Trojaner-Board - Spyhunter 4 und Win 7 Home Security eingefangen

Sorry für die späte Antwort.
Hatte zwei Tage lang keine Zeit Internet zu nutzen, da ich am Sonntag abend erst wieder aus Kanada gekommen bin.

Soo, hier ist die Ausgabe von GMER

Code:

GMER 1.0.15.15641 - hxxp://www.gmer.net

Rootkit scan 2012-01-16 10:11:43

Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD3200BEVT-22ZCT0 rev.11.01A11

Running: molsxpm4.exe; Driver: C:\Users\Kathi\AppData\Local\Temp\pgloqpow.sys
 
 

---- Kernel code sections - GMER 1.0.15 ----
 

.text           ntoskrnl.exe!ZwSaveKey + 13CD                                                                                          82C4B9A9 1 Byte  [06]

.text           ntoskrnl.exe!KiDispatchInterrupt + 5A2                                                                                 82C6B4E2 19 Bytes  [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}

.text           C:\Windows\system32\DRIVERS\atikmdag.sys                                                                               section is writeable [0x9941B000, 0x2D5378, 0xE8000020]
 

---- User IAT/EAT - GMER 1.0.15 ----
 

IAT             C:\Program Files\TortoiseSVN\bin\TSVNCache.exe[5620] @ C:\Windows\system32\user32.dll [KERNEL32.dll!GetProcAddress]    [7527FFF6] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)

IAT             C:\Program Files\TortoiseSVN\bin\TSVNCache.exe[5620] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress]     [7527FFF6] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)

IAT             C:\Program Files\TortoiseSVN\bin\TSVNCache.exe[5620] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress]  [7527FFF6] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)

IAT             C:\Program Files\TortoiseSVN\bin\TSVNCache.exe[5620] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress]   [7527FFF6] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)

IAT             C:\Program Files\TortoiseSVN\bin\TSVNCache.exe[5620] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress]   [7527FFF6] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
 

---- Devices - GMER 1.0.15 ----
 

AttachedDevice  \Driver\volmgr \Device\HarddiskVolume1                                                                                 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

AttachedDevice  \Driver\volmgr \Device\HarddiskVolume2                                                                                 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

AttachedDevice  \Driver\volmgr \Device\HarddiskVolume3                                                                                 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
 

Device          \Driver\ACPI_HAL \Device\0000005d                                                                                      halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)
 

---- EOF - GMER 1.0.15 ----

Ausgabe von OSAM

Code:

Report of OSAM: Autorun Manager v5.0.11926.0

hxxp://www.online-solutions.ru/en/

Saved at 10:32:32 on 16.01.2012
 

OS: Windows 7  Service Pack 1 (Build 7601), 32-bit

Default Browser: Mozilla Corporation Firefox 9.0.1
 

Scanner Settings

[x] Rootkits detection (hidden registry)

[x] Rootkits detection (hidden files)

[x] Retrieve files information

[x] Check Microsoft signatures
 

Filters

[ ] Trusted entries

[ ] Empty entries

[x] Hidden registry entries (rootkit activity)

[x] Exclusively opened files

[x] Not found files

[x] Files without detailed information

[x] Existing files

[ ] Non-startable services

[ ] Non-startable drivers

[x] Active entries

[x] Disabled entries
 
 

[Control Panel Objects]

-----( %SystemRoot%\system32 )-----

"DivXControlPanelApplet.cpl" - "DivX, Inc." - C:\Windows\system32\DivXControlPanelApplet.cpl

"FlashPlayerCPLApp.cpl" - "Adobe Systems Incorporated" - C:\Windows\system32\FlashPlayerCPLApp.cpl

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----

"QuickTime" - "Apple Inc." - C:\Program Files\QuickTime\QTSystem\QuickTime.cpl
 

[Drivers]

-----( HKLM\SYSTEM\CurrentControlSet\Services )-----

"catchme" (catchme) - ? - C:\Users\Kathi\AppData\Local\Temp\catchme.sys  (File not found)

