Logs nach Antimaleware doctor und Security Tool

ines000 · 17.09.2010, 14:06

Hallo!

Hab mir antimaleware doctor und security tool gleichzeitig eingefangen. die anleitung befolgt (rkill.exe, Malewarebyte Anti-Maleware, ccleaner und rsit.exe). mein anti-maleware findet nichts mehr.
hab dann noch OTL.exe drüber laufen lassen.

anbei die log-datein.

lg, ines

cosinus · 17.09.2010, 18:27

Hallo und

Beende alle Programme, starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Hinweis: Falls Du Deinen Benutzernamen unkenntlich gemacht hast, musst Du das Ausgesternte in Deinen richtigen Benutzernamen wieder verwandeln, sonst funktioniert das Script nicht!!

Code:

ATTFilter

:OTL
O33 - MountPoints2\{ca8cbd65-fa71-11dc-963e-0016d3e3c032}\Shell\AutoRun\command - "" = H:\myfolder\myfile.exe -- File not found
O33 - MountPoints2\{ca8cbd65-fa71-11dc-963e-0016d3e3c032}\Shell\open\command - "" = H:\myfolder\myfile.exe -- File not found
[2010.09.13 19:33:02 | 000,000,000 | -H-D | C] -- C:\Users\Public\Documents\Windows
[2010.09.13 19:32:59 | 000,000,000 | -H-D | C] -- C:\Users\Public\Documents\Server
[2010.08.28 20:53:30 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Windows
[2010.08.28 20:53:28 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Windows Server
@Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:70E897B5
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:B623B5B8
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:B203B914
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:94188BC6
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:A95A95AC
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:798A3728
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:AA9519A6
@Alternate Data Stream - 102 bytes -> C:\ProgramData\TEMP:30A9E86A
:Commands
[purity]
[resethosts]
[emptytemp]

Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

ines000 · 18.09.2010, 11:44

hier das log.
Danke.
lg, ines

All processes killed
========== OTL ==========
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ca8cbd65-fa71-11dc-963e-0016d3e3c032}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ca8cbd65-fa71-11dc-963e-0016d3e3c032}\ not found.
File H:\myfolder\myfile.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ca8cbd65-fa71-11dc-963e-0016d3e3c032}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ca8cbd65-fa71-11dc-963e-0016d3e3c032}\ not found.
File H:\myfolder\myfile.exe not found.
C:\Users\Public\Documents\Windows folder moved successfully.
C:\Users\Public\Documents\Server folder moved successfully.
Folder C:\Users\***\AppData\Local\Windows\ not found.
Folder C:\Users\***\AppData\Local\Windows Server\ not found.
ADS C:\ProgramData\TEMP:70E897B5 deleted successfully.
ADS C:\ProgramData\TEMP:B623B5B8 deleted successfully.
ADS C:\ProgramData\TEMP:B203B914 deleted successfully.
ADS C:\ProgramData\TEMP:94188BC6 deleted successfully.
ADS C:\ProgramData\TEMP:A95A95AC deleted successfully.
ADS C:\ProgramData\TEMP:798A3728 deleted successfully.
ADS C:\ProgramData\TEMP:AA9519A6 deleted successfully.
ADS C:\ProgramData\TEMP:30A9E86A deleted successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Gast
->Temp folder emptied: 483221 bytes
->Temporary Internet Files folder emptied: 885411 bytes
->Flash cache emptied: 75 bytes

User: ***
->Temp folder emptied: 6329469 bytes
->Temporary Internet Files folder emptied: 17105429 bytes
->Java cache emptied: 18614126 bytes
->FireFox cache emptied: 8248633 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 12379 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 73701230 bytes
RecycleBin emptied: 298904 bytes

