(R) Corporation" - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
"LightScribeService Direct Disc Labeling Service" (LightScribeService) - "Hewlett-Packard Company" - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
"NVIDIA Display Driver Service" (nvsvc) - "NVIDIA Corporation" - C:\Windows\system32\nvvsvc.exe
"Radio.fx Server" (Radio.fx) - ? - C:\Program Files\Tobit Radio.fx\Server\rfx-server.exe
"SAMSUNG WiselinkPro Service" (WiselinkPro) - ? - C:\Program Files\Samsung\SAMSUNG PC Share Manager\WiselinkPro.exe  (File found, but it contains no detailed information)
"Soluto PCGenome Core Service" (SolutoService) - "Soluto" - C:\Program Files\Soluto\SolutoService.exe

[Winlogon]
-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify )-----
"ScCertProp" - ? - wlnotify.dll  (File not found)

===[ Logfile end ]=========================================[ Logfile end ]===
         

--- --- ---
If You have questions or want to get some help, You can visit Online Solutions :: Index


Gruß Günter

Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!


Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt:


ESET Online Scanner

• Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
• Lade und starte Eset Online Scanner
• Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
• Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
• Klicke auf Starten.
• Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
• Klicke am Ende des Suchlaufs auf Fertig stellen.
• Schließe das Fenster von ESET.
• Explorer öffnen.
• C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
• Logfile hier posten.
• Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
• Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Hier der Log von Malwarebytes:

Malwarebytes' Anti-Malware 1.51.0.1200
Malwarebytes : Free anti-malware, anti-virus and spyware removal download

Datenbank Version: 6796




Windows 6.1.7600
Internet Explorer 8.0.7600.16385

07.06.2011 15:07:30
mbam-log-2011-06-07 (15-07-30).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 293531
Laufzeit: 45 Minute(n), 45 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

der Log von

SUPERAntiSpyware Scan Log
SUPERAntiSpyware.com | Remove Malware | Remove Spyware - AntiMalware, AntiSpyware, AntiAdware!

Generated 06/08/2011 at 09:18 AM

Application Version : 4.53.1000

Core Rules Database Version : 7228
Trace Rules Database Version: 5040

Scan type : Quick Scan
Total Scan Time : 00:11:21

Memory items scanned : 860
Memory threats detected : 0
Registry items scanned : 2493
Registry threats detected : 0
File items scanned : 8316
File threats detected : 5

Adware.Tracking Cookie
C:\Users\Guenter\AppData\Local\Temp\Cookies\guenter@doubleclick[1].txt

Adware.GAIN/Gator
C:\USERS\GUENTER\DOWNLOADS\MTBBAYERN.7Z\GMT.EXE
C:\USERS\GUENTER\DOWNLOADS\GMT.EXE
C:\USERS\GUENTER\DOWNLOADS\MTBBREMEN.7Z\GMT.EXE
C:\WINDOWS\GMT.EXE
De r Log Von ESET kommt später.

Gruß Günter

Zitat:

C:\USERS\GUENTER\DOWNLOADS\MTBBAYERN.7Z\GMT.EXE
C:\USERS\GUENTER\DOWNLOADS\GMT.EXE
C:\USERS\GUENTER\DOWNLOADS\MTBBREMEN.7Z\GMT.EXE

Wasndas?

Nein, hier das Log von ESET:

C:\Program Files\Common Files\Wise Installation Wizard\WIS5158974E2D28401893357694C2974746_10_3_24_1.MSI a variant of Win32/Kryptik.FNT trojan
C:\ProgramData\ReviverSoft\Registry Reviver\InstallCache\{2EFCA8FB-B863-4DDE-B7D0-4EB3152999EC}\Registry Reviver.msi a variant of Win32/SlowPCfighter application
C:\Users\All Users\ReviverSoft\Registry Reviver\InstallCache\{2EFCA8FB-B863-4DDE-B7D0-4EB3152999EC}\Registry Reviver.msi a variant of Win32/SlowPCfighter application
E:\Guenter\Documents\eBayShortcuts.exe Win32/Adware.ADON application

Gruß aus Bremen
Günter

Fund ein Installationspaketen. Ist nicht selten, da viele Installer Toolbars enthalten, die ale Adware eingestuft werden. Kannste im Grunde ignorieren.