MS removal Tool vollständig entfernen

Deathkid535 · 07.07.2011, 19:17

Hallo M-K-D-B,

Zitat:

Noch geben wir nicht auf.

Danke fürs Mut machen

Also, dss bleibt bei genau 60 (nachgezählten

) Rauten stecken.
Auch umbenennen half nichts. Soll ich versuchen, es über die Befehlszeile auszuführen?
MFG, Deathkid

M-K-D-B · 07.07.2011, 20:44

Hallo Deathkid,

Zitat:

Zitat von Deathkid535

Soll ich versuchen, es über die Befehlszeile auszuführen?

Nein. Bitte hab Geduld. Ich melde mich wieder.

M-K-D-B · 07.07.2011, 21:44

Hallo Deathkid,

bei Problemen oder Komplikationen mit mbr.exe bitte genau Bericht erstatten.

Schritt # 1: Scan mit mbr.exe
Downloade dir mbr.exe auf deinen Desktop.

Starte die mbr.exe
Benutzer von Windows Vista und 7 mit Rechtsklick -> Als Administrator ausführen
Das Tool startet automatisch seine Suche. Dabei erscheint ein schwarzes Fenster.
Nach Beendigung des Suchlaufs findest du auf deinem Desktop eine Datei mbr.txt.
Poste mir den Inhalt des Logfiles mit deiner nächsten Antwort.

Schritt # 2: Deine Rückmeldung
Zur weiteren Analyse benötige ich zusammen mit deiner nächsten Antwort

das Logfile von mbr.exe.

Deathkid535 · 08.07.2011, 00:13

Hallo M-K-D-B,
Ich habe MBR wie beschrieben ausgeführt, aber es bleibt hängen. Im schwarzen Fenster steht:
Stealth....

device: opened succesfully
user: MBR read succesfully
kernel: MBR read succesfully
user&kernerl MBR ok
error: Read Die Anforderung kann wegen eines E/A-Gerötefehlers nicht ausgef³hrt werden

Ausserdem habe ich gerade eine Meldung von WIndows Defender bekommen, SS´s im Anhang, und wenn ich es über die Systemsteuerung öffnen will, kommt ganz kurz ein popup fenster, zu schnell um einen SS zu machen, ich versuch es grade.
MFG,
Deathkid

Deathkid535 · 08.07.2011, 00:23

So, habs geschafft das zu Screenshotten, sollte im Anhang sein

M-K-D-B · 08.07.2011, 10:38

Hallo Deathkid,

Starte die dds.exe.
Entferne unter Options for dds.txt den Haken vor Check MBR.
Klicke auf Scan
Wenn der Scan beendet wurde, wird sich eine Logfile öffnen ( dds.txt )

Bitte poste diese in deiner nächsten Antwort.

Deathkid535 · 08.07.2011, 13:46

Hallo M-K-D-B,
juhu es hat funktioniert

Code:

ATTFilter

DDS (Ver_2011-06-22.01) - NTFS_x86 
Internet Explorer: 8.0.7600.16385  BrowserJavaVersion: 1.6.0_23
Run by Administrator at 14:39:51 on 2011-07-08
#Option MBR scan  is disabled.
Microsoft Windows 7 Home Premium   6.1.7600.0.1252.43.1031.18.1788.939 [GMT 2:00]
.
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\PnkBstrA.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Google\Update\1.3.21.57\GoogleCrashHandler.exe
C:\Windows\Explorer.EXE
C:\Program Files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe
C:\Program Files\Lenovo\Energy Management\utility.exe
C:\Program Files\Lenovo\Energy Management\Energy Management.exe
C:\Program Files\Real\RealPlayer\Update\realsched.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Users\Administrator\AppData\Local\Apps\2.0\W55HJDXV.742\KR5R0CNL.RO1\curs..tion_eee711038731a406_0004.0000_0d453ed5fea2fe48\CurseClient.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\DllHost.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\DAEMON Tools Pro\DTShellHlp.exe
C:\Program Files\Real\RealUpgrade\RealUpgrade.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\svchost.exe -k SDRSVC
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\programdata\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - c:\program files\divx\divx plus web player\npdivx32.dll
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: DivX HiQ: {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - c:\program files\divx\divx plus web player\npdivx32.dll
BHO: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Babylon IE plugin: {9CFACCB6-2F3F-4177-94EA-0D2B72D384C1} - c:\program files\babylon\babylon-pro\utils\BabylonIEPI.dll
BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - c:\program files\windows live\companion\companioncore.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\5.7.6406.1642\swg.dll
BHO: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn toolbar\platform\6.3.2322.0\npwinext.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: @c:\program files\msn toolbar\platform\6.3.2322.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\program files\msn toolbar\platform\6.3.2322.0\npwinext.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Speech Recognition] "c:\windows\speech\common\sapisvr.exe" -SpeechUX -Startup
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [EnergyUtility] c:\program files\lenovo\energy management\utility.exe
mRun: [Energy Management] c:\program files\lenovo\energy management\Energy Management.exe
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe"  -osboot
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRun: [Google Quick Search Box] "c:\program files\google\quick search box\GoogleQuickSearchBox.exe"  /autorun
StartupFolder: c:\users\administrator\appdata\roaming\microsoft\windows\start menu\programs\startup\CurseClientStartup.ccip
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
IE: Nach Microsoft E&xel exportieren - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Translate this web page with Babylon - c:\program files\babylon\babylon-pro\utils\BabylonIEPI.dll/ActionTU.htm
IE: Translate with Babylon - c:\program files\babylon\babylon-pro\utils\BabylonIEPI.dll/Action.htm
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
   If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 212.186.211.21 195.34.133.21 192.168.0.1
TCP: Interfaces\{F1585E0E-A783-49E6-89FF-B6AEC53252AA} : DHCPNameServer = 212.186.211.21 195.34.133.21 192.168.0.1
TCP: Interfaces\{F1585E0E-A783-49E6-89FF-B6AEC53252AA}\350756564645F6573686246344832444 : DHCPNameServer = 10.0.0.138
TCP: Interfaces\{F1585E0E-A783-49E6-89FF-B6AEC53252AA}\4586F6D637F6E6831493632473 : DHCPNameServer = 10.0.0.138 10.0.0.138
TCP: Interfaces\{F1585E0E-A783-49E6-89FF-B6AEC53252AA}\D4967686479702D4F6573756 : DHCPNameServer = 10.0.0.138 10.0.0.138
TCP: Interfaces\{F1585E0E-A783-49E6-89FF-B6AEC53252AA}\E4574756C6C616 : DHCPNameServer = 192.168.0.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
LSA: Notification Packages =  scecli ACGina
LSA: Security Packages =  kerberos msv1_0 schannel wdigest tspkg pku2u livessp
mASetup: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "c:\program files\windows mail\WinMail.exe" OCInstallUserConfigOE
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\administrator\appdata\roaming\mozilla\firefox\profiles\0q27vfov.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2851647&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig
FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?babsrc=toolbar2&q=
FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\google updater\2.4.2166.3772\npCIDetect14.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\google\update\1.3.21.57\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60531.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll
FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\users\administrator\appdata\locallow\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\users\administrator\appdata\roaming\mozilla\firefox\profiles\0q27vfov.default\extensions\{1bc9ba34-1eed-42ca-a505-6d2f1a935bbb}\plugins\npietab2.dll
FF - plugin: c:\users\administrator\appdata\roaming\mozilla\firefox\profiles\0q27vfov.default\extensions\battlefieldplay4free@ea.com\plugins\npBP4FUpdater.dll
.
---- FIREFOX POLICIES ----
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 2250000
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 750000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 750000
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 16
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 8
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.firstrequest - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 0
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
.
============= SERVICES / DRIVERS ===============
.
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-14 48128]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-6-11 366640]
R3 ACPIVPC;Lenovo Virtual Power Controller Driver;c:\windows\system32\drivers\AcpiVpc.sys [2011-5-30 9472]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\drivers\L1C62x86.sys [2010-7-1 58368]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-6-11 22712]
R3 SaiK0728;SaiK0728;c:\windows\system32\drivers\SaiK0728.sys [2008-1-21 104960]
R3 SRS_AudioFusion_Service;AudioFusion Edition;c:\windows\system32\drivers\SRS_AudioFusion_i386.sys [2011-3-13 390944]
R3 usbfilter;AMD USB Filter Driver;c:\windows\system32\drivers\usbfilter.sys [2010-7-1 31288]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-3-13 135664]
S2 PEVSystemStart;PEVSystemStart;c:\cofi25381c\pev.cfxxe [2011-6-26 256000]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2011-6-7 1153368]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]
S3 fssfltr;fssfltr;c:\windows\system32\drivers\fssfltr.sys [2011-5-16 39272]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-9-23 1493352]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\google\google desktop search\GoogleDesktop.exe [2011-4-28 30192]
S3 gupdatem;Google Update-Dienst (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-3-13 135664]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [2010-7-1 174592]
S3 SaiK0CFA;SaiK0CFA;c:\windows\system32\drivers\SaiK0CFA.sys [2011-3-22 141832]
S3 SaiU0CFA;SaiU0CFA;c:\windows\system32\drivers\SaiU0CFA.sys [2011-3-22 35208]
S3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\wat\WatAdminSvc.exe [2010-7-2 1343400]
S3 wsvd;wsvd;c:\windows\system32\drivers\wsvd.sys [2009-7-21 81704]
S4 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-11-25 172032]
S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040]
.
=============== Created Last 30 ================
.
2011-07-07 08:24:53	--------	d-s---w-	C:\cofi25381c
2011-07-07 08:20:10	--------	d-----w-	c:\program files\CCleaner
2011-07-07 07:56:17	--------	d-s---w-	C:\cofi26567c
2011-07-07 07:49:47	--------	d-s---w-	C:\cofi
2011-07-06 20:19:36	--------	d-s---w-	C:\w2of455n
2011-07-06 15:43:37	--------	d-s---w-	C:\ComboFix
2011-07-06 15:22:13	98816	----a-w-	c:\windows\sed.exe
2011-07-06 15:22:13	256000	----a-w-	c:\windows\PEV.exe
2011-07-06 15:22:13	208896	----a-w-	c:\windows\MBR.exe
2011-07-05 15:08:23	--------	d-----w-	c:\windows\system32\wbem\repository
2011-07-02 14:23:44	--------	d-----w-	c:\programdata\AVAST Software
2011-07-02 14:23:44	--------	d-----w-	c:\program files\AVAST Software
2011-07-01 15:51:29	--------	d-----w-	c:\users\administrator\appdata\roaming\SUPERAntiSpyware.com
2011-07-01 15:51:29	--------	d-----w-	c:\programdata\SUPERAntiSpyware.com
2011-07-01 15:50:14	--------	d-----w-	c:\program files\SUPERAntiSpyware
2011-06-30 07:05:29	100736	----a-w-	C:\pwdirpog.sys
2011-06-29 10:25:47	294912	----a-w-	c:\windows\system32\umpnpmgr.dll
2011-06-29 10:25:32	1401856	----a-w-	c:\windows\system32\mssrch.dll
2011-06-29 10:25:31	428032	----a-w-	c:\windows\system32\SearchIndexer.exe
2011-06-29 10:25:31	1553920	----a-w-	c:\windows\system32\tquery.dll
2011-06-29 10:25:30	86528	----a-w-	c:\windows\system32\SearchFilterHost.exe
2011-06-29 10:25:30	666624	----a-w-	c:\windows\system32\mssvp.dll
2011-06-29 10:25:30	59392	----a-w-	c:\windows\system32\msscntrs.dll
2011-06-29 10:25:30	337408	----a-w-	c:\windows\system32\mssph.dll
2011-06-29 10:25:30	197120	----a-w-	c:\windows\system32\mssphtb.dll
2011-06-29 10:25:30	164352	----a-w-	c:\windows\system32\SearchProtocolHost.exe
2011-06-27 19:06:30	--------	d-----w-	C:\_OTL
2011-06-27 18:55:07	--------	d-----w-	c:\program files\VS Revo Group
2011-06-26 20:50:35	--------	d--h--w-	c:\windows\PIF
2011-06-22 17:34:53	--------	d-----w-	c:\users\administrator\appdata\roaming\RIFT
2011-06-22 17:34:45	--------	d-----w-	c:\program files\RIFT Game
2011-06-18 07:43:48	--------	d-sh--w-	c:\windows\system32\%APPDATA%
2011-06-17 12:38:41	311296	----a-w-	c:\windows\system32\drivers\srv.sys
2011-06-17 12:38:41	309760	----a-w-	c:\windows\system32\drivers\srv2.sys
2011-06-17 12:38:41	114176	----a-w-	c:\windows\system32\drivers\srvnet.sys
2011-06-17 12:38:39	338944	----a-w-	c:\windows\system32\drivers\afd.sys
2011-06-17 12:38:39	1286016	----a-w-	c:\windows\system32\drivers\tcpip.sys
2011-06-17 12:38:02	571904	----a-w-	c:\windows\system32\oleaut32.dll
2011-06-17 12:38:00	78336	----a-w-	c:\windows\system32\drivers\dfsc.sys
2011-06-16 11:23:54	--------	d-----w-	c:\users\administrator\dwhelper
2011-06-11 20:47:19	--------	d-----w-	c:\users\administrator\appdata\roaming\Malwarebytes
2011-06-11 20:46:37	39984	----a-w-	c:\windows\system32\drivers\mbamswissarmy.sys
2011-06-11 20:46:35	--------	d-----w-	c:\programdata\Malwarebytes
2011-06-11 20:46:31	22712	----a-w-	c:\windows\system32\drivers\mbam.sys
2011-06-11 20:46:31	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2011-06-11 08:49:21	166400	--sha-r-	c:\windows\system32\KBDINMALV.dll
2011-06-10 19:16:36	152	----a-w-	c:\windows\system32\sysplog2.dll
2011-06-10 19:16:28	152	----a-w-	c:\windows\system32\sysplog.dll
2011-06-10 19:15:36	67376	------w-	c:\windows\system32\SYSINFO.OCX
2011-06-10 19:15:36	260096	------w-	c:\windows\system32\RICHTX32.OCX
2011-06-10 19:15:36	244416	------w-	c:\windows\system32\MSFLXGRD.OCX
2011-06-10 19:15:36	152848	------w-	c:\windows\system32\COMDLG32.OCX
2011-06-10 19:15:36	132880	------w-	c:\windows\system32\MSINET.OCX
2011-06-10 19:15:26	--------	d-----w-	c:\users\administrator\appdata\roaming\8 x 8 Media AG
2011-06-10 19:15:26	--------	d-----w-	c:\program files\chessimo
2011-06-10 19:15:25	--------	d-----w-	c:\programdata\InstallMate
2011-06-10 12:18:51	6962000	----a-w-	c:\programdata\microsoft\windows defender\definition updates\{0a6561fe-8b0a-444f-8d2a-3a61d1ccafb7}\mpengine.dll
.
==================== Find3M  ====================
.
2011-05-28 03:00:02	1638912	----a-w-	c:\windows\system32\mshtml.tlb
2011-05-22 06:17:12	138264	----a-w-	c:\windows\system32\drivers\PnkBstrK.sys
2011-05-22 06:16:07	234768	----a-w-	c:\windows\system32\PnkBstrB.xtr
2011-05-22 06:16:07	234768	----a-w-	c:\windows\system32\PnkBstrB.exe
2011-05-07 10:12:24	138056	----a-w-	c:\users\administrator\appdata\roaming\PnkBstrK.sys
2011-05-07 10:11:19	75136	----a-w-	c:\windows\system32\PnkBstrA.exe
2011-05-04 02:43:59	222720	----a-w-	c:\windows\system32\drivers\mrxsmb10.sys
2011-05-04 02:43:48	96256	----a-w-	c:\windows\system32\drivers\mrxsmb20.sys
2011-05-04 02:43:41	123392	----a-w-	c:\windows\system32\drivers\mrxsmb.sys
2011-05-03 04:50:29	740864	----a-w-	c:\windows\system32\inetcomm.dll
2011-04-28 18:55:22	499712	----a-w-	c:\windows\system32\msvcp71.dll
2011-04-28 18:55:22	348160	----a-w-	c:\windows\system32\msvcr71.dll
2011-04-24 21:08:00	4303928	----a-w-	c:\windows\system32\GameMon.des
2011-04-22 19:36:05	26496	----a-w-	c:\windows\system32\drivers\Diskdump.sys
2011-04-22 19:31:50	981504	----a-w-	c:\windows\system32\wininet.dll
2011-04-22 19:31:26	44544	----a-w-	c:\windows\system32\licmgr10.dll
2011-04-22 18:23:59	386048	----a-w-	c:\windows\system32\html.iec
.
============= FINISH: 14:40:07,13 ===============

Gruß,
Deathkid

08.07.2011, 10:38	#6
M-K-D-B /// TB-Ausbilder	MS removal Tool vollständig entfernen Hallo Deathkid, Starte die dds.exe. Entferne unter Options for dds.txt den Haken vor Check MBR. Klicke auf Scan Wenn der Scan beendet wurde, wird sich eine Logfile öffnen ( dds.txt ) Bitte poste diese in deiner nächsten Antwort.

MS removal Tool vollständig entfernen

Log-Analyse und Auswertung: MS removal Tool vollständig entfernen