Trojaner_Clicker in sims 2 die Haustiere

LadyFreaky · 06.09.2010, 19:36

ich wollt eben warten weil du gemeint hast kaspersky soll ich erst wieder aufdrehen wenn du es sagst .... und wollt ich eben dann net zu lange abgedreht lassen

das malewareprgrogramm ... arbeitet das selbstständig also muss ich das auch abdrehen?

LadyFreaky · 06.09.2010, 19:37

was ich vergessen hab: wie lang dauert der scan im normal fall?

cosinus · 06.09.2010, 20:05

Zitat:

was ich vergessen hab: wie lang dauert der scan im normal fall?

Kann man so pauschal nicht beantworten. Und den Virenscanner kann man "abgedreht" lassen, denn Schädlinge fliegen nicht einfach so von allein auf dem PC. Ein Virenscanner ist nur ein Hilfsmittel mehr nicht, aber nicht die entscheidende Komponente, um einen Windows-PC sauber zu halten.

LadyFreaky · 06.09.2010, 20:36

sooo vollbracht

Combofix Logfile:

Code:

ATTFilter

ComboFix 10-09-06.01 - birgit 06.09.2010  20:59:40.1.3 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6001.1.1252.43.1031.18.3071.1215 [GMT 2:00]
ausgeführt von:: c:\users\birgit\Desktop\cofi.exe
SP: Windows-Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\programdata\aol.exe
c:\programdata\DivXInstaller.exe
c:\programdata\FFSetup230.exe
c:\programdata\flvplayer_setup.exe
c:\programdata\FreePDF4.02.EXE
c:\programdata\gs870w32.exe
c:\programdata\MoveMediaPlayer_071303000004.exe
c:\programdata\Pandora211Recovery.exe
c:\programdata\PDFBlenderSetup1.1.2.exe
c:\programdata\pro.exe
c:\programdata\setup.exe
c:\programdata\SoftonicDownloader50481.exe
c:\programdata\vdm328_free.exe
c:\programdata\wrar380d.exe

.
(((((((((((((((((((((((((((((((((((((((   Treiber/Dienste   )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_Boonty Games


(((((((((((((((((((((((   Dateien erstellt von 2010-08-06 bis 2010-09-06  ))))))))))))))))))))))))))))))
.

2010-09-06 19:13 . 2010-09-06 19:13	--------	d-----w-	c:\users\Default\AppData\Local\temp
2010-09-06 16:37 . 2010-09-06 16:37	--------	d-----w-	c:\program files\CCleaner
2010-09-05 19:19 . 2010-09-05 19:19	--------	d-----w-	C:\_OTL
2010-09-04 16:54 . 2010-09-04 16:54	--------	d-----w-	c:\users\birgit\AppData\Roaming\Malwarebytes
2010-09-04 16:53 . 2010-04-29 10:19	38224	----a-w-	c:\windows\system32\drivers\mbamswissarmy.sys
2010-09-04 16:53 . 2010-09-04 16:53	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2010-09-04 16:53 . 2010-09-04 16:53	--------	d-----w-	c:\programdata\Malwarebytes
2010-09-04 16:53 . 2010-04-29 10:19	20952	----a-w-	c:\windows\system32\drivers\mbam.sys
2010-09-02 20:49 . 2010-09-02 20:49	--------	d-----w-	c:\users\birgit\AppData\Roaming\TrojanHunter
2010-09-02 20:45 . 2010-09-04 14:40	--------	d-----w-	c:\program files\TrojanHunter 5.3
2010-08-29 12:12 . 2010-08-29 13:10	--------	d-----w-	c:\temp\dvd-out
2010-08-13 14:37 . 2010-05-27 19:16	81920	----a-w-	c:\windows\system32\iccvid.dll
2010-08-13 14:37 . 2010-06-11 15:31	274432	----a-w-	c:\windows\system32\schannel.dll
2010-08-13 14:37 . 2010-06-21 13:18	2036736	----a-w-	c:\windows\system32\win32k.sys
2010-08-13 14:37 . 2010-06-18 16:43	36352	----a-w-	c:\windows\system32\rtutils.dll
2010-08-13 14:37 . 2010-06-08 17:00	3598216	----a-w-	c:\windows\system32\ntkrnlpa.exe
2010-08-13 14:37 . 2010-06-08 17:00	3545992	----a-w-	c:\windows\system32\ntoskrnl.exe
2010-08-13 14:37 . 2010-06-11 15:30	1257472	----a-w-	c:\windows\system32\msxml3.dll
2010-08-13 14:37 . 2010-06-18 14:43	302080	----a-w-	c:\windows\system32\drivers\srv.sys
2010-08-13 14:37 . 2010-06-18 14:43	144896	----a-w-	c:\windows\system32\drivers\srv2.sys
2010-08-13 14:37 . 2010-06-16 15:59	898952	----a-w-	c:\windows\system32\drivers\tcpip.sys
2010-08-10 16:30 . 2010-08-10 16:52	--------	d-----w-	c:\programdata\VirtualFarm

