Trojaner-Board - Malwarebytes' Anti-Malware hat Trojan.ZbotR.Gen, Trojan.Agent und Malware.Trace entdeckt

Trojaner-Board (https://www.trojaner-board.de/)

- Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)

- - Malwarebytes' Anti-Malware hat Trojan.ZbotR.Gen, Trojan.Agent und Malware.Trace entdeckt - und nun? (https://www.trojaner-board.de/100412-malwarebytes-anti-malware-hat-trojan-zbotr-gen-trojan-agent-malware-trace-entdeckt.html)

Hallo cosinus,

hier ist die OTL-Log

Code:

========== OTL ==========

ADS C:\Users\Mia\Desktop\Foto.eml:OECustomProperty deleted successfully.

ADS C:\P1160392.MOV.MPG:TOC.WMV deleted successfully.

========== COMMANDS ==========

C:\Windows\System32\drivers\etc\Hosts moved successfully.

HOSTS file reset successfully

 

OTL by OldTimer - Version 3.2.24.0 log created on 06232011_221018

Bitte nun dieses Tool von Kaspersky ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Das Tool so einstellen wie unten im Bild angegeben - also beide Haken setzen, auf Start scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.

http://www.trojaner-board.de/attachm...rnen-start.png

Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, Verknüpfungen auf dem Desktop oder im Startmenü unter "alle Programme" fehlen, bitte unhide ausführen:
Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop.
Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )
http://www.trojaner-board.de/images/icons/icon4.gif Windows-Vista und Windows-7-User müssen das Tool per Rechtsklick als Administrator ausführen! http://www.trojaner-board.de/images/icons/icon4.gif

Scan ausgeführt.
Bekomme allerdings nach dem Scan keine Logdatei, wenn ich auf report klicke.

Der Scan sieht so aus

Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix

Lade dir ComboFix hier herunter auf deinen Desktop. Benenne es beim Runterladen um in cofi.exe.

http://saved.im/mtm0nzyzmzd5/cofi.jpg

Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.

Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.

Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.

Wichtiger Hinweis:

Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

so, hier kommt nun endlich die Logdatei von combofix

Combofix Logfile:

Code:

ComboFix 11-07-05.02 - Mia 05.07.2011  18:12:20.1.2 - x86

Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.49.1031.18.2037.1170 [GMT 2:00]

ausgeführt von:: c:\users\Mia\Desktop\cofi.exe

AV: AntiVir Desktop *Disabled/Outdated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}

SP: AntiVir Desktop *Disabled/Outdated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

 * Neuer Wiederherstellungspunkt wurde erstellt

.

.

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\windows\unin0407.exe

.

.

(((((((((((((((((((((((((((((((((((((((   Treiber/Dienste   )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

-------\Service_usnjsvc

.

.

(((((((((((((((((((((((   Dateien erstellt von 2011-06-05 bis 2011-07-05  ))))))))))))))))))))))))))))))

.

.

2011-07-05 16:25 . 2011-07-05 16:25        --------        d-----w-        c:\users\Default\AppData\Local\temp

2011-07-05 16:06 . 2011-07-05 16:07        --------        d-----w-        C:\32788R22FWJFW

2011-06-29 18:42 . 2011-04-29 15:59        276992        ----a-w-        c:\windows\system32\schannel.dll

2011-06-23 20:10 . 2011-06-23 20:10        --------        d-----w-        C:\_OTL

2011-06-15 18:15 . 2011-06-15 18:15        --------        d-----w-        c:\users\Mia\AppData\Roaming\Malwarebytes

2011-06-15 18:14 . 2011-05-29 07:11        39984        ----a-w-        c:\windows\system32\drivers\mbamswissarmy.sys

2011-06-15 18:14 . 2011-06-15 18:14        --------        d-----w-        c:\programdata\Malwarebytes

2011-06-15 18:14 . 2011-05-29 07:11        22712        ----a-w-        c:\windows\system32\drivers\mbam.sys

2011-06-15 18:12 . 2011-06-17 07:52        --------        d-----w-        c:\program files\anti-malware

2011-06-15 17:08 . 2011-04-29 13:25        146432        ----a-w-        c:\windows\system32\drivers\srv2.sys

2011-06-15 17:08 . 2011-04-29 13:25        102400        ----a-w-        c:\windows\system32\drivers\srvnet.sys

2011-06-15 17:08 . 2011-04-21 13:58        273408        ----a-w-        c:\windows\system32\drivers\afd.sys

2011-06-15 17:08 . 2011-05-02 17:19        766464        ----a-w-        c:\program files\Common Files\Microsoft Shared\vgx\VGX.dll

2011-06-15 17:08 . 2010-12-20 16:35        563712        ----a-w-        c:\windows\system32\oleaut32.dll

2011-06-15 17:08 . 2011-05-02 17:16        739328        ----a-w-        c:\windows\system32\inetcomm.dll

2011-06-15 17:08 . 2011-04-29 13:24        214016        ----a-w-        c:\windows\system32\drivers\mrxsmb10.sys

2011-06-15 17:08 . 2011-04-29 13:24        79872        ----a-w-        c:\windows\system32\drivers\mrxsmb20.sys

2011-06-15 17:08 . 2011-04-29 13:24        106496        ----a-w-        c:\windows\system32\drivers\mrxsmb.sys

2011-06-15 17:07 . 2011-05-02 12:02        2409784        ----a-w-        c:\program files\Windows Mail\OESpamFilter.dat

.

.

.

((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-07-03 18:01 . 2010-04-22 20:21        66616        ----a-w-        c:\windows\system32\drivers\avgntflt.sys

2011-07-03 18:01 . 2010-04-22 20:21        138192        ----a-w-        c:\windows\system32\drivers\avipbb.sys

2011-06-07 15:55 . 2011-07-01 08:36        7074640        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{65A9A8B3-022D-4E51-B78A-059E4B056B0A}\mpengine.dll

2011-05-24 17:14 . 2009-10-02 23:37        222080        ------w-        c:\windows\system32\MpSigStub.exe

2006-05-03 09:06        163328        --sh--r-        c:\windows\System32\flvDX.dll

2007-02-21 10:47        31232        --sh--r-        c:\windows\System32\msfDX.dll

.

.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))

.

.

*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 152872]

"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]

"msnmsgr"="c:\progra~1\MSNMES~1\msnmsgr.exe" [2007-01-19 5674352]

"PhonostarAgent"="c:\program files\Internetradio phonostar\phonostar\ps_agent.exe" [2007-12-05 98304]

"PhonostarTimer"="c:\program files\Internetradio phonostar\phonostar\ps_timer.exe" [2007-12-05 126976]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-04-29 39408]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"="RtHDVCpl.exe" [2007-02-15 4390912]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-02-15 857648]

"TVBroadcast"="c:\program files\Sceneo\Bonavista\Services\ODSBC\ODSBCApp.exe" [2007-05-08 790016]

"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2006-11-15 151552]

"LaunchAp"="c:\program files\Launch Manager\LaunchAp.exe" [2005-07-25 32768]

"HotkeyApp"="c:\program files\Launch Manager\HotkeyApp.exe" [2006-12-14 192512]

"LMgrOSD"="c:\program files\Launch Manager\OSD.exe" [2006-12-26 180224]

"Wbutton"="c:\program files\Launch Manager\Wbutton.exe" [2006-11-09 86016]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-08-24 141848]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-08-24 154136]

"Persistence"="c:\windows\system32\igfxpers.exe" [2007-08-24 129560]

"toolbar_eula_launcher"="c:\program files\GoogleEULA\EULALauncher.exe" [2007-02-09 16896]

"SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2006-11-22 630784]

"UVS10 Preload"="c:\program files\Ulead Systems\Ulead VideoStudio SE DVD\uvPL.exe" [2006-08-10 36864]

"QuickTime Task"="c:\program files\Quicktime Apple\QTTask.exe" [2007-12-11 286720]

"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]

"BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2007-03-12 663552]

"ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2007-01-26 65536]

"VMware hqtray"="c:\program files\VMware\VMware Player\hqtray.exe" [2008-10-28 64048]

"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-11-05 281768]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2010-9-9 113664]

Adobe Reader - Schnellstart.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-4-23 29696]

Microsoft Office.lnk - c:\program files\frontpage\Office\OSA9.EXE [1999-2-17 65588]

WinManager.lnk - c:\program files\Fujitsu Siemens\WinManager\WinManager.exe [2008-5-3 61440]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]

2007-07-16 18:35        220160        ----a-w-        c:\program files\Google\Google Desktop Search\GoogleDesktop.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]

2007-01-19 10:55        5674352        ----a-w-        c:\program files\MSN Messenger\msnmsgr.exe

.

R1 mailKmd;mailKmd; [x]

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-21 135664]

R3 Emdepa;Emdepa; [x]

R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\ALDI Sued Foto Service\Common\Database\bin\fbserver.exe [2005-11-17 1527900]

R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-21 135664]

R3 PDNMp50;PDNMp50 NDIS Protocol Driver;c:\windows\system32\drivers\PDNMp50.sys [2006-11-28 28224]

R3 PDNSp50;PDNSp50 NDIS Protocol Driver;c:\windows\system32\drivers\PDNSp50.sys [2006-11-28 27072]

R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]

S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2011-05-08 136360]

S2 ClipInc001;ClipInc 001;c:\program files\Radio\Tobit ClipInc\Server\ClipInc-Server.exe 001 [x]

S2 GnabService;GnabService;c:\program files\common files\gnab\service\servicecontroller.exe [2007-04-13 36864]

S2 srvcPVR;Sceneo PVR Service;c:\program files\Sceneo\Bonavista\Services\PVR\PVRService.exe [2007-05-04 1600512]

S2 vmci;VMware vmci;c:\windows\system32\Drivers\vmci.sys [2008-10-28 54960]

S3 RTL8187B;Realtek RTL8187B Wireless 802.11g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8187B.sys [2007-07-05 277504]

S3 tap0801;TAP-Win32 Adapter V8;c:\windows\system32\DRIVERS\tap0801.sys [2006-10-01 26624]

S3 UDXTTM6000;DTV-DVB UDXTTM6000 - USB 2.0 Receiver;c:\windows\system32\Drivers\UDXTTM6000.sys [2007-06-21 320384]

S3 UDXTTM6000HID;UDXTTM6000HID - HID Driver;c:\windows\system32\drivers\UDXTTM6000HID.sys [2006-06-29 17408]

S3 WisLMSvc;WisLMSvc;c:\program files\Launch Manager\WisLMSvc.exe [2006-11-17 118784]

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

LocalServiceAndNoImpersonation        REG_MULTI_SZ           FontCache

.

Inhalt des "geplante Tasks" Ordners

.

2011-07-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-21 21:58]

.

2011-07-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-21 21:58]

.

2011-07-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-967124566-3105974339-2490099070-1003Core.job

- c:\users\Mia\AppData\Local\Google\Update\GoogleUpdate.exe [2008-09-02 20:41]

.

2011-07-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-967124566-3105974339-2490099070-1003UA.job

- c:\users\Mia\AppData\Local\Google\Update\GoogleUpdate.exe [2008-09-02 20:41]

.

2011-07-05 c:\windows\Tasks\User_Feed_Synchronization-{8E21E027-9A81-475C-B74E-F815515A4C7B}.job

- c:\windows\system32\msfeedssync.exe [2008-09-29 07:33]

.

.