"MpKsl0ac19252" (MpKsl0ac19252) - ? - C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{C286789B-B38F-4F7B-8D31-03771D4C1157}\MpKsl0ac19252.sys  (File not found)

"MpKsl17f321b5" (MpKsl17f321b5) - ? - C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{8C87533E-F3B5-4509-8B91-E8351A88B183}\MpKsl17f321b5.sys  (File not found)

"MpKsl271ab0ef" (MpKsl271ab0ef) - ? - C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{19E5234B-B379-49D3-921F-D7BC2A07E3BA}\MpKsl271ab0ef.sys  (File not found)

"MpKsl8395dea6" (MpKsl8395dea6) - ? - C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{19E5234B-B379-49D3-921F-D7BC2A07E3BA}\MpKsl8395dea6.sys  (File not found)

"MpKsla90fc25b" (MpKsla90fc25b) - ? - C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{5F6290BB-F904-4AAE-8381-1E156A791E00}\MpKsla90fc25b.sys  (File not found)

"MpKslaf0a3fde" (MpKslaf0a3fde) - "Microsoft Corporation" - C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{6B8E17C3-0653-4BA5-8317-82510415132C}\MpKslaf0a3fde.sys

"MpKslc16a69d2" (MpKslc16a69d2) - ? - C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{262E863A-46AF-4FED-99F1-958418F58C4E}\MpKslc16a69d2.sys  (File not found)

"rsvcdwdr" (rsvcdwdr) - "RapidSolution Software AG" - C:\Windows\System32\DRIVERS\rsvcdwdr.sys

"Tunebite High-Speed Dubbing" (tbhsd) - "RapidSolution Software AG" - C:\Windows\System32\drivers\tbhsd.sys

"VMware Virtual Ethernet Adapter Driver" (VMnetAdapter) - ? - C:\Windows\System32\DRIVERS\vmnetadapter.sys  (File not found)
 

[Explorer]

-----( HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----

{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? -   (File not found | COM-object registry key not found)

{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? -   (File not found | COM-object registry key not found)

{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? -   (File not found | COM-object registry key not found)

{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? -   (File not found | COM-object registry key not found)

-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----

{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll

{30351349-7B7D-4FCC-81B4-1E394CA267EB} "TortoiseSVN" - "hxxp://tortoisesvn.net" - C:\Program Files\TortoiseSVN\bin\TortoiseStub.dll

{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll

-----( HKLM\Software\Classes\Protocols\Filter )-----

{807573E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

-----( HKLM\Software\Classes\Protocols\Handler )-----

{E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} "Album Download IE Asynchronous Pluggable Protocol Interface" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

{314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll

{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

{91774881-D725-4E58-B298-07617B9B86A8} "Skype IE add-on Pluggable Protocol" - "Skype Technologies S.A." - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----

{D66DC78C-4F61-447F-942B-3FB6980118CF} "CInfoTipShellExt Class" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office14\VISSHE.DLL

{D8D1CE8C-B1EB-4E95-B63B-1531BA60E992} "DivX Property Handler" - "DivX, Inc." - C:\Program Files\DivX\DivX Plus Media Foundation Components\DivXPropertyHandler.dll

{83238FAE-D346-4E12-8734-D42F7554B3E6} "DivX Thumbnail Provider" - "DivX, Inc." - C:\Program Files\DivX\DivX Plus Media Foundation Components\DivXThumbnailProvider.dll

{09A47860-11B0-4DA5-AFA5-26D86198A780} "EPP" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\shellext.dll

{506F4668-F13E-4AA1-BB04-B43203AB3CC0} "ImageExtractorShellExt Class" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office14\VISSHE.DLL

{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} "iTunes" - "Apple Inc." - C:\Program Files\iTunes\iTunesMiniPlayer.dll