.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-06 19:17 . 2008-05-14 18:00	--------	d-----w-	c:\programdata\Kaspersky Lab
2010-09-06 19:14 . 2010-02-18 15:45	12	----a-w-	c:\windows\bthservsdp.dat
2010-09-06 17:06 . 2006-11-02 15:33	628504	----a-w-	c:\windows\system32\perfh007.dat
2010-09-06 17:06 . 2006-11-02 15:33	126054	----a-w-	c:\windows\system32\perfc007.dat
2010-09-06 16:36 . 2010-09-06 16:36	3427248	----a-w-	c:\programdata\ccsetup235.exe
2010-09-06 16:36 . 2010-09-06 16:36	3427248	----a-w-	c:\programdata\ccsetup235.exe
2010-09-05 19:19 . 2010-04-17 13:53	--------	d-----w-	c:\program files\pdfforge Toolbar
2010-09-05 17:05 . 2009-04-09 17:08	--------	d-----w-	c:\program files\Common Files\DVDVideoSoft
2010-09-05 17:03 . 2008-10-28 17:38	--------	d-----w-	c:\programdata\GamesBar
2010-09-05 17:03 . 2008-06-18 17:42	--------	d-----w-	c:\program files\GamesBar
2010-09-05 16:55 . 2008-05-14 07:30	--------	d-----w-	c:\program files\Yahoo!
2010-09-04 16:52 . 2010-09-04 16:52	6153648	----a-w-	c:\programdata\mbam-setup.exe
2010-09-04 16:52 . 2010-09-04 16:52	6153648	----a-w-	c:\programdata\mbam-setup.exe
2010-09-02 20:44 . 2010-09-02 20:44	22489640	----a-w-	c:\programdata\TrojanHunter53Setup.exe
2010-09-02 20:44 . 2010-09-02 20:44	22489640	----a-w-	c:\programdata\TrojanHunter53Setup.exe
2010-08-28 07:54 . 2010-05-08 14:03	57344	----a-w-	c:\programdata\DivX\RunAsUser\RUNASUSERPROCESS.dll
2010-08-28 07:53 . 2010-08-28 07:53	56765	----a-w-	c:\programdata\DivX\DivXPlusShortcuts\Uninstaller.exe
2010-08-28 07:53 . 2010-05-08 14:01	--------	d-----w-	c:\programdata\DivX
2010-08-28 07:53 . 2008-11-01 12:32	--------	d-----w-	c:\program files\DivX
2010-08-28 07:53 . 2010-08-28 07:53	56997	----a-w-	c:\programdata\DivX\WebPlayer\Uninstaller.exe
2010-08-28 07:53 . 2010-08-28 07:53	53600	----a-w-	c:\programdata\DivX\Update\Uninstaller.exe
2010-08-28 07:53 . 2010-08-28 07:53	57691	----a-w-	c:\programdata\DivX\Player\Uninstaller.exe
2010-08-28 07:53 . 2010-08-28 07:53	84063	----a-w-	c:\programdata\DivX\TransferWizard\Uninstaller.exe
2010-08-28 07:53 . 2010-08-28 07:53	54153	----a-w-	c:\programdata\DivX\DFXPlugin\Uninstaller.exe
2010-08-28 07:52 . 2010-08-28 07:53	185640	----a-w-	c:\programdata\DivX\Setup\finishPlugin.dll
2010-08-28 07:52 . 2010-08-28 07:52	144696	----a-w-	c:\programdata\DivX\RunAsUser\RUNASUSERPROCESS.exe
2010-08-28 07:52 . 2010-05-08 14:02	1062184	----a-w-	c:\programdata\DivX\Setup\Resource.dll
2010-08-28 07:52 . 2010-05-08 14:02	850200	----a-w-	c:\programdata\DivX\Setup\DivXSetup.exe
2010-08-26 17:09 . 2009-04-09 16:48	--------	d-----w-	c:\users\birgit\AppData\Roaming\dvdcss
2010-08-25 15:09 . 2010-08-25 15:09	15376	----a-w-	c:\programdata\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\rollback\patch\AutoPatches\kav9exec\9.0.0.459\clldr.dll
2010-08-25 15:09 . 2010-08-25 15:09	15376	----a-w-	c:\programdata\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav9exec\9.0.0.459\clldr.dll
2010-08-24 15:13 . 2010-02-06 12:16	--------	d-----w-	c:\program files\ICQ7.0
2010-08-22 11:39 . 2010-07-25 11:08	--------	d-----w-	c:\users\birgit\AppData\Roaming\DVDVideoSoftIEHelpers
2010-08-22 11:38 . 2009-04-09 17:08	--------	d-----w-	c:\program files\DVDVideoSoft
2010-08-22 11:37 . 2010-08-22 11:37	18088968	----a-w-	c:\programdata\FreeYouTubeToMp3Converter.exe
2010-08-22 11:37 . 2010-08-22 11:37	18088968	----a-w-	c:\programdata\FreeYouTubeToMp3Converter.exe
2010-08-22 10:24 . 2008-05-15 18:04	--------	d-----w-	c:\users\birgit\AppData\Roaming\ICQ
2010-08-18 17:31 . 2010-08-18 17:31	170584	----a-w-	c:\programdata\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav9exec\9.0.0.459\prloader.dll
2010-08-18 17:31 . 2010-08-18 17:31	311680	----a-w-	c:\programdata\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav9exec\9.0.0.459\avp.exe
2010-08-15 17:24 . 2010-08-15 17:24	52224	----a-w-	c:\users\birgit\AppData\Roaming\Mozilla\Firefox\Profiles\wuaw9i8h.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\components\FFExternalAlert.dll
2010-08-15 17:24 . 2010-08-15 17:24	101376	----a-w-	c:\users\birgit\AppData\Roaming\Mozilla\Firefox\Profiles\wuaw9i8h.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\components\RadioWMPCore.dll
2010-08-14 08:03 . 2007-05-06 22:57	--------	d-----w-	c:\programdata\Microsoft Help
2010-08-14 08:02 . 2006-11-02 11:18	--------	d-----w-	c:\program files\Windows Mail
2010-08-10 16:30 . 2008-05-25 07:34	--------	d-----w-	c:\users\birgit\AppData\Roaming\Zylom
2010-08-09 16:55 . 2010-01-06 19:25	--------	d-----w-	c:\users\birgit\AppData\Roaming\NevoSoft Games
2010-08-07 07:52 . 2009-07-01 16:52	--------	d-----w-	c:\programdata\Skype
2010-08-07 07:50 . 2010-02-18 15:47	--------	d-----w-	c:\program files\Common Files\Nokia
2010-08-07 07:50 . 2010-02-18 15:40	--------	d-----w-	c:\program files\Nokia
2010-08-06 18:37 . 2010-08-06 18:37	11971973	----a-w-	c:\programdata\FreeVideoToMp3Converter40.exe
2010-08-06 18:37 . 2010-08-06 18:37	11971973	----a-w-	c:\programdata\FreeVideoToMp3Converter40.exe
2010-08-06 16:14 . 2009-12-20 18:09	--------	d-----w-	c:\program files\Messenger Plus! Live
2010-07-31 10:19 . 2010-05-05 15:49	97549	----a-w-	c:\windows\system32\drivers\klick.dat
2010-07-31 10:19 . 2010-05-05 15:49	113933	----a-w-	c:\windows\system32\drivers\klin.dat
2010-07-24 09:19 . 2010-01-29 19:15	--------	d-----w-	c:\users\birgit\AppData\Roaming\Nokia
2010-07-24 09:18 . 2010-07-24 09:18	--------	d-----w-	c:\programdata\Nokia
2010-07-24 09:11 . 2010-01-29 19:15	--------	d-----w-	c:\programdata\PC Suite
2010-07-24 09:11 . 2010-07-24 09:11	0	---ha-w-	c:\windows\system32\drivers\Msft_User_PCCSWpdDriver_01_09_00.Wdf
2010-07-24 09:02 . 2010-07-24 09:02	--------	d-----w-	c:\program files\PC Connectivity Solution
2010-07-24 08:53 . 2010-07-24 08:53	12212040	----a-w-	c:\programdata\NokiaInstallerCache\ProductCache\{D5878294-C113-43c5-A24F-FC333C52015A}\Installer\CommonCustomActions\WMFDist11-WindowsXP-X86-ENU.exe
2010-07-24 08:53 . 2010-07-24 08:53	13930312	----a-w-	c:\programdata\NokiaInstallerCache\ProductCache\{D5878294-C113-43c5-A24F-FC333C52015A}\Installer\CommonCustomActions\WMFDist11-WindowsXP-X64-ENU.exe
2010-07-24 08:53 . 2010-07-24 08:53	77824	----a-w-	c:\programdata\NokiaInstallerCache\ProductCache\{D5878294-C113-43c5-A24F-FC333C52015A}\Installer\CommonCustomActions\Run_XML6_SP1.exe
2010-07-24 08:53 . 2010-07-24 08:53	38912	----a-w-	c:\programdata\NokiaInstallerCache\ProductCache\{D5878294-C113-43c5-A24F-FC333C52015A}\Installer\CommonCustomActions\WMF11Runx86.exe
2010-07-24 08:53 . 2010-07-24 08:53	38912	----a-w-	c:\programdata\NokiaInstallerCache\ProductCache\{D5878294-C113-43c5-A24F-FC333C52015A}\Installer\CommonCustomActions\WMF11Runx64.exe
2010-07-24 08:53 . 2010-07-24 08:53	50000	----a-w-	c:\programdata\NokiaInstallerCache\ProductCache\{D5878294-C113-43c5-A24F-FC333C52015A}\Installer\CommonCustomActions\pcswpc.exe
2010-07-24 08:52 . 2010-07-24 08:52	--------	d-----w-	c:\programdata\NokiaInstallerCache
2010-07-24 08:49 . 2010-07-24 08:53	103412296	----a-w-	c:\programdata\NokiaInstallerCache\ProductCache\{D5878294-C113-43c5-A24F-FC333C52015A}\Installer.exe
2010-07-23 16:34 . 2010-01-29 19:15	--------	d-----w-	c:\users\birgit\AppData\Roaming\PC Suite
2010-07-13 15:41 . 2010-07-13 15:41	--------	d-----w-	c:\programdata\Kristanix Games
2010-07-13 15:32 . 2010-07-13 15:07	--------	d-----w-	c:\programdata\FarmFrenzy3_Arctica
2010-06-26 06:05 . 2010-08-13 14:38	916480	----a-w-	c:\windows\system32\wininet.dll
2010-06-26 06:02 . 2010-08-13 14:38	109056	----a-w-	c:\windows\system32\iesysprep.dll
2010-06-26 06:02 . 2010-08-13 14:38	71680	----a-w-	c:\windows\system32\iesetup.dll
2010-06-26 04:25 . 2010-08-13 14:38	133632	----a-w-	c:\windows\system32\ieUnatt.exe
2010-06-15 15:21 . 2010-06-15 15:21	129624	----a-w-	c:\programdata\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav9exec\9.0.0.459\mmpprtc.dll
2009-07-14 18:21 . 2009-07-14 18:20	347432	----a-w-	c:\program files\WINWORD.EXE
2010-05-05 15:51 . 2010-05-05 15:51	604140	--sha-w-	c:\windows\System32\drivers\ISwift3.dat
.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{EEE6C35D-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll" [2010-03-18 187192]

