Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Logs nach Antimaleware doctor und Security Tool (https://www.trojaner-board.de/90881-logs-antimaleware-doctor-security-tool.html)

ines000 17.09.2010 14:06
Logs nach Antimaleware doctor und Security Tool
 
Hallo!

Hab mir antimaleware doctor und security tool gleichzeitig eingefangen. die anleitung befolgt (rkill.exe, Malewarebyte Anti-Maleware, ccleaner und rsit.exe). mein anti-maleware findet nichts mehr.
hab dann noch OTL.exe drüber laufen lassen.

anbei die log-datein.

lg, ines

cosinus 17.09.2010 18:27
Hallo und :hallo:

Beende alle Programme, starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Hinweis: Falls Du Deinen Benutzernamen unkenntlich gemacht hast, musst Du das Ausgesternte in Deinen richtigen Benutzernamen wieder verwandeln, sonst funktioniert das Script nicht!!

Code:
:OTL
O33 - MountPoints2\{ca8cbd65-fa71-11dc-963e-0016d3e3c032}\Shell\AutoRun\command - "" = H:\myfolder\myfile.exe -- File not found
O33 - MountPoints2\{ca8cbd65-fa71-11dc-963e-0016d3e3c032}\Shell\open\command - "" = H:\myfolder\myfile.exe -- File not found
[2010.09.13 19:33:02 | 000,000,000 | -H-D | C] -- C:\Users\Public\Documents\Windows
[2010.09.13 19:32:59 | 000,000,000 | -H-D | C] -- C:\Users\Public\Documents\Server
[2010.08.28 20:53:30 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Windows
[2010.08.28 20:53:28 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Windows Server
@Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:70E897B5
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:B623B5B8
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:B203B914
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:94188BC6
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:A95A95AC
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:798A3728
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:AA9519A6
@Alternate Data Stream - 102 bytes -> C:\ProgramData\TEMP:30A9E86A
:Commands
[purity]
[resethosts]
[emptytemp]
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

ines000 18.09.2010 11:44
hier das log.
Danke.
lg, ines



All processes killed
========== OTL ==========
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ca8cbd65-fa71-11dc-963e-0016d3e3c032}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ca8cbd65-fa71-11dc-963e-0016d3e3c032}\ not found.
File H:\myfolder\myfile.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ca8cbd65-fa71-11dc-963e-0016d3e3c032}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ca8cbd65-fa71-11dc-963e-0016d3e3c032}\ not found.
File H:\myfolder\myfile.exe not found.
C:\Users\Public\Documents\Windows folder moved successfully.
C:\Users\Public\Documents\Server folder moved successfully.
Folder C:\Users\***\AppData\Local\Windows\ not found.
Folder C:\Users\***\AppData\Local\Windows Server\ not found.
ADS C:\ProgramData\TEMP:70E897B5 deleted successfully.
ADS C:\ProgramData\TEMP:B623B5B8 deleted successfully.
ADS C:\ProgramData\TEMP:B203B914 deleted successfully.
ADS C:\ProgramData\TEMP:94188BC6 deleted successfully.
ADS C:\ProgramData\TEMP:A95A95AC deleted successfully.
ADS C:\ProgramData\TEMP:798A3728 deleted successfully.
ADS C:\ProgramData\TEMP:AA9519A6 deleted successfully.
ADS C:\ProgramData\TEMP:30A9E86A deleted successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Gast
->Temp folder emptied: 483221 bytes
->Temporary Internet Files folder emptied: 885411 bytes
->Flash cache emptied: 75 bytes

User: ***
->Temp folder emptied: 6329469 bytes
->Temporary Internet Files folder emptied: 17105429 bytes
->Java cache emptied: 18614126 bytes
->FireFox cache emptied: 8248633 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 12379 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 73701230 bytes
RecycleBin emptied: 298904 bytes