{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office14\msohevi.dll

{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\msoshext.dll

{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\msoshext.dll

{0875DCB6-C686-4243-9432-ADCCF0B9F2D7} "Microsoft OneNote Namespace Extension for Windows Desktop Search" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office14\ONFILTER.DLL

{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "OpenOffice.org Column Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll

{087B3AE3-E237-4467-B8DB-5A38AB959AC9} "OpenOffice.org Infotip Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll

{AE424E85-F6DF-4910-A6A9-438797986431} "OpenOffice.org Property Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\propertyhdl.dll

{63542C48-9552-494A-84F7-73AA6A7C99C1} "OpenOffice.org Property Sheet Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll

{3B092F0C-7696-40E3-A80F-68D74DA84210} "OpenOffice.org Thumbnail Viewer" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll

{30351346-7B7D-4FCC-81B4-1E394CA267EB} "TortoiseSVN" - "hxxp://tortoisesvn.net" - C:\Program Files\TortoiseSVN\bin\TortoiseStub.dll

{30351347-7B7D-4FCC-81B4-1E394CA267EB} "TortoiseSVN" - "hxxp://tortoisesvn.net" - C:\Program Files\TortoiseSVN\bin\TortoiseStub.dll

{30351348-7B7D-4FCC-81B4-1E394CA267EB} "TortoiseSVN" - "hxxp://tortoisesvn.net" - C:\Program Files\TortoiseSVN\bin\TortoiseStub.dll

{30351349-7B7D-4FCC-81B4-1E394CA267EB} "TortoiseSVN" - "hxxp://tortoisesvn.net" - C:\Program Files\TortoiseSVN\bin\TortoiseStub.dll

{3035134A-7B7D-4FCC-81B4-1E394CA267EB} "TortoiseSVN" - "hxxp://tortoisesvn.net" - C:\Program Files\TortoiseSVN\bin\TortoiseStub.dll

{3035134B-7B7D-4FCC-81B4-1E394CA267EB} "TortoiseSVN" - "hxxp://tortoisesvn.net" - C:\Program Files\TortoiseSVN\bin\TortoiseStub.dll

{3035134C-7B7D-4FCC-81B4-1E394CA267EB} "TortoiseSVN" - "hxxp://tortoisesvn.net" - C:\Program Files\TortoiseSVN\bin\TortoiseStub.dll

{3035134D-7B7D-4FCC-81B4-1E394CA267EB} "TortoiseSVN" - "hxxp://tortoisesvn.net" - C:\Program Files\TortoiseSVN\bin\TortoiseStub.dll

{3035134E-7B7D-4FCC-81B4-1E394CA267EB} "TortoiseSVN" - "hxxp://tortoisesvn.net" - C:\Program Files\TortoiseSVN\bin\TortoiseStub.dll

{3035134F-7B7D-4FCC-81B4-1E394CA267EB} "TortoiseSVN" - "hxxp://tortoisesvn.net" - C:\Program Files\TortoiseSVN\bin\TortoiseStub.dll

{30351350-7B7D-4FCC-81B4-1E394CA267EB} "TortoiseSVN" - "hxxp://tortoisesvn.net" - C:\Program Files\TortoiseSVN\bin\TortoiseStub.dll

{C5994560-53D9-4125-87C9-F193FC689CB2} "TortoiseSVN" - "hxxp://tortoisesvn.net" - C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

{C5994561-53D9-4125-87C9-F193FC689CB2} "TortoiseSVN" - "hxxp://tortoisesvn.net" - C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

{C5994562-53D9-4125-87C9-F193FC689CB2} "TortoiseSVN" - "hxxp://tortoisesvn.net" - C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

{C5994563-53D9-4125-87C9-F193FC689CB2} "TortoiseSVN" - "hxxp://tortoisesvn.net" - C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

{C5994564-53D9-4125-87C9-F193FC689CB2} "TortoiseSVN" - "hxxp://tortoisesvn.net" - C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