Total Files Cleaned = 120,00 mb

OTL by OldTimer - Version 3.2.12.1 log created on 09182010_122442

Files\Folders moved on Reboot...
File\Folder C:\Users\***\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\YLPKY572\0,2x1;p=b;ct=com;b=smgb;b=smga;id=nm1024677;bpx=2;s=341;s=344;s=343;s=1009;s=335;s=284;s=336;s=32;s=c2;s=c3;s=c4;s=c4;s=c1; s=c1;;u=5067888486233876;ord=5067888486233876[1] not found!
File\Folder C:\Users\***\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\YLPKY572\0_SY90_BO120,0,0,0_PIimdb-blackband,BottomLeft,120,-119_PIimdb-bluebutton,BottomLeft,213,-121_CR120,120,120,90_ZATrailer,4,61,19,120,verdenab,8,255,255,255,1_FMpng_[1].png not found!
File\Folder C:\Users\***\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\YLPKY572\0_SY90_BO120,0,0,0_PIimdb-blackband,BottomLeft,120,-119_PIimdb-bluebutton,BottomLeft,213,-121_CR120,120,120,90_ZATrailer,4,61,19,120,verdenab,8,255,255,255,1_FMpng_[2].png not found!
File\Folder C:\Users\***\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\YLPKY572\0_ZATrailer,4,61,19,120,verdenab,8,255,255,255,1_CR0,14,120,76_BO14,83,105,140_CR14,0,120,90_ZAat%20AllTrailers.net%20%BB,3 ,0,14,120,verdenab,7,255,255,255,1_FMpng_[1].png not found!
File\Folder C:\Users\***\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\YLPKY572\1176740;m=R;g=co;g=ro;tt=f;coo=usa;coo=uk;bpx=2;s=341;s=344;s=343;s=1009;s=335;s=284;s=336;s=32;s=c1;s=c4;s=c4;s=c2;s=c3;s= c1;;u=928699441438455.9;ord=928699441438455[1].9 not found!
File\Folder C:\Users\***\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\YLPKY572\11x1;p=tr;ct=com;b=smgb;b=smga;id=nm1024677;bpx=2;s=341;s=344;s=343;s=1009;s=335;s=284;s=336;s=32;s=c2;s=c3;s=c4;s=c4;s=c1; s=c1;;u=5067888486233876;ord=5067888486233876[1] not found!
File\Folder C:\Users\***\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\YLPKY572\1x1,4x1;p=f1;ifb=pf;ct=com;id=nm0005222;bpx=2;s=341;s=344;s=343;s=1009;s=335;s=284;s=336;s=32;s=c4;s=c3;s=c4;s=c2;s=c1;s=c1 ;;u=1591086468148308.2;ord=1591086468148308[1].2 not found!
File\Folder C:\Users\***\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\YLPKY572\5;sz=728x90,2x1;p=b;ct=com;id=nm0005222;bpx=2;s=341;s=344;s=343;s=1009;s=335;s=284;s=336;s=32;s=c4;s=c3;s=c4;s=c2;s=c1;s=c1 ;;u=1591086468148308.2;ord=1591086468148308[1].2 not found!
File\Folder C:\Users\***\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\YLPKY572\aindetails;tile=2;sz=728x90,1008x150,1008x200,9x1;p=t;p=top;ct=com;id=nm0050332;bpx=2;s=1009;s=32;s=c4;s=c4;s=c1;s=c3;s=c1; s=c2;;u=4660560389570105;ord=4660560389570105[1] not found!
File\Folder C:\Users\***\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\YLPKY572\c;g=dr;id=tt0959337;g=ro;k=c;coo=usa;coo=uk;bpx=2;s=341;s=344;s=343;s=1009;s=335;s=284;s=336;s=32;s=c4;s=c4;s=c3;s=c1;s=c2; s=c1;;u=6137154938803572;ord=6137154938803572[1] not found!
File\Folder C:\Users\***\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\YLPKY572\oo=usa;id=nm1024677;b=smga;k=c;id=nm1289434;bpx=2;s=341;s=344;s=343;s=1009;s=335;s=284;s=336;s=32;s=c2;s=c3;s=c4;s=c1;s=c4; s=c1;;u=6792239174377075;ord=6792239174377075[1] not found!
File\Folder C:\Users\***\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\YLPKY572\oo=usa;id=nm1024677;b=smga;k=c;id=nm1289434;bpx=2;s=341;s=344;s=343;s=1009;s=335;s=284;s=336;s=32;s=c2;s=c3;s=c4;s=c1;s=c4; s=c1;;u=6792239174377075;ord=6792239174377075[2] not found!
File\Folder C:\Users\***\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\P3H0Z0E4\008x200,9x1;p=t;p=top;ct=com;id=nm0005222;bpx=2;s=341;s=344;s=343;s=1009;s=335;s=284;s=336;s=32;s=c1;s=c3;s=c2;s=c1;s=c4;s= c4;;u=409347628136193.5;ord=409347628136193[1].5 not found!
File\Folder C:\Users\***\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\P3H0Z0E4\0_SY90_BO120,0,0,0_PIimdb-blackband,BottomLeft,120,-119_PIimdb-bluebutton,BottomLeft,213,-121_CR120,120,120,90_ZATrailer,4,61,19,120,verdenab,8,255,255,255,1_FMpng_[1].png not found!
File\Folder C:\Users\***\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\P3H0Z0E4\1176740;m=R;g=co;g=ro;tt=f;coo=usa;coo=uk;bpx=2;s=341;s=344;s=343;s=1009;s=335;s=284;s=336;s=32;s=c1;s=c4;s=c4;s=c2;s=c3;s= c1;;u=928699441438455.9;ord=928699441438455[1].9 not found!
File\Folder C:\Users\***\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\P3H0Z0E4\90,2x1;p=b;ct=com;m=R;tt=f;b=t250;b=t250a;g=dr;id=tt0169547;k=i;k=t;k=c;coo=usa;bpx=2;s=1009;s=32;s=c4;s=c4;s=c1;s=c3;s=c1; s=c2;;u=7047381126500512;ord=7047381126500512[1] not found!
File\Folder C:\Users\***\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\P3H0Z0E4\;sz=300x250,11x1;p=tr;ct=com;id=nm0005222;bpx=2;s=341;s=344;s=343;s=1009;s=335;s=284;s=336;s=32;s=c1;s=c3;s=c2;s=c1;s=c4;s= c4;;u=409347628136193.5;ord=409347628136193[1].5 not found!
File\Folder C:\Users\***\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\P3H0Z0E4\c;g=dr;id=tt0959337;g=ro;k=c;coo=usa;coo=uk;bpx=2;s=341;s=344;s=343;s=1009;s=335;s=284;s=336;s=32;s=c4;s=c4;s=c3;s=c1;s=c2; s=c1;;u=6137154938803572;ord=6137154938803572[1] not found!
File\Folder C:\Users\***\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\P3H0Z0E4\c;g=dr;id=tt0959337;g=ro;k=c;coo=usa;coo=uk;bpx=2;s=341;s=344;s=343;s=1009;s=335;s=284;s=336;s=32;s=c4;s=c4;s=c3;s=c1;s=c2; s=c1;;u=6137154938803572;ord=6137154938803572[2] not found!
File\Folder C:\Users\***\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\P3H0Z0E4\e=5;sz=728x90,2x1;p=b;ct=com;id=nm0005222;bpx=2;s=341;s=344;s=343;s=1009;s=335;s=284;s=336;s=32;s=c1;s=c3;s=c2;s=c1;s=c4;s= c4;;u=409347628136193.5;ord=409347628136193[1].5 not found!
File\Folder C:\Users\***\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\P3H0Z0E4\f1;ifb=pf;ct=com;b=smgb;b=smga;id=nm1024677;bpx=2;s=341;s=344;s=343;s=1009;s=335;s=284;s=336;s=32;s=c1;s=c4;s=c4;s=c2;s=c3; s=c1;;u=7215140792865926;ord=7215140792865926[1] not found!
File\Folder C:\Users\***\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\P3H0Z0E4\p=t;p=top;ct=com;b=smgb;b=smga;id=nm1024677;bpx=2;s=341;s=344;s=343;s=1009;s=335;s=284;s=336;s=32;s=c1;s=c4;s=c4;s=c2;s=c3; s=c1;;u=7215140792865926;ord=7215140792865926[1] not found!
File\Folder C:\Users\***\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\P3H0Z0E4\SY90_BO120,0,0,0_PIimdb-blackband,BottomLeft,120,-119_PIimdb-bluebutton,BottomLeft,213,-121_CR120,120,120,90_ZAInterview,4,61,19,120,verdenab,8,255,255,255,1_FMpng_[1].png not found!
File\Folder C:\Users\***\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\P3H0Z0E4\t250a;g=dr;id=tt0169547;k=i;k=t;k=c;coo=usa;bpx=2;s=341;s=344;s=343;s=1009;s=335;s=284;s=336;s=32;s=c4;s=c3;s=c4;s=c1;s=c2; s=c1;;u=6989310762067084;ord=6989310762067084[1] not found!
File\Folder C:\Users\***\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\P3H0Z0E4\t250a;g=dr;id=tt0169547;k=i;k=t;k=c;coo=usa;bpx=2;s=341;s=344;s=343;s=1009;s=335;s=284;s=336;s=32;s=c4;s=c3;s=c4;s=c1;s=c2; s=c1;;u=6989310762067084;ord=6989310762067084[2] not found!
File\Folder C:\Users\***\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\P3H0Z0E4\tt1176740;m=R;g=co;g=ro;tt=f;coo=usa;coo=uk;bpx=2;s=341;s=344;s=343;s=1009;s=335;s=284;s=336;s=32;s=c2;s=c3;s=c4;s=c4;s=c1; s=c1;;u=8511977271597531;ord=8511977271597531[1] not found!
File\Folder C:\Users\***\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\P3H0Z0E4\tt1176740;m=R;g=co;g=ro;tt=f;coo=usa;coo=uk;bpx=2;s=341;s=344;s=343;s=1009;s=335;s=284;s=336;s=32;s=c2;s=c3;s=c4;s=c4;s=c1; s=c1;;u=8511977271597531;ord=8511977271597531[2] not found!
File\Folder C:\Users\***\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\P3H0Z0E4\z=300x250,11x1;p=tr;ct=com;id=nm0005222;bpx=2;s=341;s=344;s=343;s=1009;s=335;s=284;s=336;s=32;s=c4;s=c3;s=c4;s=c2;s=c1;s=c1 ;;u=1591086468148308.2;ord=1591086468148308[1].2 not found!
File\Folder C:\Users\***\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\OBFPE7S0\,11x1;p=tr;ct=com;m=R;tt=f;b=t250;b=t250a;g=dr;id=tt0169547;k=i;k=t;k=c;coo=usa;bpx=2;s=1009;s=32;s=c4;s=c4;s=c1;s=c3;s=c1; s=c2;;u=7047381126500512;ord=7047381126500512[1] not found!
File\Folder C:\Users\***\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\OBFPE7S0\0,2x1;p=b;ct=com;b=smgb;b=smga;id=nm1024677;bpx=2;s=341;s=344;s=343;s=1009;s=335;s=284;s=336;s=32;s=c1;s=c4;s=c4;s=c2;s=c3; s=c1;;u=7215140792865926;ord=7215140792865926[1] not found!
File\Folder C:\Users\***\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\OBFPE7S0\0,90_ZATrailer,4,61,19,120,verdenab,8,255,255,255,1_CR0,14,120,76_BO14,83,105,140_CR14,0,120,90_ZAat%20CineMagia.ro%20%BB,3 ,0,14,120,verdenab,7,255,255,255,1_FMpng_[1].png not found!