------- Zusätzlicher Suchlauf -------

.

uStart Page = hxxp://www.web.de/

IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html

IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000

IE: {{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-1170-17534-22/4

LSP: c:\program files\VMware\VMware Player\vsocklib.dll

TCP: Interfaces\{C06D1B59-E6AC-492E-8A4C-75DD60A75F7D}: NameServer = 0.0.0.0

TCP: Interfaces\{EB2E3AE0-276B-4FE5-815E-CD5B1CB1AE8D}: NameServer = 62.109.123.6 213.191.92.87

FF - ProfilePath - c:\users\Mia\AppData\Roaming\Mozilla\Firefox\Profiles\o2tx0ldy.default\

FF - prefs.js: browser.search.selectedEngine - Google.de

FF - prefs.js: browser.startup.homepage - hxxp://www.web.de/

FF - prefs.js: network.proxy.type - 2

FF - Ext: Domain Details: {152455DE-7B40-4bcf-B5B4-C68A1BE85A91} - %profile%\extensions\{152455DE-7B40-4bcf-B5B4-C68A1BE85A91}

FF - Ext: MeasureIt: {75CEEE46-9B64-46f8-94BF-54012DE155F0} - %profile%\extensions\{75CEEE46-9B64-46f8-94BF-54012DE155F0}

FF - Ext: Firebug: firebug@software.joehewitt.com - %profile%\extensions\firebug@software.joehewitt.com

FF - Ext: FireShot: {0b457cAA-602d-484a-8fe7-c1d894a011ba} - %profile%\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}

FF - Ext: Split Browser: {29c4afe1-db19-4298-8785-fcc94d1d6c1d} - %profile%\extensions\{29c4afe1-db19-4298-8785-fcc94d1d6c1d}

FF - Ext: TinyUrl Creator: {89736E8E-4B14-4042-8C75-AD00B6BD3900} - %profile%\extensions\{89736E8E-4B14-4042-8C75-AD00B6BD3900}

FF - Ext: FoxTab: {ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a} - %profile%\extensions\{ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}

FF - Ext: Pinger: janetka@pinger - %profile%\extensions\janetka@pinger

FF - Ext: Diigo Bookmarks and Web Annotations: {fc2b8f80-d9a5-4f51-8076-7c7ce3c67ee3} - %profile%\extensions\{fc2b8f80-d9a5-4f51-8076-7c7ce3c67ee3}

FF - Ext: Zotero: zotero@chnm.gmu.edu - %profile%\extensions\zotero@chnm.gmu.edu

FF - Ext: WOT: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} - %profile%\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

FF - user.js: network.cookie.cookieBehavior - 0

FF - user.js: privacy.clearOnShutdown.cookies - false

FF - user.js: security.warn_viewing_mixed - false

FF - user.js: security.warn_viewing_mixed.show_once - false

FF - user.js: security.warn_submit_insecure - false

FF - user.js: security.warn_submit_insecure.show_once - false

.

- - - - Entfernte verwaiste Registrierungseinträge - - - -

.

HKLM-Run-CtrlVol - c:\program files\Launch Manager\CtrlVol.exe

HKLM-Run-openvpn-gui - c:\program files\Wlan\OpenVPN\bin\openvpn-gui.exe

MSConfigStartUp-BGNewsAgent - c:\program files\BullGuard Software\BullGuard\BgNewsUI.exe

MSConfigStartUp-BullGuard - c:\program files\BullGuard Software\BullGuard\bullguard.exe

AddRemove-OpenVPN - c:\program files\Wlan\OpenVPN\Uninstall.exe

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net

Rootkit scan 2011-07-05 18:33

Windows 6.0.6002 Service Pack 2 NTFS

.

Scanne versteckte Prozesse... 

.

Scanne versteckte Autostarteinträge... 

.

Scanne versteckte Dateien... 

.

Scan erfolgreich abgeschlossen

versteckte Dateien: 0

.

**************************************************************************

.

--------------------- Gesperrte Registrierungsschluessel ---------------------

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

--------------------- Durch laufende Prozesse gestartete DLLs ---------------------

.

- - - - - - - > 'Explorer.exe'(1124)

c:\program files\WinSCP\DragExt.dll

.

------------------------ Weitere laufende Prozesse ------------------------

.

c:\windows\system32\conime.exe

c:\windows\RtHDVCpl.exe

c:\windows\system32\igfxsrvc.exe

c:\windows\ehome\ehmsas.exe

c:\windows\PEV.exe

c:\program files\Avira\AntiVir Desktop\avguard.exe

c:\program files\Radio\Tobit ClipInc\Server\ClipInc-Server.exe

c:\program files\Avira\AntiVir Desktop\avshadow.exe

c:\program files\Intel\Intel Matrix Storage Manager\Iaantmon.exe

c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe

c:\program files\Medion\MEDIONbox\Program\GCS.exe

c:\program files\Common Files\LightScribe\LSSrvc.exe

c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

c:\windows\system32\vmnat.exe

c:\program files\VMware\VMware Player\vmware-authd.exe

c:\windows\system32\vmnetdhcp.exe

c:\windows\system32\wbem\unsecapp.exe

c:\program files\Common Files\Ahead\Lib\NMIndexingService.exe

c:\program files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe

.

**************************************************************************

.

Zeit der Fertigstellung: 2011-07-05  18:40:52 - PC wurde neu gestartet

ComboFix-quarantined-files.txt  2011-07-05 16:40

.

Vor Suchlauf: 26 Verzeichnis(se), 11.628.449.792 Bytes frei

Nach Suchlauf: 30 Verzeichnis(se), 11.616.702.464 Bytes frei

.

- - End Of File - - 54A26D94F2C4FAC5D12FDFA9B39FAC5C

--- --- ---

Combofix - Scripten

1. Starte das Notepad (Start / Ausführen / notepad[Enter])

2. Jetzt füge mit copy/paste den ganzen Inhalt der untenstehenden Codebox in das Notepad Fenster ein.

Code:

Driver::

mailKmd

Emdepa

3. Speichere im Notepad als CFScript.txt auf dem Desktop.

4. Deaktivere den Guard Deines Antivirenprogramms und eine eventuell vorhandene Software Firewall.
(Auch Guards von Ad-, Spyware Programmen und den Tea Timer (wenn vorhanden) !)

5. Dann ziehe die CFScript.txt auf die cofi.exe, so wie es im unteren Bild zu sehen ist. Damit wird Combofix neu gestartet.

http://users.pandora.be/bluepatchy/m...s/CFScript.gif

6. Nach dem Neustart (es wird gefragt ob Du neustarten willst), poste bitte die folgenden Log Dateien:
Combofix.txt

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

Combofix Logfile:

Code:

ComboFix 11-07-07.06 - Mia 08.07.2011  10:05:50.2.2 - x86

Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.49.1031.18.2037.972 [GMT 2:00]

ausgeführt von:: c:\users\Mia\Desktop\cofi.exe

Benutzte Befehlsschalter :: c:\users\Mia\Desktop\CFScript.txt

AV: AntiVir Desktop *Disabled/Outdated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}

SP: AntiVir Desktop *Disabled/Outdated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

.

(((((((((((((((((((((((((((((((((((((((   Treiber/Dienste   )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

-------\Service_Emdepa

-------\Service_mailKmd

.

.

(((((((((((((((((((((((   Dateien erstellt von 2011-06-08 bis 2011-07-08  ))))))))))))))))))))))))))))))

.

.

2011-07-05 16:07 . 2011-07-05 16:41        --------        d-----w-        C:\cofi

2011-06-29 18:42 . 2011-04-29 15:59        276992        ----a-w-        c:\windows\system32\schannel.dll

2011-06-23 20:10 . 2011-06-23 20:10        --------        d-----w-        C:\_OTL

2011-06-15 18:15 . 2011-06-15 18:15        --------        d-----w-        c:\users\Mia\AppData\Roaming\Malwarebytes

2011-06-15 18:14 . 2011-05-29 07:11        39984        ----a-w-        c:\windows\system32\drivers\mbamswissarmy.sys

2011-06-15 18:14 . 2011-06-15 18:14        --------        d-----w-        c:\programdata\Malwarebytes

2011-06-15 18:14 . 2011-05-29 07:11        22712        ----a-w-        c:\windows\system32\drivers\mbam.sys

2011-06-15 18:12 . 2011-06-17 07:52        --------        d-----w-        c:\program files\anti-malware

2011-06-15 17:08 . 2011-04-29 13:25        146432        ----a-w-        c:\windows\system32\drivers\srv2.sys

2011-06-15 17:08 . 2011-04-29 13:25        102400        ----a-w-        c:\windows\system32\drivers\srvnet.sys

2011-06-15 17:08 . 2011-04-21 13:58        273408        ----a-w-        c:\windows\system32\drivers\afd.sys

2011-06-15 17:08 . 2011-05-02 17:19        766464        ----a-w-        c:\program files\Common Files\Microsoft Shared\vgx\VGX.dll

2011-06-15 17:08 . 2010-12-20 16:35        563712        ----a-w-        c:\windows\system32\oleaut32.dll

2011-06-15 17:08 . 2011-05-02 17:16        739328        ----a-w-        c:\windows\system32\inetcomm.dll

2011-06-15 17:08 . 2011-04-29 13:24        214016        ----a-w-        c:\windows\system32\drivers\mrxsmb10.sys

2011-06-15 17:08 . 2011-04-29 13:24        79872        ----a-w-        c:\windows\system32\drivers\mrxsmb20.sys

2011-06-15 17:08 . 2011-04-29 13:24        106496        ----a-w-        c:\windows\system32\drivers\mrxsmb.sys

2011-06-15 17:07 . 2011-05-02 12:02        2409784        ----a-w-        c:\program files\Windows Mail\OESpamFilter.dat

.

.

.

((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-07-03 18:01 . 2010-04-22 20:21        66616        ----a-w-        c:\windows\system32\drivers\avgntflt.sys

2011-07-03 18:01 . 2010-04-22 20:21        138192        ----a-w-        c:\windows\system32\drivers\avipbb.sys

2011-05-24 17:14 . 2009-10-02 23:37        222080        ------w-        c:\windows\system32\MpSigStub.exe

2006-05-03 09:06        163328        --sh--r-        c:\windows\System32\flvDX.dll

2007-02-21 10:47        31232        --sh--r-        c:\windows\System32\msfDX.dll

.

.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))

.

.

*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 152872]

"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]

"msnmsgr"="c:\progra~1\MSNMES~1\msnmsgr.exe" [2007-01-19 5674352]

"PhonostarAgent"="c:\program files\Internetradio phonostar\phonostar\ps_agent.exe" [2007-12-05 98304]

"PhonostarTimer"="c:\program files\Internetradio phonostar\phonostar\ps_timer.exe" [2007-12-05 126976]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-04-29 39408]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"="RtHDVCpl.exe" [2007-02-15 4390912]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-02-15 857648]

"TVBroadcast"="c:\program files\Sceneo\Bonavista\Services\ODSBC\ODSBCApp.exe" [2007-05-08 790016]

"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2006-11-15 151552]

"LaunchAp"="c:\program files\Launch Manager\LaunchAp.exe" [2005-07-25 32768]

"HotkeyApp"="c:\program files\Launch Manager\HotkeyApp.exe" [2006-12-14 192512]

"LMgrOSD"="c:\program files\Launch Manager\OSD.exe" [2006-12-26 180224]

"Wbutton"="c:\program files\Launch Manager\Wbutton.exe" [2006-11-09 86016]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-08-24 141848]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-08-24 154136]

"Persistence"="c:\windows\system32\igfxpers.exe" [2007-08-24 129560]

"toolbar_eula_launcher"="c:\program files\GoogleEULA\EULALauncher.exe" [2007-02-09 16896]

"SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2006-11-22 630784]

"UVS10 Preload"="c:\program files\Ulead Systems\Ulead VideoStudio SE DVD\uvPL.exe" [2006-08-10 36864]

"QuickTime Task"="c:\program files\Quicktime Apple\QTTask.exe" [2007-12-11 286720]

"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]

"BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2007-03-12 663552]

"ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2007-01-26 65536]

"VMware hqtray"="c:\program files\VMware\VMware Player\hqtray.exe" [2008-10-28 64048]

"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-11-05 281768]

"CtrlVol"="c:\program files\Launch Manager\CtrlVol.exe" [BU]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2010-9-9 113664]

Adobe Reader - Schnellstart.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-4-23 29696]

Microsoft Office.lnk - c:\program files\frontpage\Office\OSA9.EXE [1999-2-17 65588]

WinManager.lnk - c:\program files\Fujitsu Siemens\WinManager\WinManager.exe [2008-5-3 61440]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]

2007-07-16 18:35        220160        ----a-w-        c:\program files\Google\Google Desktop Search\GoogleDesktop.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]

2007-01-19 10:55        5674352        ----a-w-        c:\program files\MSN Messenger\msnmsgr.exe

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-21 135664]

R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\ALDI Sued Foto Service\Common\Database\bin\fbserver.exe [2005-11-17 1527900]

R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-21 135664]

R3 PDNMp50;PDNMp50 NDIS Protocol Driver;c:\windows\system32\drivers\PDNMp50.sys [2006-11-28 28224]

R3 PDNSp50;PDNSp50 NDIS Protocol Driver;c:\windows\system32\drivers\PDNSp50.sys [2006-11-28 27072]

R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]

S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2011-05-08 136360]

S2 ClipInc001;ClipInc 001;c:\program files\Radio\Tobit ClipInc\Server\ClipInc-Server.exe 001 [x]

S2 GnabService;GnabService;c:\program files\common files\gnab\service\servicecontroller.exe [2007-04-13 36864]

S2 srvcPVR;Sceneo PVR Service;c:\program files\Sceneo\Bonavista\Services\PVR\PVRService.exe [2007-05-04 1600512]

S2 vmci;VMware vmci;c:\windows\system32\Drivers\vmci.sys [2008-10-28 54960]

S3 RTL8187B;Realtek RTL8187B Wireless 802.11g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8187B.sys [2007-07-05 277504]

S3 tap0801;TAP-Win32 Adapter V8;c:\windows\system32\DRIVERS\tap0801.sys [2006-10-01 26624]

S3 UDXTTM6000;DTV-DVB UDXTTM6000 - USB 2.0 Receiver;c:\windows\system32\Drivers\UDXTTM6000.sys [2007-06-21 320384]

S3 UDXTTM6000HID;UDXTTM6000HID - HID Driver;c:\windows\system32\drivers\UDXTTM6000HID.sys [2006-06-29 17408]

S3 WisLMSvc;WisLMSvc;c:\program files\Launch Manager\WisLMSvc.exe [2006-11-17 118784]

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

LocalServiceAndNoImpersonation        REG_MULTI_SZ           FontCache

.

Inhalt des "geplante Tasks" Ordners

.

2011-07-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-21 21:58]

.

2011-07-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-21 21:58]

.

2011-07-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-967124566-3105974339-2490099070-1003Core.job

- c:\users\Mia\AppData\Local\Google\Update\GoogleUpdate.exe [2008-09-02 20:41]

.

2011-07-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-967124566-3105974339-2490099070-1003UA.job

- c:\users\Mia\AppData\Local\Google\Update\GoogleUpdate.exe [2008-09-02 20:41]

.

2011-07-08 c:\windows\Tasks\User_Feed_Synchronization-{8E21E027-9A81-475C-B74E-F815515A4C7B}.job

- c:\windows\system32\msfeedssync.exe [2008-09-29 07:33]

.

.

------- Zusätzlicher Suchlauf -------

.

uStart Page = hxxp://www.web.de/

IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html

IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000

IE: {{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-1170-17534-22/4

LSP: c:\program files\VMware\VMware Player\vsocklib.dll

TCP: Interfaces\{C06D1B59-E6AC-492E-8A4C-75DD60A75F7D}: NameServer = 0.0.0.0

TCP: Interfaces\{EB2E3AE0-276B-4FE5-815E-CD5B1CB1AE8D}: NameServer = 62.109.123.196 213.191.74.18

FF - ProfilePath - c:\users\Mia\AppData\Roaming\Mozilla\Firefox\Profiles\o2tx0ldy.default\

FF - prefs.js: browser.search.selectedEngine - Google.de

FF - prefs.js: browser.startup.homepage - hxxp://www.web.de/

FF - prefs.js: network.proxy.type - 2

FF - Ext: Domain Details: {152455DE-7B40-4bcf-B5B4-C68A1BE85A91} - %profile%\extensions\{152455DE-7B40-4bcf-B5B4-C68A1BE85A91}

FF - Ext: MeasureIt: {75CEEE46-9B64-46f8-94BF-54012DE155F0} - %profile%\extensions\{75CEEE46-9B64-46f8-94BF-54012DE155F0}

FF - Ext: Firebug: firebug@software.joehewitt.com - %profile%\extensions\firebug@software.joehewitt.com

FF - Ext: FireShot: {0b457cAA-602d-484a-8fe7-c1d894a011ba} - %profile%\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}

FF - Ext: Split Browser: {29c4afe1-db19-4298-8785-fcc94d1d6c1d} - %profile%\extensions\{29c4afe1-db19-4298-8785-fcc94d1d6c1d}

FF - Ext: TinyUrl Creator: {89736E8E-4B14-4042-8C75-AD00B6BD3900} - %profile%\extensions\{89736E8E-4B14-4042-8C75-AD00B6BD3900}

FF - Ext: FoxTab: {ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a} - %profile%\extensions\{ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}

FF - Ext: Pinger: janetka@pinger - %profile%\extensions\janetka@pinger

FF - Ext: Diigo Bookmarks and Web Annotations: {fc2b8f80-d9a5-4f51-8076-7c7ce3c67ee3} - %profile%\extensions\{fc2b8f80-d9a5-4f51-8076-7c7ce3c67ee3}

FF - Ext: Zotero: zotero@chnm.gmu.edu - %profile%\extensions\zotero@chnm.gmu.edu

FF - Ext: WOT: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} - %profile%\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

FF - user.js: network.cookie.cookieBehavior - 0

FF - user.js: privacy.clearOnShutdown.cookies - false

FF - user.js: security.warn_viewing_mixed - false

FF - user.js: security.warn_viewing_mixed.show_once - false

FF - user.js: security.warn_submit_insecure - false

FF - user.js: security.warn_submit_insecure.show_once - false

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net

Rootkit scan 2011-07-08 10:22

Windows 6.0.6002 Service Pack 2 NTFS

.

Scanne versteckte Prozesse... 

.

Scanne versteckte Autostarteinträge... 

.

HKLM\Software\Microsoft\Windows\CurrentVersion\Run

  CtrlVol = c:\program files\Launch Manager\CtrlVol.exe?????H????????6??????*e?w????????????0???$???????d??????w????????Rs?w?s?w?????6???6??Cb?v????4???&??v?????????6??t???? A?????????? A????#Cb?v|????????a@?H??????????? ?A??Z?#????? A???@??6???x@??6?????#??@??7????? 

.

Scanne versteckte Dateien... 

.

.

c:\users\Mia\AppData\Local\Temp\catchme.dll 53248 bytes executable

c:\windows\TEMP\TMP0000000E231CC3E1CB447A64 524288 bytes

.

Scan erfolgreich abgeschlossen

versteckte Dateien: 2

.

**************************************************************************

.

--------------------- Gesperrte Registrierungsschluessel ---------------------

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

--------------------- Durch laufende Prozesse gestartete DLLs ---------------------

.

- - - - - - - > 'Explorer.exe'(4764)

c:\program files\WinSCP\DragExt.dll

.

------------------------ Weitere laufende Prozesse ------------------------

.

c:\windows\RtHDVCpl.exe

c:\windows\system32\igfxsrvc.exe

c:\windows\ehome\ehmsas.exe

c:\program files\Avira\AntiVir Desktop\avguard.exe

c:\program files\Radio\Tobit ClipInc\Server\ClipInc-Server.exe

c:\program files\Avira\AntiVir Desktop\avshadow.exe

c:\program files\Intel\Intel Matrix Storage Manager\Iaantmon.exe

c:\program files\Medion\MEDIONbox\Program\GCS.exe

c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe

c:\program files\Common Files\LightScribe\LSSrvc.exe

c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

c:\windows\system32\vmnat.exe

c:\program files\VMware\VMware Player\vmware-authd.exe

c:\windows\system32\vmnetdhcp.exe

c:\program files\Common Files\Ahead\Lib\NMIndexingService.exe

c:\program files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe

c:\windows\system32\wbem\unsecapp.exe

.

**************************************************************************

.

Zeit der Fertigstellung: 2011-07-08  10:37:54 - PC wurde neu gestartet

ComboFix-quarantined-files.txt  2011-07-08 08:37

ComboFix2.txt  2011-07-05 16:40

.

Vor Suchlauf: 29 Verzeichnis(se), 11.772.448.768 Bytes frei

Nach Suchlauf: 31 Verzeichnis(se), 10.938.888.192 Bytes frei

.

- - End Of File - - 8E51B1624A7DF9160510FA249D0A8D70

--- --- ---

Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.

Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM!

Downloade Dir danach bitte MBRCheck (by a_d_13) und speichere die Datei auf dem Desktop.

Doppelklick auf die MBRCheck.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Das Tool braucht nur wenige Sekunden.
Danach solltest du eine MBRCheck_<Datum>_<Uhrzeit>.txt auf dem Desktop finden.

Poste mir bitte den Inhalt des .txt Dokumentes

GMER hat nicht funktioniert. Das Programm ist zweimal abgestürzt und dann habe ich es gelassen.

Hier die Log von OSAM
OSAM Logfile:

Code:

Report of OSAM: Autorun Manager v5.0.11926.0

hxxp://www.online-solutions.ru/en/

Saved at 10:47:39 on 09.07.2011
 

OS: Windows Vista Home Premium Edition Service Pack 2 (Build 6002), 32-bit

Default Browser: Mozilla Corporation Firefox 3.6.18
 

Scanner Settings

[x] Rootkits detection (hidden registry)

[x] Rootkits detection (hidden files)

[x] Retrieve files information

[x] Check Microsoft signatures
 

Filters

[ ] Trusted entries

[ ] Empty entries

[x] Hidden registry entries (rootkit activity)

[x] Exclusively opened files

[x] Not found files

[x] Files without detailed information

[x] Existing files

[ ] Non-startable services

[ ] Non-startable drivers

[x] Active entries

[x] Disabled entries
 
 

[AppInit DLLs]

-----( HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows )-----

"AppInit_DLLs" - "Google" - C:\PROGRA~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll
 

[Common]

-----( %SystemRoot%\Tasks )-----

"GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe

"GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe

"GoogleUpdateTaskUserS-1-5-21-967124566-3105974339-2490099070-1003Core.job" - "Google Inc." - C:\Users\Mia\AppData\Local\Google\Update\GoogleUpdate.exe

"GoogleUpdateTaskUserS-1-5-21-967124566-3105974339-2490099070-1003UA.job" - "Google Inc." - C:\Users\Mia\AppData\Local\Google\Update\GoogleUpdate.exe
 

[Control Panel Objects]

-----( %SystemRoot%\system32 )-----

"ddbaccpl.cpl" - "DataDesign AG" - C:\Windows\system32\ddbaccpl.cpl

"ddbacctm.cpl" - "DataDesign AG" - C:\Windows\system32\ddbacctm.cpl

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----

"Nero BurnRights" - "Nero AG" - C:\Program Files\Nero\Nero 7\Nero Toolkit\NeroBurnRights.cpl