Total Files Cleaned = 120,00 mb


OTL by OldTimer - Version 3.2.12.1 log created on 09182010_122442

Files\Folders moved on Reboot...
File\Folder C:\Users\***\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\YLPKY572\0,2x1;p=b;ct=com;b=smgb;b=smga;id=nm1024677;bpx=2;s=341;s=344;s=343;s=1009;s=335;s=284;s=336;s=32;s=c2;s=c3;s=c4;s=c4;s=c1; s=c1;;u=5067888486233876;ord=5067888486233876[1] not found!
File\Folder C:\Users\***\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\YLPKY572\0_SY90_BO120,0,0,0_PIimdb-blackband,BottomLeft,120,-119_PIimdb-bluebutton,BottomLeft,213,-121_CR120,120,120,90_ZATrailer,4,61,19,120,verdenab,8,255,255,255,1_FMpng_[1].png not found!
File\Folder C:\Users\***\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\YLPKY572\0_SY90_BO120,0,0,0_PIimdb-blackband,BottomLeft,120,-119_PIimdb-bluebutton,BottomLeft,213,-121_CR120,120,120,90_ZATrailer,4,61,19,120,verdenab,8,255,255,255,1_FMpng_[2].png not found!
File\Folder C:\Users\***\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\YLPKY572\0_ZATrailer,4,61,19,120,verdenab,8,255,255,255,1_CR0,14,120,76_BO14,83,105,140_CR14,0,120,90_ZAat%20AllTrailers.net%20%BB,3 ,0,14,120,verdenab,7,255,255,255,1_FMpng_[1].png not found!
File\Folder C:\Users\***\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\YLPKY572\1176740;m=R;g=co;g=ro;tt=f;coo=usa;coo=uk;bpx=2;s=341;s=344;s=343;s=1009;s=335;s=284;s=336;s=32;s=c1;s=c4;s=c4;s=c2;s=c3;s= c1;;u=928699441438455.9;ord=928699441438455[1].9 not found!
File\Folder C:\Users\***\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\YLPKY572\11x1;p=tr;ct=com;b=smgb;b=smga;id=nm1024677;bpx=2;s=341;s=344;s=343;s=1009;s=335;s=284;s=336;s=32;s=c2;s=c3;s=c4;s=c4;s=c1; s=c1;;u=5067888486233876;ord=5067888486233876[1] not found!
File\Folder C:\Users\***\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\YLPKY572\1x1,4x1;p=f1;ifb=pf;ct=com;id=nm0005222;bpx=2;s=341;s=344;s=343;s=1009;s=335;s=284;s=336;s=32;s=c4;s=c3;s=c4;s=c2;s=c1;s=c1 ;;u=1591086468148308.2;ord=1591086468148308[1].2 not found!
File\Folder C:\Users\***\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\YLPKY572\5;sz=728x90,2x1;p=b;ct=com;id=nm0005222;bpx=2;s=341;s=344;s=343;s=1009;s=335;s=284;s=336;s=32;s=c4;s=c3;s=c4;s=c2;s=c1;s=c1 ;;u=1591086468148308.2;ord=1591086468148308[1].2 not found!
File\Folder C:\Users\***\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\YLPKY572\aindetails;tile=2;sz=728x90,1008x150,1008x200,9x1;p=t;p=top;ct=com;id=nm0050332;bpx=2;s=1009;s=32;s=c4;s=c4;s=c1;s=c3;s=c1; s=c2;;u=4660560389570105;ord=4660560389570105[1] not found!
File\Folder C:\Users\***\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\YLPKY572\c;g=dr;id=tt0959337;g=ro;k=c;coo=usa;coo=uk;bpx=2;s=341;s=344;s=343;s=1009;s=335;s=284;s=336;s=32;s=c4;s=c4;s=c3;s=c1;s=c2; s=c1;;u=6137154938803572;ord=6137154938803572[1] not found!
File\Folder C:\Users\***\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\YLPKY572\oo=usa;id=nm1024677;b=smga;k=c;id=nm1289434;bpx=2;s=341;s=344;s=343;s=1009;s=335;s=284;s=336;s=32;s=c2;s=c3;s=c4;s=c1;s=c4; s=c1;;u=6792239174377075;ord=6792239174377075[1] not found!
File\Folder C:\Users\***\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\YLPKY572\oo=usa;id=nm1024677;b=smga;k=c;id=nm1289434;bpx=2;s=341;s=344;s=343;s=1009;s=335;s=284;s=336;s=32;s=c2;s=c3;s=c4;s=c1;s=c4; s=c1;;u=6792239174377075;ord=6792239174377075[2] not found!
File\Folder C:\Users\***\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\P3H0Z0E4\008x200,9x1;p=t;p=top;ct=com;id=nm0005222;bpx=2;s=341;s=344;s=343;s=1009;s=335;s=284;s=336;s=32;s=c1;s=c3;s=c2;s=c1;s=c4;s= c4;;u=409347628136193.5;ord=409347628136193[1].5 not found!
File\Folder C:\Users\***\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\P3H0Z0E4\0_SY90_BO120,0,0,0_PIimdb-blackband,BottomLeft,120,-119_PIimdb-bluebutton,BottomLeft,213,-121_CR120,120,120,90_ZATrailer,4,61,19,120,verdenab,8,255,255,255,1_FMpng_[1].png not found!
File\Folder C:\Users\***\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\P3H0Z0E4\1176740;m=R;g=co;g=ro;tt=f;coo=usa;coo=uk;bpx=2;s=341;s=344;s=343;s=1009;s=335;s=284;s=336;s=32;s=c1;s=c4;s=c4;s=c2;s=c3;s= c1;;u=928699441438455.9;ord=928699441438455[1].9 not found!
File\Folder C:\Users\***\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\P3H0Z0E4\90,2x1;p=b;ct=com;m=R;tt=f;b=t250;b=t250a;g=dr;id=tt0169547;k=i;k=t;k=c;coo=usa;bpx=2;s=1009;s=32;s=c4;s=c4;s=c1;s=c3;s=c1; s=c2;;u=7047381126500512;ord=7047381126500512[1] not found!
File\Folder C:\Users\***\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\P3H0Z0E4\;sz=300x250,11x1;p=tr;ct=com;id=nm0005222;bpx=2;s=341;s=344;s=343;s=1009;s=335;s=284;s=336;s=32;s=c1;s=c3;s=c2;s=c1;s=c4;s= c4;;u=409347628136193.5;ord=409347628136193[1].5 not found!
File\Folder C:\Users\***\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\P3H0Z0E4\c;g=dr;id=tt0959337;g=ro;k=c;coo=usa;coo=uk;bpx=2;s=341;s=344;s=343;s=1009;s=335;s=284;s=336;s=32;s=c4;s=c4;s=c3;s=c1;s=c2; s=c1;;u=6137154938803572;ord=6137154938803572[1] not found!
File\Folder C:\Users\***\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\P3H0Z0E4\c;g=dr;id=tt0959337;g=ro;k=c;coo=usa;coo=uk;bpx=2;s=341;s=344;s=343;s=1009;s=335;s=284;s=336;s=32;s=c4;s=c4;s=c3;s=c1;s=c2; s=c1;;u=6137154938803572;ord=6137154938803572[2] not found!
File\Folder C:\Users\***\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\P3H0Z0E4\e=5;sz=728x90,2x1;p=b;ct=com;id=nm0005222;bpx=2;s=341;s=344;s=343;s=1009;s=335;s=284;s=336;s=32;s=c1;s=c3;s=c2;s=c1;s=c4;s= c4;;u=409347628136193.5;ord=409347628136193[1].5 not found!
File\Folder C:\Users\***\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\P3H0Z0E4\f1;ifb=pf;ct=com;b=smgb;b=smga;id=nm1024677;bpx=2;s=341;s=344;s=343;s=1009;s=335;s=284;s=336;s=32;s=c1;s=c4;s=c4;s=c2;s=c3; s=c1;;u=7215140792865926;ord=7215140792865926[1] not found!
File\Folder C:\Users\***\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\P3H0Z0E4\p=t;p=top;ct=com;b=smgb;b=smga;id=nm1024677;bpx=2;s=341;s=344;s=343;s=1009;s=335;s=284;s=336;s=32;s=c1;s=c4;s=c4;s=c2;s=c3; s=c1;;u=7215140792865926;ord=7215140792865926[1] not found!
File\Folder C:\Users\***\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\P3H0Z0E4\SY90_BO120,0,0,0_PIimdb-blackband,BottomLeft,120,-119_PIimdb-bluebutton,BottomLeft,213,-121_CR120,120,120,90_ZAInterview,4,61,19,120,verdenab,8,255,255,255,1_FMpng_[1].png not found!
File\Folder C:\Users\***\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\P3H0Z0E4\t250a;g=dr;id=tt0169547;k=i;k=t;k=c;coo=usa;bpx=2;s=341;s=344;s=343;s=1009;s=335;s=284;s=336;s=32;s=c4;s=c3;s=c4;s=c1;s=c2; s=c1;;u=6989310762067084;ord=6989310762067084[1] not found!
File\Folder C:\Users\***\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\P3H0Z0E4\t250a;g=dr;id=tt0169547;k=i;k=t;k=c;coo=usa;bpx=2;s=341;s=344;s=343;s=1009;s=335;s=284;s=336;s=32;s=c4;s=c3;s=c4;s=c1;s=c2; s=c1;;u=6989310762067084;ord=6989310762067084[2] not found!
File\Folder C:\Users\***\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\P3H0Z0E4\tt1176740;m=R;g=co;g=ro;tt=f;coo=usa;coo=uk;bpx=2;s=341;s=344;s=343;s=1009;s=335;s=284;s=336;s=32;s=c2;s=c3;s=c4;s=c4;s=c1; s=c1;;u=8511977271597531;ord=8511977271597531[1] not found!
File\Folder C:\Users\***\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\P3H0Z0E4\tt1176740;m=R;g=co;g=ro;tt=f;coo=usa;coo=uk;bpx=2;s=341;s=344;s=343;s=1009;s=335;s=284;s=336;s=32;s=c2;s=c3;s=c4;s=c4;s=c1; s=c1;;u=8511977271597531;ord=8511977271597531[2] not found!
File\Folder C:\Users\***\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\P3H0Z0E4\z=300x250,11x1;p=tr;ct=com;id=nm0005222;bpx=2;s=341;s=344;s=343;s=1009;s=335;s=284;s=336;s=32;s=c4;s=c3;s=c4;s=c2;s=c1;s=c1 ;;u=1591086468148308.2;ord=1591086468148308[1].2 not found!
File\Folder C:\Users\***\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\OBFPE7S0\,11x1;p=tr;ct=com;m=R;tt=f;b=t250;b=t250a;g=dr;id=tt0169547;k=i;k=t;k=c;coo=usa;bpx=2;s=1009;s=32;s=c4;s=c4;s=c1;s=c3;s=c1; s=c2;;u=7047381126500512;ord=7047381126500512[1] not found!
File\Folder C:\Users\***\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\OBFPE7S0\0,2x1;p=b;ct=com;b=smgb;b=smga;id=nm1024677;bpx=2;s=341;s=344;s=343;s=1009;s=335;s=284;s=336;s=32;s=c1;s=c4;s=c4;s=c2;s=c3; s=c1;;u=7215140792865926;ord=7215140792865926[1] not found!
File\Folder C:\Users\***\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\OBFPE7S0\0,90_ZATrailer,4,61,19,120,verdenab,8,255,255,255,1_CR0,14,120,76_BO14,83,105,140_CR14,0,120,90_ZAat%20CineMagia.ro%20%BB,3 ,0,14,120,verdenab,7,255,255,255,1_FMpng_[1].png not found!
File\Folder C:\Users\***\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\OBFPE7S0\0_SY90_BO120,0,0,0_PIimdb-blackband,BottomLeft,116,-119_PIimdb-bluebutton,BottomLeft,209,-121_CR116,120,120,90_ZATrailer,4,61,19,120,verdenab,8,255,255,255,1_FMpng_[1].png not found!
File\Folder C:\Users\***\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\OBFPE7S0\0_SY90_BO120,0,0,0_PIimdb-blackband,BottomLeft,120,-119_PIimdb-bluebutton,BottomLeft,213,-121_CR120,120,120,90_ZATrailer,4,61,19,120,verdenab,8,255,255,255,1_FMpng_[1].png not found!
File\Folder C:\Users\***\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\OBFPE7S0\0_SY90_BO120,0,0,0_PIimdb-blackband,BottomLeft,120,-119_PIimdb-bluebutton,BottomLeft,213,-121_CR120,120,120,90_ZATrailer,4,61,19,120,verdenab,8,255,255,255,1_FMpng_[2].png not found!
File\Folder C:\Users\***\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\OBFPE7S0\0_SY90_BO120,0,0,0_PIimdb-blackband,BottomLeft,120,-119_PIimdb-bluebutton,BottomLeft,213,-121_CR120,120,120,90_ZATrailer,4,61,19,120,verdenab,8,255,255,255,1_FMpng_[3].png not found!
File\Folder C:\Users\***\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\OBFPE7S0\0_SY90_BO120,0,0,0_PIimdb-blackband,BottomLeft,120,-119_PIimdb-bluebutton,BottomLeft,213,-121_CR120,120,120,90_ZATrailer,4,61,19,120,verdenab,8,255,255,255,1_FMpng_[4].png not found!
File\Folder C:\Users\***\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\OBFPE7S0\1176740;m=R;g=co;g=ro;tt=f;coo=usa;coo=uk;bpx=2;s=341;s=344;s=343;s=1009;s=335;s=284;s=336;s=32;s=c1;s=c4;s=c4;s=c2;s=c3;s= c1;;u=928699441438455.9;ord=928699441438455[1].9 not found!
File\Folder C:\Users\***\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\OBFPE7S0\120_SY90_BO120,0,0,0_PIimdb-blackband,BottomLeft,120,-119_PIimdb-bluebutton,BottomLeft,213,-121_CR120,120,120,90_ZAPromo,4,61,19,120,verdenab,8,255,255,255,1_FMpng_[1].png not found!
File\Folder C:\Users\***\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\OBFPE7S0\=f1;ifb=pf;ct=com;m=R;tt=f;b=t250;b=t250a;g=dr;id=tt0169547;k=i;k=t;k=c;coo=usa;bpx=2;s=1009;s=32;s=c4;s=c4;s=c1;s=c3;s=c1; s=c2;;u=7047381126500512;ord=7047381126500512[1] not found!
File\Folder C:\Users\***\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\OBFPE7S0\f1;ifb=pf;ct=com;b=smgb;b=smga;id=nm1024677;bpx=2;s=341;s=344;s=343;s=1009;s=335;s=284;s=336;s=32;s=c2;s=c3;s=c4;s=c4;s=c1; s=c1;;u=5067888486233876;ord=5067888486233876[1] not found!
File\Folder C:\Users\***\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\OBFPE7S0\oo=usa;id=nm1024677;b=smga;k=c;id=nm1289434;bpx=2;s=341;s=344;s=343;s=1009;s=335;s=284;s=336;s=32;s=c2;s=c3;s=c4;s=c1;s=c4; s=c1;;u=6792239174377075;ord=6792239174377075[1] not found!
File\Folder C:\Users\***\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\OBFPE7S0\oo=usa;id=nm1024677;b=smga;k=c;id=nm1289434;bpx=2;s=341;s=344;s=343;s=1009;s=335;s=284;s=336;s=32;s=c2;s=c3;s=c4;s=c1;s=c4; s=c1;;u=6792239174377075;ord=6792239174377075[2] not found!
File\Folder C:\Users\***\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\OBFPE7S0\p=t;p=top;ct=com;b=smgb;b=smga;id=nm1024677;bpx=2;s=341;s=344;s=343;s=1009;s=335;s=284;s=336;s=32;s=c2;s=c3;s=c4;s=c4;s=c1; s=c1;;u=5067888486233876;ord=5067888486233876[1] not found!
File\Folder C:\Users\***\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\OBFPE7S0\tt1176740;m=R;g=co;g=ro;tt=f;coo=usa;coo=uk;bpx=2;s=341;s=344;s=343;s=1009;s=335;s=284;s=336;s=32;s=c2;s=c3;s=c4;s=c4;s=c1; s=c1;;u=8511977271597531;ord=8511977271597531[1] not found!
File\Folder C:\Users\***\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\OBFPE7S0\X120_SY90_BO120,0,0,0_PIimdb-blackband,BottomLeft,120,-119_PIimdb-bluebutton,BottomLeft,213,-121_CR120,120,120,90_ZAClip,4,61,19,120,verdenab,8,255,255,255,1_FMpng_[1].png not found!
File\Folder C:\Users\***\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\OBFPE7S0\X120_SY90_BO120,0,0,0_PIimdb-blackband,BottomLeft,120,-119_PIimdb-bluebutton,BottomLeft,213,-121_CR120,120,120,90_ZAClip,4,61,19,120,verdenab,8,255,255,255,1_FMpng_[2].png not found!
File\Folder C:\Users\***\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\OBFPE7S0\X120_SY90_BO120,0,0,0_PIimdb-blackband,BottomLeft,120,-119_PIimdb-bluebutton,BottomLeft,213,-121_CR120,120,120,90_ZAClip,4,61,19,120,verdenab,8,255,255,255,1_FMpng_[3].png not found!
File\Folder C:\Users\***\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\OBFPE7S0\X120_SY90_BO120,0,0,0_PIimdb-blackband,BottomLeft,120,-119_PIimdb-bluebutton,BottomLeft,213,-121_CR120,120,120,90_ZAClip,4,61,19,120,verdenab,8,255,255,255,1_FMpng_[4].png not found!
File\Folder C:\Users\***\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\OBFPE7S0\X120_SY90_BO120,0,0,0_PIimdb-blackband,BottomLeft,120,-119_PIimdb-bluebutton,BottomLeft,213,-121_CR120,120,120,90_ZAClip,4,61,19,120,verdenab,8,255,255,255,1_FMpng_[5].png not found!
File\Folder C:\Users\***\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\OBFPE7S0\Y90_BO120,0,0,0_PIimdb-blackband,BottomLeft,116,-119_PIimdb-bluebutton,BottomLeft,209,-121_CR116,120,120,90_ZAFeaturette,4,61,19,120,verdenab,8,255,255,255,1_FMpng_[1].png not found!
File\Folder C:\Users\***\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\OBFPE7S0\z=1x1,4x1;p=f1;ifb=pf;ct=com;id=nm0005222;bpx=2;s=341;s=344;s=343;s=1009;s=335;s=284;s=336;s=32;s=c1;s=c3;s=c2;s=c1;s=c4;s= c4;;u=409347628136193.5;ord=409347628136193[1].5 not found!
File\Folder C:\Users\***\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\EUV9CWST\0_SY90_BO120,0,0,0_PIimdb-blackband,BottomLeft,120,-119_PIimdb-bluebutton,BottomLeft,213,-121_CR120,120,120,90_ZATrailer,4,61,19,120,verdenab,8,255,255,255,1_FMpng_[1].png not found!
File\Folder C:\Users\***\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\EUV9CWST\0_SY90_BO120,0,0,0_PIimdb-blackband,BottomLeft,120,-119_PIimdb-bluebutton,BottomLeft,213,-121_CR120,120,120,90_ZATrailer,4,61,19,120,verdenab,8,255,255,255,1_FMpng_[2].png not found!
File\Folder C:\Users\***\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\EUV9CWST\0_SY90_BO120,0,0,0_PIimdb-blackband,BottomLeft,120,-119_PIimdb-bluebutton,BottomLeft,213,-121_CR120,120,120,90_ZATrailer,4,61,19,120,verdenab,8,255,255,255,1_FMpng_[3].png not found!
File\Folder C:\Users\***\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\EUV9CWST\1176740;m=R;g=co;g=ro;tt=f;coo=usa;coo=uk;bpx=2;s=341;s=344;s=343;s=1009;s=335;s=284;s=336;s=32;s=c1;s=c4;s=c4;s=c2;s=c3;s= c1;;u=928699441438455.9;ord=928699441438455[1].9 not found!
File\Folder C:\Users\***\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\EUV9CWST\11x1;p=tr;ct=com;b=smgb;b=smga;id=nm1024677;bpx=2;s=341;s=344;s=343;s=1009;s=335;s=284;s=336;s=32;s=c1;s=c4;s=c4;s=c2;s=c3; s=c1;;u=7215140792865926;ord=7215140792865926[1] not found!
File\Folder C:\Users\***\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\EUV9CWST\8x200,9x1;p=t;p=top;ct=com;id=nm0005222;bpx=2;s=341;s=344;s=343;s=1009;s=335;s=284;s=336;s=32;s=c4;s=c3;s=c4;s=c2;s=c1;s=c1 ;;u=1591086468148308.2;ord=1591086468148308[1].2 not found!
File\Folder C:\Users\***\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\EUV9CWST\;p=t;p=top;ct=com;m=R;tt=f;b=t250;b=t250a;g=dr;id=tt0169547;k=i;k=t;k=c;coo=usa;bpx=2;s=1009;s=32;s=c4;s=c4;s=c1;s=c3;s=c1; s=c2;;u=7047381126500512;ord=7047381126500512[1] not found!
File\Folder C:\Users\***\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\EUV9CWST\c;g=dr;id=tt0959337;g=ro;k=c;coo=usa;coo=uk;bpx=2;s=341;s=344;s=343;s=1009;s=335;s=284;s=336;s=32;s=c4;s=c4;s=c3;s=c1;s=c2; s=c1;;u=6137154938803572;ord=6137154938803572[1] not found!
File\Folder C:\Users\***\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\EUV9CWST\SY90_BO120,0,0,0_PIimdb-blackband,BottomLeft,120,-119_PIimdb-bluebutton,BottomLeft,213,-121_CR120,120,120,90_ZAInterview,4,61,19,120,verdenab,8,255,255,255,1_FMpng_[1].png not found!
File\Folder C:\Users\***\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\EUV9CWST\t250a;g=dr;id=tt0169547;k=i;k=t;k=c;coo=usa;bpx=2;s=341;s=344;s=343;s=1009;s=335;s=284;s=336;s=32;s=c4;s=c3;s=c4;s=c1;s=c2; s=c1;;u=6989310762067084;ord=6989310762067084[1] not found!
File\Folder C:\Users\***\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\EUV9CWST\t250a;g=dr;id=tt0169547;k=i;k=t;k=c;coo=usa;bpx=2;s=341;s=344;s=343;s=1009;s=335;s=284;s=336;s=32;s=c4;s=c3;s=c4;s=c1;s=c2; s=c1;;u=6989310762067084;ord=6989310762067084[2] not found!
File\Folder C:\Users\***\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\EUV9CWST\tt1176740;m=R;g=co;g=ro;tt=f;coo=usa;coo=uk;bpx=2;s=341;s=344;s=343;s=1009;s=335;s=284;s=336;s=32;s=c2;s=c3;s=c4;s=c4;s=c1; s=c1;;u=8511977271597531;ord=8511977271597531[1] not found!
File\Folder C:\Windows\temp\WFV5F01.tmp not found!