File\Folder C:\Users\***\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\OBFPE7S0\0_SY90_BO120,0,0,0_PIimdb-blackband,BottomLeft,116,-119_PIimdb-bluebutton,BottomLeft,209,-121_CR116,120,120,90_ZATrailer,4,61,19,120,verdenab,8,255,255,255,1_FMpng_[1].png not found!
File\Folder C:\Users\***\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\OBFPE7S0\0_SY90_BO120,0,0,0_PIimdb-blackband,BottomLeft,120,-119_PIimdb-bluebutton,BottomLeft,213,-121_CR120,120,120,90_ZATrailer,4,61,19,120,verdenab,8,255,255,255,1_FMpng_[1].png not found!
File\Folder C:\Users\***\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\OBFPE7S0\0_SY90_BO120,0,0,0_PIimdb-blackband,BottomLeft,120,-119_PIimdb-bluebutton,BottomLeft,213,-121_CR120,120,120,90_ZATrailer,4,61,19,120,verdenab,8,255,255,255,1_FMpng_[2].png not found!
File\Folder C:\Users\***\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\OBFPE7S0\0_SY90_BO120,0,0,0_PIimdb-blackband,BottomLeft,120,-119_PIimdb-bluebutton,BottomLeft,213,-121_CR120,120,120,90_ZATrailer,4,61,19,120,verdenab,8,255,255,255,1_FMpng_[3].png not found!
File\Folder C:\Users\***\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\OBFPE7S0\0_SY90_BO120,0,0,0_PIimdb-blackband,BottomLeft,120,-119_PIimdb-bluebutton,BottomLeft,213,-121_CR120,120,120,90_ZATrailer,4,61,19,120,verdenab,8,255,255,255,1_FMpng_[4].png not found!
File\Folder C:\Users\***\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\OBFPE7S0\1176740;m=R;g=co;g=ro;tt=f;coo=usa;coo=uk;bpx=2;s=341;s=344;s=343;s=1009;s=335;s=284;s=336;s=32;s=c1;s=c4;s=c4;s=c2;s=c3;s= c1;;u=928699441438455.9;ord=928699441438455[1].9 not found!
File\Folder C:\Users\***\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\OBFPE7S0\120_SY90_BO120,0,0,0_PIimdb-blackband,BottomLeft,120,-119_PIimdb-bluebutton,BottomLeft,213,-121_CR120,120,120,90_ZAPromo,4,61,19,120,verdenab,8,255,255,255,1_FMpng_[1].png not found!
File\Folder C:\Users\***\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\OBFPE7S0\=f1;ifb=pf;ct=com;m=R;tt=f;b=t250;b=t250a;g=dr;id=tt0169547;k=i;k=t;k=c;coo=usa;bpx=2;s=1009;s=32;s=c4;s=c4;s=c1;s=c3;s=c1; s=c2;;u=7047381126500512;ord=7047381126500512[1] not found!
File\Folder C:\Users\***\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\OBFPE7S0\f1;ifb=pf;ct=com;b=smgb;b=smga;id=nm1024677;bpx=2;s=341;s=344;s=343;s=1009;s=335;s=284;s=336;s=32;s=c2;s=c3;s=c4;s=c4;s=c1; s=c1;;u=5067888486233876;ord=5067888486233876[1] not found!
File\Folder C:\Users\***\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\OBFPE7S0\oo=usa;id=nm1024677;b=smga;k=c;id=nm1289434;bpx=2;s=341;s=344;s=343;s=1009;s=335;s=284;s=336;s=32;s=c2;s=c3;s=c4;s=c1;s=c4; s=c1;;u=6792239174377075;ord=6792239174377075[1] not found!
File\Folder C:\Users\***\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\OBFPE7S0\oo=usa;id=nm1024677;b=smga;k=c;id=nm1289434;bpx=2;s=341;s=344;s=343;s=1009;s=335;s=284;s=336;s=32;s=c2;s=c3;s=c4;s=c1;s=c4; s=c1;;u=6792239174377075;ord=6792239174377075[2] not found!
File\Folder C:\Users\***\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\OBFPE7S0\p=t;p=top;ct=com;b=smgb;b=smga;id=nm1024677;bpx=2;s=341;s=344;s=343;s=1009;s=335;s=284;s=336;s=32;s=c2;s=c3;s=c4;s=c4;s=c1; s=c1;;u=5067888486233876;ord=5067888486233876[1] not found!
File\Folder C:\Users\***\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\OBFPE7S0\tt1176740;m=R;g=co;g=ro;tt=f;coo=usa;coo=uk;bpx=2;s=341;s=344;s=343;s=1009;s=335;s=284;s=336;s=32;s=c2;s=c3;s=c4;s=c4;s=c1; s=c1;;u=8511977271597531;ord=8511977271597531[1] not found!
File\Folder C:\Users\***\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\OBFPE7S0\X120_SY90_BO120,0,0,0_PIimdb-blackband,BottomLeft,120,-119_PIimdb-bluebutton,BottomLeft,213,-121_CR120,120,120,90_ZAClip,4,61,19,120,verdenab,8,255,255,255,1_FMpng_[1].png not found!
File\Folder C:\Users\***\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\OBFPE7S0\X120_SY90_BO120,0,0,0_PIimdb-blackband,BottomLeft,120,-119_PIimdb-bluebutton,BottomLeft,213,-121_CR120,120,120,90_ZAClip,4,61,19,120,verdenab,8,255,255,255,1_FMpng_[2].png not found!
File\Folder C:\Users\***\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\OBFPE7S0\X120_SY90_BO120,0,0,0_PIimdb-blackband,BottomLeft,120,-119_PIimdb-bluebutton,BottomLeft,213,-121_CR120,120,120,90_ZAClip,4,61,19,120,verdenab,8,255,255,255,1_FMpng_[3].png not found!
File\Folder C:\Users\***\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\OBFPE7S0\X120_SY90_BO120,0,0,0_PIimdb-blackband,BottomLeft,120,-119_PIimdb-bluebutton,BottomLeft,213,-121_CR120,120,120,90_ZAClip,4,61,19,120,verdenab,8,255,255,255,1_FMpng_[4].png not found!
File\Folder C:\Users\***\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\OBFPE7S0\X120_SY90_BO120,0,0,0_PIimdb-blackband,BottomLeft,120,-119_PIimdb-bluebutton,BottomLeft,213,-121_CR120,120,120,90_ZAClip,4,61,19,120,verdenab,8,255,255,255,1_FMpng_[5].png not found!
File\Folder C:\Users\***\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\OBFPE7S0\Y90_BO120,0,0,0_PIimdb-blackband,BottomLeft,116,-119_PIimdb-bluebutton,BottomLeft,209,-121_CR116,120,120,90_ZAFeaturette,4,61,19,120,verdenab,8,255,255,255,1_FMpng_[1].png not found!
File\Folder C:\Users\***\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\OBFPE7S0\z=1x1,4x1;p=f1;ifb=pf;ct=com;id=nm0005222;bpx=2;s=341;s=344;s=343;s=1009;s=335;s=284;s=336;s=32;s=c1;s=c3;s=c2;s=c1;s=c4;s= c4;;u=409347628136193.5;ord=409347628136193[1].5 not found!
File\Folder C:\Users\***\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\EUV9CWST\0_SY90_BO120,0,0,0_PIimdb-blackband,BottomLeft,120,-119_PIimdb-bluebutton,BottomLeft,213,-121_CR120,120,120,90_ZATrailer,4,61,19,120,verdenab,8,255,255,255,1_FMpng_[1].png not found!
File\Folder C:\Users\***\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\EUV9CWST\0_SY90_BO120,0,0,0_PIimdb-blackband,BottomLeft,120,-119_PIimdb-bluebutton,BottomLeft,213,-121_CR120,120,120,90_ZATrailer,4,61,19,120,verdenab,8,255,255,255,1_FMpng_[2].png not found!
File\Folder C:\Users\***\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\EUV9CWST\0_SY90_BO120,0,0,0_PIimdb-blackband,BottomLeft,120,-119_PIimdb-bluebutton,BottomLeft,213,-121_CR120,120,120,90_ZATrailer,4,61,19,120,verdenab,8,255,255,255,1_FMpng_[3].png not found!
File\Folder C:\Users\***\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\EUV9CWST\1176740;m=R;g=co;g=ro;tt=f;coo=usa;coo=uk;bpx=2;s=341;s=344;s=343;s=1009;s=335;s=284;s=336;s=32;s=c1;s=c4;s=c4;s=c2;s=c3;s= c1;;u=928699441438455.9;ord=928699441438455[1].9 not found!
File\Folder C:\Users\***\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\EUV9CWST\11x1;p=tr;ct=com;b=smgb;b=smga;id=nm1024677;bpx=2;s=341;s=344;s=343;s=1009;s=335;s=284;s=336;s=32;s=c1;s=c4;s=c4;s=c2;s=c3; s=c1;;u=7215140792865926;ord=7215140792865926[1] not found!
File\Folder C:\Users\***\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\EUV9CWST\8x200,9x1;p=t;p=top;ct=com;id=nm0005222;bpx=2;s=341;s=344;s=343;s=1009;s=335;s=284;s=336;s=32;s=c4;s=c3;s=c4;s=c2;s=c1;s=c1 ;;u=1591086468148308.2;ord=1591086468148308[1].2 not found!
File\Folder C:\Users\***\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\EUV9CWST\;p=t;p=top;ct=com;m=R;tt=f;b=t250;b=t250a;g=dr;id=tt0169547;k=i;k=t;k=c;coo=usa;bpx=2;s=1009;s=32;s=c4;s=c4;s=c1;s=c3;s=c1; s=c2;;u=7047381126500512;ord=7047381126500512[1] not found!
File\Folder C:\Users\***\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\EUV9CWST\c;g=dr;id=tt0959337;g=ro;k=c;coo=usa;coo=uk;bpx=2;s=341;s=344;s=343;s=1009;s=335;s=284;s=336;s=32;s=c4;s=c4;s=c3;s=c1;s=c2; s=c1;;u=6137154938803572;ord=6137154938803572[1] not found!
File\Folder C:\Users\***\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\EUV9CWST\SY90_BO120,0,0,0_PIimdb-blackband,BottomLeft,120,-119_PIimdb-bluebutton,BottomLeft,213,-121_CR120,120,120,90_ZAInterview,4,61,19,120,verdenab,8,255,255,255,1_FMpng_[1].png not found!
File\Folder C:\Users\***\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\EUV9CWST\t250a;g=dr;id=tt0169547;k=i;k=t;k=c;coo=usa;bpx=2;s=341;s=344;s=343;s=1009;s=335;s=284;s=336;s=32;s=c4;s=c3;s=c4;s=c1;s=c2; s=c1;;u=6989310762067084;ord=6989310762067084[1] not found!
File\Folder C:\Users\***\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\EUV9CWST\t250a;g=dr;id=tt0169547;k=i;k=t;k=c;coo=usa;bpx=2;s=341;s=344;s=343;s=1009;s=335;s=284;s=336;s=32;s=c4;s=c3;s=c4;s=c1;s=c2; s=c1;;u=6989310762067084;ord=6989310762067084[2] not found!
File\Folder C:\Users\***\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\EUV9CWST\tt1176740;m=R;g=co;g=ro;tt=f;coo=usa;coo=uk;bpx=2;s=341;s=344;s=343;s=1009;s=335;s=284;s=336;s=32;s=c2;s=c3;s=c4;s=c4;s=c1; s=c1;;u=8511977271597531;ord=8511977271597531[1] not found!
File\Folder C:\Windows\temp\WFV5F01.tmp not found!