[HKEY_CLASSES_ROOT\clsid\{eee6c35d-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"NokiaOviSuite2"="c:\program files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe" [2010-07-02 671608]
"Google Update"="c:\users\birgit\AppData\Local\Google\Update\GoogleUpdate.exe" [2010-08-06 136176]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NokiaMServer"="c:\program files\Common Files\Nokia\MPlatform\NokiaMServer" [X]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"RtHDVCpl"="RtHDVCpl.exe" [2007-07-06 4669440]
"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2007-02-06 464168]
"Skytel"="Skytel.exe" [2007-06-15 1826816]
"PlayMovie"="c:\program files\Acer Arcade Live\Acer PlayMovie\PMVService.exe" [2007-07-13 178280]
"WarReg_PopUp"="c:\acer\WR_PopUp\WarReg_PopUp.exe" [2006-11-05 57344]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"Acer Tour Reminder"="c:\acer\AcerTour\Reminder.exe" [2007-02-15 151552]
"PicPick Start"="c:\screenshoots\Picpick\picpick.exe" [2009-04-14 914432]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-06-05 292136]
"FreePDF Assistant"="c:\program files\FreePDF_XP\fpassist.exe" [2009-09-05 385024]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"PrintArtist"="c:\program files\Avanquest\Print Artist Platinum\ReminderApp.exe" [2009-07-02 144664]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-03-08 202256]
"SearchSettings"="c:\program files\pdfforge Toolbar\SearchSettings.exe" [2010-01-07 974848]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe" [2010-08-18 311680]
"SweetIM"="c:\program files\SweetIM\Messenger\SweetIM.exe" [2010-04-19 106496]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-08-20 1164584]
" Malwarebytes Anti-Malware  (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-04-29 1090952]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Acer Tour Reminder"="c:\acer\AcerTour\Reminder.exe" [2007-02-15 151552]

c:\users\birgit\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Empowering Technology Launcher.lnk - c:\acer\Empowering Technology\eAPLauncher.exe [2007-5-7 528384]
PCM Media Sharing.lnk - c:\program files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe [2007-5-7 200812]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\KASPER~1\KASPER~2\mzvkbd3.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2008-12-15 33808]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [2009-05-15 21008]
S2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};c:\program files\Acer Arcade Live\Acer PlayMovie\000.fcl [2007-08-31 39408]
S2 Acer HomeMedia Connect Service;Acer HomeMedia Connect Service;c:\program files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe [2007-04-04 266343]
S2 Application Updater;Application Updater;c:\program files\Application Updater\ApplicationUpdater.exe [2010-01-07 380928]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [2009-05-16 19472]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper	REG_MULTI_SZ   	getPlusHelper
bthsvcs	REG_MULTI_SZ   	BthServ
.
Inhalt des "geplante Tasks" Ordners

2010-09-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-99989120-414168423-3571821316-1000Core.job
- c:\users\birgit\AppData\Local\Google\Update\GoogleUpdate.exe [2010-08-06 18:03]

2010-09-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-99989120-414168423-3571821316-1000UA.job
- c:\users\birgit\AppData\Local\Google\Update\GoogleUpdate.exe [2010-08-06 18:03]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://start.icq.com/
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mStart Page = hxxp://de.intl.acer.yahoo.com
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://de.rd.yahoo.com/customize/ycomp/defaults/su/*hxxp://de.yahoo.com
IE: Free YouTube Download - c:\users\birgit\AppData\Roaming\DVDVideoSoftIEHelpers\youtubedownload.htm
IE: Free YouTube to Mp3 Converter - c:\users\birgit\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm
IE: Hinzufügen zu Anti-Banner - c:\program files\Kaspersky Lab\Kaspersky Internet Security 2010\ie_banner_deny.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Save YouTube Video - c:\program files\Common Files\DVDVideoSoft\Dll\IEContextMenuY.dll/scriptY2MP4.htm
FF - ProfilePath - c:\users\birgit\AppData\Roaming\Mozilla\Firefox\Profiles\wuaw9i8h.default\
FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampie7&query=
FF - prefs.js: browser.search.selectedEngine - LEO Eng-Deu
FF - prefs.js: browser.startup.homepage - chello.at
FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampab&query=
FF - component: c:\program files\Common Files\DVDVideoSoft\Dll\FFContextMenuY\components\FFContextMenu.dll
FF - component: c:\program files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru\components\KavLinkFilter.dll
FF - component: c:\program files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\components\FirefoxExtension.dll
FF - component: c:\program files\pdfforge Toolbar\FF\components\pdfforgeToolbarFF.dll
FF - component: c:\program files\pdfforge Toolbar\SSFF\components\SearchSettingsFF.dll
FF - component: c:\programdata\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components\nprpffbrowserrecordext.dll
FF - component: c:\users\birgit\AppData\Roaming\Mozilla\Firefox\Profiles\wuaw9i8h.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\components\WinampTBPlayer.dll
FF - component: c:\users\birgit\AppData\Roaming\Mozilla\Firefox\Profiles\wuaw9i8h.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\components\FFExternalAlert.dll
FF - component: c:\users\birgit\AppData\Roaming\Mozilla\Firefox\Profiles\wuaw9i8h.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\components\RadioWMPCore.dll
FF - component: c:\users\birgit\AppData\Roaming\Mozilla\Firefox\Profiles\wuaw9i8h.default\extensions\{9b339f6e-ddcd-401b-8764-230adbd01761}\components\FFExternalAlert.dll
FF - component: c:\users\birgit\AppData\Roaming\Mozilla\Firefox\Profiles\wuaw9i8h.default\extensions\{9b339f6e-ddcd-401b-8764-230adbd01761}\components\RadioWMPCore.dll
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: c:\users\birgit\AppData\Local\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\users\birgit\AppData\Roaming\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX Richtlinien ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true); 
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); 
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -

BHO-{ee1babcf-cbe2-4c07-8e18-dfe6fc08c30a}  - (no file)
HKCU-Run-ICQ - ~c:\program files\ICQ7.0\ICQ.exe
HKLM-Run-eRecoveryService - (no file)
SafeBoot-WudfPf
SafeBoot-WudfRd
AddRemove-{F37167DD-4436-4641-90B6-329D60632DDA} - c:\program files\InstallShield Installation Information\{F37167DD-4436-4641-90B6-329D60632DDA}\Setup.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2010-09-06 21:17
Windows 6.0.6001 Service Pack 1 NTFS

Scanne versteckte Prozesse... 