Registry entries deleted on Reboot...

cosinus 18.09.2010 12:43
Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Lade dir ComboFix hier herunter auf deinen Desktop. Benenne es beim Runterladen um in cofi.exe.
http://saved.im/mtm0nzyzmzd5/cofi.jpg
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

ines000 18.09.2010 20:58
Hier das combofix log:
Combofix Logfile:
Code:
ComboFix 10-09-17.04 - *** 18.09.2010  21:02:34.1.2 - x86
Microsoft® Windows Vista™ Home Premium  6.0.6002.2.1252.43.1031.18.2046.1096 [GMT 2:00]
ausgeführt von:: c:\users\***\Desktop\ComboFix.exe
AV: McAfee VirusScan Enterprise *On-access scanning enabled* (Updated) {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}
SP: Avira AntiVir PersonalEdition *enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
SP: Windows-Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\***\AppData\Local\Windows Server
c:\users\***AppData\Local\Windows Server\admin.txt
c:\users\***\AppData\Local\Windows Server\flags.ini
c:\users\***\AppData\Local\Windows Server\hlp.dat
c:\users\***\AppData\Local\Windows Server\server.dat
c:\users\*** AppData\Local\Windows Server\uses32.dat
c:\users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Antimalware Doctor
c:\users\***AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Antimalware Doctor\Antimalware Doctor.lnk
c:\users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Antimalware Doctor\Uninstall.lnk
c:\users\***\Herbert.exe
c:\windows\system\BisonC07.dll

.
(((((((((((((((((((((((  Dateien erstellt von 2010-08-18 bis 2010-09-18  ))))))))))))))))))))))))))))))
.

2010-09-18 10:24 . 2010-09-18 10:24        --------        d-----w-        C:\_OTL
2010-09-17 13:31 . 2010-09-17 15:04        --------        d-----w-        c:\programdata\FarmFrenzy3
2010-09-17 13:27 . 2010-09-17 13:27        --------        d-----w-        c:\program files\Purplehills
2010-09-17 13:21 . 2010-09-17 13:21        --------        d-----w-        c:\users\Gast\AppData\Local\Google
2010-09-17 13:20 . 2010-09-17 13:20        --------        d-----w-        c:\users\Gast\AppData\Roaming\Apple Computer
2010-09-17 13:20 . 2010-09-17 13:20        --------        d-----w-        c:\users\Gast\AppData\Roaming\Malwarebytes
2010-09-17 13:19 . 2010-09-17 13:19        --------        d-----w-        c:\users\Gast\AppData\Roaming\ATI
2010-09-17 13:19 . 2010-09-17 13:19        --------        d-----w-        c:\users\Gast\AppData\Local\PlayMovie
2010-09-17 13:19 . 2010-09-17 13:19        --------        d-----w-        c:\users\Gast\AppData\Local\ATI
2010-09-17 13:19 . 2010-09-17 13:19        102424        ----a-w-        c:\users\Gast\AppData\Local\GDIPFONTCACHEV1.DAT
2010-09-16 18:12 . 2010-08-30 12:33        43008        ----a-w-        c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\ggahrqh4.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbarloader.dll
2010-09-16 18:12 . 2010-08-30 12:34        1496064        ----a-w-        c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\ggahrqh4.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
2010-09-16 18:12 . 2010-08-30 12:33        346112        ----a-w-        c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\ggahrqh4.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff3.dll
2010-09-16 18:12 . 2010-08-30 12:33        338944        ----a-w-        c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\ggahrqh4.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff2.dll
2010-09-16 13:52 . 2010-04-16 16:46        502272        ----a-w-        c:\windows\system32\usp10.dll
2010-09-16 13:52 . 2010-08-17 14:11        128000        ----a-w-        c:\windows\system32\spoolsv.exe
2010-09-16 13:52 . 2010-04-05 17:02        317952        ----a-w-        c:\windows\system32\MP4SDECD.DLL
2010-09-16 13:51 . 2010-05-27 20:08        739328        ----a-w-        c:\windows\system32\inetcomm.dll
2010-09-12 20:11 . 2010-09-12 20:36        --------        d-----w-        c:\users\***\AppData\Roaming\BloodTies
2010-09-12 13:55 . 2010-09-12 13:55        --------        d-----w-        c:\users\***\AppData\Roaming\GameHousev1000
2010-09-11 09:52 . 2010-09-12 19:02        --------        d-----w-        c:\users\***\AppData\Roaming\Gamers Digital
2010-09-11 09:52 . 2010-09-12 19:02        --------        d-----w-        c:\programdata\Gamers Digital
2010-09-10 21:35 . 2010-09-10 21:35        --------        d-----w-        c:\users\***\AppData\Roaming\My Games
2010-09-10 18:12 . 2010-09-10 18:12        --------        d-----w-        c:\users\***\AppData\Roaming\GameHouse
2010-09-10 18:12 . 2010-09-10 18:12        --------        d-----w-        c:\programdata\GameHouse
2010-09-08 18:01 . 2010-09-08 18:01        --------        d-----w-        c:\users\***\AppData\Roaming\Big Fish Games
2010-08-28 18:53 . 2010-08-29 17:12        --------        d-----w-        c:\users\***\AppData\Local\Windows

.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-18 18:50 . 2009-01-01 18:03        --------        d-----w-        c:\program files\McAfee
2010-09-17 11:44 . 2010-07-15 11:04        --------        d-----w-        c:\program files\trend micro
2010-09-17 11:40 . 2010-08-03 13:25        --------        d-----w-        c:\program files\RealArcade
2010-09-17 11:37 . 2007-08-22 11:32        --------        d-----w-        c:\programdata\Microsoft Help
2010-09-17 11:31 . 2006-11-02 11:18        --------        d-----w-        c:\program files\Windows Mail
2010-09-17 11:23 . 2010-07-15 10:39        --------        d-----w-        c:\program files\CCleaner
2010-09-16 19:00 . 2010-04-20 15:20        --------        d-----w-        c:\users\***\AppData\Roaming\64AF16D2F09658DD376D9252C6DA496E
2010-09-11 15:46 . 2008-04-27 17:16        --------        d-----w-        c:\programdata\MumboJumbo
2010-09-10 19:14 . 2010-08-03 21:22        --------        d-----w-        c:\users\***\AppData\Roaming\PlayFirst
2010-09-10 19:14 . 2010-08-03 21:22        --------        d-----w-        c:\programdata\PlayFirst
2010-09-01 20:43 . 2007-08-22 20:49        628742        ----a-w-        c:\windows\system32\perfh007.dat
2010-09-01 20:43 . 2007-08-22 20:49        126260        ----a-w-        c:\windows\system32\perfc007.dat
2010-08-28 08:25 . 2010-06-25 06:34        --------        d-----w-        c:\users\***\AppData\Roaming\LimeWire
2010-08-17 19:43 . 2008-03-25 15:05        --------        d-----w-        c:\program files\Google
2010-08-11 16:31 . 2010-08-11 16:31        0        ----a-w-        c:\users\***\AppData\Roaming\wklnhst.dat
2010-08-11 15:48 . 2008-08-28 08:10        7592        ----a-w-        c:\users\***\AppData\Local\d3d9caps.dat
2010-08-10 11:41 . 2010-07-15 09:55        --------        d-----w-        c:\program files\Malwarebytes' Anti-Malware
2010-08-10 04:40 . 2008-06-13 06:43        16384        ----a-w-        c:\windows\system32\drivers\nsiproxy.sys
2010-08-07 11:47 . 2010-08-07 11:47        0        ---ha-w-        c:\windows\system32\drivers\Msft_Kernel_NuidFltr_01005.Wdf
2010-08-05 16:46 . 2010-08-05 16:46        --------        d-----w-        c:\programdata\MythPeople
2010-08-05 16:13 . 2010-08-05 16:13        --------        d-----w-        c:\users\***\AppData\Roaming\ViquaSoft
2010-08-05 14:40 . 2010-08-05 14:40        --------        d-----w-        c:\users\***\AppData\Roaming\Gamelab
2010-08-04 09:59 . 2010-08-04 09:59        4096        ----a-w-        c:\windows\d3dx.dat
2010-08-04 09:59 . 2010-08-04 09:59        --------        d-----w-        c:\users\***\AppData\Roaming\GamesCafe
2010-08-02 23:55 . 2010-08-02 22:55        --------        d-----w-        c:\programdata\Fashion Solitaire 1.2
2010-08-02 22:55 . 2010-08-02 22:55        --------        d-----w-        c:\programdata\Trymedia
2010-08-02 09:11 . 2010-08-02 09:10        --------        d-----w-        c:\programdata\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-08-02 09:11 . 2010-08-02 09:10        --------        d-----w-        c:\program files\iTunes
2010-08-02 09:10 . 2010-08-02 09:10        --------        d-----w-        c:\program files\iPod
2010-08-02 09:10 . 2008-03-31 09:00        --------        d-----w-        c:\program files\Common Files\Apple
2010-08-02 09:08 . 2010-08-02 09:07        --------        d-----w-        c:\program files\QuickTime
2010-08-02 08:58 . 2010-08-02 08:58        --------        d-----w-        c:\program files\Bonjour
2010-08-02 08:52 . 2010-08-02 08:52        73000        ----a-w-        c:\programdata\Apple Computer\Installer Cache\iTunes 9.2.1.5\SetupAdmin.exe
2010-08-02 08:26 . 2010-08-02 08:26        0        ---ha-w-        c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
2010-07-22 22:05 . 2010-06-25 06:33        --------        d-----w-        c:\program files\Ask.com
2010-07-15 11:12 . 2010-07-15 11:12        2728840        ----a-w-        c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\ggahrqh4.default\extensions\toolbar@ask.com\chrome\temp\askToolbar.exe
2010-06-26 06:05 . 2010-08-10 18:58        916480        ----a-w-        c:\windows\system32\wininet.dll
2010-06-26 06:02 . 2010-08-10 18:58        71680        ----a-w-        c:\windows\system32\iesetup.dll
2010-06-26 06:02 . 2010-08-10 18:58        109056        ----a-w-        c:\windows\system32\iesysprep.dll
2010-06-26 04:25 . 2010-08-10 18:58        133632        ----a-w-        c:\windows\system32\ieUnatt.exe
2010-06-24 06:59 . 2010-06-24 06:59        501936        ----a-w-        c:\programdata\Google\Google Toolbar\Update\gtb864D.tmp.exe
2010-06-23 14:51 . 2010-06-23 14:51        501936        ----a-w-        c:\programdata\Google\Google Toolbar\Update\gtbFBAE.tmp.exe
2010-06-21 13:37 . 2010-08-10 18:57        2037760        ----a-w-        c:\windows\system32\win32k.sys
2009-04-03 19:53 . 2008-04-11 16:48        67688        ----a-w-        c:\program files\mozilla firefox\components\jar50.dll
2009-04-03 19:53 . 2008-04-11 16:48        54368        ----a-w-        c:\program files\mozilla firefox\components\jsd3250.dll
2009-04-03 19:53 . 2008-04-29 18:24        34944        ----a-w-        c:\program files\mozilla firefox\components\myspell.dll
2009-04-03 19:53 . 2008-04-29 18:24        46712        ----a-w-        c:\program files\mozilla firefox\components\spellchk.dll
2009-04-03 19:53 . 2008-04-11 16:48        172136        ----a-w-        c:\program files\mozilla firefox\components\xpinstal.dll
.

((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-06-10 1233288]

[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0C37B053-FD68-456a-82E1-D788EE342E6F}]
2009-05-07 21:46        2642432        ----a-w-        c:\program files\Family Toolbar\tbcore3.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2010-06-10 15:28        1233288        ----a-w-        c:\program files\Ask.com\GenericAskToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{FD2FD708-1F6F-4B68-B141-C5778F0C19BB}"= "c:\program files\Family Toolbar\tbcore3.dll" [2009-05-07 2642432]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-06-10 1233288]

[HKEY_CLASSES_ROOT\clsid\{fd2fd708-1f6f-4b68-b141-c5778f0c19bb}]
[HKEY_CLASSES_ROOT\MHToolbar.MHToolbar.3]
[HKEY_CLASSES_ROOT\TypeLib\{EC4085F2-8DB3-45a6-AD0B-CA289F3C5D7E}]
[HKEY_CLASSES_ROOT\MHToolbar.MHToolbar]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{FD2FD708-1F6F-4B68-B141-C5778F0C19BB}"= "c:\program files\Family Toolbar\tbcore3.dll" [2009-05-07 2642432]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-06-10 1233288]

[HKEY_CLASSES_ROOT\clsid\{fd2fd708-1f6f-4b68-b141-c5778f0c19bb}]
[HKEY_CLASSES_ROOT\MHToolbar.MHToolbar.3]
[HKEY_CLASSES_ROOT\TypeLib\{EC4085F2-8DB3-45a6-AD0B-CA289F3C5D7E}]
[HKEY_CLASSES_ROOT\MHToolbar.MHToolbar]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-10 1233920]
"Acer Tour Reminder"="c:\acer\AcerTour\Reminder.exe" [2007-05-22 151552]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-01-26 39408]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"Skype"="c:\program files\Skype\\Phone\Skype.exe" [2010-05-13 26192168]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-03-21 174872]
"RtHDVCpl"="RtHDVCpl.exe" [2007-04-23 4435968]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"PlayMovie"="c:\program files\Acer Arcade Deluxe\Play Movie\PMVService.exe" [2007-05-24 206952]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-05-09 865840]
"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2007-04-25 457216]
"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2007-07-04 834056]
"eAudio"="c:\acer\Empowering Technology\eAudio\eAudio.exe" [2007-06-11 1286144]
"WarReg_PopUp"="c:\acer\WR_PopUp\WarReg_PopUp.exe" [2006-11-05 57344]
"MBBalloon"="c:\program files\HOTALBUMMyBOX\MBBalloon.exe" [2006-12-15 787096]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"Skytel"="Skytel.exe" [2007-04-13 1822720]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-04-29 1090952]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-18 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-07-21 141608]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Acer VCM.lnk - c:\program files\Acer\Acer VCM\AcerVCM.exe [2008-3-25 1208320]
Empowering Technology Launcher.lnk - c:\acer\Empowering Technology\eAPLauncher.exe [2007-8-22 535336]
MediaChecker.lnk - c:\program files\HOTALBUMMyBOX\MediaChecker.exe [2006-12-15 913560]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-06-03 136176]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2007-02-08 179712]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S0 O2MDRDR;O2MDRDR;c:\windows\system32\DRIVERS\o2media.sys [2007-04-03 39680]
S0 O2SDRDR;O2SDRDR;c:\windows\system32\DRIVERS\o2sd.sys [2007-04-02 35712]
S0 PzWDM;PzWDM;c:\windows\system32\Drivers\PzWDM.sys [2008-04-02 15172]
S2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};c:\program files\Acer Arcade Deluxe\Play Movie\000.fcl [2006-11-02 13560]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation        REG_MULTI_SZ          FontCache
.
Inhalt des "geplante Tasks" Ordners

2008-04-19 c:\windows\Tasks\Auf Updates für Windows Live Toolbar prüfen.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 09:20]

2010-09-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-06-03 13:24]

2010-09-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-06-03 13:24]

2010-09-18 c:\windows\Tasks\User_Feed_Synchronization-{E299FDC3-4D0E-4351-9F0B-50F93C599DEF}.job
- c:\windows\system32\msfeedssync.exe [2010-08-10 04:24]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.gmx.net/
mStart Page = hxxp://search.myheritage.com
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://de.rd.yahoo.com/customize/ycomp/defaults/su/*hxxp://de.yahoo.com
IE: Add to Windows &Live Favorites - hxxp://favorites.live.com/quickadd.aspx
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
DPF: {6C7CAD20-85AA-475A-AC0D-303C4A9A69CE} - hxxp://webgames.d.tmsrv.com/c=235d04bef31d5067988cdadb8580da4e/aff=t_12em_wg/p/release/playfirst/wg_greatchocolate/greatchocolate/greatchocolatechaseweb.1.0.0.12.cab
DPF: {74E4A24D-5224-4F05-8A41-99445E0FC22B} - hxxp://www.gamehouse.com/games/gamehouse/ghplayer.cab
DPF: {7D492D61-303A-45C3-8A55-63449339943D} - hxxp://webgames.d.tmsrv.com/c=235d04bef31d5067988cdadb8580da4e/aff=t_12em_wg/p/release/playfirst/wg_nightshiftcode/nightshiftcode/NightShiftCodeWeb.1.0.0.5.cab
DPF: {BA162249-F2C5-4851-8ADC-FC58CB424243} - hxxp://static.pe.studivz.net/photouploader/ImageUploader5.cab?nocache=1206466590
DPF: {C0C0CB9B-BFEB-47C2-90FA-BE9692875ADB} - hxxp://webgames.d.tmsrv.com/c=235d04bef31d5067988cdadb8580da4e/aff=t_12em_wg/p/release/playfirst/wg_petshophop/petshophop/petshophopweb.1.0.0.16.cab
FF - ProfilePath - c:\users\Ines Schwarz\AppData\Roaming\Mozilla\Firefox\Profiles\ggahrqh4.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: browser.startup.homepage - hxxp://search.myheritage.com/
FF - prefs.js: keyword.URL - hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=LMW2&o=16062&locale=de_US&q=
FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll
FF - component: c:\users\Ines Schwarz\AppData\Roaming\Mozilla\Firefox\Profiles\ggahrqh4.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX Richtlinien ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.allow_platform_file_picker", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.cookie.p3plevel",            1); // 0=low, 1=medium, 2=high, 3=custom
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.enablePad",                  false); // Allow client to do proxy autodiscovery
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.default", "chrome://branding/content/searchconfig.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.custom",  "chrome://branding/content/searchconfig.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("signon.prefillForms",                true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.enabled", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.remoteLookups", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.provider.0.updateURL", "hxxp://sb.google.com/safebrowsing/update?client={moz:client}&appver={moz:version}&");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.provider.0.lookupURL", "hxxp://sb.google.com/safebrowsing/lookup?sourceid=firefox-antiphish&features=TrustRank&client={moz:client}&appver={moz:version}&");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.provider.0.reportURL", "hxxp://sb.google.com/safebrowsing/report?");
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -

HKLM-Run-Acer Tour - (no file)
HKLM-Run-eRecoveryService - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2010-09-18 21:11
Windows 6.0.6002 Service Pack 2 NTFS

Scanne versteckte Prozesse...

Scanne versteckte Autostarteinträge...

Scanne versteckte Dateien...

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}]
"ImagePath"="\??\c:\program files\Acer Arcade Deluxe\Play Movie\000.fcl"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
Zeit der Fertigstellung: 2010-09-18  21:15:04
ComboFix-quarantined-files.txt  2010-09-18 19:15

Vor Suchlauf: 18 Verzeichnis(se), 20.568.117.248 Bytes frei
Nach Suchlauf: 23 Verzeichnis(se), 19.770.220.544 Bytes frei

- - End Of File - - 5AA12C57CA8CAFABECB4EB9824259556
--- --- ---

cosinus 19.09.2010 17:17
Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus

Anschließend den bootkit_remover herunterladen. Entpacke das Tool in einen eigenen Ordner auf dem Desktop und führe in diesem Ordner die Datei remove.exe aus.

Wenn Du Windows Vista oder Windows 7 verwendest, musst Du die remover.exe über ein Rechtsklick => als Administrator ausführen

Ein schwarzes Fenster wird sich öffnen und automatisch nach bösartigen Veränderungen im MBR suchen.
Poste dann bitte, ob es Veränderungen gibt und wenn ja in welchem device. Am besten alles posten was die remover.exe ausgibt.

ines000 20.09.2010 14:10
so.

gmer ausgeführt:


GMER Logfile:
Code:
GMER 1.0.15.15281 - hxxp://www.gmer.net
Rootkit scan 2010-09-20 14:20:52
Windows 6.0.6002 Service Pack 2
Running: hi22oic1.exe; Driver: C:\Users\***~1\AppData\Local\Temp\aglyiuoc.sys


---- System - GMER 1.0.15 ----

Code            \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)        ZwCreateFile [0x9D5114FB]
Code            \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)        ZwCreateProcess [0x9D511525]
Code            \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)        ZwProtectVirtualMemory [0x9D51150F]
Code            \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)        ZwTerminateProcess [0x9D5114E7]
Code            \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)        NtCreateFile

---- Kernel code sections - GMER 1.0.15 ----

PAGE            ntkrnlpa.exe!ZwTerminateProcess                                                                      82434DA3 5 Bytes  JMP 9D5114EB \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE            ntkrnlpa.exe!ZwProtectVirtualMemory                                                                  8245DF3D 7 Bytes  JMP 9D511513 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE            ntkrnlpa.exe!NtCreateFile                                                                            82485E5B 5 Bytes  JMP 9D5114FF \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE            ntkrnlpa.exe!ZwCreateProcess                                                                        824D58BF 5 Bytes  JMP 9D511529 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
init            C:\Windows\system32\Drivers\PzWDM.sys                                                                entry point in "init" section [0x82D7730E]

---- User IAT/EAT - GMER 1.0.15 ----

IAT            C:\Windows\Explorer.EXE[2204] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown]                [742B7817] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[2204] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage]                [7430A86D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[2204] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI]            [742BBB22] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[2204] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode]      [742AF695] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[2204] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup]                [742B75E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[2204] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC]              [742AE7CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[2204] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM]  [742E8395] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[2204] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream]    [742BDA60] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[2204] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight]            [742AFFFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[2204] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth]              [742AFF61] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[2204] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage]              [742A71CF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[2204] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM]      [7433CAE2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[2204] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile]          [742DC8D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[2204] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics]            [742AD968] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[2204] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree]                      [742A6853] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[2204] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc]                      [742A687E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[2204] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode]        [742B2AD1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice  \FileSystem\Ntfs \Ntfs                                                                              mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
AttachedDevice  \Driver\kbdclass \Device\KeyboardClass0                                                              Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice  \Driver\kbdclass \Device\KeyboardClass1                                                              Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice  \FileSystem\fastfat \Fat                                                                            fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation)
AttachedDevice  \FileSystem\fastfat \Fat                                                                            mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)

---- EOF - GMER 1.0.15 ----
--- --- ---







OSAM kann ich nicht auführen, weil mein McAfee mir andauernd die viruswarnung gibt und ich nicht weiß wie man den zugriffsscanner bei McAfee ausschalten kann. er lasst mich nicht entpacken, habs mir verschiedenen entpackprogramme versucht.


bootkit ausgeführt. log im anhang. ich hoff es is das richtige.

lg, ines

cosinus 20.09.2010 17:22
Zitat:
OSAM kann ich nicht auführen, weil mein McAfee mir andauernd die viruswarnung gibt und ich nicht weiß wie man den zugriffsscanner bei McAfee ausschalten kann. er lasst mich nicht entpacken, habs mir verschiedenen entpackprogramme versucht.
McAfee müsste ein Symbol im Systemtray (bei der Uhr rechts unten) haben. Rechtklick, Zugriffscanner deaktivieren (so oder sinngemäß)

ines000 20.09.2010 18:31
das hab ich eh probiert, hat nicht funktioniert weils grau/inaktiv ist.

hab mal kurz mcafee gelöscht...


das log von OSAM:

OSAM Logfile:
Code:
Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 19:26:26 on 20.09.2010

OS: Windows Vista Home Premium Edition Service Pack 2 (Build 6002), 32-bit
Default Browser: Unable to get information

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Common]
-----( %SystemRoot%\Tasks )-----
"Auf Updates für Windows Live Toolbar prüfen.job" - "Microsoft Corporation" - C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
"GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe

[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"BDEADMIN.CPL" - ? - C:\Windows\system32\BDEADMIN.CPL
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"mlcfg32.cpl" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\MLCFG32.CPL
"QuickTime" - "Apple Inc." - C:\Program Files\QuickTime\QTSystem\QuickTime.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"catchme" (catchme) - ? - C:\Users\INESSC~1\AppData\Local\Temp\catchme.sys  (File not found)
"IEEE-1284.4 Driver HPZid412" (HPZid412) - "HP" - C:\Windows\System32\DRIVERS\HPZid412.sys
"int15" (int15) - ? - C:\Windows\system32\drivers\int15.sys  (File found, but it contains no detailed information)
"IP in IP Tunnel Driver" (IpInIp) - ? - C:\Windows\System32\DRIVERS\ipinip.sys  (File not found)
"IPX Traffic Filter Driver" (NwlnkFlt) - ? - C:\Windows\System32\DRIVERS\nwlnkflt.sys  (File not found)
"IPX Traffic Forwarder Driver" (NwlnkFwd) - ? - C:\Windows\System32\DRIVERS\nwlnkfwd.sys  (File not found)
"McAfee Inc." (mfeapfk) - "McAfee, Inc." - C:\Windows\System32\drivers\mfeapfk.sys
"McAfee Inc." (mfeavfk) - "McAfee, Inc." - C:\Windows\System32\drivers\mfeavfk.sys
"McAfee Inc." (mfebopk) - "McAfee, Inc." - C:\Windows\System32\drivers\mfebopk.sys
"McAfee Inc." (mfehidk) - "McAfee, Inc." - C:\Windows\System32\drivers\mfehidk.sys
"McAfee Inc." (mfetdik) - "McAfee, Inc." - C:\Windows\System32\drivers\mfetdik.sys
"Print Class Driver for IEEE-1284.4 HPZipr12" (HPZipr12) - "HP" - C:\Windows\System32\DRIVERS\HPZipr12.sys
"PSDFilter" (PSDFilter) - "HiTRUST" - C:\Windows\System32\DRIVERS\psdfilter.sys
"PSDNSERVER" (PSDNServ) - "HiTRUST" - C:\Windows\System32\drivers\PSDNServ.sys
"psdvdisk" (psdvdisk) - "HiTRUST" - C:\Windows\System32\drivers\psdvdisk.sys
"PzWDM" (PzWDM) - "Prassi Technology" - C:\Windows\System32\Drivers\PzWDM.sys
"ssmdrv" (ssmdrv) - "AVIRA GmbH" - C:\Windows\System32\DRIVERS\ssmdrv.sys
"Upper Class Filter Driver" (NTIDrvr) - "NewTech Infosystems, Inc." - C:\Windows\System32\DRIVERS\NTIDrvr.sys
"USB to IEEE-1284.4 Translation Driver HPZius12" (HPZius12) - "HP" - C:\Windows\System32\DRIVERS\HPZius12.sys
"VSCore mferkdk" (mferkdk) - "McAfee, Inc." - C:\Program Files\McAfee\VirusScan Enterprise\mferkdk.sys
"{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}" ({49DE1C67-83F8-4102-99E0-C16DCC7EEC796}) - "Cyberlink Corp." - C:\Program Files\Acer Arcade Deluxe\Play Movie\000.fcl

[Explorer]
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
-----( HKLM\Software\Classes\Protocols\Filter )-----
{807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
-----( HKLM\Software\Classes\Protocols\Handler )-----
{314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
{88FED34C-F0CA-4636-A375-3CB6248B04CD} "Local Groove Web Services Protocol" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
{0A9007C0-4076-11D3-8789-0000F8105754} "Microsoft Infotech Storage Protocol for IE 4.0" - "Microsoft Corporation" - c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll
{91774881-D725-4E58-B298-07617B9B86A8} "Skype IE add-on Pluggable Protocol" - "Skype Technologies S.A." - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )-----
{B5A7F190-DDA6-4420-B3BA-52453494E6CD} "Groove GFS Stub Execution Hook" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{AEB6717E-7E19-11d0-97EE-00C04FD91972} "{AEB6717E-7E19-11d0-97EE-00C04FD91972}" - ? -  (File not found | COM-object registry key not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{911051fa-c21c-4246-b470-070cd8df6dc4} ".cab or .zip files" - ? -  (File not found | COM-object registry key not found)
{1b24a030-9b20-49bc-97ac-1be4426f9e59} "ActiveDirectory Folder" - ? -  (File not found | COM-object registry key not found)
{34449847-FD14-4fc8-A75A-7432F5181EFB} "ActiveDirectory Folder" - ? -  (File not found | COM-object registry key not found)
{0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48} "Contacts folder" - ? -  (File not found | COM-object registry key not found)
{2b45bd21-71f8-4c8c-a87a-7eeb25a1a3e0} "EPM-PO Shell Extensions" - ? - epm-po.dll  (File not found)
{2C2577C2-63A7-40e3-9B7F-586602617ECB} "Explorer Query Band" - ? -  (File not found | COM-object registry key not found)
{99FD978C-D287-4F50-827F-B2C658EDA8E7} "Groove Explorer Icon Overlay 1 (GFS Unread Stub)" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} "Groove Explorer Icon Overlay 2 (GFS Stub)" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{920E6DB1-9907-4370-B3A0-BAFC03D81399} "Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{16F3DD56-1AF5-4347-846D-7C10C4192619} "Groove Explorer Icon Overlay 3 (GFS Folder)" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{2916C86E-86A6-43FE-8112-43ABE6BF8DCC} "Groove Explorer Icon Overlay 4 (GFS Unread Mark)" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{2A541AE1-5BF6-4665-A8A3-CFA9672E4291} "Groove Folder Synchronization" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{72853161-30C5-4D22-B7F9-0BBC1D38A37E} "Groove GFS Browser Helper" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{6C467336-8281-4E60-8204-430CED96822D} "Groove GFS Context Menu Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{B5A7F190-DDA6-4420-B3BA-52453494E6CD} "Groove GFS Stub Execution Hook" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{A449600E-1DC6-4232-B948-9BD794D62056} "Groove GFS Stub Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{387E725D-DC16-4D76-B310-2C93ED4752A0} "Groove XML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} "IE User Assist" - ? -  (File not found | COM-object registry key not found)
{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} "iTunes" - "Apple Inc." - C:\Program Files\iTunes\iTunesMiniPlayer.dll
{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\msohevi.dll
{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C} "Microsoft Office OneNote Namespace Extension for Windows Desktop Search" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\ONFILTER.DLL
{00020d75-0000-0000-c000-000000000046} "Microsoft Office Outlook" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\MLSHEXT.DLL
{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{0006F045-0000-0000-C000-000000000046} "Outlook File Icon Extension" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\OLKFSTUB.DLL
{C8494E42-ACDD-4739-B0FB-217361E4894F} "Sam Account Folder" - ? -  (File not found | COM-object registry key not found)
{E29F9716-5C08-4FCD-955A-119FDB5A522D} "Sam Account Folder" - ? -  (File not found | COM-object registry key not found)
{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - ? -  (File not found | COM-object registry key not found)
{5E2121EE-0300-11D4-8D3B-444553540000} "SimpleShlExt Class" - ? - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\atiacmxx.dll
{da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" - ? -  (File not found | COM-object registry key not found)
{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - "Alexander Roshal" - C:\Program Files\WinRAR\rarext.dll

[Internet Explorer]
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
<binary data> "Family Toolbar" - ? - C:\Program Files\Family Toolbar\tbcore3.dll
<binary data> "Google Toolbar" - "Google Inc." - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
ITBar7Height "ITBar7Height" - ? -  (File not found | COM-object registry key not found)
<binary data> "ITBar7Layout" - ? -  (File not found | COM-object registry key not found)
<binary data> "ITBarLayout" - ? -  (File not found | COM-object registry key not found)
<binary data> "LimeWire Toolbar" - "Ask.com" - C:\Program Files\Ask.com\GenericAskToolbar.dll
<binary data> "Windows Live Toolbar" - "Microsoft Corporation" - C:\Program Files\Windows Live Toolbar\msntb.dll
-----( HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks )-----
{00000000-6E41-4FD3-8538-502F5495E5FC} "UrlSearchHook Class" - "Ask.com" - C:\Program Files\Ask.com\GenericAskToolbar.dll
{EF99BD32-C1FB-11D2-892F-0090271D4F88} "Yahoo! Toolbar mit Pop-Up-Blocker" - ? -  (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{6C7CAD20-85AA-475A-AC0D-303C4A9A69CE} "CPlayFirstGreatChocoControl Object" - "PlayFirst, Inc." - C:\Windows\Downloaded Program Files\GreatChocolateChaseWeb.1.0.0.12.dll / hxxp://webgames.d.tmsrv.com/c=235d04bef31d5067988cdadb8580da4e/aff=t_12em_wg/p/release/playfirst/wg_greatchocolate/greatchocolate/greatchocolatechaseweb.1.0.0.12.cab
{7D492D61-303A-45C3-8A55-63449339943D} "CPlayFirstNightShiftControl Object" - "PlayFirst, Inc." - C:\Windows\Downloaded Program Files\NightShiftCodeWeb.1.0.0.5.dll / hxxp://webgames.d.tmsrv.com/c=235d04bef31d5067988cdadb8580da4e/aff=t_12em_wg/p/release/playfirst/wg_nightshiftcode/nightshiftcode/NightShiftCodeWeb.1.0.0.5.cab
{C0C0CB9B-BFEB-47C2-90FA-BE9692875ADB} "CPlayFirstPetShopHopControl Object" - "PlayFirst, Inc." - C:\Windows\Downloaded Program Files\PetShopHopWeb.1.0.0.16.dll / hxxp://webgames.d.tmsrv.com/c=235d04bef31d5067988cdadb8580da4e/aff=t_12em_wg/p/release/playfirst/wg_petshophop/petshophop/petshophopweb.1.0.0.16.cab
{67DABFBF-D0AB-41FA-9C46-CC0F21721616} "DivXBrowserPlugin Object" - "DivX,Inc." - C:\Program Files\DivX\DivX Web Player\npdivx32.dll / hxxp://download.divx.com/player/DivXBrowserPlugin.cab
{74E4A24D-5224-4F05-8A41-99445E0FC22B} "GameHouse Games Player" - "GameHouse" - C:\Windows\Downloaded Program Files\ghgamesplayer.dll / hxxp://www.gamehouse.com/games/gamehouse/ghplayer.cab
{5D637FAD-E202-48D1-8F18-5B9C459BD1E3} "Image Uploader Control" - "Aurigma, Inc." - C:\Windows\Downloaded Program Files\CONFLICT.1\ImageUploader5.ocx / hxxp://static.pe.studivz.net/photouploader/ImageUploader5.cab?nocache=1227976949
{BA162249-F2C5-4851-8ADC-FC58CB424243} "Image Uploader Control" - "Aurigma, Inc." - C:\Windows\Downloaded Program Files\ImageUploader5.ocx / hxxp://static.pe.studivz.net/photouploader/ImageUploader5.cab?nocache=1206466590
{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} "Java Plug-in 1.6.0_05" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} "Java Plug-in 1.6.0_07" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_11" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} "Java Plug-in 1.6.0_11" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_11" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_11.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
{2019DC25-D1C0-11D6-97B3-0008A124F542} "StreamPlug Class" - "Cedelia Corporation" - C:\Windows\DOWNLO~1\STREAM~1.DLL / hxxp://www.streamplug.com/StreamPlug/beta/SP.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
{48E73304-E1D6-4330-914C-F5F514E3486C} "An OneNote senden" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
{FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
{898EA8C8-E7FF-479B-8935-AEC46303B9E5} "Skype add-on for Internet Explorer" - "Skype Technologies S.A." - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )-----
<binary data> "Acer eDataSecurity Management" - "HiTRUST" - C:\Windows\system32\eDStoolbar.dll
<binary data> "Family Toolbar" - ? - C:\Program Files\Family Toolbar\tbcore3.dll
<binary data> "Google Toolbar" - "Google Inc." - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
<binary data> "LimeWire Toolbar" - "Ask.com" - C:\Program Files\Ask.com\GenericAskToolbar.dll
<binary data> "Windows Live Toolbar" - "Microsoft Corporation" - C:\Program Files\Windows Live Toolbar\msntb.dll
<binary data> "Yahoo! Toolbar mit Pop-Up-Blocker" - ? -  (File not found | COM-object registry key not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} "Adobe PDF Reader Link Helper" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
{AA58ED58-01DD-4d91-8333-CF10577473F7} "Google Toolbar Helper" - "Google Inc." - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} "Google Toolbar Notifier BHO" - "Google Inc." - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll
{72853161-30C5-4D22-B7F9-0BBC1D38A37E} "Groove GFS Browser Helper" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} "Java(tm) Plug-In SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\ssv.dll
{D4027C7F-154A-4066-A1AD-4243D8127440} "LimeWire Toolbar" - "Ask.com" - C:\Program Files\Ask.com\GenericAskToolbar.dll
{0C37B053-FD68-456a-82E1-D788EE342E6F} "MHTBPos00 Class" - ? - C:\Program Files\Family Toolbar\tbcore3.dll
{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} "Skype add-on for Internet Explorer" - "Skype Technologies S.A." - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} "Windows Live Toolbar Helper" - "Microsoft Corporation" - C:\Program Files\Windows Live Toolbar\msntb.dll
{02478D38-C3F9-4EFB-9B51-7695ECA05670} "{02478D38-C3F9-4EFB-9B51-7695ECA05670}" - ? -  (File not found | COM-object registry key not found)

[Logon]
-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"Acer VCM.lnk" - "Acer" - C:\Program Files\Acer\Acer VCM\AcerVCM.exe  (Shortcut exists | File exists)
"desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
"Empowering Technology Launcher.lnk" - "Acer Inc." - C:\Acer\Empowering Technology\eAPLauncher.exe  (Shortcut exists | File exists)
"MediaChecker.lnk" - "PLANNING Co., Ltd" - C:\Program Files\HOTALBUMMyBOX\MediaChecker.exe  (Shortcut exists | File exists)
-----( %SystemDrive%\_OTL\MovedFiles\09182010_122442\C_Users\Public\Documents\Windows )-----
"desktop.ini" - ? - C:\_OTL\MovedFiles\09182010_122442\C_Users\Public\Documents\Windows\desktop.ini
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----
"Acer Tour Reminder" - "Acer Inc." - C:\Acer\AcerTour\Reminder.exe
"Skype" - "Skype Technologies S.A." - "C:\Program Files\Skype\\Phone\Skype.exe" /nosplash /minimized
"swg" - "Google Inc." - "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
-----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )-----
"StartupPrograms" - ? - rdpclip  (File not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"Adobe Reader Speed Launcher" - "Adobe Systems Incorporated" - "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"eAudio" - "CyberLink" - "C:\Acer\Empowering Technology\eAudio\eAudio.exe"
"eDataSecurity Loader" - "HiTRUST" - C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
"GrooveMonitor" - "Microsoft Corporation" - "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
"IAAnotif" - "Intel Corporation" - "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
"iTunesHelper" - "Apple Inc." - "C:\Program Files\iTunes\iTunesHelper.exe"
"LManager" - "Dritek System Inc." - C:\PROGRA~1\LAUNCH~1\LManager.exe
"Malwarebytes Anti-Malware (reboot)" - "Malwarebytes Corporation" - "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
"MBBalloon" - "PLANNING Co., Ltd." - C:\Program Files\HOTALBUMMyBOX\MBBalloon.exe
"PlayMovie" - "CyberLink Corp." - "C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe"
"QuickTime Task" - "Apple Inc." - "C:\Program Files\QuickTime\QTTask.exe" -atboottime
"ShStatEXE" - "McAfee, Inc." - "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
"StartCCC" - ? - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe  (File found, but it contains no detailed information)
"WarReg_PopUp" - "Acer Inc." - C:\Acer\WR_PopUp\WarReg_PopUp.exe

[Print Monitors]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----
"PCL hpz3l054" - "Hewlett-Packard Company" - C:\Windows\system32\hpz3l054.dll
"Send To Microsoft OneNote Monitor" - "Microsoft Corporation" - C:\Windows\system32\msonpmon.dll

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"@C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100" (WPFFontCache_v0400) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
"Apple Mobile Device" (Apple Mobile Device) - "Apple Inc." - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
"Cyberlink RichVideo Service(CRVS)" (RichVideo) - ? - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
"Dienst "Bonjour"" (Bonjour Service) - "Apple Inc." - C:\Program Files\Bonjour\mDNSResponder.exe
"eDSService.exe" (eDataSecurity Service) - "HiTRSUT" - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
"eLock Service" (eLockService) - "Acer Inc." - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
"eNet Service" (eNet Service) - "Acer Inc." - C:\Acer\Empowering Technology\eNet\eNet Service.exe
"ePower Service" (WMIService) - "acer" - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
"eRecovery Service" (eRecoveryService) - "Acer Inc." - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
"eSettings Service" (eSettingsService) - ? - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
"Google Software Updater" (gusvc) - "Google" - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
"Google Update Service (gupdate)" (gupdate) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"Intel(R) Matrix Storage Event Monitor" (IAANTMON) - "Intel Corporation" - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
"iPod-Dienst" (iPod Service) - "Apple Inc." - C:\Program Files\iPod\bin\iPodService.exe
"LightScribeService Direct Disc Labeling Service" (LightScribeService) - "Hewlett-Packard Company" - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
"McAfee McShield" (McShield) - "McAfee, Inc." - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
"McAfee Task Manager" (McTaskManager) - "McAfee, Inc." - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
"Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
"Microsoft Office Diagnostics Service" (odserv) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
"Microsoft Office Groove Audit Service" (Microsoft Office Groove Audit Service) - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
"MobilityService" (MobilityService) - ? - C:\Acer\Mobility Center\MobilityService.exe  (File found, but it contains no detailed information)
"O2Micro Flash Memory Card Service" (o2flash) - "O2Micro International" - C:\Program Files\O2Micro Oz128 Driver\o2flash.exe
"Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
"Symantec Lic NetConnect service" (CLTNetCnService) - ? - "c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon  (File not found)

[Winsock Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )-----
"mdnsNSP" - "Apple Inc." - C:\Program Files\Bonjour\mdnsNSP.dll

===[ Logfile end ]=========================================[ Logfile end ]===
--- --- ---

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru

cosinus 20.09.2010 18:47
Downloade Dir bitte MBRCheck (by a_d_13) und speichere die Datei auf dem Desktop.
  • Doppelklick auf die MBRCheck.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Das Tool braucht nur eine Sekunde.
  • Danach solltest du eine MBRCheck_<Datum>_<Uhrzeit>.txt auf dem Desktop finden.
Poste mir bitte den Inhalt des .txt Dokumentes

ines000 20.09.2010 18:56
Bitteschön:

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows Vista Home Premium Edition
Windows Information: Service Pack 2 (build 6002), 32-bit
Base Board Manufacturer: Acer
BIOS Manufacturer: Phoenix Technologies LTD
System Manufacturer: Acer
System Product Name: Aspire 4920
Logical Drives Mask: 0x0000001c

Kernel Drivers (total 158):
0x8220E000 \SystemRoot\system32\ntkrnlpa.exe
0x825C7000 \SystemRoot\system32\hal.dll
0x80409000 \SystemRoot\system32\kdcom.dll
0x80410000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x80480000 \SystemRoot\system32\PSHED.dll
0x80491000 \SystemRoot\system32\BOOTVID.dll
0x80499000 \SystemRoot\system32\CLFS.SYS
0x804DA000 \SystemRoot\system32\CI.dll
0x80602000 \SystemRoot\system32\drivers\Wdf01000.sys
0x8067E000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x8068B000 \SystemRoot\system32\drivers\acpi.sys
0x806D1000 \SystemRoot\system32\drivers\WMILIB.SYS
0x806DA000 \SystemRoot\system32\drivers\msisadrv.sys
0x806E2000 \SystemRoot\system32\drivers\pci.sys
0x80709000 \SystemRoot\System32\drivers\partmgr.sys
0x80718000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x8071B000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x80725000 \SystemRoot\system32\drivers\volmgr.sys
0x80734000 \SystemRoot\System32\drivers\volmgrx.sys
0x8077E000 \SystemRoot\system32\drivers\intelide.sys
0x80785000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x80793000 \SystemRoot\System32\drivers\mountmgr.sys
0x82C0C000 \SystemRoot\system32\DRIVERS\iaStor.sys
0x82CD3000 \SystemRoot\system32\drivers\atapi.sys
0x82CDB000 \SystemRoot\system32\drivers\ataport.SYS
0x82CF9000 \SystemRoot\system32\DRIVERS\o2media.sys
0x82D03000 \SystemRoot\system32\DRIVERS\SCSIPORT.SYS
0x82D29000 \SystemRoot\system32\DRIVERS\o2sd.sys
0x82D32000 \SystemRoot\system32\drivers\fltmgr.sys
0x82D64000 \SystemRoot\system32\drivers\fileinfo.sys
0x82D74000 \SystemRoot\system32\DRIVERS\psdfilter.sys
0x82D7D000 \SystemRoot\system32\Drivers\PzWDM.sys
0x82D80000 \SystemRoot\System32\Drivers\ksecdd.sys
0x82E08000 \SystemRoot\system32\drivers\ndis.sys
0x82F13000 \SystemRoot\system32\drivers\msrpc.sys
0x82F3E000 \SystemRoot\system32\drivers\NETIO.SYS
0x88206000 \SystemRoot\System32\drivers\tcpip.sys
0x882F0000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x8830B000 \SystemRoot\system32\drivers\mfetdik.sys
0x88317000 \SystemRoot\system32\drivers\TDI.SYS
0x8840F000 \SystemRoot\System32\Drivers\Ntfs.sys
0x8851F000 \SystemRoot\system32\drivers\volsnap.sys
0x88558000 \SystemRoot\System32\Drivers\spldr.sys
0x88560000 \SystemRoot\system32\drivers\psdvdisk.sys
0x88572000 \SystemRoot\system32\drivers\PSDNServ.sys
0x8857B000 \SystemRoot\System32\Drivers\mup.sys
0x8858A000 \SystemRoot\System32\drivers\ecache.sys
0x885B1000 \SystemRoot\system32\drivers\disk.sys
0x885C2000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x885E3000 \SystemRoot\system32\drivers\crcdisk.sys
0x88400000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x883E9000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x82F79000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x883F2000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x8C402000 \SystemRoot\system32\DRIVERS\atikmdag.sys
0x8CB2A000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x8CBCB000 \SystemRoot\System32\drivers\watchdog.sys
0x8CBD7000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x82F88000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x8CBE2000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x8CC0B000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x8CE0F000 \SystemRoot\system32\DRIVERS\NETw4v32.sys
0x8D038000 \SystemRoot\system32\DRIVERS\ohci1394.sys
0x8D048000 \SystemRoot\system32\DRIVERS\1394BUS.SYS
0x8D056000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x8D05A000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x8D06D000 \SystemRoot\system32\DRIVERS\DKbFltr.sys
0x8D077000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x8D082000 \SystemRoot\system32\DRIVERS\SynTP.sys
0x8D0AE000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x8D0B0000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x8D0BB000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x8D0D3000 \SystemRoot\system32\DRIVERS\NTIDrvr.sys
0x8D0D5000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0x8D0DB000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x8D10A000 \SystemRoot\system32\DRIVERS\storport.sys
0x8D14B000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x8D162000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x8D16D000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x8D190000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x8D19F000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x8D1B3000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x8D1C8000 \SystemRoot\system32\DRIVERS\termdd.sys
0x8D1D8000 \SystemRoot\system32\DRIVERS\swenum.sys
0x8CC98000 \SystemRoot\system32\DRIVERS\ks.sys
0x8D1DA000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x8D1E4000 \SystemRoot\system32\DRIVERS\umbus.sys
0x8CCC2000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x8CCF7000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x8D608000 \SystemRoot\system32\drivers\RTKVHDA.sys
0x8D7B7000 \SystemRoot\system32\drivers\portcls.sys
0x8CD08000 \SystemRoot\system32\drivers\drmk.sys
0x8D803000 \SystemRoot\system32\DRIVERS\AGRSM.sys
0x8D920000 \SystemRoot\system32\drivers\modem.sys
0x8D92D000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x8D936000 \SystemRoot\System32\Drivers\Null.SYS
0x8D93D000 \SystemRoot\System32\Drivers\Beep.SYS
0x8D944000 \SystemRoot\System32\drivers\vga.sys
0x8D950000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x8D971000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x8D979000 \SystemRoot\system32\drivers\rdpencdd.sys
0x8D981000 \SystemRoot\System32\Drivers\Msfs.SYS
0x8D98C000 \SystemRoot\System32\Drivers\Npfs.SYS
0x8D99A000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x8D9A3000 \SystemRoot\system32\DRIVERS\tdx.sys
0x8D9B9000 \SystemRoot\system32\DRIVERS\smb.sys
0x8D9CD000 \SystemRoot\System32\DRIVERS\netbt.sys
0x8CD2D000 \SystemRoot\system32\drivers\afd.sys
0x8D7E4000 \SystemRoot\system32\DRIVERS\pacer.sys
0x8D1F1000 \SystemRoot\system32\DRIVERS\netbios.sys
0x8CD75000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x8D7FA000 \SystemRoot\system32\DRIVERS\ssmdrv.sys
0x8CD88000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x8CE00000 \SystemRoot\system32\drivers\nsiproxy.sys
0x8D600000 \??\C:\Program Files\McAfee\VirusScan Enterprise\mferkdk.sys
0x8CDC4000 \SystemRoot\System32\Drivers\dfsc.sys
0x8CDDB000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x8EC0D000 \SystemRoot\System32\Drivers\BisonC07.sys
0x8ECFA000 \SystemRoot\System32\Drivers\STREAM.SYS
0x8ED07000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x8ED10000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x8ED20000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x8ED27000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x8ED2F000 \SystemRoot\system32\DRIVERS\cdfs.sys
0x8ED45000 \SystemRoot\System32\Drivers\crashdmp.sys
0x88322000 \SystemRoot\System32\Drivers\dump_iaStor.sys
0x958C0000 \SystemRoot\System32\win32k.sys
0x8ED52000 \SystemRoot\System32\drivers\Dxapi.sys
0x8ED5C000 \SystemRoot\system32\DRIVERS\monitor.sys
0x95AE0000 \SystemRoot\System32\TSDDD.dll
0x95B00000 \SystemRoot\System32\cdd.dll
0x8ED6B000 \SystemRoot\system32\drivers\luafv.sys
0x9AC09000 \SystemRoot\system32\drivers\spsys.sys
0x9ACB9000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x9ACC9000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x9ACF3000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x9ACFD000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x9AD10000 \SystemRoot\system32\drivers\HTTP.sys
0x9AD7D000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x9AD9A000 \SystemRoot\system32\DRIVERS\bowser.sys
0x9ADB3000 \SystemRoot\System32\drivers\mpsdrv.sys
0x9ADC8000 \SystemRoot\system32\drivers\mrxdav.sys
0x8ED8E000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x8EDAD000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x8EDE6000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x82FC6000 \SystemRoot\System32\DRIVERS\srv2.sys
0x807A3000 \SystemRoot\System32\DRIVERS\srv.sys
0x805D2000 \SystemRoot\System32\Drivers\fastfat.SYS
0x9ADE9000 \??\C:\Windows\system32\drivers\int15.sys
0xA2201000 \SystemRoot\system32\drivers\peauth.sys
0xA22DF000 \SystemRoot\System32\Drivers\secdrv.SYS
0xA22E9000 \SystemRoot\System32\drivers\tcpipreg.sys
0xA22F5000 \??\C:\Program Files\Acer Arcade Deluxe\Play Movie\000.fcl
0xA22F7000 \SystemRoot\system32\drivers\mfehidk.sys
0xA2393000 \SystemRoot\system32\drivers\mfebopk.sys
0xA239A000 \SystemRoot\system32\drivers\mfeapfk.sys
0xA23A9000 \SystemRoot\system32\drivers\mfeavfk.sys
0x773D0000 \Windows\System32\ntdll.dll

Processes (total 89):
0 System Idle Process
4 System
464 C:\Windows\System32\smss.exe
596 csrss.exe
660 csrss.exe
668 C:\Windows\System32\wininit.exe
700 C:\Windows\System32\winlogon.exe
752 C:\Windows\System32\services.exe
764 C:\Windows\System32\lsass.exe
772 C:\Windows\System32\lsm.exe
912 C:\Windows\System32\svchost.exe
972 C:\Windows\System32\svchost.exe
1012 C:\Windows\System32\svchost.exe
1100 C:\Windows\System32\Ati2evxx.exe
1120 C:\Windows\System32\svchost.exe
1180 C:\Windows\System32\svchost.exe
1220 C:\Windows\System32\svchost.exe
1296 C:\Windows\System32\audiodg.exe
1328 C:\Windows\System32\svchost.exe
1352 C:\Windows\System32\SLsvc.exe
1428 C:\Windows\System32\svchost.exe
1536 C:\Windows\System32\Ati2evxx.exe
1616 C:\Windows\System32\svchost.exe
1860 C:\Windows\System32\spoolsv.exe
1904 C:\Windows\System32\svchost.exe
408 C:\Windows\System32\dwm.exe
476 C:\Windows\explorer.exe
712 C:\Windows\System32\taskeng.exe
1552 C:\Program Files\Windows Defender\MSASCui.exe
1608 C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
1624 C:\Windows\RtHDVCpl.exe
1696 C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe
1272 C:\Windows\System32\agrsmsvc.exe
1372 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
1880 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
1152 C:\Program Files\Bonjour\mDNSResponder.exe
2052 C:\Windows\System32\taskeng.exe
2092 C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
2164 C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
2516 C:\Acer\Empowering Technology\eNet\eNet Service.exe
2744 C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
2788 C:\Program Files\Common Files\LightScribe\LSSrvc.exe
3248 C:\Acer\Mobility Center\MobilityService.exe
3448 C:\Program Files\O2Micro Oz128 Driver\o2flash.exe
3540 C:\Windows\System32\svchost.exe
3560 C:\Program Files\CyberLink\Shared Files\RichVideo.exe
3600 C:\Windows\System32\svchost.exe
3664 C:\Windows\System32\svchost.exe
3688 C:\Windows\System32\SearchIndexer.exe
3784 C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
3860 C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
3924 C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
2340 WmiPrvSE.exe
1544 WmiPrvSE.exe
2068 unsecapp.exe
3380 C:\Users\INESSC~1\AppData\Local\temp\RtkBtMnt.exe
2908 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
1008 C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe
2292 C:\Program Files\Launch Manager\LManager.exe
3340 C:\Acer\Empowering Technology\eAudio\eAudio.exe
3180 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
2432 C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
2452 C:\Program Files\iTunes\iTunesHelper.exe
1884 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
4036 C:\Windows\ehome\ehtray.exe
2916 C:\Windows\ehome\ehmsas.exe
880 C:\Program Files\Acer\Acer VCM\AcerVCM.exe
4268 C:\Acer\Empowering Technology\eNet\eNMTray.exe
4292 C:\Windows\System32\wbem\unsecapp.exe
4320 C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
4368 C:\Acer\Empowering Technology\Acer.Empowering.Framework.Supervisor.exe
4420 C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
4700 C:\Program Files\Acer\Acer VCM\VC.exe
4712 C:\Program Files\Acer\Acer VCM\acp2HID.exe
4212 C:\Program Files\iPod\bin\iPodService.exe
4580 C:\Program Files\Internet Explorer\iexplore.exe
5840 C:\Program Files\Internet Explorer\iexplore.exe
5608 C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
2796 C:\Windows\System32\Macromed\Flash\FlashUtil10i_ActiveX.exe
5256 C:\Program Files\Internet Explorer\iexplore.exe
5780 C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
3244 C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
6116 C:\Program Files\Internet Explorer\iexplore.exe
5832 C:\Windows\System32\SearchProtocolHost.exe
4564 C:\Windows\System32\SearchFilterHost.exe
888 C:\Program Files\Skype\Toolbars\Shared\SkypeNames2.exe
1532 dllhost.exe
5200 dllhost.exe
4832 C:\Users\Ines Schwarz\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000002`71100000 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000013`79c00000 (NTFS)

PhysicalDrive0 Model Number: HitachiHTS541616J9SA00, Rev: SB4OC70P

Size Device Name MBR Status
--------------------------------------------
149 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: 31171527C24A94682C92F34EB1E387CDC8AD21FC


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Done!

cosinus 20.09.2010 19:02
Schau mal hier => Vista Notfall/Recovery-CD 32-Bit - Dr. Windows

Lad das iso runter, brenn es per Imagebrennfunktion auf eine CD und starte damit den Rechner (von dieser CD booten). Klick auf Computerreparaturoptionen, weiter, Eingabeaufforderung - die Konsole öffnet sich. Da bitte bootrec.exe /fixboot eintippen (mit enter bestätigen), dann bootrec.exe /fixmbr eintippen (mit enter bestätigen) - Rechner neustarten, CD vorher rausnehmen.

ines000 22.09.2010 12:25
das funktioniert nicht unbedingt.

wenn ich das iso runterlade und dann mit NTI (is am laptop oben) iso brenne und image erstelle, laptop runterfahre u wieder hochfahre kommt nix.
das iso hat das icon von NTI (draufklicken, wird das brennen gestartet) oder dem internetexplorer (wird das iso-herunterladen gestartet). es kommt niemals dein beschriebener lösungsweg.
wenn ich die iso auf der cd starten will, kommen ordner, wo ich aber kein setup oder ähnliches finde, nur .exe die aber alle nichts zutage fördern.

*confusion*
lg, ines

cosinus 22.09.2010 12:42
Du musst von der CD booten!!!

Zitat:
laptop runterfahre u wieder hochfahre kommt nix.
Bootreihenfolge ändern!! Der Rechner weiß doch nicht, von welchem Medium Du starten willst! :wtf:

Bootreihenfolge ändern

ines000 22.09.2010 16:31
done.

passt jetzt alles wieder?

lg, ines

cosinus 22.09.2010 20:23
Hat anscheinend nun reibungslos geklappt.
Mach bitte zur Kontrolle, ob der MBR auch nun wirklich ok ist, einen weiteren Lauf mit MBRCheck und poste davon das neue Log dann.

ines000 23.09.2010 16:46
das log:


MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows Vista Home Premium Edition
Windows Information: Service Pack 2 (build 6002), 32-bit
Base Board Manufacturer: Acer
BIOS Manufacturer: Phoenix Technologies LTD
System Manufacturer: Acer
System Product Name: Aspire 4920
Logical Drives Mask: 0x0000001c

Kernel Drivers (total 158):
0x8221E000 \SystemRoot\system32\ntkrnlpa.exe
0x825D7000 \SystemRoot\system32\hal.dll
0x8040B000 \SystemRoot\system32\kdcom.dll
0x80412000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x80482000 \SystemRoot\system32\PSHED.dll
0x80493000 \SystemRoot\system32\BOOTVID.dll
0x8049B000 \SystemRoot\system32\CLFS.SYS
0x804DC000 \SystemRoot\system32\CI.dll
0x80607000 \SystemRoot\system32\drivers\Wdf01000.sys
0x80683000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x80690000 \SystemRoot\system32\drivers\acpi.sys
0x806D6000 \SystemRoot\system32\drivers\WMILIB.SYS
0x806DF000 \SystemRoot\system32\drivers\msisadrv.sys
0x806E7000 \SystemRoot\system32\drivers\pci.sys
0x8070E000 \SystemRoot\System32\drivers\partmgr.sys
0x8071D000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x80720000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x8072A000 \SystemRoot\system32\drivers\volmgr.sys
0x80739000 \SystemRoot\System32\drivers\volmgrx.sys
0x80783000 \SystemRoot\system32\drivers\intelide.sys
0x8078A000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x80798000 \SystemRoot\System32\drivers\mountmgr.sys
0x82C05000 \SystemRoot\system32\DRIVERS\iaStor.sys
0x82CCC000 \SystemRoot\system32\drivers\atapi.sys
0x82CD4000 \SystemRoot\system32\drivers\ataport.SYS
0x82CF2000 \SystemRoot\system32\DRIVERS\o2media.sys
0x82CFC000 \SystemRoot\system32\DRIVERS\SCSIPORT.SYS
0x82D22000 \SystemRoot\system32\DRIVERS\o2sd.sys
0x82D2B000 \SystemRoot\system32\drivers\fltmgr.sys
0x82D5D000 \SystemRoot\system32\drivers\fileinfo.sys
0x82D6D000 \SystemRoot\system32\DRIVERS\psdfilter.sys
0x82D76000 \SystemRoot\system32\Drivers\PzWDM.sys
0x82D79000 \SystemRoot\System32\Drivers\ksecdd.sys
0x82E00000 \SystemRoot\system32\drivers\ndis.sys
0x82F0B000 \SystemRoot\system32\drivers\msrpc.sys
0x82F36000 \SystemRoot\system32\drivers\NETIO.SYS
0x8820D000 \SystemRoot\System32\drivers\tcpip.sys
0x882F7000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x88312000 \SystemRoot\system32\drivers\mfetdik.sys
0x8831E000 \SystemRoot\system32\drivers\TDI.SYS
0x88403000 \SystemRoot\System32\Drivers\Ntfs.sys
0x88513000 \SystemRoot\system32\drivers\volsnap.sys
0x8854C000 \SystemRoot\System32\Drivers\spldr.sys
0x88554000 \SystemRoot\system32\drivers\psdvdisk.sys
0x88566000 \SystemRoot\system32\drivers\PSDNServ.sys
0x8856F000 \SystemRoot\System32\Drivers\mup.sys
0x8857E000 \SystemRoot\System32\drivers\ecache.sys
0x885A5000 \SystemRoot\system32\drivers\disk.sys
0x885B6000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x885D7000 \SystemRoot\system32\drivers\crcdisk.sys
0x885ED000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x883F0000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x82F71000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x88200000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x8BC08000 \SystemRoot\system32\DRIVERS\atikmdag.sys
0x8C330000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x8C3D1000 \SystemRoot\System32\drivers\watchdog.sys
0x8C3DD000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x82F80000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x8C3E8000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x8C60A000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x8C80E000 \SystemRoot\system32\DRIVERS\NETw4v32.sys
0x8CA37000 \SystemRoot\system32\DRIVERS\ohci1394.sys
0x8CA47000 \SystemRoot\system32\DRIVERS\1394BUS.SYS
0x8CA55000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x8CA59000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x8CA6C000 \SystemRoot\system32\DRIVERS\DKbFltr.sys
0x8CA76000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x8CA81000 \SystemRoot\system32\DRIVERS\SynTP.sys
0x8CAAD000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x8CAAF000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x8CABA000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x8CAD2000 \SystemRoot\system32\DRIVERS\NTIDrvr.sys
0x8CAD4000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0x8CADA000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x8CB09000 \SystemRoot\system32\DRIVERS\storport.sys
0x8CB4A000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x8CB61000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x8CB6C000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x8CB8F000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x8CB9E000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x8CBB2000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x8CBC7000 \SystemRoot\system32\DRIVERS\termdd.sys
0x8CBD7000 \SystemRoot\system32\DRIVERS\swenum.sys
0x8C697000 \SystemRoot\system32\DRIVERS\ks.sys
0x8CBD9000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x8CBE3000 \SystemRoot\system32\DRIVERS\umbus.sys
0x8C6C1000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x8C6F6000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x8D003000 \SystemRoot\system32\drivers\RTKVHDA.sys
0x8D1B2000 \SystemRoot\system32\drivers\portcls.sys
0x8C707000 \SystemRoot\system32\drivers\drmk.sys
0x8D201000 \SystemRoot\system32\DRIVERS\AGRSM.sys
0x8D31E000 \SystemRoot\system32\drivers\modem.sys
0x8D32B000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x8D334000 \SystemRoot\System32\Drivers\Null.SYS
0x8D33B000 \SystemRoot\System32\Drivers\Beep.SYS
0x8D342000 \SystemRoot\System32\drivers\vga.sys
0x8D34E000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x8D36F000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x8D377000 \SystemRoot\system32\drivers\rdpencdd.sys
0x8D37F000 \SystemRoot\System32\Drivers\Msfs.SYS
0x8D38A000 \SystemRoot\System32\Drivers\Npfs.SYS
0x8D398000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x8D3A1000 \SystemRoot\system32\DRIVERS\tdx.sys
0x8D3B7000 \SystemRoot\system32\DRIVERS\smb.sys
0x8D3CB000 \SystemRoot\System32\DRIVERS\netbt.sys
0x8C72C000 \SystemRoot\system32\drivers\afd.sys
0x8D1DF000 \SystemRoot\system32\DRIVERS\pacer.sys
0x8CBF0000 \SystemRoot\system32\DRIVERS\netbios.sys
0x8C774000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x8D1F5000 \SystemRoot\system32\DRIVERS\ssmdrv.sys
0x8C787000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x8C800000 \SystemRoot\system32\drivers\nsiproxy.sys
0x8C7C3000 \??\C:\Program Files\McAfee\VirusScan Enterprise\mferkdk.sys
0x8C7CA000 \SystemRoot\System32\Drivers\dfsc.sys
0x8C7E1000 \SystemRoot\System32\Drivers\crashdmp.sys
0x88329000 \SystemRoot\System32\Drivers\dump_iaStor.sys
0x8C7EE000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x82FBE000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x8C7F7000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x8C600000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x82FCE000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x95601000 \SystemRoot\System32\Drivers\BisonC07.sys
0x956EE000 \SystemRoot\System32\Drivers\STREAM.SYS
0x96A70000 \SystemRoot\System32\win32k.sys
0x956FB000 \SystemRoot\System32\drivers\Dxapi.sys
0x95705000 \SystemRoot\system32\DRIVERS\monitor.sys
0x96C90000 \SystemRoot\System32\TSDDD.dll
0x96CB0000 \SystemRoot\System32\cdd.dll
0x95714000 \SystemRoot\system32\drivers\luafv.sys
0x95737000 \SystemRoot\system32\drivers\spsys.sys
0x957E7000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x807A8000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x885E0000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x82FE5000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x9A20F000 \SystemRoot\system32\drivers\HTTP.sys
0x9A27C000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x9A299000 \SystemRoot\system32\DRIVERS\bowser.sys
0x9A2B2000 \SystemRoot\System32\drivers\mpsdrv.sys
0x9A2C7000 \SystemRoot\system32\drivers\mrxdav.sys
0x9A2E8000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x9A307000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x9A340000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x9A358000 \SystemRoot\System32\DRIVERS\srv2.sys
0x9A37F000 \SystemRoot\System32\DRIVERS\srv.sys
0x9A3E5000 \SystemRoot\system32\DRIVERS\cdfs.sys
0x807D2000 \SystemRoot\System32\Drivers\fastfat.SYS
0x9A3CD000 \??\C:\Windows\system32\drivers\int15.sys
0x9DC05000 \SystemRoot\system32\drivers\peauth.sys
0x9DCE3000 \SystemRoot\System32\Drivers\secdrv.SYS
0x9DCED000 \SystemRoot\System32\drivers\tcpipreg.sys
0x9DCF9000 \??\C:\Program Files\Acer Arcade Deluxe\Play Movie\000.fcl
0x9DCFB000 \SystemRoot\system32\drivers\mfehidk.sys
0x9DD23000 \SystemRoot\system32\drivers\mfebopk.sys
0x9DD2A000 \SystemRoot\system32\drivers\mfeapfk.sys
0x9DD39000 \SystemRoot\system32\drivers\mfeavfk.sys
0x772C0000 \Windows\System32\ntdll.dll