{C5994565-53D9-4125-87C9-F193FC689CB2} "TortoiseSVN" - "hxxp://tortoisesvn.net" - C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

{C5994566-53D9-4125-87C9-F193FC689CB2} "TortoiseSVN" - "hxxp://tortoisesvn.net" - C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

{C5994567-53D9-4125-87C9-F193FC689CB2} "TortoiseSVN" - "hxxp://tortoisesvn.net" - C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

{C5994568-53D9-4125-87C9-F193FC689CB2} "TortoiseSVN" - "hxxp://tortoisesvn.net" - C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

{2BE99FD4-A181-4996-BFA9-58C5FFD11F6C} "Windows Live Photo Gallery Autoplay Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe

{00F30F64-AC33-42F5-8FD1-5DC2D3FDE06C} "Windows Live Photo Gallery Editor Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe

{00F3712A-CA79-45B4-9E4D-D7891E7F8B9D} "Windows Live Photo Gallery Editor Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll

{00F30F90-3E96-453B-AFCD-D71989ECC2C7} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll

{00F33137-EE26-412F-8D71-F84E4C2C6625} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll

{00F374B7-B390-4884-B372-2FC349F2172B} "Windows Live Photo Gallery Viewer Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe

{00F346CB-35A4-465B-8B8F-65A29DBAB1F6} "Windows Live Photo Gallery Viewer Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll

{06A2568A-CED6-4187-BB20-400B8C02BE5A} "{06A2568A-CED6-4187-BB20-400B8C02BE5A}" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoAcquireWizard.exe
 

[Internet Explorer]

-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----

ITBar7Height "ITBar7Height" - ? -   (File not found | COM-object registry key not found)

<binary data> "ITBar7Layout" - ? -   (File not found | COM-object registry key not found)

-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----

{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_30" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab

{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} "Java Plug-in 1.6.0_30" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab

{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_30" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_30.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab

{E2883E8F-472F-4FB0-9522-AC9BF37916A7} "{E2883E8F-472F-4FB0-9522-AC9BF37916A7}" - ? -   (File not found | COM-object registry key not found) / hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----

{48E73304-E1D6-4330-914C-F5F514E3486C} "An OneNote senden" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll

{898EA8C8-E7FF-479B-8935-AEC46303B9E5} "Skype Plug-In" - "Skype Technologies S.A." - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

{FFFDC614-B694-4AE6-AB38-5D6374584B52} "Verknüpfte &OneNote-Notizen" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----

{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

{593DDEC6-7468-4cdd-90E1-42DADAA222E9} "DivX HiQ" - "DivX, LLC" - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll

{326E768D-4182-46FD-9C16-1449A49795F4} "DivX Plus Web Player HTML5 <video>" - "DivX, LLC" - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll

{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll

{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} "Java(tm) Plug-In SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\ssv.dll

{B4F3A835-0E21-4959-BA22-42B3008E02FF} "Office Document Cache Handler" - "Microsoft Corporation" - C:\PROGRA~1\MIF5BA~1\Office14\URLREDIR.DLL

{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} "Skype Browser Helper" - "Skype Technologies S.A." - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

{9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live ID Sign-in Helper" - "Microsoft Corp." - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
 

[LSA Providers]

-----( HKLM\SYSTEM\CurrentControlSet\Control\Lsa )-----

"Security Packages" - "Microsoft Corp." - C:\Windows\system32\livessp.dll
 

[Logon]

-----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )-----

"OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE  (Shortcut exists | File exists)

"desktop.ini" - ? - C:\Users\Kathi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini

"Dropbox.lnk" - "Dropbox, Inc." - C:\Users\Kathi\AppData\Roaming\Dropbox\bin\Dropbox.exe  (Shortcut exists | File exists)

"OpenOffice.org 3.3.lnk" - ? - C:\Program Files\OpenOffice.org 3\program\quickstart.exe  (Shortcut exists | File found, but it contains no detailed information | File exists)