Scanne versteckte Autostarteinträge... 

Scanne versteckte Dateien... 

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}]
"ImagePath"="\??\c:\program files\Acer Arcade Live\Acer PlayMovie\000.fcl"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------

[HKEY_USERS\S-1-5-21-99989120-414168423-3571821316-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:71,4c,3b,bf,56,80,50,02,79,f6,c1,d9,17,8a,65,0e,a8,b9,e0,d2,61,be,1b,
   bb,62,18,3c,a3,4c,8c,68,c5,c6,e7,3d,b0,59,81,f3,d3,ed,cb,e6,c7,cb,65,b6,33,\
"??"=hex:14,b9,de,e2,71,1e,77,00,99,62,bc,41,e8,7c,95,79

[HKEY_USERS\S-1-5-21-99989120-414168423-3571821316-1000\Software\SecuROM\License information*]
@Allowed: (Read) (RestrictedCode)
"datasecu"=hex:10,bc,2e,6b,8a,60,59,bb,af,c9,a8,85,a6,33,30,74,b5,97,c1,d7,2b,
   cc,cd,36,ba,00,25,86,ed,99,5b,94,30,4f,94,f6,5d,cb,58,fd,b8,cc,23,72,9e,de,\
"rkeysecu"=hex:b6,8a,44,25,46,c4,1b,56,d2,08,da,b3,29,f6,76,ef

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------

- - - - - - - > 'Explorer.exe'(5596)
c:\windows\system32\MsnChatHook.dll
c:\windows\system32\ShowErrMsg.dll
c:\windows\system32\sysenv.dll
c:\windows\system32\BatchCrypto.dll
c:\windows\system32\CryptoAPI.dll
c:\windows\system32\keyManager.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\acer\Empowering Technology\ePerformance\MemCheck.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\acer\Empowering Technology\eDataSecurity\eDSService.exe
c:\program files\CDBurnerXP\NMSAccessU.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\acer\Empowering Technology\eRecovery\eRecoveryService.exe
c:\windows\system32\WUDFHost.exe
c:\windows\RtHDVCpl.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
c:\program files\Common Files\Nokia\MPlatform\NokiaMServer.exe
c:\windows\ehome\ehmsas.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
c:\acer\Empowering Technology\eRecovery\ERAGENT.EXE
c:\users\birgit\AppData\Local\Google\Update\1.2.183.29\GoogleCrashHandler.exe
c:\program files\PC Connectivity Solution\ServiceLayer.exe
c:\program files\PC Connectivity Solution\Transports\NclUSBSrv.exe
c:\program files\PC Connectivity Solution\Transports\NclRSSrv.exe
c:\program files\PC Connectivity Solution\Transports\NclMSBTSrv.exe
c:\program files\Common Files\Nokia\NoA\nokiaaserver.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2010-09-06  21:26:48 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2010-09-06 19:26

Vor Suchlauf: 27 Verzeichnis(se), 129.272.082.432 Bytes frei
Nach Suchlauf: 32 Verzeichnis(se), 128.939.151.360 Bytes frei

- - End Of File - - B4CC859B5A2951D22968EF090C0D95C5

--- --- ---

nur hab ich jetzt geschafft dass ich in keinen meiner browser mehr am pc rein komm ... irgendwas mit registrierungsschlüssel ...

cosinus · 06.09.2010, 20:41

Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus

Anschließend den bootkit_remover herunterladen. Entpacke das Tool in einen eigenen Ordner auf dem Desktop und führe in diesem Ordner die Datei remove.exe aus.

Wenn Du Windows Vista oder Windows 7 verwendest, musst Du die remover.exe über ein Rechtsklick => als Administrator ausführen

Ein schwarzes Fenster wird sich öffnen und automatisch nach bösartigen Veränderungen im MBR suchen.
Poste dann bitte, ob es Veränderungen gibt und wenn ja in welchem device. Am besten alles posten was die remover.exe ausgibt.

LadyFreaky · 06.09.2010, 20:46

dazu müsst ich erstmal einen meiner browser öffnen können

ka was ich da verbockt hab aber es kommt:

Es wurde versucht ... einen registrierungsschlüssel einem unzuverlässigen Vorgang zu unterziehen, der zum löschen markiert wurde

kommt bei IE, firefox und chrome

cosinus · 06.09.2010, 20:52

Versuch es im abgesicherten Modus oder mit einem anderen Benutzerkonto, zB einem dass Du neu über die Systemsteuerung erstellst...

LadyFreaky · 06.09.2010, 21:01

ich habs geschafft dass ich auch nicht mehr in die systemsteuerung komm mit der gleichen meldung ... oh shit was ha ich da bitte vermasselt bei cccleaner

irgendwie geht gar nxi mehr wollt mir jetzt durch stick opera holen aber wenn ich öffne kommt auch das mit dem schlüssel

cosinus · 06.09.2010, 21:17

Abgesicherter Modus??

LadyFreaky · 06.09.2010, 21:23

und was mach ich dort dann?!

cosinus · 06.09.2010, 21:40

Waswohl, Du sollst es dort probieren!

LadyFreaky · 06.09.2010, 22:18

so hier erstmal das von osram

OSAM Logfile:

Code:

ATTFilter

Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 23:16:31 on 06.09.2010

OS: Windows Vista Home Premium Edition Service Pack 1 (Build 6001), 32-bit
Default Browser: Microsoft Corporation Internet Explorer 8.00.6001.18702

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[AppInit DLLs]
-----( HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows )-----
"AppInit_DLLs" - "Kaspersky Lab" - C:\PROGRA~1\KASPER~1\KASPER~2\mzvkbd3.dll

[Common]
-----( %SystemRoot%\Tasks )-----
"GoogleUpdateTaskUserS-1-5-21-99989120-414168423-3571821316-1000Core.job" - "Google Inc." - C:\Users\birgit\AppData\Local\Google\Update\GoogleUpdate.exe
"GoogleUpdateTaskUserS-1-5-21-99989120-414168423-3571821316-1000UA.job" - "Google Inc." - C:\Users\birgit\AppData\Local\Google\Update\GoogleUpdate.exe

[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"DivXControlPanelApplet.cpl" - "DivX, Inc." - C:\Windows\system32\DivXControlPanelApplet.cpl
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"QuickTime" - "Apple Inc." - C:\Program Files\QuickTime\QTSystem\QuickTime.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"adfs" (adfs) - ? - C:\Windows\system32\drivers\adfs.sys  (File not found)
"catchme" (catchme) - ? - C:\cofi\catchme.sys  (File not found)
"FssFltr" (fssfltr) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\fssfltr.sys
"int15" (int15) - ? - C:\Acer\Empowering Technology\eRecovery\int15.sys  (File found, but it contains no detailed information)
"IP in IP Tunnel Driver" (IpInIp) - ? - C:\Windows\System32\DRIVERS\ipinip.sys  (File not found)
"IPX Traffic Filter Driver" (NwlnkFlt) - ? - C:\Windows\System32\DRIVERS\nwlnkflt.sys  (File not found)
"IPX Traffic Forwarder Driver" (NwlnkFwd) - ? - C:\Windows\System32\DRIVERS\nwlnkfwd.sys  (File not found)
"Kaspersky Lab Driver" (KLIF) - "Kaspersky Lab" - C:\Windows\System32\DRIVERS\klif.sys
"kl1" (kl1) - "Kaspersky Lab" - C:\Windows\System32\DRIVERS\kl1.sys
"LGE Mobile Composite USB Device" (usbbus) - ? - C:\Windows\System32\DRIVERS\lgusbbus.sys  (File not found)
"LGE Mobile USB Modem" (USBModem) - ? - C:\Windows\System32\DRIVERS\lgusbmodem.sys  (File not found)
"LGE Mobile USB Serial Port" (UsbDiag) - ? - C:\Windows\System32\DRIVERS\lgusbdiag.sys  (File not found)
"PSDFilter" (PSDFilter) - "HiTRUST" - C:\Windows\System32\DRIVERS\psdfilter.sys
"PSDNSERVER" (PSDNServ) - "HiTRUST" - C:\Windows\System32\drivers\PSDNServ.sys
"psdvdisk" (psdvdisk) - "HiTRUST" - C:\Windows\System32\drivers\psdvdisk.sys
"truecrypt" (truecrypt) - "TrueCrypt Foundation" - C:\Windows\System32\drivers\truecrypt.sys
"Upper Class Filter Driver" (NTIDrvr) - "NewTech Infosystems, Inc." - C:\Windows\System32\DRIVERS\NTIDrvr.sys
"{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}" ({49DE1C67-83F8-4102-99E0-C16DCC7EEC796}) - "Cyberlink Corp." - C:\Program Files\Acer Arcade Live\Acer PlayMovie\000.fcl

[Explorer]
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
-----( HKLM\Software\Classes\Protocols\Filter )-----
{807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
-----( HKLM\Software\Classes\Protocols\Handler )-----
{314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
{828030A1-22C1-4009-854F-8E305202313F} "livecall" - "Microsoft Corporation" - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
{0A9007C0-4076-11D3-8789-0000F8105754} "Microsoft Infotech Storage Protocol for IE 4.0" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll
{828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
{03C514A3-1EFB-4856-9F99-10D7BE1653C0} "Windows Live Mail HTML Asynchronous Pluggable Protocol Handler" - "Microsoft Corporation" - C:\Program Files\Windows Live\Mail\mailcomm.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )-----
{AEB6717E-7E19-11d0-97EE-00C04FD91972} "{AEB6717E-7E19-11d0-97EE-00C04FD91972}" - ? -   (File not found | COM-object registry key not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{911051fa-c21c-4246-b470-070cd8df6dc4} ".cab or .zip files" - ? -   (File not found | COM-object registry key not found)
{1b24a030-9b20-49bc-97ac-1be4426f9e59} "ActiveDirectory Folder" - ? -   (File not found | COM-object registry key not found)
{34449847-FD14-4fc8-A75A-7432F5181EFB} "ActiveDirectory Folder" - ? -   (File not found | COM-object registry key not found)
{0563DB41-F538-4B37-A92D-4659049B7766} "CLSID_WLMCMimeFilter" - "Microsoft Corporation" - C:\Program Files\Windows Live\Mail\mailcomm.dll
{0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48} "Contacts folder" - ? -   (File not found | COM-object registry key not found)
{2C2577C2-63A7-40e3-9B7F-586602617ECB} "Explorer Query Band" - ? -   (File not found | COM-object registry key not found)
{FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} "IE User Assist" - ? -   (File not found | COM-object registry key not found)
{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} "iTunes" - "Apple Inc." - C:\Program Files\iTunes\iTunesMiniPlayer.dll
{8D1636FD-CA49-4B4E-90E4-0A20E03A15E8} "JetFlExt Class" - "JetAudio" - C:\Program Files\JetAudio\JetFlExt.dll
{00020d75-0000-0000-c000-000000000046} "lnkfile" - ? -   (File not found | COM-object registry key not found)
{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\msohevi.dll
{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C} "Microsoft Office OneNote Namespace Extension for Windows Desktop Search" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\ONFILTER.DLL
{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} "RealOne Player Context Menu Class" - "RealNetworks, Inc." - c:\program files\real\realplayer\rpshell.dll
{C8494E42-ACDD-4739-B0FB-217361E4894F} "Sam Account Folder" - ? -   (File not found | COM-object registry key not found)
{E29F9716-5C08-4FCD-955A-119FDB5A522D} "Sam Account Folder" - ? -   (File not found | COM-object registry key not found)
{5E2121EE-0300-11D4-8D3B-444553540000} "SimpleShlExt Class" - ? - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\atiacmxx.dll
{BD88A479-9623-4897-8546-BC62B9628F44} "SPTHandler" - ? -   (File not found | COM-object registry key not found)
{2BE99FD4-A181-4996-BFA9-58C5FFD11F6C} "Windows Live Photo Gallery Autoplay Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F30F64-AC33-42F5-8FD1-5DC2D3FDE06C} "Windows Live Photo Gallery Editor Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F3712A-CA79-45B4-9E4D-D7891E7F8B9D} "Windows Live Photo Gallery Editor Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F30F90-3E96-453B-AFCD-D71989ECC2C7} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F33137-EE26-412F-8D71-F84E4C2C6625} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F374B7-B390-4884-B372-2FC349F2172B} "Windows Live Photo Gallery Viewer Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F346CB-35A4-465B-8B8F-65A29DBAB1F6} "Windows Live Photo Gallery Viewer Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
{da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" - ? -   (File not found | COM-object registry key not found)
{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - ? - C:\Program Files\WinRAR\rarext.dll
{06A2568A-CED6-4187-BB20-400B8C02BE5A} "{06A2568A-CED6-4187-BB20-400B8C02BE5A}" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoAcquireWizard.exe

[Internet Explorer]
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
<binary data> "&Windows Live Toolbar" - "Microsoft Corporation" - C:\Program Files\Windows Live\Toolbar\wltcore.dll
<binary data> "Acer eDataSecurity Management" - "HiTRUST" - C:\Windows\system32\eDStoolbar.dll
ITBar7Height "ITBar7Height" - ? -   (File not found | COM-object registry key not found)
<binary data> "ITBar7Layout" - ? -   (File not found | COM-object registry key not found)
<binary data> "ITBarLayout" - ? -   (File not found | COM-object registry key not found)
-----( HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks )-----
{EEE6C35D-6118-11DC-9C72-001320C79847} "SweetIM ToolbarURLSearchHook Class" - "SweetIM Technologies Ltd." - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll
{EF99BD32-C1FB-11D2-892F-0090271D4F88} "Yahoo! Toolbar mit Pop-Up-Blocker" - ? -   (File not found | COM-object registry key not found)
{E312764E-7706-43F1-8DAB-FCDD2B1E416D} "{E312764E-7706-43F1-8DAB-FCDD2B1E416D}" - ? -   (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} "a-squared Scanner" - "Emsi Software GmbH" - C:\Windows\DOWNLO~1\asquared.ocx / hxxp://ax.emsisoft.com/asquared.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_20" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_20.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C} "{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}" - ? -   (File not found | COM-object registry key not found) / hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
{E2883E8F-472F-4FB0-9522-AC9BF37916A7} "{E2883E8F-472F-4FB0-9522-AC9BF37916A7}" - ? -   (File not found | COM-object registry key not found) / hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
{4248FE82-7FCB-46AC-B270-339F08212110} "&Virtuelle Tastatur" - "Kaspersky Lab" - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
{48E73304-E1D6-4330-914C-F5F514E3486C} "An OneNote senden" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
"ICQ7" - "ICQ, LLC." - C:\Program Files\ICQ7.0\ICQ.exe
{5F7B1267-94A9-47F5-98DB-E99415F33AEC} "In Blog veröffentlichen" - "Microsoft Corporation" - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
{CCF151D8-D089-449F-A5A4-D9909053F20F} "Li&nks untersuchen" - "Kaspersky Lab" - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
{FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )-----
<binary data> "&Windows Live Toolbar" - "Microsoft Corporation" - C:\Program Files\Windows Live\Toolbar\wltcore.dll
<binary data> "Acer eDataSecurity Management" - "HiTRUST" - C:\Windows\system32\eDStoolbar.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
{E33CF602-D945-461A-83F0-819F76A199F8} "FilterBHO Class" - "Kaspersky Lab" - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
{59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} "IEVkbdBHO Class" - "Kaspersky Lab" - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ievkbd.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll
{3049C3E9-B461-4BC5-8870-4C09146192CA} "RealPlayer Download and Record Plugin for Internet Explorer" - "RealPlayer" - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
{6EBF7485-159F-4bff-A14F-B9E3AAC4465B} "Search Helper" - "Microsoft Corporation" - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
{83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} "ShowBarObj Class" - "HiTRUST" - C:\Windows\system32\ActiveToolBand.dll
{9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live Anmelde-Hilfsprogramm" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} "Windows Live Toolbar Helper" - "Microsoft Corporation" - C:\Program Files\Windows Live\Toolbar\wltcore.dll

[Logon]
-----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE  (Shortcut exists | File exists)
"desktop.ini" - ? - C:\Users\birgit\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
"Empowering Technology Launcher.lnk" - "Acer Inc." - C:\Acer\Empowering Technology\eAPLauncher.exe  (Shortcut exists | File exists)
"PCM Media Sharing.lnk" - ? - C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe  (Shortcut exists | File found, but it contains no detailed information | File exists)
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----
"Google Update" - "Google Inc." - "C:\Users\birgit\AppData\Local\Google\Update\GoogleUpdate.exe" /c
"NokiaOviSuite2" - "Nokia" - C:\Program Files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe -tray
-----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )-----
"StartupPrograms" - ? - rdpclip  (File not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"Acer Tour Reminder" - "Acer Inc." - C:\Acer\AcerTour\Reminder.exe
"Adobe ARM" - "Adobe Systems Incorporated" - "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"Adobe Reader Speed Launcher" - "Adobe Systems Incorporated" - "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"AVP" - "Kaspersky Lab" - "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe"
"DivXUpdate" - ? - "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
"eDataSecurity Loader" - "HiTRUST" - C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
"FreePDF Assistant" - "shbox.de" - C:\Program Files\FreePDF_XP\fpassist.exe
"iTunesHelper" - "Apple Inc." - "C:\Program Files\iTunes\iTunesHelper.exe"
" Malwarebytes Anti-Malware  (reboot)" - "Malwarebytes Corporation" - "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
"NokiaMServer" - "Nokia" - C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles startup
"PicPick Start" - ? - C:\Screenshoots\Picpick\picpick.exe  (File found, but it contains no detailed information)
"PlayMovie" - "CyberLink Corp." - "C:\Program Files\Acer Arcade Live\Acer PlayMovie\PMVService.exe"
"PrintArtist" - ? - "C:\Program Files\Avanquest\Print Artist Platinum\ReminderApp.exe" PrintArtist
"QuickTime Task" - "Apple Inc." - "C:\Program Files\QuickTime\QTTask.exe" -atboottime
"SearchSettings" - "Spigot, Inc." - C:\Program Files\pdfforge Toolbar\SearchSettings.exe
"StartCCC" - ? - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe  (File found, but it contains no detailed information)
"SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
"SweetIM" - "SweetIM Technologies Ltd." - C:\Program Files\SweetIM\Messenger\SweetIM.exe
"TkBellExe" - "RealNetworks, Inc." - "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
"WarReg_PopUp" - "Acer Inc." - C:\Acer\WR_PopUp\WarReg_PopUp.exe

[Print Monitors]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----
"PDFCreator" - ? - C:\Windows\system32\pdfcmnnt.dll  (File found, but it contains no detailed information)
"Redirected Port" - ? - C:\Windows\system32\redmonnt.dll  (File found, but it contains no detailed information)
"Send To Microsoft OneNote Monitor" - "Microsoft Corporation" - C:\Windows\system32\msonpmon.dll

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"@C:\Program Files\NOS\bin\getPlus_Helper.dll,-101" (getPlusHelper) - "NOS Microsystems Ltd." - C:\Program Files\NOS\bin\getPlus_Helper.dll
"@C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100" (WPFFontCache_v0400) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
"Acer HomeMedia Connect Service" (Acer HomeMedia Connect Service) - "CyberLink" - C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe
"Apple Mobile Device" (Apple Mobile Device) - "Apple Inc." - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
"Application Updater" (Application Updater) - "Spigot, Inc." - C:\Program Files\Application Updater\ApplicationUpdater.exe
"Bonjour-Dienst" (Bonjour Service) - "Apple Inc." - C:\Program Files\Bonjour\mDNSResponder.exe
"Cyberlink RichVideo Service(CRVS)" (RichVideo) - ? - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
"eDSService.exe" (eDataSecurity Service) - "HiTRSUT" - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
"ePerformance Service" (AcerMemUsageCheckService) - ? - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
"eRecovery Service" (eRecoveryService) - "Acer Inc." - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
"InstallDriver Table Manager" (IDriverT) - "Macrovision Corporation" - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
"iPod-Dienst" (iPod Service) - "Apple Inc." - C:\Program Files\iPod\bin\iPodService.exe
"Kaspersky Internet Security" (AVP) - "Kaspersky Lab" - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
"Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
"Microsoft Office Diagnostics Service" (odserv) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
"NMSAccessU" (NMSAccessU) - ? - C:\Program Files\CDBurnerXP\NMSAccessU.exe  (File found, but it contains no detailed information)
"Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
"SeaPort" (SeaPort) - "Microsoft Corporation" - C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
"ServiceLayer" (ServiceLayer) - "Nokia" - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
"Symantec Lic NetConnect service" (CLTNetCnService) - ? - "c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon  (File not found)
"Windows Live Family Safety-Dienst" (fsssvc) - "Microsoft Corporation" - C:\Program Files\Windows Live\Family Safety\fsssvc.exe

[Winlogon]
-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify )-----
"klogon" - "Kaspersky Lab" - C:\Windows\system32\klogon.dll

[Winsock Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )-----
"mdnsNSP" - "Apple Inc." - C:\Program Files\Bonjour\mdnsNSP.dll

===[ Logfile end ]=========================================[ Logfile end ]===

--- --- ---

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru

LadyFreaky · 06.09.2010, 22:24

Hier das letzte

cosinus · 06.09.2010, 22:32

Downloade Dir bitte MBRCheck (by a_d_13) und speichere die Datei auf dem Desktop.

Doppelklick auf die MBRCheck.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Das Tool braucht nur eine Sekunde.
Danach solltest du eine MBRCheck_<Datum>_<Uhrzeit>.txt auf dem Desktop finden.

Poste mir bitte den Inhalt des .txt Dokumentes

LadyFreaky · 06.09.2010, 22:36

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows Vista Home Premium Edition
Windows Information: Service Pack 1 (build 6001), 32-bit
Base Board Manufacturer: Acer
BIOS Manufacturer: Phoenix Technologies, LTD
System Manufacturer: Acer
System Product Name: Aspire M3100
Logical Drives Mask: 0x000003fc

Kernel Drivers (total 144):
0x86A3C000 \SystemRoot\system32\ntkrnlpa.exe
0x86A09000 \SystemRoot\system32\hal.dll
0x80607000 \SystemRoot\system32\kdcom.dll
0x8060F000 \SystemRoot\system32\PSHED.dll
0x80620000 \SystemRoot\system32\BOOTVID.dll
0x80628000 \SystemRoot\system32\CLFS.SYS
0x80669000 \SystemRoot\system32\CI.dll
0x80749000 \SystemRoot\system32\drivers\Wdf01000.sys
0x807C5000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x8E600000 \SystemRoot\system32\drivers\acpi.sys
0x8E646000 \SystemRoot\system32\drivers\WMILIB.SYS
0x8E64F000 \SystemRoot\system32\drivers\msisadrv.sys
0x8E657000 \SystemRoot\system32\drivers\pci.sys
0x8E67E000 \SystemRoot\System32\drivers\partmgr.sys
0x8E68D000 \SystemRoot\system32\drivers\volmgr.sys
0x8E69C000 \SystemRoot\System32\drivers\volmgrx.sys
0x8E6E6000 \SystemRoot\system32\drivers\pciide.sys
0x8E6ED000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x8E6FB000 \SystemRoot\System32\drivers\mountmgr.sys
0x8E70B000 \SystemRoot\system32\drivers\atapi.sys
0x8E713000 \SystemRoot\system32\drivers\ataport.SYS
0x8E731000 \SystemRoot\system32\drivers\fltmgr.sys
0x8E763000 \SystemRoot\system32\drivers\fileinfo.sys
0x8E773000 \SystemRoot\system32\DRIVERS\psdfilter.sys
0x8E77C000 \SystemRoot\system32\drivers\klbg.sys
0x8E787000 \SystemRoot\System32\Drivers\ksecdd.sys
0x8E806000 \SystemRoot\system32\drivers\ndis.sys
0x8E911000 \SystemRoot\system32\drivers\msrpc.sys
0x8E93C000 \SystemRoot\system32\drivers\NETIO.SYS
0x8EA03000 \SystemRoot\System32\drivers\tcpip.sys
0x8EAEC000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x8EC02000 \SystemRoot\System32\Drivers\Ntfs.sys
0x8ED11000 \SystemRoot\system32\drivers\volsnap.sys
0x8ED4A000 \SystemRoot\System32\Drivers\spldr.sys
0x8ED52000 \SystemRoot\system32\drivers\psdvdisk.sys
0x8ED64000 \SystemRoot\system32\drivers\PSDNServ.sys
0x8ED6D000 \SystemRoot\System32\Drivers\mup.sys
0x8ED7C000 \SystemRoot\System32\drivers\ecache.sys
0x8EDA3000 \SystemRoot\system32\drivers\disk.sys
0x8EDB4000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x8EDD5000 \SystemRoot\system32\DRIVERS\AtiPcie.sys
0x8EDDD000 \SystemRoot\system32\drivers\crcdisk.sys
0x8EDE6000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x8EDF1000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x8EB07000 \SystemRoot\system32\DRIVERS\processr.sys
0x96808000 \SystemRoot\system32\DRIVERS\atikmdag.sys
0x96F30000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x96FCF000 \SystemRoot\System32\drivers\watchdog.sys
0x96FDC000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x8EB16000 \SystemRoot\system32\DRIVERS\yk60x86.sys
0x8EB54000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x96FEE000 \SystemRoot\system32\DRIVERS\NTIDrvr.sys
0x96FF0000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0x8EB6C000 \SystemRoot\system32\DRIVERS\usbohci.sys
0x8EB76000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x8EBB4000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x8EBC3000 \SystemRoot\system32\DRIVERS\ohci1394.sys
0x8EBD3000 \SystemRoot\system32\DRIVERS\1394BUS.SYS
0x8EBE1000 \SystemRoot\system32\DRIVERS\fdc.sys
0x8E976000 \SystemRoot\system32\DRIVERS\serial.sys
0x8EBEC000 \SystemRoot\system32\DRIVERS\serenum.sys
0x8E990000 \SystemRoot\system32\DRIVERS\parport.sys
0x8E9A8000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x8EBF6000 \SystemRoot\system32\DRIVERS\klmouflt.sys
0x8E9BB000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x8E9C6000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x8E9D1000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x98003000 \SystemRoot\system32\DRIVERS\storport.sys
0x98044000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x9804F000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x98066000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x98071000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x98094000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x980A3000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x980B7000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x980CC000 \SystemRoot\system32\DRIVERS\termdd.sys
0x980DC000 \SystemRoot\system32\DRIVERS\swenum.sys
0x980DE000 \SystemRoot\system32\DRIVERS\ks.sys
0x98108000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x98112000 \SystemRoot\system32\DRIVERS\umbus.sys
0x9811F000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x98153000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x98171000 \SystemRoot\system32\drivers\HdAudio.sys
0x981B0000 \SystemRoot\system32\drivers\portcls.sys
0x807D2000 \SystemRoot\system32\drivers\drmk.sys
0x9760B000 \SystemRoot\system32\drivers\RTKVHDA.sys
0x97E03000 \SystemRoot\system32\DRIVERS\klif.sys
0x97E4C000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x97E55000 \SystemRoot\System32\Drivers\Null.SYS
0x97E5C000 \SystemRoot\System32\Drivers\Beep.SYS
0x97E6C000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x97E73000 \SystemRoot\System32\drivers\vga.sys
0x97E7F000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x97EA0000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x97EA8000 \SystemRoot\system32\drivers\rdpencdd.sys
0x97EB0000 \SystemRoot\System32\Drivers\Msfs.SYS
0x97EBB000 \SystemRoot\System32\Drivers\Npfs.SYS
0x97EC9000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x97ED2000 \SystemRoot\system32\DRIVERS\tdx.sys
0x97EE8000 \SystemRoot\system32\DRIVERS\smb.sys
0x9880E000 \SystemRoot\system32\DRIVERS\kl1.sys
0x98D2E000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0x98D40000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x98D42000 \SystemRoot\system32\drivers\afd.sys
0x98D8A000 \SystemRoot\System32\DRIVERS\netbt.sys
0x98DBC000 \SystemRoot\system32\DRIVERS\pacer.sys
0x98DD2000 \SystemRoot\system32\DRIVERS\klim6.sys
0x98DD9000 \SystemRoot\system32\DRIVERS\netbios.sys
0x98DE7000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x97EFC000 \SystemRoot\System32\drivers\truecrypt.sys
0x97F34000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x98800000 \SystemRoot\system32\drivers\nsiproxy.sys
0x97F70000 \SystemRoot\System32\Drivers\dfsc.sys
0x97F87000 \SystemRoot\System32\Drivers\fastfat.SYS
0x864C0000 \SystemRoot\System32\win32k.sys
0x97FAF000 \SystemRoot\System32\drivers\Dxapi.sys
0x97FB9000 \SystemRoot\system32\DRIVERS\monitor.sys
0x866E0000 \SystemRoot\System32\TSDDD.dll
0x86700000 \SystemRoot\System32\cdd.dll
0x86710000 \SystemRoot\System32\ATMFD.DLL
0x97FC8000 \SystemRoot\system32\drivers\luafv.sys
0x97FE3000 \SystemRoot\system32\drivers\WudfPf.sys
0xA3409000 \SystemRoot\system32\drivers\spsys.sys
0xA34B8000 \SystemRoot\system32\DRIVERS\lltdio.sys
0xA34C8000 \SystemRoot\system32\DRIVERS\rspndr.sys
0xA34DB000 \SystemRoot\system32\drivers\HTTP.sys
0xA3548000 \SystemRoot\System32\DRIVERS\srvnet.sys
0xA3565000 \SystemRoot\system32\DRIVERS\bowser.sys
0xA357E000 \SystemRoot\System32\drivers\mpsdrv.sys
0xA3593000 \SystemRoot\system32\drivers\mrxdav.sys
0xA35B3000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xA3C01000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0xA3C3A000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0xA3C52000 \SystemRoot\System32\DRIVERS\srv2.sys
0xA3C79000 \SystemRoot\System32\DRIVERS\srv.sys
0xA3CC7000 \SystemRoot\system32\DRIVERS\parvdm.sys
0xA3CCE000 \??\C:\Acer\Empowering Technology\eRecovery\int15.sys
0xA3CDF000 \SystemRoot\system32\drivers\peauth.sys
0xA3DBD000 \SystemRoot\System32\Drivers\secdrv.SYS
0xA3DC7000 \SystemRoot\System32\drivers\tcpipreg.sys
0xA3DD3000 \??\C:\Program Files\Acer Arcade Live\Acer PlayMovie\000.fcl
0xA35D2000 \SystemRoot\system32\DRIVERS\WUDFRd.sys
0x977D6000 \SystemRoot\system32\DRIVERS\cdfs.sys
0x76FB0000 \Windows\System32\ntdll.dll