Registry entries deleted on Reboot...

cosinus · 18.09.2010, 12:43

Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix

Lade dir ComboFix hier herunter auf deinen Desktop. Benenne es beim Runterladen um in cofi.exe.

Dann folgende Anleitung durchlesen und abarbeiten -> CCleaner Systembereinigung

Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.

Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.

Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.

Wichtiger Hinweis:

Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

ines000 · 18.09.2010, 20:58

Hier das combofix log:
Combofix Logfile:

Code:

ATTFilter

ComboFix 10-09-17.04 - *** 18.09.2010  21:02:34.1.2 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.43.1031.18.2046.1096 [GMT 2:00]
ausgeführt von:: c:\users\***\Desktop\ComboFix.exe
AV: McAfee VirusScan Enterprise *On-access scanning enabled* (Updated) {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}
SP: Avira AntiVir PersonalEdition *enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
SP: Windows-Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\***\AppData\Local\Windows Server
c:\users\***AppData\Local\Windows Server\admin.txt
c:\users\***\AppData\Local\Windows Server\flags.ini
c:\users\***\AppData\Local\Windows Server\hlp.dat
c:\users\***\AppData\Local\Windows Server\server.dat
c:\users\*** AppData\Local\Windows Server\uses32.dat
c:\users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Antimalware Doctor
c:\users\***AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Antimalware Doctor\Antimalware Doctor.lnk
c:\users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Antimalware Doctor\Uninstall.lnk
c:\users\***\Herbert.exe
c:\windows\system\BisonC07.dll

.
(((((((((((((((((((((((   Dateien erstellt von 2010-08-18 bis 2010-09-18  ))))))))))))))))))))))))))))))
.

2010-09-18 10:24 . 2010-09-18 10:24	--------	d-----w-	C:\_OTL
2010-09-17 13:31 . 2010-09-17 15:04	--------	d-----w-	c:\programdata\FarmFrenzy3
2010-09-17 13:27 . 2010-09-17 13:27	--------	d-----w-	c:\program files\Purplehills
2010-09-17 13:21 . 2010-09-17 13:21	--------	d-----w-	c:\users\Gast\AppData\Local\Google
2010-09-17 13:20 . 2010-09-17 13:20	--------	d-----w-	c:\users\Gast\AppData\Roaming\Apple Computer
2010-09-17 13:20 . 2010-09-17 13:20	--------	d-----w-	c:\users\Gast\AppData\Roaming\Malwarebytes
2010-09-17 13:19 . 2010-09-17 13:19	--------	d-----w-	c:\users\Gast\AppData\Roaming\ATI
2010-09-17 13:19 . 2010-09-17 13:19	--------	d-----w-	c:\users\Gast\AppData\Local\PlayMovie
2010-09-17 13:19 . 2010-09-17 13:19	--------	d-----w-	c:\users\Gast\AppData\Local\ATI
2010-09-17 13:19 . 2010-09-17 13:19	102424	----a-w-	c:\users\Gast\AppData\Local\GDIPFONTCACHEV1.DAT
2010-09-16 18:12 . 2010-08-30 12:33	43008	----a-w-	c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\ggahrqh4.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbarloader.dll
2010-09-16 18:12 . 2010-08-30 12:34	1496064	----a-w-	c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\ggahrqh4.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
2010-09-16 18:12 . 2010-08-30 12:33	346112	----a-w-	c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\ggahrqh4.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff3.dll
2010-09-16 18:12 . 2010-08-30 12:33	338944	----a-w-	c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\ggahrqh4.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff2.dll
2010-09-16 13:52 . 2010-04-16 16:46	502272	----a-w-	c:\windows\system32\usp10.dll
2010-09-16 13:52 . 2010-08-17 14:11	128000	----a-w-	c:\windows\system32\spoolsv.exe
2010-09-16 13:52 . 2010-04-05 17:02	317952	----a-w-	c:\windows\system32\MP4SDECD.DLL
2010-09-16 13:51 . 2010-05-27 20:08	739328	----a-w-	c:\windows\system32\inetcomm.dll
2010-09-12 20:11 . 2010-09-12 20:36	--------	d-----w-	c:\users\***\AppData\Roaming\BloodTies
2010-09-12 13:55 . 2010-09-12 13:55	--------	d-----w-	c:\users\***\AppData\Roaming\GameHousev1000
2010-09-11 09:52 . 2010-09-12 19:02	--------	d-----w-	c:\users\***\AppData\Roaming\Gamers Digital
2010-09-11 09:52 . 2010-09-12 19:02	--------	d-----w-	c:\programdata\Gamers Digital
2010-09-10 21:35 . 2010-09-10 21:35	--------	d-----w-	c:\users\***\AppData\Roaming\My Games
2010-09-10 18:12 . 2010-09-10 18:12	--------	d-----w-	c:\users\***\AppData\Roaming\GameHouse
2010-09-10 18:12 . 2010-09-10 18:12	--------	d-----w-	c:\programdata\GameHouse
2010-09-08 18:01 . 2010-09-08 18:01	--------	d-----w-	c:\users\***\AppData\Roaming\Big Fish Games
2010-08-28 18:53 . 2010-08-29 17:12	--------	d-----w-	c:\users\***\AppData\Local\Windows

.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-18 18:50 . 2009-01-01 18:03	--------	d-----w-	c:\program files\McAfee
2010-09-17 11:44 . 2010-07-15 11:04	--------	d-----w-	c:\program files\trend micro
2010-09-17 11:40 . 2010-08-03 13:25	--------	d-----w-	c:\program files\RealArcade
2010-09-17 11:37 . 2007-08-22 11:32	--------	d-----w-	c:\programdata\Microsoft Help
2010-09-17 11:31 . 2006-11-02 11:18	--------	d-----w-	c:\program files\Windows Mail
2010-09-17 11:23 . 2010-07-15 10:39	--------	d-----w-	c:\program files\CCleaner
2010-09-16 19:00 . 2010-04-20 15:20	--------	d-----w-	c:\users\***\AppData\Roaming\64AF16D2F09658DD376D9252C6DA496E
2010-09-11 15:46 . 2008-04-27 17:16	--------	d-----w-	c:\programdata\MumboJumbo
2010-09-10 19:14 . 2010-08-03 21:22	--------	d-----w-	c:\users\***\AppData\Roaming\PlayFirst
2010-09-10 19:14 . 2010-08-03 21:22	--------	d-----w-	c:\programdata\PlayFirst
2010-09-01 20:43 . 2007-08-22 20:49	628742	----a-w-	c:\windows\system32\perfh007.dat
2010-09-01 20:43 . 2007-08-22 20:49	126260	----a-w-	c:\windows\system32\perfc007.dat
2010-08-28 08:25 . 2010-06-25 06:34	--------	d-----w-	c:\users\***\AppData\Roaming\LimeWire
2010-08-17 19:43 . 2008-03-25 15:05	--------	d-----w-	c:\program files\Google
2010-08-11 16:31 . 2010-08-11 16:31	0	----a-w-	c:\users\***\AppData\Roaming\wklnhst.dat
2010-08-11 15:48 . 2008-08-28 08:10	7592	----a-w-	c:\users\***\AppData\Local\d3d9caps.dat
2010-08-10 11:41 . 2010-07-15 09:55	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2010-08-10 04:40 . 2008-06-13 06:43	16384	----a-w-	c:\windows\system32\drivers\nsiproxy.sys
2010-08-07 11:47 . 2010-08-07 11:47	0	---ha-w-	c:\windows\system32\drivers\Msft_Kernel_NuidFltr_01005.Wdf
2010-08-05 16:46 . 2010-08-05 16:46	--------	d-----w-	c:\programdata\MythPeople
2010-08-05 16:13 . 2010-08-05 16:13	--------	d-----w-	c:\users\***\AppData\Roaming\ViquaSoft
2010-08-05 14:40 . 2010-08-05 14:40	--------	d-----w-	c:\users\***\AppData\Roaming\Gamelab
2010-08-04 09:59 . 2010-08-04 09:59	4096	----a-w-	c:\windows\d3dx.dat
2010-08-04 09:59 . 2010-08-04 09:59	--------	d-----w-	c:\users\***\AppData\Roaming\GamesCafe
2010-08-02 23:55 . 2010-08-02 22:55	--------	d-----w-	c:\programdata\Fashion Solitaire 1.2
2010-08-02 22:55 . 2010-08-02 22:55	--------	d-----w-	c:\programdata\Trymedia
2010-08-02 09:11 . 2010-08-02 09:10	--------	d-----w-	c:\programdata\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-08-02 09:11 . 2010-08-02 09:10	--------	d-----w-	c:\program files\iTunes
2010-08-02 09:10 . 2010-08-02 09:10	--------	d-----w-	c:\program files\iPod
2010-08-02 09:10 . 2008-03-31 09:00	--------	d-----w-	c:\program files\Common Files\Apple
2010-08-02 09:08 . 2010-08-02 09:07	--------	d-----w-	c:\program files\QuickTime
2010-08-02 08:58 . 2010-08-02 08:58	--------	d-----w-	c:\program files\Bonjour
2010-08-02 08:52 . 2010-08-02 08:52	73000	----a-w-	c:\programdata\Apple Computer\Installer Cache\iTunes 9.2.1.5\SetupAdmin.exe
2010-08-02 08:26 . 2010-08-02 08:26	0	---ha-w-	c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
2010-07-22 22:05 . 2010-06-25 06:33	--------	d-----w-	c:\program files\Ask.com
2010-07-15 11:12 . 2010-07-15 11:12	2728840	----a-w-	c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\ggahrqh4.default\extensions\toolbar@ask.com\chrome\temp\askToolbar.exe
2010-06-26 06:05 . 2010-08-10 18:58	916480	----a-w-	c:\windows\system32\wininet.dll
2010-06-26 06:02 . 2010-08-10 18:58	71680	----a-w-	c:\windows\system32\iesetup.dll
2010-06-26 06:02 . 2010-08-10 18:58	109056	----a-w-	c:\windows\system32\iesysprep.dll
2010-06-26 04:25 . 2010-08-10 18:58	133632	----a-w-	c:\windows\system32\ieUnatt.exe
2010-06-24 06:59 . 2010-06-24 06:59	501936	----a-w-	c:\programdata\Google\Google Toolbar\Update\gtb864D.tmp.exe
2010-06-23 14:51 . 2010-06-23 14:51	501936	----a-w-	c:\programdata\Google\Google Toolbar\Update\gtbFBAE.tmp.exe
2010-06-21 13:37 . 2010-08-10 18:57	2037760	----a-w-	c:\windows\system32\win32k.sys
2009-04-03 19:53 . 2008-04-11 16:48	67688	----a-w-	c:\program files\mozilla firefox\components\jar50.dll
2009-04-03 19:53 . 2008-04-11 16:48	54368	----a-w-	c:\program files\mozilla firefox\components\jsd3250.dll
2009-04-03 19:53 . 2008-04-29 18:24	34944	----a-w-	c:\program files\mozilla firefox\components\myspell.dll
2009-04-03 19:53 . 2008-04-29 18:24	46712	----a-w-	c:\program files\mozilla firefox\components\spellchk.dll
2009-04-03 19:53 . 2008-04-11 16:48	172136	----a-w-	c:\program files\mozilla firefox\components\xpinstal.dll
.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-06-10 1233288]

[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0C37B053-FD68-456a-82E1-D788EE342E6F}]
2009-05-07 21:46	2642432	----a-w-	c:\program files\Family Toolbar\tbcore3.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2010-06-10 15:28	1233288	----a-w-	c:\program files\Ask.com\GenericAskToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{FD2FD708-1F6F-4B68-B141-C5778F0C19BB}"= "c:\program files\Family Toolbar\tbcore3.dll" [2009-05-07 2642432]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-06-10 1233288]

[HKEY_CLASSES_ROOT\clsid\{fd2fd708-1f6f-4b68-b141-c5778f0c19bb}]
[HKEY_CLASSES_ROOT\MHToolbar.MHToolbar.3]
[HKEY_CLASSES_ROOT\TypeLib\{EC4085F2-8DB3-45a6-AD0B-CA289F3C5D7E}]
[HKEY_CLASSES_ROOT\MHToolbar.MHToolbar]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{FD2FD708-1F6F-4B68-B141-C5778F0C19BB}"= "c:\program files\Family Toolbar\tbcore3.dll" [2009-05-07 2642432]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-06-10 1233288]

[HKEY_CLASSES_ROOT\clsid\{fd2fd708-1f6f-4b68-b141-c5778f0c19bb}]
[HKEY_CLASSES_ROOT\MHToolbar.MHToolbar.3]
[HKEY_CLASSES_ROOT\TypeLib\{EC4085F2-8DB3-45a6-AD0B-CA289F3C5D7E}]
[HKEY_CLASSES_ROOT\MHToolbar.MHToolbar]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-10 1233920]
"Acer Tour Reminder"="c:\acer\AcerTour\Reminder.exe" [2007-05-22 151552]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-01-26 39408]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"Skype"="c:\program files\Skype\\Phone\Skype.exe" [2010-05-13 26192168]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-03-21 174872]
"RtHDVCpl"="RtHDVCpl.exe" [2007-04-23 4435968]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"PlayMovie"="c:\program files\Acer Arcade Deluxe\Play Movie\PMVService.exe" [2007-05-24 206952]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-05-09 865840]
"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2007-04-25 457216]
"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2007-07-04 834056]
"eAudio"="c:\acer\Empowering Technology\eAudio\eAudio.exe" [2007-06-11 1286144]
"WarReg_PopUp"="c:\acer\WR_PopUp\WarReg_PopUp.exe" [2006-11-05 57344]
"MBBalloon"="c:\program files\HOTALBUMMyBOX\MBBalloon.exe" [2006-12-15 787096]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"Skytel"="Skytel.exe" [2007-04-13 1822720]
" Malwarebytes Anti-Malware  (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-04-29 1090952]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-18 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-07-21 141608]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Acer VCM.lnk - c:\program files\Acer\Acer VCM\AcerVCM.exe [2008-3-25 1208320]
Empowering Technology Launcher.lnk - c:\acer\Empowering Technology\eAPLauncher.exe [2007-8-22 535336]
MediaChecker.lnk - c:\program files\HOTALBUMMyBOX\MediaChecker.exe [2006-12-15 913560]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-06-03 136176]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2007-02-08 179712]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S0 O2MDRDR;O2MDRDR;c:\windows\system32\DRIVERS\o2media.sys [2007-04-03 39680]
S0 O2SDRDR;O2SDRDR;c:\windows\system32\DRIVERS\o2sd.sys [2007-04-02 35712]
S0 PzWDM;PzWDM;c:\windows\system32\Drivers\PzWDM.sys [2008-04-02 15172]
S2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};c:\program files\Acer Arcade Deluxe\Play Movie\000.fcl [2006-11-02 13560]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation	REG_MULTI_SZ   	FontCache
.
Inhalt des "geplante Tasks" Ordners

2008-04-19 c:\windows\Tasks\Auf Updates für Windows Live Toolbar prüfen.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 09:20]

2010-09-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-06-03 13:24]

2010-09-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-06-03 13:24]

2010-09-18 c:\windows\Tasks\User_Feed_Synchronization-{E299FDC3-4D0E-4351-9F0B-50F93C599DEF}.job
- c:\windows\system32\msfeedssync.exe [2010-08-10 04:24]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.gmx.net/
mStart Page = hxxp://search.myheritage.com
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://de.rd.yahoo.com/customize/ycomp/defaults/su/*hxxp://de.yahoo.com
IE: Add to Windows &Live Favorites - hxxp://favorites.live.com/quickadd.aspx
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
DPF: {6C7CAD20-85AA-475A-AC0D-303C4A9A69CE} - hxxp://webgames.d.tmsrv.com/c=235d04bef31d5067988cdadb8580da4e/aff=t_12em_wg/p/release/playfirst/wg_greatchocolate/greatchocolate/greatchocolatechaseweb.1.0.0.12.cab
DPF: {74E4A24D-5224-4F05-8A41-99445E0FC22B} - hxxp://www.gamehouse.com/games/gamehouse/ghplayer.cab
DPF: {7D492D61-303A-45C3-8A55-63449339943D} - hxxp://webgames.d.tmsrv.com/c=235d04bef31d5067988cdadb8580da4e/aff=t_12em_wg/p/release/playfirst/wg_nightshiftcode/nightshiftcode/NightShiftCodeWeb.1.0.0.5.cab
DPF: {BA162249-F2C5-4851-8ADC-FC58CB424243} - hxxp://static.pe.studivz.net/photouploader/ImageUploader5.cab?nocache=1206466590
DPF: {C0C0CB9B-BFEB-47C2-90FA-BE9692875ADB} - hxxp://webgames.d.tmsrv.com/c=235d04bef31d5067988cdadb8580da4e/aff=t_12em_wg/p/release/playfirst/wg_petshophop/petshophop/petshophopweb.1.0.0.16.cab
FF - ProfilePath - c:\users\Ines Schwarz\AppData\Roaming\Mozilla\Firefox\Profiles\ggahrqh4.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: browser.startup.homepage - hxxp://search.myheritage.com/
FF - prefs.js: keyword.URL - hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=LMW2&o=16062&locale=de_US&q=
FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll
FF - component: c:\users\Ines Schwarz\AppData\Roaming\Mozilla\Firefox\Profiles\ggahrqh4.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX Richtlinien ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.allow_platform_file_picker", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.cookie.p3plevel",             1); // 0=low, 1=medium, 2=high, 3=custom
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.enablePad",                   false); // Allow client to do proxy autodiscovery
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.default", "chrome://branding/content/searchconfig.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.custom",  "chrome://branding/content/searchconfig.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("signon.prefillForms",                 true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.enabled", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.remoteLookups", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.provider.0.updateURL", "hxxp://sb.google.com/safebrowsing/update?client={moz:client}&appver={moz:version}&");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.provider.0.lookupURL", "hxxp://sb.google.com/safebrowsing/lookup?sourceid=firefox-antiphish&features=TrustRank&client={moz:client}&appver={moz:version}&");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.provider.0.reportURL", "hxxp://sb.google.com/safebrowsing/report?");
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -

HKLM-Run-Acer Tour - (no file)
HKLM-Run-eRecoveryService - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2010-09-18 21:11
Windows 6.0.6002 Service Pack 2 NTFS

Scanne versteckte Prozesse... 

Scanne versteckte Autostarteinträge... 

Scanne versteckte Dateien... 

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}]
"ImagePath"="\??\c:\program files\Acer Arcade Deluxe\Play Movie\000.fcl"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
Zeit der Fertigstellung: 2010-09-18  21:15:04
ComboFix-quarantined-files.txt  2010-09-18 19:15

Vor Suchlauf: 18 Verzeichnis(se), 20.568.117.248 Bytes frei
Nach Suchlauf: 23 Verzeichnis(se), 19.770.220.544 Bytes frei

- - End Of File - - 5AA12C57CA8CAFABECB4EB9824259556

--- --- ---

cosinus · 19.09.2010, 17:17

Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus

Anschließend den bootkit_remover herunterladen. Entpacke das Tool in einen eigenen Ordner auf dem Desktop und führe in diesem Ordner die Datei remove.exe aus.

Wenn Du Windows Vista oder Windows 7 verwendest, musst Du die remover.exe über ein Rechtsklick => als Administrator ausführen

Ein schwarzes Fenster wird sich öffnen und automatisch nach bösartigen Veränderungen im MBR suchen.
Poste dann bitte, ob es Veränderungen gibt und wenn ja in welchem device. Am besten alles posten was die remover.exe ausgibt.

ines000 · 20.09.2010, 14:10

so.

gmer ausgeführt:

GMER Logfile:

Code:

ATTFilter

GMER 1.0.15.15281 - hxxp://www.gmer.net
Rootkit scan 2010-09-20 14:20:52
Windows 6.0.6002 Service Pack 2
Running: hi22oic1.exe; Driver: C:\Users\***~1\AppData\Local\Temp\aglyiuoc.sys


---- System - GMER 1.0.15 ----

Code            \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)         ZwCreateFile [0x9D5114FB]
Code            \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)         ZwCreateProcess [0x9D511525]
Code            \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)         ZwProtectVirtualMemory [0x9D51150F]
Code            \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)         ZwTerminateProcess [0x9D5114E7]
Code            \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)         NtCreateFile

---- Kernel code sections - GMER 1.0.15 ----

PAGE            ntkrnlpa.exe!ZwTerminateProcess                                                                      82434DA3 5 Bytes  JMP 9D5114EB \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE            ntkrnlpa.exe!ZwProtectVirtualMemory                                                                  8245DF3D 7 Bytes  JMP 9D511513 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE            ntkrnlpa.exe!NtCreateFile                                                                            82485E5B 5 Bytes  JMP 9D5114FF \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE            ntkrnlpa.exe!ZwCreateProcess                                                                         824D58BF 5 Bytes  JMP 9D511529 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
init            C:\Windows\system32\Drivers\PzWDM.sys                                                                entry point in "init" section [0x82D7730E]

---- User IAT/EAT - GMER 1.0.15 ----

IAT             C:\Windows\Explorer.EXE[2204] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown]                [742B7817] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[2204] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage]                 [7430A86D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[2204] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI]             [742BBB22] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[2204] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode]       [742AF695] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[2204] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup]                 [742B75E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[2204] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC]              [742AE7CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[2204] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM]  [742E8395] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[2204] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream]     [742BDA60] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[2204] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight]             [742AFFFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[2204] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth]              [742AFF61] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[2204] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage]               [742A71CF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[2204] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM]       [7433CAE2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[2204] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile]          [742DC8D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[2204] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics]             [742AD968] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[2204] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree]                       [742A6853] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[2204] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc]                      [742A687E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[2204] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode]         [742B2AD1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice  \FileSystem\Ntfs \Ntfs                                                                               mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
AttachedDevice  \Driver\kbdclass \Device\KeyboardClass0                                                              Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice  \Driver\kbdclass \Device\KeyboardClass1                                                              Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice  \FileSystem\fastfat \Fat                                                                             fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation)
AttachedDevice  \FileSystem\fastfat \Fat                                                                             mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)

---- EOF - GMER 1.0.15 ----

--- --- ---

OSAM kann ich nicht auführen, weil mein McAfee mir andauernd die viruswarnung gibt und ich nicht weiß wie man den zugriffsscanner bei McAfee ausschalten kann. er lasst mich nicht entpacken, habs mir verschiedenen entpackprogramme versucht.

bootkit ausgeführt. log im anhang. ich hoff es is das richtige.

lg, ines

cosinus · 20.09.2010, 17:22

Zitat:

OSAM kann ich nicht auführen, weil mein McAfee mir andauernd die viruswarnung gibt und ich nicht weiß wie man den zugriffsscanner bei McAfee ausschalten kann. er lasst mich nicht entpacken, habs mir verschiedenen entpackprogramme versucht.

McAfee müsste ein Symbol im Systemtray (bei der Uhr rechts unten) haben. Rechtklick, Zugriffscanner deaktivieren (so oder sinngemäß)

ines000 · 20.09.2010, 18:31

das hab ich eh probiert, hat nicht funktioniert weils grau/inaktiv ist.

hab mal kurz mcafee gelöscht...

das log von OSAM:

OSAM Logfile:

Code:

ATTFilter

Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 19:26:26 on 20.09.2010

OS: Windows Vista Home Premium Edition Service Pack 2 (Build 6002), 32-bit
Default Browser: Unable to get information

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Common]
-----( %SystemRoot%\Tasks )-----
"Auf Updates für Windows Live Toolbar prüfen.job" - "Microsoft Corporation" - C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
"GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe

[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"BDEADMIN.CPL" - ? - C:\Windows\system32\BDEADMIN.CPL
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"mlcfg32.cpl" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\MLCFG32.CPL
"QuickTime" - "Apple Inc." - C:\Program Files\QuickTime\QTSystem\QuickTime.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"catchme" (catchme) - ? - C:\Users\INESSC~1\AppData\Local\Temp\catchme.sys  (File not found)
"IEEE-1284.4 Driver HPZid412" (HPZid412) - "HP" - C:\Windows\System32\DRIVERS\HPZid412.sys
"int15" (int15) - ? - C:\Windows\system32\drivers\int15.sys  (File found, but it contains no detailed information)
"IP in IP Tunnel Driver" (IpInIp) - ? - C:\Windows\System32\DRIVERS\ipinip.sys  (File not found)
"IPX Traffic Filter Driver" (NwlnkFlt) - ? - C:\Windows\System32\DRIVERS\nwlnkflt.sys  (File not found)
"IPX Traffic Forwarder Driver" (NwlnkFwd) - ? - C:\Windows\System32\DRIVERS\nwlnkfwd.sys  (File not found)
"McAfee Inc." (mfeapfk) - "McAfee, Inc." - C:\Windows\System32\drivers\mfeapfk.sys
"McAfee Inc." (mfeavfk) - "McAfee, Inc." - C:\Windows\System32\drivers\mfeavfk.sys
"McAfee Inc." (mfebopk) - "McAfee, Inc." - C:\Windows\System32\drivers\mfebopk.sys
"McAfee Inc." (mfehidk) - "McAfee, Inc." - C:\Windows\System32\drivers\mfehidk.sys
"McAfee Inc." (mfetdik) - "McAfee, Inc." - C:\Windows\System32\drivers\mfetdik.sys
"Print Class Driver for IEEE-1284.4 HPZipr12" (HPZipr12) - "HP" - C:\Windows\System32\DRIVERS\HPZipr12.sys
"PSDFilter" (PSDFilter) - "HiTRUST" - C:\Windows\System32\DRIVERS\psdfilter.sys
"PSDNSERVER" (PSDNServ) - "HiTRUST" - C:\Windows\System32\drivers\PSDNServ.sys
"psdvdisk" (psdvdisk) - "HiTRUST" - C:\Windows\System32\drivers\psdvdisk.sys
"PzWDM" (PzWDM) - "Prassi Technology" - C:\Windows\System32\Drivers\PzWDM.sys
"ssmdrv" (ssmdrv) - "AVIRA GmbH" - C:\Windows\System32\DRIVERS\ssmdrv.sys
"Upper Class Filter Driver" (NTIDrvr) - "NewTech Infosystems, Inc." - C:\Windows\System32\DRIVERS\NTIDrvr.sys
"USB to IEEE-1284.4 Translation Driver HPZius12" (HPZius12) - "HP" - C:\Windows\System32\DRIVERS\HPZius12.sys
"VSCore mferkdk" (mferkdk) - "McAfee, Inc." - C:\Program Files\McAfee\VirusScan Enterprise\mferkdk.sys
"{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}" ({49DE1C67-83F8-4102-99E0-C16DCC7EEC796}) - "Cyberlink Corp." - C:\Program Files\Acer Arcade Deluxe\Play Movie\000.fcl

[Explorer]
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
-----( HKLM\Software\Classes\Protocols\Filter )-----
{807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
-----( HKLM\Software\Classes\Protocols\Handler )-----
{314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
{88FED34C-F0CA-4636-A375-3CB6248B04CD} "Local Groove Web Services Protocol" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
{0A9007C0-4076-11D3-8789-0000F8105754} "Microsoft Infotech Storage Protocol for IE 4.0" - "Microsoft Corporation" - c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll
{91774881-D725-4E58-B298-07617B9B86A8} "Skype IE add-on Pluggable Protocol" - "Skype Technologies S.A." - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )-----
{B5A7F190-DDA6-4420-B3BA-52453494E6CD} "Groove GFS Stub Execution Hook" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{AEB6717E-7E19-11d0-97EE-00C04FD91972} "{AEB6717E-7E19-11d0-97EE-00C04FD91972}" - ? -   (File not found | COM-object registry key not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{911051fa-c21c-4246-b470-070cd8df6dc4} ".cab or .zip files" - ? -   (File not found | COM-object registry key not found)
{1b24a030-9b20-49bc-97ac-1be4426f9e59} "ActiveDirectory Folder" - ? -   (File not found | COM-object registry key not found)
{34449847-FD14-4fc8-A75A-7432F5181EFB} "ActiveDirectory Folder" - ? -   (File not found | COM-object registry key not found)
{0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48} "Contacts folder" - ? -   (File not found | COM-object registry key not found)
{2b45bd21-71f8-4c8c-a87a-7eeb25a1a3e0} "EPM-PO Shell Extensions" - ? - epm-po.dll  (File not found)
{2C2577C2-63A7-40e3-9B7F-586602617ECB} "Explorer Query Band" - ? -   (File not found | COM-object registry key not found)
{99FD978C-D287-4F50-827F-B2C658EDA8E7} "Groove Explorer Icon Overlay 1 (GFS Unread Stub)" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} "Groove Explorer Icon Overlay 2 (GFS Stub)" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{920E6DB1-9907-4370-B3A0-BAFC03D81399} "Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{16F3DD56-1AF5-4347-846D-7C10C4192619} "Groove Explorer Icon Overlay 3 (GFS Folder)" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{2916C86E-86A6-43FE-8112-43ABE6BF8DCC} "Groove Explorer Icon Overlay 4 (GFS Unread Mark)" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{2A541AE1-5BF6-4665-A8A3-CFA9672E4291} "Groove Folder Synchronization" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{72853161-30C5-4D22-B7F9-0BBC1D38A37E} "Groove GFS Browser Helper" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{6C467336-8281-4E60-8204-430CED96822D} "Groove GFS Context Menu Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{B5A7F190-DDA6-4420-B3BA-52453494E6CD} "Groove GFS Stub Execution Hook" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{A449600E-1DC6-4232-B948-9BD794D62056} "Groove GFS Stub Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{387E725D-DC16-4D76-B310-2C93ED4752A0} "Groove XML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} "IE User Assist" - ? -   (File not found | COM-object registry key not found)
{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} "iTunes" - "Apple Inc." - C:\Program Files\iTunes\iTunesMiniPlayer.dll
{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\msohevi.dll
{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C} "Microsoft Office OneNote Namespace Extension for Windows Desktop Search" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\ONFILTER.DLL
{00020d75-0000-0000-c000-000000000046} "Microsoft Office Outlook" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\MLSHEXT.DLL
{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{0006F045-0000-0000-C000-000000000046} "Outlook File Icon Extension" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\OLKFSTUB.DLL
{C8494E42-ACDD-4739-B0FB-217361E4894F} "Sam Account Folder" - ? -   (File not found | COM-object registry key not found)
{E29F9716-5C08-4FCD-955A-119FDB5A522D} "Sam Account Folder" - ? -   (File not found | COM-object registry key not found)
{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - ? -   (File not found | COM-object registry key not found)
{5E2121EE-0300-11D4-8D3B-444553540000} "SimpleShlExt Class" - ? - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\atiacmxx.dll
{da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" - ? -   (File not found | COM-object registry key not found)
{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - "Alexander Roshal" - C:\Program Files\WinRAR\rarext.dll

[Internet Explorer]
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
<binary data> "Family Toolbar" - ? - C:\Program Files\Family Toolbar\tbcore3.dll
<binary data> "Google Toolbar" - "Google Inc." - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
ITBar7Height "ITBar7Height" - ? -   (File not found | COM-object registry key not found)
<binary data> "ITBar7Layout" - ? -   (File not found | COM-object registry key not found)
<binary data> "ITBarLayout" - ? -   (File not found | COM-object registry key not found)
<binary data> "LimeWire Toolbar" - "Ask.com" - C:\Program Files\Ask.com\GenericAskToolbar.dll
<binary data> "Windows Live Toolbar" - "Microsoft Corporation" - C:\Program Files\Windows Live Toolbar\msntb.dll
-----( HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks )-----
{00000000-6E41-4FD3-8538-502F5495E5FC} "UrlSearchHook Class" - "Ask.com" - C:\Program Files\Ask.com\GenericAskToolbar.dll
{EF99BD32-C1FB-11D2-892F-0090271D4F88} "Yahoo! Toolbar mit Pop-Up-Blocker" - ? -   (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{6C7CAD20-85AA-475A-AC0D-303C4A9A69CE} "CPlayFirstGreatChocoControl Object" - "PlayFirst, Inc." - C:\Windows\Downloaded Program Files\GreatChocolateChaseWeb.1.0.0.12.dll / hxxp://webgames.d.tmsrv.com/c=235d04bef31d5067988cdadb8580da4e/aff=t_12em_wg/p/release/playfirst/wg_greatchocolate/greatchocolate/greatchocolatechaseweb.1.0.0.12.cab
{7D492D61-303A-45C3-8A55-63449339943D} "CPlayFirstNightShiftControl Object" - "PlayFirst, Inc." - C:\Windows\Downloaded Program Files\NightShiftCodeWeb.1.0.0.5.dll / hxxp://webgames.d.tmsrv.com/c=235d04bef31d5067988cdadb8580da4e/aff=t_12em_wg/p/release/playfirst/wg_nightshiftcode/nightshiftcode/NightShiftCodeWeb.1.0.0.5.cab
{C0C0CB9B-BFEB-47C2-90FA-BE9692875ADB} "CPlayFirstPetShopHopControl Object" - "PlayFirst, Inc." - C:\Windows\Downloaded Program Files\PetShopHopWeb.1.0.0.16.dll / hxxp://webgames.d.tmsrv.com/c=235d04bef31d5067988cdadb8580da4e/aff=t_12em_wg/p/release/playfirst/wg_petshophop/petshophop/petshophopweb.1.0.0.16.cab
{67DABFBF-D0AB-41FA-9C46-CC0F21721616} "DivXBrowserPlugin Object" - "DivX,Inc." - C:\Program Files\DivX\DivX Web Player\npdivx32.dll / hxxp://download.divx.com/player/DivXBrowserPlugin.cab
{74E4A24D-5224-4F05-8A41-99445E0FC22B} "GameHouse Games Player" - "GameHouse" - C:\Windows\Downloaded Program Files\ghgamesplayer.dll / hxxp://www.gamehouse.com/games/gamehouse/ghplayer.cab
{5D637FAD-E202-48D1-8F18-5B9C459BD1E3} "Image Uploader Control" - "Aurigma, Inc." - C:\Windows\Downloaded Program Files\CONFLICT.1\ImageUploader5.ocx / hxxp://static.pe.studivz.net/photouploader/ImageUploader5.cab?nocache=1227976949
{BA162249-F2C5-4851-8ADC-FC58CB424243} "Image Uploader Control" - "Aurigma, Inc." - C:\Windows\Downloaded Program Files\ImageUploader5.ocx / hxxp://static.pe.studivz.net/photouploader/ImageUploader5.cab?nocache=1206466590
{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} "Java Plug-in 1.6.0_05" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} "Java Plug-in 1.6.0_07" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_11" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} "Java Plug-in 1.6.0_11" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_11" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_11.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
{2019DC25-D1C0-11D6-97B3-0008A124F542} "StreamPlug Class" - "Cedelia Corporation" - C:\Windows\DOWNLO~1\STREAM~1.DLL / hxxp://www.streamplug.com/StreamPlug/beta/SP.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
{48E73304-E1D6-4330-914C-F5F514E3486C} "An OneNote senden" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
{FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
{898EA8C8-E7FF-479B-8935-AEC46303B9E5} "Skype add-on for Internet Explorer" - "Skype Technologies S.A." - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )-----
<binary data> "Acer eDataSecurity Management" - "HiTRUST" - C:\Windows\system32\eDStoolbar.dll
<binary data> "Family Toolbar" - ? - C:\Program Files\Family Toolbar\tbcore3.dll
<binary data> "Google Toolbar" - "Google Inc." - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
<binary data> "LimeWire Toolbar" - "Ask.com" - C:\Program Files\Ask.com\GenericAskToolbar.dll
<binary data> "Windows Live Toolbar" - "Microsoft Corporation" - C:\Program Files\Windows Live Toolbar\msntb.dll
<binary data> "Yahoo! