Trojaner-Board - Alle Dateien (Fotos und Musik) sind nicht mehr abrufbar, nachdem Virus gefunden wurde (Trojaner)

Trojaner-Board (https://www.trojaner-board.de/)

- Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)

- - Alle Dateien (Fotos und Musik) sind nicht mehr abrufbar, nachdem Virus gefunden wurde (Trojaner) (https://www.trojaner-board.de/103937-alle-dateien-fotos-musik-mehr-abrufbar-virus-gefunden-wurde-trojaner.html)

GMER Logfile:

Code:

GMER 1.0.15.15641 - GMER - Rootkit Detector and Remover

Rootkit quick scan 2011-10-11 20:49:44

Windows 6.0.6001 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 SAMSUNG_ rev.2SS0

Running: cvz5rqh1.exe; Driver: C:\Users\Hazel\AppData\Local\Temp\pgloipow.sys
 
 

---- Devices - GMER 1.0.15 ----
 

AttachedDevice  \FileSystem\Ntfs \Ntfs                   AVGIDSFilter.Sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. )

AttachedDevice  \Driver\tdx \Device\Ip                   avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

AttachedDevice  \Driver\tdx \Device\Tcp                  avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

AttachedDevice  \Driver\tdx \Device\Udp                  avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

AttachedDevice  \Driver\tdx \Device\RawIp                avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

AttachedDevice  \Driver\kbdclass \Device\KeyboardClass0  Wdf01000.sys (WDF Dynamic/Microsoft Corporation)

AttachedDevice  \Driver\kbdclass \Device\KeyboardClass1  Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
 

---- EOF - GMER 1.0.15 ----
 
 

GMER 1.0.15.15641 - GMER - Rootkit Detector and Remover

Rootkit scan 2011-10-11 20:50:09

Windows 6.0.6001 Service Pack 1 

Running: cvz5rqh1.exe; Driver: C:\Users\Hazel\AppData\Local\Temp\pgloipow.sys
 
 

---- Registry - GMER 1.0.15 ----
 

Reg  HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001fe1f5dc87                      

Reg  HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001fe1f5f0f0                      

Reg  HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\00242cedc9de                      

Reg  HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\001fe1f5dc87 (not active ControlSet)  

Reg  HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\001fe1f5f0f0 (not active ControlSet)  

Reg  HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\00242cedc9de (not active ControlSet)  
 

---- EOF - GMER 1.0.15 ----

--- --- ---

OSAM Logfile:

Code:

Report of OSAM: Autorun Manager v5.0.11926.0

Online Solutions. Complex Protection for Information Systems

Saved at 20:59:54 on 11.10.2011
 

OS: Windows Vista Home Premium Edition Service Pack 1 (Build 6001), 32-bit

Default Browser: Mozilla Corporation Firefox 7.0.1
 

Scanner Settings

[x] Rootkits detection (hidden registry)

[x] Rootkits detection (hidden files)

[x] Retrieve files information

[x] Check Microsoft signatures
 

Filters

[ ] Trusted entries

[ ] Empty entries

[x] Hidden registry entries (rootkit activity)

[x] Exclusively opened files

[x] Not found files

[x] Files without detailed information

[x] Existing files

[ ] Non-startable services

[ ] Non-startable drivers

[x] Active entries

[x] Disabled entries
 
 

[Boot Execute]

-----( HKLM\SYSTEM\CurrentControlSet\Control\Session Manager )-----

"BootExecute" - "AVG Technologies CZ, s.r.o." - C:\PROGRA~1\AVG\AVG2012\avgrsx.exe
 

[Control Panel Objects]

-----( %SystemRoot%\system32 )-----

"FlashPlayerCPLApp.cpl" - "Adobe Systems Incorporated" - C:\Windows\system32\FlashPlayerCPLApp.cpl

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----

"mlcfg32.cpl" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\MLCFG32.CPL
 

[Drivers]

-----( HKLM\SYSTEM\CurrentControlSet\Services )-----

"AVG Anti-Rootkit Driver" (Avgrkx86) - "AVG Technologies CZ, s.r.o." - C:\Windows\System32\DRIVERS\avgrkx86.sys

"AVG AVI Loader Driver" (Avgldx86) - "AVG Technologies CZ, s.r.o." - C:\Windows\System32\DRIVERS\avgldx86.sys

"AVG Mini-Filter Resident Anti-Virus Shield" (Avgmfx86) - "AVG Technologies CZ, s.r.o." - C:\Windows\System32\DRIVERS\avgmfx86.sys