Processes (total 88):
0 System Idle Process
4 System
464 C:\Windows\System32\smss.exe
596 csrss.exe
652 C:\Windows\System32\wininit.exe
664 csrss.exe
696 C:\Windows\System32\services.exe
712 C:\Windows\System32\lsass.exe
720 C:\Windows\System32\lsm.exe
768 C:\Windows\System32\winlogon.exe
904 C:\Windows\System32\svchost.exe
964 C:\Windows\System32\svchost.exe
1004 C:\Windows\System32\svchost.exe
1116 C:\Windows\System32\Ati2evxx.exe
1136 C:\Windows\System32\svchost.exe
1172 C:\Windows\System32\svchost.exe
1224 C:\Windows\System32\svchost.exe
1288 C:\Windows\System32\audiodg.exe
1312 C:\Windows\System32\svchost.exe
1328 C:\Windows\System32\SLsvc.exe
1376 C:\Windows\System32\svchost.exe
1484 C:\Windows\System32\svchost.exe
1664 C:\Windows\System32\Ati2evxx.exe
1780 C:\Windows\System32\spoolsv.exe
1808 C:\Windows\System32\svchost.exe
1996 C:\Windows\System32\agrsmsvc.exe
2008 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
2028 C:\Program Files\Bonjour\mDNSResponder.exe
224 C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
476 C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
1068 C:\Acer\Empowering Technology\eNet\eNet Service.exe
2092 C:\Windows\System32\dwm.exe
2116 C:\Windows\System32\taskeng.exe
2160 C:\Windows\System32\taskeng.exe
2232 C:\Windows\explorer.exe
2412 C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
2460 C:\Program Files\Common Files\LightScribe\LSSrvc.exe
2520 C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
2572 C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
2624 C:\Acer\Mobility Center\MobilityService.exe
2716 C:\Program Files\O2Micro Oz128 Driver\o2flash.exe
2788 C:\Windows\System32\svchost.exe
2808 C:\Program Files\CyberLink\Shared Files\RichVideo.exe
2892 C:\Windows\System32\svchost.exe
3036 C:\Windows\System32\svchost.exe
3064 C:\Windows\System32\SearchIndexer.exe
3148 C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
3204 C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
3264 C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
3572 WmiPrvSE.exe
3580 WmiPrvSE.exe
3740 C:\Program Files\Windows Defender\MSASCui.exe
3784 C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
3804 C:\Windows\RtHDVCpl.exe
3836 C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe
3892 unsecapp.exe
4000 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
1692 C:\Windows\System32\wbem\unsecapp.exe
1340 C:\Users\***~1\AppData\Local\temp\RtkBtMnt.exe
1196 C:\Program Files\Internet Explorer\iexplore.exe
2388 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
3544 C:\Program Files\Internet Explorer\iexplore.exe
2384 C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe
3492 C:\Program Files\Launch Manager\LManager.exe
1592 C:\Acer\Empowering Technology\eAudio\eAudio.exe
2392 C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
3600 C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
1000 C:\Program Files\iTunes\iTunesHelper.exe
1648 C:\Program Files\McAfee\VirusScan Enterprise\shstat.exe
4060 C:\Program Files\Windows Sidebar\sidebar.exe
2484 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
1360 C:\Windows\ehome\ehtray.exe
4104 C:\Program Files\Acer\Acer VCM\AcerVCM.exe
4236 C:\Windows\ehome\ehmsas.exe
4488 C:\Acer\Empowering Technology\eNet\eNMTray.exe
4532 C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
4548 C:\Acer\Empowering Technology\Acer.Empowering.Framework.Supervisor.exe
4568 C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
4996 C:\Windows\System32\Macromed\Flash\FlashUtil10i_ActiveX.exe
5372 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
4764 C:\Program Files\Acer\Acer VCM\VC.exe
2704 C:\Program Files\Acer\Acer VCM\acp2HID.exe
5816 C:\Program Files\iPod\bin\iPodService.exe
3116 C:\Windows\servicing\TrustedInstaller.exe
7496 C:\Program Files\Internet Explorer\iexplore.exe
6816 dllhost.exe
6432 dllhost.exe
6812 C:\Users\***\Desktop\Virusbekämpfung\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000002`71100000 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000013`79c00000 (NTFS)

PhysicalDrive0 Model Number: HitachiHTS541616J9SA00, Rev: SB4OC70P

Size Device Name MBR Status
--------------------------------------------
149 GB \\.\PhysicalDrive0 Windows 2008 MBR code detected
SHA1: 8DF43F2BDE2D9451948FA14B5279969C777A7979


Done!

cosinus 23.09.2010 19:06
Zitat:
149 GB \\.\PhysicalDrive0 Windows 2008 MBR code detected
SHA1: 8DF43F2BDE2D9451948FA14B5279969C777A7979
Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SASW und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!

ines000 24.09.2010 18:04
bitteschön:

scan mit superantispyware:

SUPERAntiSpyware Scan Log
SUPERAntiSpyware.com | Remove Malware | Remove Spyware - AntiMalware, AntiSpyware, AntiAdware!

Generated 09/24/2010 at 06:51 PM

Application Version : 4.43.1000

Core Rules Database Version : 5572
Trace Rules Database Version: 3384

Scan type : Complete Scan
Total Scan Time : 02:24:05

Memory items scanned : 862
Memory threats detected : 0
Registry items scanned : 10043
Registry threats detected : 5
File items scanned : 147909
File threats detected : 4

Registry Cleaner Trial
HKCR\Install.Install
HKCR\Install.Install\CLSID
HKCR\Install.Install\CurVer
HKCR\Install.Install.1
HKCR\Install.Install.1\CLSID

Rogue.AntiMalwareDoctor
C:\Users\***\AppData\Roaming\64AF16D2F09658DD376D9252C6DA496E

Adware.Tracking Cookie
ia.media-imdb.com [ C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\PSZ96893 ]
secure-us.imrworldwide.com [ C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\PSZ96893 ]

Trojan.Unclassified/Dropper-IExplorer
C:\USERS\***\DESKTOP\VIRUSBEKäMPFUNG\IEXPLORER.EXE



scan mit malewarebytes:

Malwarebytes' Anti-Malware 1.46
Malwarebytes

Datenbank Version: 4683

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18943

24.09.2010 16:11:29
mbam-log-2010-09-24 (16-11-29).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 257645
Laufzeit: 2 Stunde(n), 7 Minute(n), 42 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)




wie siehts aus?
lg, ines

cosinus 25.09.2010 13:49
Sieht ok aus, da wurden nur Reste und Cookies gefunden.
Noch Probleme oder weitere Funde in der Zwischenzeit?

ines000 26.09.2010 10:42
nope. alles okay.


ich sag ein riesengroßes DANKE. ich werd micht erkenntlich zeigen.

lg, ines

cosinus 26.09.2010 11:11
Dann wären wir durch! :abklatsch:

Bitte abschließend die Updates prüfen, unten mein Leitfaden dazu.
Für noch mehr Sicherheit solltest Du nach der beseitigten Infektion auch möglichst alle Passwörter ändern.


Microsoftupdate

Windows XP: Besuch mit dem IE die MS-Updateseite und lass Dir alle wichtigen Updates installieren.

Windows Vista/7: Anleitung Windows-Update



PDF-Reader aktualisieren
Dein Adobe Reader ist nicht aktuell, was ein großes Sicherheitsrisiko darstellt. Du solltest daher besser die alte Version über Systemsteuerung => Software deinstallieren, indem Du dort auf "Adobe Reader x.0" klickst und das Programm entfernst.

Ich empfehle einen alternativen PDF-Reader wie SumatraPDF oder Foxit PDF Reader, beide sind sehr viel schlanker und flotter als der AdobeReader.

Bitte überprüf bei der Gelegenheit auch die Aktualität des Flashplayers, hier der direkte Downloadlink => http://filepony.de/?q=Flash+Player


Java-Update
Veraltete Java-Installationen sind ein Sicherheitsrisiko, daher solltest Du die alten Versionen löschen (falls vorhanden, am besten mit JavaRa) und auf die neuste aktualisieren. Beende dazu alle Programme (v.a. die Browser), klick danach auf Start, Systemsteuerung, Software und deinstalliere darüber alle aufgelisteten Java-Versionen. Lad Dir danach von hier das aktuelle Java SE Runtime Environment (JRE) herunter und installiere es.


Alle Zeitangaben in WEZ +1. Es ist jetzt 07:03 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19