-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----

"desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini

-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----

"EA Core" - "Electronic Arts" - "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent

"Skype" - "Skype Technologies S.A." - "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----

"Adobe ARM" - "Adobe Systems Incorporated" - "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

"APSDaemon" - "Apple Inc." - "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"

"DivXUpdate" - ? - "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW

"iTunesHelper" - "Apple Inc." - "C:\Program Files\iTunes\iTunesHelper.exe"

"MSC" - "Microsoft Corporation" - "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey

"QuickTime Task" - "Apple Inc." - "C:\Program Files\QuickTime\QTTask.exe" -atboottime

"SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
 

[Services]

-----( HKLM\SYSTEM\CurrentControlSet\Services )-----

"@C:\Program Files\Microsoft Security Client\Antimalware\MpAsDesc.dll,-243" (NisSrv) - "Microsoft Corporation" - C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe

"Adobe Acrobat Update Service" (AdobeARMservice) - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe

"Apple Mobile Device" (Apple Mobile Device) - "Apple Inc." - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

"ASP.NET-Zustandsdienst" (aspnet_state) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe

"Dienst "Bonjour"" (Bonjour Service) - "Apple Inc." - C:\Program Files\Bonjour\mDNSResponder.exe

"iPod-Dienst" (iPod Service) - "Apple Inc." - C:\Program Files\iPod\bin\iPodService.exe

"Kinect Management" (KinectManagement) - "Microsoft Corporation" - C:\Program Files\Microsoft Research KinectSDK\Service\KinectManagementService.exe

"Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

"Microsoft Antimalware Service" (MsMpSvc) - "Microsoft Corporation" - C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe

"MySQL5" (MySQL5) - ? - C:\Program Files\MySQL\MySQL Server 5.5\bin\mysqld.exe

"Office  Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE

"Office Software Protection Platform" (osppsvc) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

"OpenVPN Service" (OpenVPNService) - ? - C:\Program Files\HMA! Pro VPN\bin\openvpnserv.exe  (File found, but it contains no detailed information)

"SQL Server (SQLEXPRESS)" (MSSQL$SQLEXPRESS) - "Microsoft Corporation" - C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe

"SQL Server VSS Writer" (SQLWriter) - "Microsoft Corporation" - C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe

"Windows Live ID Sign-in Assistant" (wlidsvc) - "Microsoft Corp." - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
 

[Winsock Providers]

-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )-----

"mdnsNSP" - "Apple Inc." - C:\Program Files\Bonjour\mdnsNSP.dll

"WindowsLive Local NSP" - "Microsoft Corp." - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL

"WindowsLive NSP" - "Microsoft Corp." - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL

-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries )-----

"ForceInterface" - ? - C:\Program Files\HMA! Pro VPN\bin\ForceInterfaceLSP.dll  (File found, but it contains no detailed information)
 

===[ Logfile end ]=========================================[ Logfile end ]===
 

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru

Und die von aswMBR.exe

Code:

aswMBR version 0.9.9.1297 Copyright(c) 2011 AVAST Software

Run date: 2012-01-16 10:36:05

-----------------------------

10:36:05.838    OS Version: Windows 6.1.7601 Service Pack 1

10:36:05.838    Number of processors: 2 586 0xF0D

10:36:05.840    ComputerName: KATHI-PC  UserName: Kathi

10:36:27.995    Initialize success

10:38:13.653    AVAST engine defs: 12011600

10:43:54.429    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0

10:43:54.440    Disk 0 Vendor: WDC_WD3200BEVT-22ZCT0 11.01A11 Size: 305245MB BusType: 3

10:43:54.448    Disk 0 MBR read successfully

10:43:54.456    Disk 0 MBR scan

10:43:54.473    Disk 0 Windows 7 default MBR code

10:43:54.490    Disk 0 Partition 1 00     27 Hidden NTFS WinRE NTFS        10240 MB offset 2048

10:43:54.545    Disk 0 Partition 2 80 (A) 07    HPFS/NTFS NTFS       115000 MB offset 20973568

10:43:54.656    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS       180003 MB offset 256493568

10:43:54.756    Disk 0 scanning sectors +625139712

10:43:54.883    Disk 0 scanning C:\Windows\system32\drivers

10:44:11.667    Service scanning

10:44:12.300    Service MpKsl051b3e9b C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{1F55AFCA-1914-4259-BFF5-5C31A6210EC7}\MpKsl051b3e9b.sys **LOCKED** 32

10:44:12.310    Service MpNWMon C:\Windows\system32\DRIVERS\MpNWMon.sys **LOCKED** 32

10:44:13.514    Modules scanning

10:44:24.196    Disk 0 trace - called modules:

10:44:24.211    ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll ataport.SYS pciide.sys PCIIDEX.SYS atapi.sys 

10:44:24.227    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86085ac8]

10:44:24.227    3 CLASSPNP.SYS[8c26259e] -> nt!IofCallDriver -> [0x85272918]

10:44:24.243    5 ACPI.sys[8ba493d4] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x852bd908]

10:44:24.960    AVAST engine scan C:\Windows

10:44:30.545    AVAST engine scan C:\Windows\system32

10:47:37.864    AVAST engine scan C:\Windows\system32\drivers

10:47:54.673    AVAST engine scan C:\Users\Kathi

10:54:58.249    AVAST engine scan C:\ProgramData

10:57:21.075    Scan finished successfully

11:04:55.440    Disk 0 MBR has been saved successfully to "C:\Users\Kathi\Desktop\MBR.dat"

11:04:55.627    The log file has been saved successfully to "C:\Users\Kathi\Desktop\aswMBR.txt"

aswMBR hat eine Datei namens MBR.dat kreiirt, soll die dableiben oder kann die gelöscht werden?

Dies ist die log von SuperANtiSpyware:

Code:

SUPERAntiSpyware Scan Log

hxxp://www.superantispyware.com
 

Generated 01/17/2012 at 08:49 PM
 

Application Version : 5.0.1142
 

Core Rules Database Version : 8135

Trace Rules Database Version: 5947
 

Scan type       : Complete Scan

Total Scan Time : 01:53:02
 

Operating System Information

Windows 7 Professional 32-bit, Service Pack 1 (Build 6.01.7601)

UAC On - Limited User
 

Memory items scanned      : 674

Memory threats detected   : 0

Registry items scanned    : 37937

Registry threats detected : 0

File items scanned        : 231997

File threats detected     : 42
 

Adware.Tracking Cookie

        C:\Users\Kathi\AppData\Roaming\Microsoft\Windows\Cookies\kathi@ad3.adfarm1.adition[1].txt [ /ad3.adfarm1.adition ]

        C:\Users\Kathi\AppData\Roaming\Microsoft\Windows\Cookies\kathi@adcentriconline[1].txt [ /adcentriconline ]

        C:\Users\Kathi\AppData\Roaming\Microsoft\Windows\Cookies\kathi@adfarm1.adition[2].txt [ /adfarm1.adition ]

        C:\Users\Kathi\AppData\Roaming\Microsoft\Windows\Cookies\kathi@ads.pointroll[1].txt [ /ads.pointroll ]

        C:\Users\Kathi\AppData\Roaming\Microsoft\Windows\Cookies\kathi@doubleclick[2].txt [ /doubleclick ]

        C:\Users\Kathi\AppData\Roaming\Microsoft\Windows\Cookies\kathi@pointroll[2].txt [ /pointroll ]

        C:\Users\Kathi\AppData\Roaming\Microsoft\Windows\Cookies\kathi@serving-sys[1].txt [ /serving-sys ]

        C:\Users\Kathi\AppData\Roaming\Microsoft\Windows\Cookies\kathi@www.windowsmedia[2].txt [ /www.windowsmedia ]

        C:\Users\Kathi\AppData\Roaming\Microsoft\Windows\Cookies\99XHLUTU.txt [ /c.atdmt.com ]

        C:\Users\Kathi\AppData\Roaming\Microsoft\Windows\Cookies\7RUB5Y3T.txt [ /atdmt.com ]

        C:\USERS\KATHI\AppData\Roaming\Microsoft\Windows\Cookies\Low\kathi@sevenoneintermedia.112.2o7[1].txt [ Cookie:kathi@sevenoneintermedia.112.2o7.net/ ]

        C:\USERS\KATHI\AppData\Roaming\Microsoft\Windows\Cookies\Low\kathi@www.googleadservices[1].txt [ Cookie:kathi@www.googleadservices.com/pagead/conversion/1007102564/ ]

        C:\USERS\KATHI\AppData\Roaming\Microsoft\Windows\Cookies\Low\kathi@xiti[1].txt [ Cookie:kathi@xiti.com/ ]

        C:\USERS\KATHI\AppData\Roaming\Microsoft\Windows\Cookies\Low\kathi@tradedoubler[2].txt [ Cookie:kathi@tradedoubler.com/ ]

        C:\USERS\KATHI\AppData\Roaming\Microsoft\Windows\Cookies\Low\kathi@doubleclick[2].txt [ Cookie:kathi@doubleclick.net/ ]

        C:\USERS\KATHI\AppData\Roaming\Microsoft\Windows\Cookies\Low\kathi@ad.adnet[1].txt [ Cookie:kathi@ad.adnet.de/ ]

        C:\USERS\KATHI\AppData\Roaming\Microsoft\Windows\Cookies\Low\kathi@webmasterplan[2].txt [ Cookie:kathi@webmasterplan.com/ ]

        C:\USERS\KATHI\AppData\Roaming\Microsoft\Windows\Cookies\Low\kathi@ad2.adfarm1.adition[2].txt [ Cookie:kathi@ad2.adfarm1.adition.com/ ]

        C:\USERS\KATHI\AppData\Roaming\Microsoft\Windows\Cookies\Low\kathi@c.atdmt[2].txt [ Cookie:kathi@c.atdmt.com/ ]

        C:\USERS\KATHI\AppData\Roaming\Microsoft\Windows\Cookies\Low\kathi@www.etracker[2].txt [ Cookie:kathi@www.etracker.de/ ]

        C:\USERS\KATHI\AppData\Roaming\Microsoft\Windows\Cookies\Low\kathi@zanox-affiliate[1].txt [ Cookie:kathi@zanox-affiliate.de/ ]

        C:\USERS\KATHI\AppData\Roaming\Microsoft\Windows\Cookies\Low\kathi@mediaplex[2].txt [ Cookie:kathi@mediaplex.com/ ]

        C:\USERS\KATHI\AppData\Roaming\Microsoft\Windows\Cookies\Low\kathi@tracking.quisma[1].txt [ Cookie:kathi@tracking.quisma.com/ ]

        C:\USERS\KATHI\AppData\Roaming\Microsoft\Windows\Cookies\Low\kathi@adfarm1.adition[1].txt [ Cookie:kathi@adfarm1.adition.com/ ]

        C:\USERS\KATHI\AppData\Roaming\Microsoft\Windows\Cookies\Low\kathi@adx.chip[2].txt [ Cookie:kathi@adx.chip.de/ ]

        C:\USERS\KATHI\AppData\Roaming\Microsoft\Windows\Cookies\Low\kathi@smartadserver[1].txt [ Cookie:kathi@smartadserver.com/ ]

        C:\USERS\KATHI\AppData\Roaming\Microsoft\Windows\Cookies\Low\kathi@ad1.adfarm1.adition[1].txt [ Cookie:kathi@ad1.adfarm1.adition.com/ ]

        C:\USERS\KATHI\AppData\Roaming\Microsoft\Windows\Cookies\Low\kathi@bs.serving-sys[2].txt [ Cookie:kathi@bs.serving-sys.com/ ]

        C:\USERS\KATHI\AppData\Roaming\Microsoft\Windows\Cookies\Low\kathi@ww251.smartadserver[2].txt [ Cookie:kathi@ww251.smartadserver.com/ ]

        C:\USERS\KATHI\AppData\Roaming\Microsoft\Windows\Cookies\Low\kathi@ad3.adfarm1.adition[2].txt [ Cookie:kathi@ad3.adfarm1.adition.com/ ]

        C:\USERS\KATHI\AppData\Roaming\Microsoft\Windows\Cookies\Low\kathi@apmebf[2].txt [ Cookie:kathi@apmebf.com/ ]

        C:\USERS\KATHI\Cookies\kathi@adcentriconline[1].txt [ Cookie:kathi@adcentriconline.com/ ]

        C:\USERS\KATHI\Cookies\kathi@doubleclick[2].txt [ Cookie:kathi@doubleclick.net/ ]

        C:\USERS\KATHI\Cookies\99XHLUTU.txt [ Cookie:kathi@c.atdmt.com/ ]

        C:\USERS\KATHI\Cookies\kathi@ads.pointroll[1].txt [ Cookie:kathi@ads.pointroll.com/ ]

        C:\USERS\KATHI\Cookies\kathi@adfarm1.adition[2].txt [ Cookie:kathi@adfarm1.adition.com/ ]

        C:\USERS\KATHI\Cookies\kathi@ad3.adfarm1.adition[1].txt [ Cookie:kathi@ad3.adfarm1.adition.com/ ]

        C:\USERS\KATHI\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\KATHI@SERVING-SYS[2].TXT [ /SERVING-SYS ]

        C:\USERS\KATHI\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\KATHI@AD.ZANOX[2].TXT [ /AD.ZANOX ]

        C:\USERS\KATHI\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\KATHI@ZANOX[1].TXT [ /ZANOX ]

        C:\USERS\KATHI\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\KATHI@DAIMLERAG.122.2O7[1].TXT [ /DAIMLERAG.122.2O7 ]

        C:\USERS\KATHI\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\KATHI@ATDMT[1].TXT [ /ATDMT ]

Log von Malwarebytes:

Code:

Malwarebytes Anti-Malware 1.60.0.1800

www.malwarebytes.org
 

Datenbank Version: v2012.01.17.04
 

Windows 7 Service Pack 1 x86 NTFS

Internet Explorer 9.0.8112.16421

Kathi :: KATHI-PC [Administrator]
 

17.01.2012 20:57:54

mbam-log-2012-01-17 (20-57-54).txt
 

Art des Suchlaufs: Vollständiger Suchlauf

Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM

Deaktivierte Suchlaufeinstellungen: P2P

Durchsuchte Objekte: 351730

Laufzeit: 57 Minute(n), 34 Sekunde(n)
 

Infizierte Speicherprozesse: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Speichermodule: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungsschlüssel: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungswerte: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateiobjekte der Registrierung: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Verzeichnisse: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateien: 0

(Keine bösartigen Objekte gefunden)
 

(Ende)

Log von ESET:

Code:

ESETSmartInstaller@High as downloader log:

all ok

# version=7

# OnlineScannerApp.exe=1.0.0.1

# OnlineScanner.ocx=1.0.0.6583

# api_version=3.0.2

# EOSSerial=6b756fac841b38409a1b21fa82a3d49c

# end=finished

# remove_checked=false

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2012-01-17 10:53:54

# local_time=2012-01-17 11:53:54 (+0100, Mitteleuropäische Zeit)

# country="Germany"

# lang=1033

# osver=6.1.7601 NT Service Pack 1

# compatibility_mode=5893 16776574 100 94 17723895 78465322 0 0

# compatibility_mode=8192 67108863 100 0 428127 428127 0 0

# scanned=181358

# found=0

# cleaned=0

# scan_time=6702