"AVG TDI Driver" (Avgtdix) - "AVG Technologies CZ, s.r.o." - C:\Windows\System32\DRIVERS\avgtdix.sys

"AVGIDSDriver" (AVGIDSDriver) - "AVG Technologies CZ, s.r.o. " - C:\Windows\System32\DRIVERS\AVGIDSDriver.Sys

"AVGIDSEH" (AVGIDSEH) - "AVG Technologies CZ, s.r.o. " - C:\Windows\System32\DRIVERS\AVGIDSEH.Sys

"AVGIDSFilter" (AVGIDSFilter) - "AVG Technologies CZ, s.r.o. " - C:\Windows\System32\DRIVERS\AVGIDSFilter.Sys

"AVGIDSShim" (AVGIDSShim) - "AVG Technologies CZ, s.r.o. " - C:\Windows\System32\DRIVERS\AVGIDSShim.Sys

"catchme" (catchme) - ? - C:\Users\Hazel\AppData\Local\Temp\catchme.sys  (File not found)

"IP in IP Tunnel Driver" (IpInIp) - ? - C:\Windows\System32\DRIVERS\ipinip.sys  (File not found)

"IPX Traffic Filter Driver" (NwlnkFlt) - ? - C:\Windows\System32\DRIVERS\nwlnkflt.sys  (File not found)

"IPX Traffic Forwarder Driver" (NwlnkFwd) - ? - C:\Windows\System32\DRIVERS\nwlnkfwd.sys  (File not found)

"MBAMProtector" (MBAMProtector) - "Malwarebytes Corporation" - C:\Windows\system32\drivers\mbam.sys

"MBAMSwissArmy" (MBAMSwissArmy) - ? - C:\Windows\system32\drivers\mbamswissarmy.sys  (File not found)

"pgloipow" (pgloipow) - "GMER" - C:\pgloipow.sys  (Hidden registry entry, rootkit activity)
 

[Explorer]

-----( HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components )-----

{10880D85-AAD9-4558-ABDC-2AB1552D831F} "LightScribe Control Panel" - "Hewlett-Packard Company" - "C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"

-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----

{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll

-----( HKLM\Software\Classes\Protocols\Filter )-----

{807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL

-----( HKLM\Software\Classes\Protocols\Handler )-----

{32505114-5902-49B2-880A-1F7738E5A384} "Data Page Plugable Protocal mso-offdap11 Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL

{314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll

{F274614C-63F8-47D5-A4D1-FBDDE494F8D1} "XPLPPFilter Class" - "AVG Technologies CZ, s.r.o." - C:\Program Files\AVG\AVG2012\avgpp.dll

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----

{911051fa-c21c-4246-b470-070cd8df6dc4} ".cab or .zip files" - ? -   (File not found | COM-object registry key not found)

{1b24a030-9b20-49bc-97ac-1be4426f9e59} "ActiveDirectory Folder" - ? -   (File not found | COM-object registry key not found)

{34449847-FD14-4fc8-A75A-7432F5181EFB} "ActiveDirectory Folder" - ? -   (File not found | COM-object registry key not found)

{9F97547E-460A-42C5-AE0C-81C61FFAEBC3} "AVG Find Extension" - ? -   (File not found | COM-object registry key not found)

{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} "AVG Shell Extension Class" - "AVG Technologies CZ, s.r.o." - C:\Program Files\AVG\AVG2012\avgse.dll

{0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48} "Contacts folder" - ? -   (File not found | COM-object registry key not found)

{2C2577C2-63A7-40e3-9B7F-586602617ECB} "Explorer Query Band" - ? -   (File not found | COM-object registry key not found)

{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\msohevi.dll

{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll

{00020d75-0000-0000-c000-000000000046} "Microsoft Office Outlook" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\MLSHEXT.DLL

{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll

{7842554E-6BED-11D2-8CDB-B05550C10000} "Monitor Class" - "Broadcom Corporation." - C:\Windows\system32\btncopy.dll

{0006F045-0000-0000-C000-000000000046} "Outlook File Icon Extension" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\OLKFSTUB.DLL

{C8494E42-ACDD-4739-B0FB-217361E4894F} "Sam Account Folder" - ? -   (File not found | COM-object registry key not found)

{E29F9716-5C08-4FCD-955A-119FDB5A522D} "Sam Account Folder" - ? -   (File not found | COM-object registry key not found)

{da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" - ? -   (File not found | COM-object registry key not found)

{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - "Alexander Roshal" - C:\Program Files\WinRAR\rarext.dll
 

[Internet Explorer]

-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----

<binary data> "ITBar7Layout" - ? -   (File not found | COM-object registry key not found)

-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----

"@btrez.dll,-4015" - ? - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

"ICQ7.4" - "ICQ, LLC." - C:\Program Files\ICQ7.4\ICQ.exe

{FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----

{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} "Adobe PDF Reader" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} "AVG Safe Search" - "AVG Technologies CZ, s.r.o." - C:\Program Files\AVG\AVG2012\avgssie.dll
 

[Logon]

-----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )-----

"desktop.ini" - ? - C:\Users\Hazel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini

-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----

"desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini

"BTTray.lnk" - "Broadcom Corporation." - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe  (Shortcut exists | File exists)

-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----

"ICQ" - "ICQ, LLC." - "C:\Program Files\ICQ7.4\ICQ.exe" silent loginmode=4

"LightScribe Control Panel" - "Hewlett-Packard Company" - C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden

-----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )-----

"StartupPrograms" - ? - rdpclip  (File not found)

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----

"Adobe Reader Speed Launcher" - "Adobe Systems Incorporated" - "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

"AVG_TRAY" - "AVG Technologies CZ, s.r.o." - "C:\Program Files\AVG\AVG2012\avgtray.exe"

"LanguageShortcut" - ? - "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"

"Malwarebytes' Anti-Malware" - "Malwarebytes Corporation" - "C:\Program Files\Pablo\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

"Malwarebytes' Anti-Malware (reboot)" - "Malwarebytes Corporation" - "C:\Program Files\Pablo\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript

"RemoteControl" - "Cyberlink Corp." - "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"

"UIExec" - ? - "C:\Stick1&1\Join Air\UIExec.exe"  (File found, but it contains no detailed information)
 

[Services]

-----( HKLM\SYSTEM\CurrentControlSet\Services )-----

"@C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100" (WPFFontCache_v0400) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe

"AVG WatchDog" (avgwd) - "AVG Technologies CZ, s.r.o." - C:\Program Files\AVG\AVG2012\avgwdsvc.exe

"AVGIDSAgent" (AVGIDSAgent) - "AVG Technologies CZ, s.r.o." - C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe

"Cyberlink RichVideo Service(CRVS)" (RichVideo) - ? - C:\Program Files\CyberLink\Shared Files\RichVideo.exe

"ICQ Service" (ICQ Service) - ? - C:\Program Files\ICQ6Toolbar\ICQ Service.exe

"LightScribeService Direct Disc Labeling Service" (LightScribeService) - "Hewlett-Packard Company" - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

"MBAMService" (MBAMService) - "Malwarebytes Corporation" - C:\Program Files\Pablo\Malwarebytes' Anti-Malware\mbamservice.exe

"Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

"Microsoft Office Diagnostics Service" (odserv) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE

"Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE

"Samsung Update Plus" (Samsung Update Plus) - ? - C:\Program Files\Samsung\Samsung Update Plus\SLUBackgroundService.exe  (File found, but it contains no detailed information)

"SQL Server (MSSMLBIZ)" (MSSQL$MSSMLBIZ) - "Microsoft Corporation" - C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe

"SQL Server VSS Writer" (SQLWriter) - "Microsoft Corporation" - C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe

"UI Assistant Service" (UI Assistant Service) - ? - C:\Stick1&1\Join Air\AssistantServices.exe  (File found, but it contains no detailed information)
 

===[ Logfile end ]=========================================[ Logfile end ]===

--- --- ---
If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru

Wir sollten den MBR fixen, sichere für den Fall der Fälle ALLE wichtigen Daten, auch wenn meistens alles glatt geht.
Starte nach der Datensicherung aswmbr erneut und klick auf den Button FIXMBR.
Anschließend Windows neu starten und ein neues Log mit aswMBR machen.

aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
Run date: 2011-10-11 21:02:37
-----------------------------
21:02:37.429 OS Version: Windows 6.0.6001 Service Pack 1
21:02:37.429 Number of processors: 2 586 0x170A
21:02:37.430 ComputerName: HAZEL-PC UserName: Hazel
21:02:42.845 Initialize success
21:09:21.094 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
21:09:21.099 Disk 0 Vendor: SAMSUNG_ 2SS0 Size: 305245MB BusType: 3
21:09:21.510 Disk 0 MBR read successfully
21:09:21.513 Disk 0 MBR scan
21:09:21.516 Disk 0 unknown MBR code
21:09:21.522 Disk 0 scanning sectors +625139712
21:09:21.619 Disk 0 scanning C:\Windows\system32\drivers
21:09:30.160 Service scanning
21:09:31.617 Modules scanning
21:09:38.020 Disk 0 trace - called modules:
21:09:38.041 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
21:09:38.044 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85eab4b8]
21:09:38.048 3 CLASSPNP.SYS[8ad9e745] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x85405028]
21:09:38.052 Scan finished successfully
21:10:14.243 Disk 0 MBR has been saved successfully to "C:\Users\Hazel\Desktop\MBR.dat"
21:10:14.251 The log file has been saved successfully to "C:\Users\Hazel\Desktop\aswMBR.txt"

aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
Run date: 2011-10-11 22:39:35
-----------------------------
22:39:35.430 OS Version: Windows 6.0.6001 Service Pack 1
22:39:35.430 Number of processors: 2 586 0x170A
22:39:35.430 ComputerName: HAZEL-PC UserName: Hazel
22:40:40.513 Initialize success
22:40:50.481 AVAST engine defs: 11101102
22:41:21.603 The log file has been saved successfully to "C:\Users\Hazel\Desktop\aswMBR.txt"

Das neue aswMBR Log schon schon NACH DEM FIXEN des MBR gemacht werden. Mach bitte ein neues Log mit dem Tool und poste es.

Du sollst den MBR nicht nochmal fixen :nixda:
Einfach ein neues Log mit aswMBR machen

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.

Starte die aswMBR.exe Vista und Win7 User mit Rechtsklick "als Admininstartor starten"
Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen) Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
Klicke auf Scan.
Warte bitte bis Scan finished successfully im DOS Fenster steht.
Drücke auf Save Log und speichere diese auf dem Desktop.

Poste mir die aswMBR.txt in deiner nächsten Antwort. Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte es erneut nicht klappen teile mir das bitte mit.

aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
Run date: 2011-10-12 18:46:01
-----------------------------
18:46:01.769 OS Version: Windows 6.0.6001 Service Pack 1
18:46:01.769 Number of processors: 2 586 0x170A
18:46:01.770 ComputerName: HAZEL-PC UserName: Hazel
18:46:04.067 Initialize success
18:46:07.909 AVAST engine defs: 11101102
18:46:09.273 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
18:46:09.276 Disk 0 Vendor: SAMSUNG_ 2SS0 Size: 305245MB BusType: 3
18:46:09.304 Disk 0 MBR read successfully
18:46:09.307 Disk 0 MBR scan
18:46:09.313 Disk 0 Windows VISTA default MBR code
18:46:09.318 Disk 0 scanning sectors +625139712
18:46:09.394 Disk 0 scanning C:\Windows\system32\drivers
18:46:22.795 Service scanning
18:46:24.292 Modules scanning
18:46:29.947 Disk 0 trace - called modules:
18:46:29.971 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
18:46:29.976 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85eca218]
18:46:29.981 3 CLASSPNP.SYS[8ada4745] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x853ff028]
18:46:31.936 AVAST engine scan C:\Windows
18:46:41.090 AVAST engine scan C:\Windows\system32
18:48:49.211 AVAST engine scan C:\Windows\system32\drivers
18:49:02.611 AVAST engine scan C:\Users\Hazel
18:56:11.520 AVAST engine scan C:\ProgramData
18:56:59.285 Scan finished successfully
19:00:53.354 Disk 0 MBR has been saved successfully to "C:\Users\Hazel\Desktop\MBR.dat"
19:00:53.361 The log file has been saved successfully to "C:\Users\Hazel\Desktop\aswMBR1.txt"

Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SASW und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!

Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt:

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Malwarebytes' Anti-Malware 1.51.2.1300
Malwarebytes : Free anti-malware, anti-virus and spyware removal download

Datenbank Version: 7939

Windows 6.0.6001 Service Pack 1
Internet Explorer 7.0.6001.18000

13.10.2011 21:41:27
mbam-log-2011-10-13 (21-41-27).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|)
Durchsuchte Objekte: 287535
Laufzeit: 1 Stunde(n), 23 Minute(n), 2 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

SUPERAntiSpyware Scan Log
SUPERAntiSpyware.com | Remove Malware | Remove Spyware - AntiMalware, AntiSpyware, AntiAdware!

Generated 10/14/2011 at 01:33 PM

Application Version : 5.0.1132

Core Rules Database Version : 7797
Trace Rules Database Version: 5609

Scan type : Complete Scan
Total Scan Time : 00:59:37

Operating System Information
Windows Vista Home Premium 32-bit, Service Pack 1 (Build 6.00.6001)
UAC On - Administrator

Memory items scanned : 671
Memory threats detected : 0
Registry items scanned : 37382
Registry threats detected : 0
File items scanned : 35689
File threats detected : 48

Adware.Tracking Cookie
C:\Users\Hazel\AppData\Roaming\Microsoft\Windows\Cookies\hazel@ad.yieldmanager[1].txt [ /ad.yieldmanager ]
C:\Users\Hazel\AppData\Roaming\Microsoft\Windows\Cookies\hazel@ad3.adfarm1.adition[1].txt [ /ad3.adfarm1.adition ]
C:\Users\Hazel\AppData\Roaming\Microsoft\Windows\Cookies\hazel@adfarm1.adition[2].txt [ /adfarm1.adition ]
C:\Users\Hazel\AppData\Roaming\Microsoft\Windows\Cookies\hazel@content.yieldmanager[1].txt [ /content.yieldmanager ]
C:\Users\Hazel\AppData\Roaming\Microsoft\Windows\Cookies\hazel@doubleclick[1].txt [ /doubleclick ]
C:\Users\Hazel\AppData\Roaming\Microsoft\Windows\Cookies\hazel@tradedoubler[2].txt [ /tradedoubler ]
C:\USERS\HAZEL\Cookies\hazel@ad.yieldmanager[1].txt [ Cookie:hazel@ad.yieldmanager.com/ ]
C:\USERS\HAZEL\Cookies\hazel@adfarm1.adition[2].txt [ Cookie:hazel@adfarm1.adition.com/ ]
C:\USERS\HAZEL\Cookies\hazel@ad3.adfarm1.adition[1].txt [ Cookie:hazel@ad3.adfarm1.adition.com/ ]
C:\USERS\HAZEL\Cookies\hazel@content.yieldmanager[1].txt [ Cookie:hazel@content.yieldmanager.com/ ]
.specificclick.net [ C:\USERS\HAZEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7CTDPOF1.DEFAULT\COOKIES.SQLITE ]
.doubleclick.net [ C:\USERS\HAZEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7CTDPOF1.DEFAULT\COOKIES.SQLITE ]
.apmebf.com [ C:\USERS\HAZEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7CTDPOF1.DEFAULT\COOKIES.SQLITE ]
.mediaplex.com [ C:\USERS\HAZEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7CTDPOF1.DEFAULT\COOKIES.SQLITE ]
.comvelgmbh.112.2o7.net [ C:\USERS\HAZEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7CTDPOF1.DEFAULT\COOKIES.SQLITE ]
.adtech.de [ C:\USERS\HAZEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7CTDPOF1.DEFAULT\COOKIES.SQLITE ]
.traffictrack.de [ C:\USERS\HAZEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7CTDPOF1.DEFAULT\COOKIES.SQLITE ]
.mediaplex.com [ C:\USERS\HAZEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7CTDPOF1.DEFAULT\COOKIES.SQLITE ]
.tracking.mindshare.de [ C:\USERS\HAZEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7CTDPOF1.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\HAZEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7CTDPOF1.DEFAULT\COOKIES.SQLITE ]
etracker Home - forget log-file analysis, this is real-time Web Analytics and online market research [ C:\USERS\HAZEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7CTDPOF1.DEFAULT\COOKIES.SQLITE ]
etracker Home - forget log-file analysis, this is real-time Web Analytics and online market research [ C:\USERS\HAZEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7CTDPOF1.DEFAULT\COOKIES.SQLITE ]
banner.testberichte.de [ C:\USERS\HAZEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7CTDPOF1.DEFAULT\COOKIES.SQLITE ]
.a.revenuemax.de [ C:\USERS\HAZEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7CTDPOF1.DEFAULT\COOKIES.SQLITE ]
ad2.adfarm1.adition.com [ C:\USERS\HAZEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7CTDPOF1.DEFAULT\COOKIES.SQLITE ]
.tradedoubler.com [ C:\USERS\HAZEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7CTDPOF1.DEFAULT\COOKIES.SQLITE ]
.tradedoubler.com [ C:\USERS\HAZEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7CTDPOF1.DEFAULT\COOKIES.SQLITE ]
.tradedoubler.com [ C:\USERS\HAZEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7CTDPOF1.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\HAZEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7CTDPOF1.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\HAZEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7CTDPOF1.DEFAULT\COOKIES.SQLITE ]
ad.zanox.com [ C:\USERS\HAZEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7CTDPOF1.DEFAULT\COOKIES.SQLITE ]
.webmasterplan.com [ C:\USERS\HAZEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7CTDPOF1.DEFAULT\COOKIES.SQLITE ]
.webmasterplan.com [ C:\USERS\HAZEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7CTDPOF1.DEFAULT\COOKIES.SQLITE ]
.webmasterplan.com [ C:\USERS\HAZEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7CTDPOF1.DEFAULT\COOKIES.SQLITE ]
.adtech.de [ C:\USERS\HAZEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7CTDPOF1.DEFAULT\COOKIES.SQLITE ]
.webmasterplan.com [ C:\USERS\HAZEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7CTDPOF1.DEFAULT\COOKIES.SQLITE ]
.zanox.com [ C:\USERS\HAZEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7CTDPOF1.DEFAULT\COOKIES.SQLITE ]
Google [ C:\USERS\HAZEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7CTDPOF1.DEFAULT\COOKIES.SQLITE ]
.atdmt.com [ C:\USERS\HAZEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7CTDPOF1.DEFAULT\COOKIES.SQLITE ]
.atdmt.com [ C:\USERS\HAZEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7CTDPOF1.DEFAULT\COOKIES.SQLITE ]
adx.chip.de [ C:\USERS\HAZEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7CTDPOF1.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\HAZEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7CTDPOF1.DEFAULT\COOKIES.SQLITE ]
ad3.adfarm1.adition.com [ C:\USERS\HAZEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7CTDPOF1.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\HAZEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7CTDPOF1.DEFAULT\COOKIES.SQLITE ]
adx.chip.de [ C:\USERS\HAZEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7CTDPOF1.DEFAULT\COOKIES.SQLITE ]
adx.chip.de [ C:\USERS\HAZEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7CTDPOF1.DEFAULT\COOKIES.SQLITE ]
adx.chip.de [ C:\USERS\HAZEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7CTDPOF1.DEFAULT\COOKIES.SQLITE ]
adx.chip.de [ C:\USERS\HAZEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7CTDPOF1.DEFAULT\COOKIES.SQLITE ]

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6528
# api_version=3.0.2
# EOSSerial=6f4f250214d1fa4daa202f5fb853b7ea
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-10-07 10:51:18
# local_time=2011-10-08 12:51:18 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.0.6001 NT Service Pack 1
# compatibility_mode=1024 16777215 100 0 367781 367781 0 0
# compatibility_mode=5892 16776574 100 100 367535 155552982 0 0
# compatibility_mode=8192 67108863 100 0 358 358 0 0
# scanned=145999
# found=0
# cleaned=0
# scan_time=7624
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6528
# api_version=3.0.2
# EOSSerial=6f4f250214d1fa4daa202f5fb853b7ea
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-10-14 01:46:36
# local_time=2011-10-14 03:46:36 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.0.6001 NT Service Pack 1
# compatibility_mode=1024 16777215 100 0 940462 940462 0 0
# compatibility_mode=5892 16776574 100 100 408772 156125663 0 0
# compatibility_mode=8192 67108863 100 0 573039 573039 0 0
# scanned=132294
# found=0
# cleaned=0
# scan_time=7061

Sieht ok aus, da wurden nur Cookies gefunden.
Wenn nun alles ok ist, würde ich dir dringend empfehlen, nun das SP2 und den IE9 zu installieren:

SP2/IE9 für Windows Vista (32-Bit)

Das SP2 von hier downloaden => Detail Seite Windows Vista SP2 (348.3MB)
Alle Programme beenden, Internetverbindung trennen, Virenscanner abstellen!
SP2 installieren, Anweisungen folgen - Installation kann eine gute Stunde dauern!!
IE9-Setup laden und ausführen => Windows Internet Explorer 9 für Windows Vista und Windows Server 2008

(Der IE9 erfordert ein installiertes SP2)

Achte beim Setup des IE wieder darauf, dass vorher möglichst alle Programme beendet und der Virenscanner deaktiviert wurde. Im Setup selbst bitte nicht an dem Verbesserungsprogramm teilnehmen (oder wie MS das nennt) und auch KEINE Updates über das Setup installieren. Die installieren wir später, ich sag dir dann wie. Melde dich wenn SP2/IE9 drauf sind.

jaaa ist beides drauf.
Beim IE hat er die Updates automatisch installiert, konbnte dies nicht auswählen!