"QuickTime" - "Apple Inc." - C:\Program Files\Quicktime Apple\QTSystem\QuickTime.cpl
 

[Drivers]

-----( HKLM\SYSTEM\CurrentControlSet\Services )-----

"avgntflt" (avgntflt) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avgntflt.sys

"avipbb" (avipbb) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avipbb.sys

"catchme" (catchme) - ? - C:\cofi28445c\catchme.sys  (File not found)

"Hotkey" (Hotkey) - ? - C:\Windows\system32\drivers\Hotkey.sys  (File found, but it contains no detailed information)

"IP in IP Tunnel Driver" (IpInIp) - ? - C:\Windows\System32\DRIVERS\ipinip.sys  (File not found)

"IPX Traffic Filter Driver" (NwlnkFlt) - ? - C:\Windows\System32\DRIVERS\nwlnkflt.sys  (File not found)

"IPX Traffic Forwarder Driver" (NwlnkFwd) - ? - C:\Windows\System32\DRIVERS\nwlnkfwd.sys  (File not found)

"IVI ASPI Shell" (Iviaspi) - "InterVideo, Inc." - C:\Windows\System32\drivers\iviaspi.sys

"PDNMp50 NDIS Protocol Driver" (PDNMp50) - "Printing Communications Assoc., Inc. (PCAUSA)" - C:\Windows\system32\drivers\PDNMp50.sys

"PDNSp50 NDIS Protocol Driver" (PDNSp50) - "Printing Communications Assoc., Inc. (PCAUSA)" - C:\Windows\system32\drivers\PDNSp50.sys

"ssmdrv" (ssmdrv) - "Avira GmbH" - C:\Windows\System32\DRIVERS\ssmdrv.sys

"TAP-Win32 Adapter V8" (tap0801) - "The OpenVPN Project" - C:\Windows\System32\DRIVERS\tap0801.sys

"VMware hcmon" (hcmon) - "VMware, Inc." - C:\Windows\system32\drivers\hcmon.sys

"VMware kbd" (vmkbd) - "VMware, Inc." - C:\Windows\system32\drivers\VMkbd.sys

"VMware Network Application Interface" (VMnetuserif) - "VMware, Inc." - C:\Windows\system32\drivers\vmnetuserif.sys

"VMware vmci" (vmci) - "VMware, Inc." - C:\Windows\system32\Drivers\vmci.sys

"VMware vmx86" (vmx86) - "VMware, Inc." - C:\Windows\system32\Drivers\vmx86.sys

"Vstor2 WS60 Virtual Storage Driver" (vstor2-ws60) - "VMware, Inc." - C:\Program Files\VMware\VMware Player\vstor2-ws60.sys
 

[Explorer]

-----( HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----

{BDEADF00-C265-11d0-BCED-00A0C90AB50F} "Webordner" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL

-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----

{7D4D6379-F301-4311-BEBA-E26EB0561882} "NeroDigitalColumnHandler Class" - "Nero AG" - C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll

{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll

-----( HKLM\Software\Classes\Protocols\Filter )-----

{807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL

-----( HKLM\Software\Classes\Protocols\Handler )-----

{314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll

{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

{828030A1-22C1-4009-854F-8E305202313F} "livecall" - "Microsoft Corporation" - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

{0A9007C0-4076-11D3-8789-0000F8105754} "Microsoft Infotech Storage Protocol for IE 4.0" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll

{828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----

{911051fa-c21c-4246-b470-070cd8df6dc4} ".cab or .zip files" - ? -   (File not found | COM-object registry key not found)

{1b24a030-9b20-49bc-97ac-1be4426f9e59} "ActiveDirectory Folder" - ? -   (File not found | COM-object registry key not found)

{34449847-FD14-4fc8-A75A-7432F5181EFB} "ActiveDirectory Folder" - ? -   (File not found | COM-object registry key not found)

{0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48} "Contacts folder" - ? -   (File not found | COM-object registry key not found)

{2C2577C2-63A7-40e3-9B7F-586602617ECB} "Explorer Query Band" - ? -   (File not found | COM-object registry key not found)

{B988C8B2-373B-11CF-B6E0-00AA00BBBA9E} "ImageComposer.CompositionPropertyPage" - "Microsoft Corporation" - C:\Program Files\Microsoft Image Composer\SERVER.DLL

{00020d75-0000-0000-c000-000000000046} "lnkfile" - ? -   (File not found | COM-object registry key not found)

{73B24247-042E-4EF5-ADC2-42F62E6FD654} "MCLiteShellExt Class" - ? - C:\Program Files\ICQLite\ICQLiteShell.dll

{FC9FB64A-1EB2-4CCF-AF5E-1A497A9B5C2D} "Meine freigegebenen Ordner" - "Microsoft Corporation" - C:\Program Files\MSN Messenger\fsshext.8.1.0178.00.dll

{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\msohevi.dll

{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll

{5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C} "Microsoft Office OneNote Namespace Extension for Windows Desktop Search" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\ONFILTER.DLL

{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll

{97F68CE3-7146-45FF-BE24-D9A7DD7CB8A2} "NeroCoverEdLiveIcons Class" - "Nero AG" - C:\Program Files\Nero\Nero 7\Nero CoverDesigner\CoverEdExtension.dll

{B327765E-D724-4347-8B16-78AE18552FC3} "NeroDigitalIconHandler Class" - "Nero AG" - C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll

{7F1CF152-04F8-453A-B34C-E609530A9DC8} "NeroDigitalPropSheetHandler Class" - "Nero AG" - C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll

{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} "RealOne Player Context Menu Class" - "RealNetworks, Inc." - C:\Program Files\Real\RealPlayer\rpshell.dll

{C8494E42-ACDD-4739-B0FB-217361E4894F} "Sam Account Folder" - ? -   (File not found | COM-object registry key not found)

{E29F9716-5C08-4FCD-955A-119FDB5A522D} "Sam Account Folder" - ? -   (File not found | COM-object registry key not found)

{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\shlext.dll

{DBD8E168-244D-448C-9922-25508950D1DC} "USIShellExt Class" - "Ulead Systems, Inc." - C:\Program Files\Common Files\Ulead Systems\DVD\USIShex.dll

{da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" - ? -   (File not found | COM-object registry key not found)

{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - "Alexander Roshal" - C:\Program Files\WinRAR\rarext.dll
 

[Internet Explorer]

-----( HKCU\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----

"eBay - Der weltweite Online-Marktplatz" - ? - hxxp://rover.ebay.com/rover/1/707-1170-17534-22/4  (HTTP value)

-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----

<binary data> "Google Toolbar" - "Google Inc." - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

<binary data> "ITBar7Layout" - ? -   (File not found | COM-object registry key not found)

-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----

{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} "Java Plug-in 1.6.0_03" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab

{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} "Java Plug-in 1.6.0_05" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab

{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_20" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} "Java Plug-in 1.6.0_20" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_20" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_20.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

{6E32070A-766D-4EE6-879C-DC1FA91D2FC3} "MUWebControl Class" - "Microsoft Corporation" - C:\Windows\system32\muweb.dll / hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1183949065925

{05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} "Office Genuine Advantage Validation Tool" - ? - C:\Windows\system32\OGACheckControl.DLL / hxxp://download.microsoft.com/download/e/7/3/e7345c16-80aa-4488-ae10-9ac6be844f99/OGAControl.cab

{D27CDB6E-AE6D-11CF-96B8-444553540000} "Shockwave Flash Object" - "Adobe Systems, Inc." - C:\Windows\system32\Macromed\Flash\Flash10e.ocx / hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

{3D3B42C2-11BF-4732-A304-A01384B70D68} "UploadListView Class" - "Google, Inc." - C:\Windows\Downloaded Program Files\UploaderX.dll / hxxp://picasaweb.google.com/s/v/57.11/uploader2.cab

{17492023-C23A-453E-A040-C7C580BBF700} "Windows Genuine Advantage Validation Tool" - "Microsoft Corporation" - C:\Windows\system32\LegitCheckControl.DLL / hxxp://download.microsoft.com/download/5/b/0/5b0d4654-aa20-495c-b89f-c1c34c691085/LegitCheckControl.cab

{8FFBE65D-2C9C-4669-84BD-5829DC0B603C} "{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}" - ? -   (File not found | COM-object registry key not found) / hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab

{E2883E8F-472F-4FB0-9522-AC9BF37916A7} "{E2883E8F-472F-4FB0-9522-AC9BF37916A7}" - ? -   (File not found | COM-object registry key not found) / hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----

{48E73304-E1D6-4330-914C-F5F514E3486C} "An OneNote senden" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll

"eBay - Der weltweite Online-Marktplatz" - ? - hxxp://rover.ebay.com/rover/1/707-1170-17534-22/4  (HTTP value)

"ICQ Lite" - ? - C:\Program Files\ICQLite\ICQLite.exe  (File not found)

"ICQ7.2" - "ICQ, LLC." - C:\Program Files\ICQ\version 7\ICQ7.2\ICQ.exe

{FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL

-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )-----

{6E6E744E-4D20-4ce3-9A7A-26DFFFE22F68} "FireShot" - ? - C:\Users\Mia\AppData\Roaming\Mozilla\Firefox\Profiles\o2tx0ldy.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}\library\fsaddin-0.78.dll  (File not found)

<binary data> "Google Toolbar" - "Google Inc." - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----

{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} "Adobe PDF Reader Link Helper" - "Adobe Systems Incorporated" - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

{AA58ED58-01DD-4d91-8333-CF10577473F7} "Google Toolbar Helper" - "Google Inc." - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} "Google Toolbar Notifier BHO" - "Google Inc." - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll

{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll

{3049C3E9-B461-4BC5-8870-4C09146192CA} "RealPlayer Download and Record Plugin for Internet Explorer" - "RealPlayer" - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll

{7E853D72-626A-48EC-A868-BA8D5E23E045} "{7E853D72-626A-48EC-A868-BA8D5E23E045}" - ? -   (File not found | COM-object registry key not found)
 

[Logon]

-----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )-----

"desktop.ini" - ? - C:\Users\Mia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini

-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----

"Adobe Gamma Loader.lnk" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe  (Shortcut exists | File exists)

"Adobe Reader - Schnellstart.lnk" - "Adobe Systems Incorporated" - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe  (Shortcut exists | File exists)

"desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini

"Microsoft Office.lnk" - "Microsoft Corporation" - C:\Program Files\frontpage\Office\OSA9.EXE  (Shortcut exists | File exists)

"WinManager.lnk" - ? - C:\Program Files\Fujitsu Siemens\WinManager\WinManager.exe  (Shortcut exists | File exists)

-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}" - "Nero AG" - "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"

"msnmsgr" - "Microsoft Corporation" - "C:\PROGRA~1\MSNMES~1\msnmsgr.exe" /background

"PhonostarAgent" - ? - C:\Program Files\Internetradio phonostar\phonostar\ps_agent.exe

"PhonostarTimer" - ? - C:\Program Files\Internetradio phonostar\phonostar\ps_timer.exe

"swg" - "Google Inc." - "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

-----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )-----

"StartupPrograms" - ? - rdpclip  (File not found)

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----

"avgnt" - "Avira GmbH" - "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min

"BrMfcWnd" - "Brother Industries, Ltd." - C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN

"ControlCenter3" - "Brother Industries, Ltd." - C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun

"CtrlVol" - ? - C:\Program Files\Launch Manager\CtrlVol.exe  (File not found)

"HotkeyApp" - "Wistron" - "C:\Program Files\Launch Manager\HotkeyApp.exe"

"IAAnotif" - "Intel Corporation" - "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"

"LaunchAp" - ? - "C:\Program Files\Launch Manager\LaunchAp.exe"

"LMgrOSD" - "Wistron Corp." - "C:\Program Files\Launch Manager\OSD.exe"

"NeroFilterCheck" - "Nero AG" - C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

"QuickTime Task" - "Apple Inc." - "C:\Program Files\Quicktime Apple\QTTask.exe" -atboottime

"SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

"toolbar_eula_launcher" - " " - C:\Program Files\GoogleEULA\EULALauncher.exe

"TVBroadcast" - "ODSoft multimedia" - C:\Program Files\Sceneo\Bonavista\Services\ODSBC\ODSBCApp.exe

"UVS10 Preload" - "Ulead Systems, Inc." - C:\Program Files\Ulead Systems\Ulead VideoStudio SE DVD\uvPL.exe

"VMware hqtray" - "VMware, Inc." - "C:\Program Files\VMware\VMware Player\hqtray.exe"

"Wbutton" - ? - "C:\Program Files\Launch Manager\Wbutton.exe"
 

[Print Monitors]

-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----

"Microsoft Document Imaging Writer Monitor" - "Microsoft Corporation" - C:\Windows\system32\mdimon.dll

"Send To Microsoft OneNote Monitor" - "Microsoft Corporation" - C:\Windows\system32\msonpmon.dll
 

[Services]

-----( HKLM\SYSTEM\CurrentControlSet\Services )-----

"@c:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100" (WPFFontCache_v0400) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe

"Adobe LM Service" (Adobe LM Service) - ? - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

"Avira AntiVir Guard" (AntiVirService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\avguard.exe

"Avira AntiVir Planer" (AntiVirSchedulerService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\sched.exe

"ClipInc 001" (ClipInc001) - ? - c:\Program Files\Radio\Tobit ClipInc\Server\ClipInc-Server.exe

"Firebird Server - MAGIX Instance" (FirebirdServerMAGIXInstance) - "MAGIX®" - C:\Program Files\ALDI Sued Foto Service\Common\Database\bin\fbserver.exe

"GnabService" (GnabService) - "Empolis GmbH" - c:\program files\common files\gnab\service\servicecontroller.exe

"Google Software Updater" (gusvc) - "Google" - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

"Google Update Service (gupdate)" (gupdate) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe

"Google Update-Dienst (gupdatem)" (gupdatem) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe

"InstallDriver Table Manager" (IDriverT) - "Macrovision Corporation" - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

"Intel(R) Matrix Storage Event Monitor" (IAANTMON) - "Intel Corporation" - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe

"IviRegMgr" (IviRegMgr) - "InterVideo" - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe

"LightScribeService Direct Disc Labeling Service" (LightScribeService) - "Hewlett-Packard Company" - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

"Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

"Microsoft Office Diagnostics Service" (odserv) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE

"NBService" (NBService) - "Nero AG" - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe

"NMIndexingService" (NMIndexingService) - "Nero AG" - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

"Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE

"OpenVPN Service" (OpenVPNService) - ? - C:\Program Files\Wlan\OpenVPN\bin\openvpnserv.exe  (File not found)

"Sceneo PVR Service" (srvcPVR) - "Buhl Data Service GmbH" - C:\Program Files\Sceneo\Bonavista\Services\PVR\PVRService.exe

"Ulead Burning Helper" (UleadBurningHelper) - "Ulead Systems, Inc." - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

"VMware Agent Service" (ufad-ws60) - "VMware, Inc." - C:\Program Files\VMware\VMware Player\vmware-ufad.exe

"VMware Authorization Service" (VMAuthdService) - "VMware, Inc." - C:\Program Files\VMware\VMware Player\vmware-authd.exe

"VMware DHCP Service" (VMnetDHCP) - "VMware, Inc." - C:\Windows\system32\vmnetdhcp.exe

"VMware NAT Service" (VMware NAT Service) - "VMware, Inc." - C:\Windows\system32\vmnat.exe

"WisLMSvc" (WisLMSvc) - "Wistron Corp." - C:\Program Files\Launch Manager\WisLMSvc.exe
 

[Winsock Providers]

-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries )-----

"VMCI sockets DGRAM" - "VMware, Inc." - C:\Program Files\VMware\VMware Player\vsocklib.dll

"VMCI sockets STREAM" - "VMware, Inc." - C:\Program Files\VMware\VMware Player\vsocklib.dll
 

===[ Logfile end ]=========================================[ Logfile end ]===
 

--- --- ---
 

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru

Logs von MBRCheck

Code:



MBRCheck, version 1.2.3

(c) 2010, AD
 

Command-line:                        

Windows Version:                Windows Vista Home Premium Edition

Windows Information:                Service Pack 2 (build 6002), 32-bit

Base Board Manufacturer:        MEDION

BIOS Manufacturer:                Phoenix Technologies LTD

System Manufacturer:                MEDION

System Product Name:                WIM2160

Logical Drives Mask:                0x0000001c
 

Kernel Drivers (total 163):