Processes (total 91):
0 System Idle Process
4 System
512 C:\Windows\System32\smss.exe
580 csrss.exe
636 C:\Windows\System32\wininit.exe
648 csrss.exe
680 C:\Windows\System32\services.exe
708 C:\Windows\System32\winlogon.exe
720 C:\Windows\System32\lsass.exe
744 C:\Windows\System32\lsm.exe
892 C:\Windows\System32\svchost.exe
952 C:\Windows\System32\svchost.exe
1004 C:\Windows\System32\svchost.exe
1072 C:\Windows\System32\Ati2evxx.exe
1096 C:\Windows\System32\svchost.exe
1132 C:\Windows\System32\svchost.exe
1188 C:\Windows\System32\svchost.exe
1280 C:\Windows\System32\audiodg.exe
1304 C:\Windows\System32\svchost.exe
1324 C:\Windows\System32\SLsvc.exe
1388 C:\Windows\System32\svchost.exe
1468 C:\Windows\System32\Ati2evxx.exe
1584 C:\Windows\System32\svchost.exe
1760 C:\Windows\System32\spoolsv.exe
1784 C:\Windows\System32\svchost.exe
544 C:\Windows\System32\taskeng.exe
1944 C:\Windows\System32\dwm.exe
332 C:\Windows\System32\taskeng.exe
1564 C:\Windows\explorer.exe
2088 C:\Program Files\Windows Defender\MSASCui.exe
2096 C:\Windows\RtHDVCpl.exe
2108 C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
2124 C:\Program Files\Acer Arcade Live\Acer PlayMovie\PMVService.exe
2168 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
2264 C:\Program Files\iTunes\iTunesHelper.exe
2280 C:\Program Files\FreePDF_XP\fpassist.exe
2304 C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
2324 C:\Program Files\Common Files\Java\Java Update\jusched.exe
2360 C:\Program Files\Avanquest\Print Artist Platinum\ReminderApp.exe
2368 C:\Program Files\Common Files\Real\Update_OB\realsched.exe
2388 C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
2404 C:\Program Files\SweetIM\Messenger\SweetIM.exe
2420 C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe
2464 C:\Program Files\DivX\DivX Update\DivXUpdate.exe
2504 C:\Program Files\Windows Sidebar\sidebar.exe
2524 C:\Windows\ehome\ehtray.exe
2532 C:\Program Files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe
2552 C:\Users\birgit\AppData\Local\Google\Update\GoogleUpdate.exe
2560 C:\Program Files\Windows Media Player\wmpnscfg.exe
2628 C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe
2660 C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
2992 C:\Windows\ehome\ehmsas.exe
3008 C:\Acer\Empowering Technology\Acer.Empowering.Framework.Supervisor.exe
3052 C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe
3072 C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
3164 C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
3184 C:\Program Files\Application Updater\ApplicationUpdater.exe
3208 C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
3220 C:\Program Files\Bonjour\mDNSResponder.exe
3244 C:\Windows\System32\svchost.exe
3272 C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
3320 C:\Program Files\CDBurnerXP\NMSAccessU.exe
3448 C:\Windows\System32\svchost.exe
3460 C:\Program Files\CyberLink\Shared Files\RichVideo.exe
3492 C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
3580 C:\Windows\System32\svchost.exe
3616 C:\Windows\System32\svchost.exe
3668 C:\Windows\System32\SearchIndexer.exe
3716 C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
844 C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
2272 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
2544 WUDFHost.exe
2980 C:\Program Files\Windows Media Player\wmpnetwk.exe
3252 C:\Windows\System32\mobsync.exe
4696 C:\Program Files\iPod\bin\iPodService.exe
4836 C:\Users\birgit\AppData\Local\Google\Update\1.2.183.29\GoogleCrashHandler.exe
6052 C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
1476 C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
4212 C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
2256 C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe
2712 C:\Program Files\Common Files\Nokia\NoA\nokiaaserver.exe
5816 C:\Program Files\Mozilla Firefox\firefox.exe
4360 C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtblfs.exe
4344 C:\Windows\System32\wuauclt.exe
4456 C:\Windows\explorer.exe
4392 C:\Program Files\Mozilla Firefox\plugin-container.exe
4144 C:\Windows\System32\SearchProtocolHost.exe
4284 C:\Windows\System32\SearchFilterHost.exe
4820 <unknown>
284 <unknown>
5772 C:\Users\birgit\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000001`f3947600 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x0000003b`3be4a400 (NTFS)

PhysicalDrive0 Model Number: ST3500830AS, Rev: 3.AAD

Size Device Name MBR Status
--------------------------------------------
465 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: 75374D27B77E61C9316E27BACDEE41C1E2C9874E

Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:

06.09.2010, 20:52	#37
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Trojaner_Clicker in sims 2 die Haustiere Versuch es im abgesicherten Modus oder mit einem anderen Benutzerkonto, zB einem dass Du neu über die Systemsteuerung erstellst... __________________ Logfiles bitte immer in CODE-Tags posten

06.09.2010, 21:17	#39
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Trojaner_Clicker in sims 2 die Haustiere Abgesicherter Modus?? __________________ Logfiles bitte immer in CODE-Tags posten

06.09.2010, 21:40	#41
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Trojaner_Clicker in sims 2 die Haustiere Waswohl, Du sollst es dort probieren! __________________ Logfiles bitte immer in CODE-Tags posten

Trojaner_Clicker in sims 2 die Haustiere

Plagegeister aller Art und deren Bekämpfung: Trojaner_Clicker in sims 2 die Haustiere