  0x8241A000 \SystemRoot\system32\ntoskrnl.exe

  0x827C5000 \SystemRoot\system32\hal.dll

  0x82C09000 \SystemRoot\system32\kdcom.dll

  0x82C10000 \SystemRoot\system32\mcupdate_GenuineIntel.dll

  0x82C80000 \SystemRoot\system32\PSHED.dll

  0x82C91000 \SystemRoot\system32\BOOTVID.dll

  0x82C99000 \SystemRoot\system32\CLFS.SYS

  0x82CDA000 \SystemRoot\system32\CI.dll

  0x82DBA000 \SystemRoot\system32\drivers\Wdf01000.sys

  0x82E36000 \SystemRoot\system32\drivers\WDFLDR.SYS

  0x82E43000 \SystemRoot\system32\drivers\acpi.sys

  0x82E89000 \SystemRoot\system32\drivers\WMILIB.SYS

  0x82E92000 \SystemRoot\system32\drivers\msisadrv.sys

  0x82E9A000 \SystemRoot\system32\drivers\pci.sys

  0x82EC1000 \SystemRoot\System32\drivers\partmgr.sys

  0x82ED0000 \SystemRoot\system32\DRIVERS\compbatt.sys

  0x82ED3000 \SystemRoot\system32\DRIVERS\BATTC.SYS

  0x82EDD000 \SystemRoot\system32\drivers\volmgr.sys

  0x82EEC000 \SystemRoot\System32\drivers\volmgrx.sys

  0x82F36000 \SystemRoot\system32\drivers\intelide.sys

  0x82F3D000 \SystemRoot\system32\drivers\PCIIDEX.SYS

  0x82F4B000 \SystemRoot\System32\drivers\mountmgr.sys

  0x88002000 \SystemRoot\system32\DRIVERS\iaStor.sys

  0x880BA000 \SystemRoot\system32\drivers\atapi.sys

  0x880C2000 \SystemRoot\system32\drivers\ataport.SYS

  0x880E0000 \SystemRoot\system32\drivers\fltmgr.sys

  0x88112000 \SystemRoot\system32\drivers\fileinfo.sys

  0x88122000 \SystemRoot\System32\Drivers\ksecdd.sys

  0x88193000 \SystemRoot\system32\drivers\ndis.sys

  0x8829E000 \SystemRoot\system32\drivers\msrpc.sys

  0x882C9000 \SystemRoot\system32\drivers\NETIO.SYS

  0x88304000 \SystemRoot\System32\drivers\tcpip.sys

  0x82F5B000 \SystemRoot\System32\drivers\fwpkclnt.sys

  0x88401000 \SystemRoot\System32\Drivers\Ntfs.sys

  0x88511000 \SystemRoot\system32\drivers\volsnap.sys

  0x8854A000 \SystemRoot\system32\DRIVERS\uagp35.sys

  0x8855B000 \SystemRoot\System32\Drivers\spldr.sys

  0x88563000 \SystemRoot\System32\Drivers\mup.sys

  0x88572000 \SystemRoot\System32\drivers\ecache.sys

  0x88599000 \SystemRoot\system32\drivers\disk.sys

  0x885AA000 \SystemRoot\system32\drivers\CLASSPNP.SYS

  0x885CB000 \SystemRoot\system32\drivers\crcdisk.sys

  0x88699000 \SystemRoot\system32\DRIVERS\tunnel.sys

  0x886A4000 \SystemRoot\system32\DRIVERS\tunmp.sys

  0x886AD000 \SystemRoot\system32\DRIVERS\intelppm.sys

  0x886BC000 \SystemRoot\system32\DRIVERS\wmiacpi.sys

  0x8C808000 \SystemRoot\system32\DRIVERS\igdkmd32.sys

  0x8CE33000 \SystemRoot\System32\drivers\dxgkrnl.sys

  0x8CED3000 \SystemRoot\System32\drivers\watchdog.sys

  0x8CEDF000 \SystemRoot\system32\DRIVERS\HDAudBus.sys

  0x8CF6C000 \SystemRoot\system32\DRIVERS\Rtlh86.sys

  0x8CF84000 \SystemRoot\system32\DRIVERS\usbuhci.sys

  0x8CF8F000 \SystemRoot\system32\DRIVERS\USBPORT.SYS

  0x8CFCD000 \SystemRoot\system32\DRIVERS\usbehci.sys

  0x8CFDC000 \SystemRoot\system32\DRIVERS\ohci1394.sys

  0x8CFEC000 \SystemRoot\system32\DRIVERS\1394BUS.SYS

  0x886C5000 \SystemRoot\system32\DRIVERS\sdbus.sys

  0x886DF000 \SystemRoot\system32\DRIVERS\rimmptsk.sys

  0x886ED000 \SystemRoot\system32\DRIVERS\rimsptsk.sys

  0x88701000 \SystemRoot\system32\DRIVERS\rixdptsk.sys

  0x8CFFA000 \SystemRoot\system32\DRIVERS\CmBatt.sys

  0x88752000 \SystemRoot\system32\DRIVERS\i8042prt.sys

  0x88765000 \SystemRoot\system32\DRIVERS\kbdclass.sys

  0x8C800000 \??\C:\Windows\system32\drivers\VMkbd.sys

  0x88770000 \SystemRoot\system32\DRIVERS\SynTP.sys

  0x8C805000 \SystemRoot\system32\DRIVERS\USBD.SYS

  0x8879B000 \SystemRoot\system32\DRIVERS\mouclass.sys

  0x887A6000 \SystemRoot\system32\drivers\iviaspi.sys

  0x887A9000 \SystemRoot\system32\DRIVERS\cdrom.sys

  0x887C1000 \SystemRoot\system32\DRIVERS\msiscsi.sys

  0x82F76000 \SystemRoot\system32\DRIVERS\storport.sys

  0x887F0000 \SystemRoot\system32\DRIVERS\TDI.SYS

  0x82FB7000 \SystemRoot\system32\DRIVERS\rasl2tp.sys

  0x883EE000 \SystemRoot\system32\DRIVERS\ndistapi.sys

  0x82FCE000 \SystemRoot\system32\DRIVERS\ndiswan.sys

  0x82FF1000 \SystemRoot\system32\DRIVERS\raspppoe.sys

  0x8D40B000 \SystemRoot\system32\DRIVERS\raspptp.sys

  0x8D41F000 \SystemRoot\system32\DRIVERS\rassstp.sys

  0x8D434000 \SystemRoot\system32\DRIVERS\tap0801.sys

  0x8D43F000 \SystemRoot\system32\DRIVERS\termdd.sys

  0x8D44F000 \SystemRoot\system32\DRIVERS\swenum.sys

  0x8D451000 \SystemRoot\system32\DRIVERS\ks.sys

  0x8D47B000 \SystemRoot\system32\DRIVERS\mssmbios.sys

  0x8D485000 \SystemRoot\system32\DRIVERS\umbus.sys

  0x8D492000 \SystemRoot\system32\DRIVERS\vmnetadapter.sys

  0x8D495000 \SystemRoot\system32\DRIVERS\VMNET.SYS

  0x8D498000 \SystemRoot\system32\DRIVERS\usbhub.sys

  0x8D4CD000 \SystemRoot\System32\Drivers\NDProxy.SYS

  0x8D4DE000 \SystemRoot\system32\drivers\RTKVHDA.sys

  0x8D686000 \SystemRoot\system32\drivers\portcls.sys

  0x8D6B3000 \SystemRoot\system32\drivers\drmk.sys

  0x8D6D8000 \SystemRoot\system32\DRIVERS\smserial.sys

  0x8D7C8000 \SystemRoot\system32\drivers\modem.sys

  0x8D7D5000 \SystemRoot\System32\Drivers\Fs_Rec.SYS

  0x8D7DE000 \SystemRoot\System32\Drivers\Null.SYS

  0x8D7E5000 \SystemRoot\System32\Drivers\Beep.SYS

  0x8D7F5000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS

  0x8D80B000 \SystemRoot\System32\drivers\vga.sys

  0x8D817000 \SystemRoot\System32\drivers\VIDEOPRT.SYS

  0x8D838000 \SystemRoot\System32\DRIVERS\RDPCDD.sys

  0x8D840000 \SystemRoot\system32\drivers\rdpencdd.sys

  0x8D848000 \SystemRoot\System32\Drivers\Msfs.SYS

  0x8D853000 \SystemRoot\System32\Drivers\Npfs.SYS

  0x8D861000 \SystemRoot\System32\DRIVERS\rasacd.sys

  0x8D86A000 \SystemRoot\system32\DRIVERS\tdx.sys

  0x8D880000 \SystemRoot\system32\DRIVERS\smb.sys

  0x8D894000 \SystemRoot\system32\drivers\afd.sys

  0x8D8DC000 \SystemRoot\System32\DRIVERS\netbt.sys

  0x8D90E000 \SystemRoot\system32\drivers\ws2ifsl.sys

  0x8D917000 \SystemRoot\system32\DRIVERS\pacer.sys

  0x8D92D000 \SystemRoot\system32\DRIVERS\netbios.sys

  0x8D93B000 \SystemRoot\system32\DRIVERS\wanarp.sys

  0x8D94E000 \SystemRoot\system32\DRIVERS\ssmdrv.sys

  0x8D954000 \SystemRoot\system32\DRIVERS\rdbss.sys

  0x8D990000 \SystemRoot\system32\drivers\nsiproxy.sys

  0x8D99A000 \SystemRoot\System32\Drivers\Hotkey.SYS

  0x8D99D000 \SystemRoot\System32\Drivers\dfsc.sys

  0x8D9B4000 \SystemRoot\system32\DRIVERS\avipbb.sys

  0x8D9DB000 \SystemRoot\System32\Drivers\fastfat.SYS

  0x8DA03000 \SystemRoot\System32\Drivers\UDXTTM6000.sys

  0x8DA52000 \SystemRoot\System32\Drivers\BdaSup.SYS

  0x8DA55000 \SystemRoot\system32\drivers\UDXTTM6000HID.sys

  0x8DA5D000 \SystemRoot\system32\drivers\HIDCLASS.SYS

  0x8DA6D000 \SystemRoot\system32\DRIVERS\kbdhid.sys

  0x8EC06000 \SystemRoot\system32\DRIVERS\snp2uvc.sys

  0x8EDAD000 \SystemRoot\system32\DRIVERS\STREAM.SYS

  0x8EDBA000 \SystemRoot\system32\DRIVERS\sncduvc.SYS

  0x8EDC1000 \SystemRoot\system32\DRIVERS\RTL8187B.sys

  0x8EE0E000 \SystemRoot\System32\Drivers\crashdmp.sys

  0x8EE1B000 \SystemRoot\System32\Drivers\dump_iaStor.sys

  0x924E0000 \SystemRoot\System32\win32k.sys

  0x8EED3000 \SystemRoot\System32\drivers\Dxapi.sys

  0x8EEDD000 \SystemRoot\system32\DRIVERS\monitor.sys

  0x92700000 \SystemRoot\System32\TSDDD.dll

  0x92720000 \SystemRoot\System32\cdd.dll

  0x8EEEC000 \SystemRoot\system32\drivers\luafv.sys

  0x8EF07000 \SystemRoot\system32\DRIVERS\avgntflt.sys

  0x8EF26000 \SystemRoot\system32\drivers\spsys.sys

  0x8EFD6000 \SystemRoot\system32\DRIVERS\vmnetbridge.sys

  0x8EFDC000 \SystemRoot\system32\DRIVERS\lltdio.sys

  0x8DA76000 \SystemRoot\system32\DRIVERS\nwifi.sys

  0x8EFEC000 \SystemRoot\system32\DRIVERS\ndisuio.sys

  0x8DAA0000 \SystemRoot\system32\DRIVERS\rspndr.sys

  0x8DAB3000 \SystemRoot\system32\drivers\HTTP.sys

  0x8DB20000 \SystemRoot\System32\DRIVERS\srvnet.sys

  0x8DB3D000 \SystemRoot\system32\DRIVERS\bowser.sys

  0x8DB56000 \SystemRoot\System32\drivers\mpsdrv.sys

  0x8DB6B000 \SystemRoot\system32\drivers\mrxdav.sys

  0x8DB8C000 \SystemRoot\system32\DRIVERS\mrxsmb.sys

  0x8DBAB000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys

  0x8DBE4000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys

  0x885D4000 \SystemRoot\System32\DRIVERS\srv2.sys

  0x885FC000 \SystemRoot\System32\DRIVERS\srv.sys

  0x8EFF6000 \??\C:\Windows\system32\drivers\hcmon.sys

  0x8864B000 \??\C:\Windows\system32\Drivers\vmci.sys

  0xB9C07000 \??\C:\Windows\system32\Drivers\vmx86.sys

  0xB9CD7000 \SystemRoot\system32\drivers\peauth.sys

  0xB9DB5000 \SystemRoot\System32\Drivers\secdrv.SYS

  0xB9DBF000 \SystemRoot\System32\drivers\tcpipreg.sys

  0xB9DCB000 \??\C:\Windows\system32\drivers\vmnetuserif.sys

  0xB9DD0000 \??\C:\Program Files\VMware\VMware Player\vstor2-ws60.sys

  0xB9DD4000 \SystemRoot\system32\DRIVERS\cdfs.sys

  0x77400000 \Windows\System32\ntdll.dll
 

Processes (total 89):

       0 System Idle Process

       4 System

     480 C:\Windows\System32\smss.exe

     628 csrss.exe

     672 C:\Windows\System32\wininit.exe

     680 csrss.exe

     716 C:\Windows\System32\services.exe

     744 C:\Windows\System32\lsass.exe

     752 C:\Windows\System32\lsm.exe

     824 C:\Windows\System32\winlogon.exe

     936 C:\Windows\System32\svchost.exe

    1004 C:\Windows\System32\svchost.exe

    1044 C:\Windows\System32\svchost.exe

    1136 C:\Windows\System32\svchost.exe

    1196 C:\Windows\System32\svchost.exe

    1224 C:\Windows\System32\svchost.exe

    1292 C:\Windows\System32\audiodg.exe

    1324 C:\Windows\System32\SLsvc.exe

    1368 C:\Windows\System32\svchost.exe

    1572 C:\Windows\System32\svchost.exe

    1796 C:\Windows\System32\spoolsv.exe

    1820 C:\Program Files\Avira\AntiVir Desktop\sched.exe

    1832 C:\Windows\System32\svchost.exe

    1348 C:\Windows\System32\dwm.exe

    1568 C:\Windows\System32\taskeng.exe

    1588 C:\Windows\explorer.exe

     920 C:\Windows\System32\taskeng.exe

    2056 C:\Windows\RtHDVCpl.exe

    2064 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

    2116 C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe

    2148 C:\Program Files\Launch Manager\LaunchAp.exe

    2164 C:\Program Files\Launch Manager\HotkeyApp.exe

    2188 C:\Program Files\Launch Manager\OSD.exe

    2196 C:\Program Files\Launch Manager\WButton.exe

    2208 C:\Program Files\Common Files\Java\Java Update\jusched.exe

    2304 C:\Windows\System32\hkcmd.exe

    2312 C:\Windows\System32\igfxpers.exe

    2328 C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe

    2360 C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe

    2376 C:\Program Files\VMware\VMware Player\hqtray.exe

    2388 C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

    2412 C:\Program Files\Windows Sidebar\sidebar.exe

    2420 C:\Windows\System32\igfxsrvc.exe

    2428 C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe

    2452 C:\Windows\ehome\ehtray.exe

    2508 C:\Program Files\MSN Messenger\msnmsgr.exe

    2540 C:\Program Files\Internetradio phonostar\phonostar\ps_agent.exe

    2568 C:\Program Files\Internetradio phonostar\phonostar\ps_timer.exe

    2600 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

    2664 C:\Program Files\Fujitsu Siemens\WinManager\WinManager.exe

    2740 C:\Windows\ehome\ehmsas.exe

    2988 C:\Program Files\Windows Sidebar\sidebar.exe

    3100 C:\Program Files\Brother\Brmfcmon\BrMfcMon.exe

    3204 C:\Program Files\Avira\AntiVir Desktop\avguard.exe

    3252 C:\Program Files\radio\Tobit ClipInc\Server\ClipInc-Server.exe

    3276 C:\Program Files\Avira\AntiVir Desktop\avshadow.exe

    3320 C:\Program Files\Common Files\Gnab\Service\ServiceController.exe

    3452 C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe

    3464 C:\Program Files\Medion\MEDIONbox\Program\GCS.exe

    3496 C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe

    3520 C:\Program Files\Common Files\LightScribe\LSSrvc.exe

    3576 C:\Windows\System32\svchost.exe

    3620 C:\Program Files\Sceneo\Bonavista\Services\PVR\pvrservice.exe

    3740 C:\Windows\System32\svchost.exe

    3800 C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

    3972 C:\Windows\System32\vmnat.exe

    3992 C:\Windows\System32\svchost.exe

    4044 C:\Windows\System32\SearchIndexer.exe

     472 C:\Program Files\VMware\VMware Player\vmware-authd.exe

    1556 C:\Windows\System32\vmnetdhcp.exe

    2900 C:\Program Files\Launch Manager\WisLMSvc.exe

     736 C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

    3188 WmiPrvSE.exe

    3556 C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe

    5708 C:\Windows\System32\wbem\unsecapp.exe

    6052 C:\Program Files\Windows Mail\WinMail.exe

    4412 C:\Windows\System32\svchost.exe

    4492 C:\Program Files\Windows Media Player\wmpnscfg.exe

    4240 C:\Program Files\Windows Media Player\wmpnetwk.exe

    4956 C:\Program Files\Mozilla Firefox\firefox.exe

    5204 C:\Program Files\Mozilla Firefox\plugin-container.exe

    3596 C:\Windows\System32\wuauclt.exe

    5852 C:\Users\Mia\Desktop\osam.exe

    3348 C:\Users\Mia\Desktop\osam_autorun_manager_5_0_portable\osam.exe

    5208 C:\Program Files\notepad++\notepad++.exe

    1172 C:\Windows\System32\SearchProtocolHost.exe

    2876 C:\Windows\System32\SearchFilterHost.exe

    5228 C:\Users\Mia\Desktop\MBRCheck.exe

    4108 C:\Windows\System32\conime.exe
 

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00  (NTFS)

\\.\D: --> \\.\PhysicalDrive0 at offset 0x0000001d`bfc6da00  (FAT32)
 

PhysicalDrive0 Model Number: WDCWD1600BEVS-22RST0, Rev: 04.01G04
 

      Size  Device Name          MBR Status

  --------------------------------------------

    149 GB  \\.\PhysicalDrive0   Windows 2008 MBR code detected

            SHA1: 8DF43F2BDE2D9451948FA14B5279969C777A7979
 
 

Done!

Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SASW und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!

Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt:

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

so, hier sind die Logs.

Den Online-Scan mache ich noch.

Code:

Malwarebytes' Anti-Malware 1.51.0.1200

www.malwarebytes.org
 

Datenbank Version: 7074
 

Windows 6.0.6002 Service Pack 2

Internet Explorer 7.0.6002.18005
 

11.07.2011 21:08:05

mbam-log-2011-07-11 (21-08-05).txt
 

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)

Durchsuchte Objekte: 416794

Laufzeit: 1 Stunde(n), 37 Minute(n), 54 Sekunde(n)
 

Infizierte Speicherprozesse: 0

Infizierte Speichermodule: 0

Infizierte Registrierungsschlüssel: 0

Infizierte Registrierungswerte: 0

Infizierte Dateiobjekte der Registrierung: 0

Infizierte Verzeichnisse: 0

Infizierte Dateien: 0
 

Infizierte Speicherprozesse:

(Keine bösartigen Objekte gefunden)
 

Infizierte Speichermodule:

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungsschlüssel:

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungswerte:

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateiobjekte der Registrierung:

(Keine bösartigen Objekte gefunden)
 

Infizierte Verzeichnisse:

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateien:

(Keine bösartigen Objekte gefunden)

und

Code:

SUPERAntiSpyware Scan Log

hxxp://www.superantispyware.com
 

Generated 07/12/2011 at 02:24 AM
 

Application Version : 4.55.1000
 

Core Rules Database Version : 7396

Trace Rules Database Version: 5208
 

Scan type       : Complete Scan

Total Scan Time : 04:28:02
 

Memory items scanned      : 791

Memory threats detected   : 0

Registry items scanned    : 10383

Registry threats detected : 0

File items scanned        : 275779

File threats detected     : 164
 

Adware.Tracking Cookie

        C:\Users\Mia\AppData\Roaming\Microsoft\Windows\Cookies\mia@atdmt[1].txt

        C:\Users\Mia\AppData\Roaming\Microsoft\Windows\Cookies\mia@ad.yieldmanager[1].txt

        C:\Users\Mia\AppData\Roaming\Microsoft\Windows\Cookies\mia@zedo[1].txt

        C:\Users\Mia\AppData\Roaming\Microsoft\Windows\Cookies\mia@partypoker[1].txt

        C:\Users\Mia\AppData\Roaming\Microsoft\Windows\Cookies\mia@adsrv1.admediate[1].txt

        C:\Users\Mia\AppData\Roaming\Microsoft\Windows\Cookies\mia@www.banneradmin.rai[1].txt

        C:\Users\Mia\AppData\Roaming\Microsoft\Windows\Cookies\mia@content.yieldmanager[3].txt

        C:\Users\Mia\AppData\Roaming\Microsoft\Windows\Cookies\mia@ad.ambiweb[1].txt

        C:\Users\Mia\AppData\Roaming\Microsoft\Windows\Cookies\mia@kontera[2].txt

        C:\Users\Mia\AppData\Roaming\Microsoft\Windows\Cookies\mia@www.googleadservices[1].txt

        C:\Users\Mia\AppData\Roaming\Microsoft\Windows\Cookies\mia@ehg-idg.hitbox[2].txt

        C:\Users\Mia\AppData\Roaming\Microsoft\Windows\Cookies\mia@xiti[1].txt

        C:\Users\Mia\AppData\Roaming\Microsoft\Windows\Cookies\mia@ads.ak.facebook[1].txt

        C:\Users\Mia\AppData\Roaming\Microsoft\Windows\Cookies\mia@sevenoneintermedia.112.2o7[1].txt

        C:\Users\Mia\AppData\Roaming\Microsoft\Windows\Cookies\mia@zbox.zanox[1].txt

        C:\Users\Mia\AppData\Roaming\Microsoft\Windows\Cookies\mia@www.burstnet[2].txt

        C:\Users\Mia\AppData\Roaming\Microsoft\Windows\Cookies\mia@a6.adserver01[2].txt

        C:\Users\Mia\AppData\Roaming\Microsoft\Windows\Cookies\mia@adserver.myvideo[1].txt

        C:\Users\Mia\AppData\Roaming\Microsoft\Windows\Cookies\mia@www.w3counter[1].txt

        C:\Users\Mia\AppData\Roaming\Microsoft\Windows\Cookies\mia@ad.studenten-wg[2].txt

        C:\Users\Mia\AppData\Roaming\Microsoft\Windows\Cookies\mia@at.atwola[1].txt

        C:\Users\Mia\AppData\Roaming\Microsoft\Windows\Cookies\mia@statcounter[1].txt

        C:\Users\Mia\AppData\Roaming\Microsoft\Windows\Cookies\mia@adopt.specificclick[2].txt

        C:\Users\Mia\AppData\Roaming\Microsoft\Windows\Cookies\mia@track.webtrekk[2].txt

        C:\Users\Mia\AppData\Roaming\Microsoft\Windows\Cookies\mia@ad2.adfarm1.adition[1].txt

        C:\Users\Mia\AppData\Roaming\Microsoft\Windows\Cookies\mia@www.etracker[1].txt

        C:\Users\Mia\AppData\Roaming\Microsoft\Windows\Cookies\mia@pro-market[1].txt

        C:\Users\Mia\AppData\Roaming\Microsoft\Windows\Cookies\mia@adfarm1.adition[2].txt

        C:\Users\Mia\AppData\Roaming\Microsoft\Windows\Cookies\mia@realmedia[2].txt

        C:\Users\Mia\AppData\Roaming\Microsoft\Windows\Cookies\mia@www.zanox-affiliate[1].txt

        C:\Users\Mia\AppData\Roaming\Microsoft\Windows\Cookies\mia@ehg-dig.hitbox[2].txt

        C:\Users\Mia\AppData\Roaming\Microsoft\Windows\Cookies\mia@adsrv.admediate[2].txt

        C:\Users\Mia\AppData\Roaming\Microsoft\Windows\Cookies\mia@stat.www[1].txt

        C:\Users\Mia\AppData\Roaming\Microsoft\Windows\Cookies\mia@hbxtracking.sueddeutsche[1].txt

        C:\Users\Mia\AppData\Roaming\Microsoft\Windows\Cookies\mia@adserver1.mokono[1].txt

        C:\Users\Mia\AppData\Roaming\Microsoft\Windows\Cookies\mia@adviva[1].txt

        C:\Users\Mia\AppData\Roaming\Microsoft\Windows\Cookies\mia@trafficmp[1].txt

        C:\Users\Mia\AppData\Roaming\Microsoft\Windows\Cookies\mia@apmebf[1].txt

        C:\Users\Mia\AppData\Roaming\Microsoft\Windows\Cookies\mia@ad-hoc-news[2].txt

        C:\Users\Mia\AppData\Roaming\Microsoft\Windows\Cookies\mia@cdn.at.atwola[1].txt

        C:\Users\Mia\AppData\Roaming\Microsoft\Windows\Cookies\mia@tribalfusion[2].txt

        C:\Users\Mia\AppData\Roaming\Microsoft\Windows\Cookies\mia@tracking.quisma[1].txt

        C:\Users\Mia\AppData\Roaming\Microsoft\Windows\Cookies\mia@ehg-legonewyorkinc.hitbox[2].txt

        C:\Users\Mia\AppData\Roaming\Microsoft\Windows\Cookies\mia@vesseltracker[1].txt

        C:\Users\Mia\AppData\Roaming\Microsoft\Windows\Cookies\mia@serving-sys[1].txt

        C:\Users\Mia\AppData\Roaming\Microsoft\Windows\Cookies\mia@advertising[2].txt

        C:\Users\Mia\AppData\Roaming\Microsoft\Windows\Cookies\mia@eas.apm.emediate[2].txt

        C:\Users\Mia\AppData\Roaming\Microsoft\Windows\Cookies\mia@247realmedia[2].txt

        C:\Users\Mia\AppData\Roaming\Microsoft\Windows\Cookies\mia@msnportal.112.2o7[1].txt

        C:\Users\Mia\AppData\Roaming\Microsoft\Windows\Cookies\mia@stat.vattenfall[1].txt

        C:\Users\Mia\AppData\Roaming\Microsoft\Windows\Cookies\mia@rotator.adjuggler[1].txt

        C:\Users\Mia\AppData\Roaming\Microsoft\Windows\Cookies\mia@content.yieldmanager[2].txt

        C:\Users\Mia\AppData\Roaming\Microsoft\Windows\Cookies\mia@tto2.traffictrack[1].txt

        C:\Users\Mia\AppData\Roaming\Microsoft\Windows\Cookies\mia@socialmedia[1].txt

        C:\Users\Mia\AppData\Roaming\Microsoft\Windows\Cookies\mia@livestat.derstandard[1].txt

        C:\Users\Mia\AppData\Roaming\Microsoft\Windows\Cookies\mia@fastclick[1].txt

        C:\Users\Mia\AppData\Roaming\Microsoft\Windows\Cookies\mia@track.webtrekk[1].txt

        C:\Users\Mia\AppData\Roaming\Microsoft\Windows\Cookies\mia@de.sitestat[2].txt

        C:\Users\Mia\AppData\Roaming\Microsoft\Windows\Cookies\mia@ads.doodle[2].txt

        C:\Users\Mia\AppData\Roaming\Microsoft\Windows\Cookies\mia@rambler[2].txt

        C:\Users\Mia\AppData\Roaming\Microsoft\Windows\Cookies\mia@richmedia.yahoo[2].txt

        C:\Users\Mia\AppData\Roaming\Microsoft\Windows\Cookies\mia@hamburgerabendblatt.122.2o7[1].txt

        C:\Users\Mia\AppData\Roaming\Microsoft\Windows\Cookies\mia@de.sitestat[3].txt

        C:\Users\Mia\AppData\Roaming\Microsoft\Windows\Cookies\mia@mediaplex[2].txt

        C:\Users\Mia\AppData\Roaming\Microsoft\Windows\Cookies\mia@data.coremetrics[1].txt

        C:\Users\Mia\AppData\Roaming\Microsoft\Windows\Cookies\mia@tracking.mindshare[1].txt

        C:\Users\Mia\AppData\Roaming\Microsoft\Windows\Cookies\mia@zanox-affiliate[1].txt

        C:\Users\Mia\AppData\Roaming\Microsoft\Windows\Cookies\mia@overture[1].txt

        C:\Users\Mia\AppData\Roaming\Microsoft\Windows\Cookies\mia@count.spring[1].txt

        C:\Users\Mia\AppData\Roaming\Microsoft\Windows\Cookies\mia@statse.webtrendslive[1].txt

        C:\Users\Mia\AppData\Roaming\Microsoft\Windows\Cookies\mia@hitbox[1].txt

        C:\Users\Mia\AppData\Roaming\Microsoft\Windows\Cookies\mia@microsoftwga.112.2o7[1].txt

        C:\Users\Mia\AppData\Roaming\Microsoft\Windows\Cookies\mia@revsci[1].txt

        C:\Users\Mia\AppData\Roaming\Microsoft\Windows\Cookies\mia@questionmarket[2].txt

        C:\Users\Mia\AppData\Roaming\Microsoft\Windows\Cookies\mia@media.adrevolver[2].txt

        C:\Users\Mia\AppData\Roaming\Microsoft\Windows\Cookies\mia@doubleclick[1].txt

        C:\Users\Mia\AppData\Roaming\Microsoft\Windows\Cookies\mia@weborama[2].txt

        C:\Users\Mia\AppData\Roaming\Microsoft\Windows\Cookies\mia@hasenet.122.2o7[1].txt

        C:\Users\Mia\AppData\Roaming\Microsoft\Windows\Cookies\mia@ads.sesameworkshop[1].txt

        C:\Users\Mia\AppData\Roaming\Microsoft\Windows\Cookies\mia@ad.adnet[2].txt

        C:\Users\Mia\AppData\Roaming\Microsoft\Windows\Cookies\mia@bluestreak[1].txt

        C:\Users\Mia\AppData\Roaming\Microsoft\Windows\Cookies\mia@atwola[2].txt

        C:\Users\Mia\AppData\Roaming\Microsoft\Windows\Cookies\mia@hamburgerabendblattdedev.122.2o7[1].txt

        C:\Users\Mia\AppData\Roaming\Microsoft\Windows\Cookies\mia@casalemedia[1].txt

        C:\Users\Mia\AppData\Roaming\Microsoft\Windows\Cookies\mia@de.sitestat[1].txt

        C:\Users\Mia\AppData\Roaming\Microsoft\Windows\Cookies\mia@im.banner.t-online[2].txt

        C:\Users\Mia\AppData\Roaming\Microsoft\Windows\Cookies\mia@ads.revsci[1].txt

        C:\Users\Mia\AppData\Roaming\Microsoft\Windows\Cookies\mia@traffic.mpnrs[1].txt

        C:\Users\Mia\AppData\Roaming\Microsoft\Windows\Cookies\mia@adopt.euroclick[2].txt

        C:\Users\Mia\AppData\Roaming\Microsoft\Windows\Cookies\mia@tacoda[2].txt

        C:\Users\Mia\AppData\Roaming\Microsoft\Windows\Cookies\mia@ar.atwola[2].txt

        C:\Users\Mia\AppData\Roaming\Microsoft\Windows\Cookies\mia@kaboose.112.2o7[1].txt

        C:\Users\Mia\AppData\Roaming\Microsoft\Windows\Cookies\mia@gamblingplanetde.122.2o7[1].txt

        C:\Users\Mia\AppData\Roaming\Microsoft\Windows\Cookies\mia@ads.dk-online[2].txt

        C:\Users\Mia\AppData\Roaming\Microsoft\Windows\Cookies\mia@bs.serving-sys[1].txt

        C:\Users\Mia\AppData\Roaming\Microsoft\Windows\Cookies\mia@adserver.easyad[1].txt

        C:\Users\Mia\AppData\Roaming\Microsoft\Windows\Cookies\mia@keyword-advertising.web[2].txt

        C:\Users\Mia\AppData\Roaming\Microsoft\Windows\Cookies\mia@axelspringer.122.2o7[1].txt

        C:\Users\Mia\AppData\Roaming\Microsoft\Windows\Cookies\mia@ads.vrm[1].txt

        C:\Users\Mia\AppData\Roaming\Microsoft\Windows\Cookies\mia@tracking.hannoversche[1].txt

        C:\Users\Mia\AppData\Roaming\Microsoft\Windows\Cookies\mia@ad.salebroker[2].txt

        C:\Users\Mia\AppData\Roaming\Microsoft\Windows\Cookies\system@doubleclick[1].txt

        C:\Users\Mia\AppData\Roaming\Microsoft\Windows\Cookies\mia@ad4.adfarm1.adition[2].txt

        C:\Users\Mia\AppData\Roaming\Microsoft\Windows\Cookies\mia@track.webtrekk[3].txt

        C:\Users\Mia\AppData\Roaming\Microsoft\Windows\Cookies\mia@adx.chip[1].txt

        C:\Users\Mia\AppData\Roaming\Microsoft\Windows\Cookies\mia@ad3.adfarm1.adition[1].txt

        C:\Users\Mia\AppData\Roaming\Microsoft\Windows\Cookies\mia@ads.jurablogs[1].txt

        C:\Users\Mia\AppData\Roaming\Microsoft\Windows\Cookies\mia@ad.boreus[1].txt

        C:\Users\Mia\AppData\Roaming\Microsoft\Windows\Cookies\mia@track.adform[1].txt

        C:\Users\Mia\AppData\Roaming\Microsoft\Windows\Cookies\mia@ehg-aidacruises.hitbox[1].txt

        C:\Users\Mia\AppData\Roaming\Microsoft\Windows\Cookies\mia@adserver.vesseltracker[1].txt

        C:\Users\Mia\AppData\Roaming\Microsoft\Windows\Cookies\mia@ad.httpool[1].txt

        C:\Users\Mia\AppData\Roaming\Microsoft\Windows\Cookies\mia@specificclick[1].txt

        C:\Users\Mia\AppData\Roaming\Microsoft\Windows\Cookies\mia@de.sitestat[4].txt

        C:\Users\Mia\AppData\Roaming\Microsoft\Windows\Cookies\mia@ads.bucklink[1].txt

        C:\Users\Mia\AppData\Roaming\Microsoft\Windows\Cookies\mia@e-2dj6wjmyuoc5agp.stats.esomniture[2].txt

        C:\Users\Mia\AppData\Roaming\Microsoft\Windows\Cookies\mia@youngmediaconcepts.122.2o7[1].txt

        C:\Users\Mia\AppData\Roaming\Microsoft\Windows\Cookies\mia@a7.adserver01[1].txt

        C:\Users\Mia\AppData\Roaming\Microsoft\Windows\Cookies\mia@estat[1].txt

        C:\Users\Mia\AppData\Roaming\Microsoft\Windows\Cookies\mia@smartadserver[1].txt

        C:\Users\Mia\AppData\Roaming\Microsoft\Windows\Cookies\mia@media6degrees[1].txt

        C:\Users\Mia\AppData\Roaming\Microsoft\Windows\Cookies\mia@ad.adnet[3].txt

        C:\Users\Mia\AppData\Roaming\Microsoft\Windows\Cookies\mia@www.socialtrack[1].txt

        C:\Users\Mia\AppData\Roaming\Microsoft\Windows\Cookies\mia@webmasterplan[2].txt

        C:\Users\Mia\AppData\Roaming\Microsoft\Windows\Cookies\mia@tradedoubler[2].txt

        C:\Users\Mia\AppData\Roaming\Microsoft\Windows\Cookies\mia@ads.creative-serving[2].txt

        ad.de.doubleclick.net [ C:\Users\Mia\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\JC2V4ABR ]

        adserv.quality-channel.de [ C:\Users\Mia\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\JC2V4ABR ]

        adserver.new-directions.de [ C:\Users\Mia\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\JC2V4ABR ]

        akamai.smartadserver.com [ C:\Users\Mia\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\JC2V4ABR ]

        cdn1.eyewonder.com [ C:\Users\Mia\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\JC2V4ABR ]

        cdn5.specificclick.net [ C:\Users\Mia\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\JC2V4ABR ]

        creatives.doubleclick.net [ C:\Users\Mia\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\JC2V4ABR ]

        de.screensaver-planet.com [ C:\Users\Mia\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\JC2V4ABR ]

        ds.serving-sys.com [ C:\Users\Mia\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\JC2V4ABR ]

        googleads.g.doubleclick.net [ C:\Users\Mia\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\JC2V4ABR ]

        imagesrv.adition.com [ C:\Users\Mia\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\JC2V4ABR ]

        img-cdn.mediaplex.com [ C:\Users\Mia\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\JC2V4ABR ]

        interclick.com [ C:\Users\Mia\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\JC2V4ABR ]

        m.de.2mdn.net [ C:\Users\Mia\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\JC2V4ABR ]

        m.doubleclick.net [ C:\Users\Mia\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\JC2V4ABR ]

        m1.emea.2mdn.net [ C:\Users\Mia\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\JC2V4ABR ]

        macromedia.com [ C:\Users\Mia\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\JC2V4ABR ]

        media.kyte.tv [ C:\Users\Mia\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\JC2V4ABR ]

        media.loc.gov [ C:\Users\Mia\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\JC2V4ABR ]

        media.mtvnservices.com [ C:\Users\Mia\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\JC2V4ABR ]

        media.tattomedia.com [ C:\Users\Mia\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\JC2V4ABR ]

        media01.kyte.tv [ C:\Users\Mia\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\JC2V4ABR ]

        memecounter.com [ C:\Users\Mia\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\JC2V4ABR ]

        navtracks.com [ C:\Users\Mia\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\JC2V4ABR ]

        objects.tremormedia.com [ C:\Users\Mia\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\JC2V4ABR ]

        oddcast.com [ C:\Users\Mia\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\JC2V4ABR ]

        pagead2.googleadservices.com [ C:\Users\Mia\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\JC2V4ABR ]

        s0.2mdn.net [ C:\Users\Mia\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\JC2V4ABR ]

        secure-us.imrworldwide.com [ C:\Users\Mia\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\JC2V4ABR ]

        spe.atdmt.com [ C:\Users\Mia\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\JC2V4ABR ]

        swrmediathek.de [ C:\Users\Mia\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\JC2V4ABR ]

        track.webgains.com [ C:\Users\Mia\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\JC2V4ABR ]

        www.ardmediathek.de [ C:\Users\Mia\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\JC2V4ABR ]

        www.crossmedia2.de [ C:\Users\Mia\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\JC2V4ABR ]

        www.secmedia.de [ C:\Users\Mia\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\JC2V4ABR ]
 

Trojan.Agent/Gen-BanLoad

        C:\PROGRAM FILES\MOZILLA.ORG\SEAMONKEY\UNINSTALL\SEAMONKEYUNINSTALL.EXE

        C:\WINDOWS\SEAMONKEYUNINSTALL.EXE
 

Trojan.Agent/Gen-Bancos

        C:\PROGRAM FILES\SCENEO\BONAVISTA\BDSUPDATE.DLL

Nur Cookies und Fehlalarme IMHO. Machst du auch net ESET?

Log von ESET

Code:

ESETSmartInstaller@High as downloader log:

all ok

# version=7

# OnlineScannerApp.exe=1.0.0.1

# OnlineScanner.ocx=1.0.0.6528

# api_version=3.0.2

# EOSSerial=a6617bf5a8aff846b152461826fd856d

# end=finished

# remove_checked=false

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2011-07-12 11:31:31

# local_time=2011-07-13 01:31:31 (+0100, Mitteleuropäische Sommerzeit)

# country="Germany"

# lang=1033

# osver=6.0.6002 NT Service Pack 2

# compatibility_mode=1797 16775165 100 94 777451 47037846 1378459 0

# compatibility_mode=5892 16776573 100 100 222 148033718 0 0

# compatibility_mode=8192 67108863 100 0 129 129 0 0

# scanned=270636

# found=2

# cleaned=0

# scan_time=12501

C:\Program Files\Internetradio phonostar\ps_radio2012.exe        a variant of Win32/Adware.ADON application (unable to clean)        00000000000000000000000000000000        I

C:\Program Files\Nero\Nero-7.10.1.2_all_update.exe        Win32/Toolbar.AskSBar application (unable to clean)        00000000000000000000000000000000        I

Fehlalarme.
Rechner wieder im Lot?

Es scheint alles wieder rnormal zu funktionieren.
Vielen, vielen Dank für deine tolle Hilfe.:dankeschoen:

Wenn jetzt noch mein zweiter Rechner wieder heile ist, dann bin ich total happy :D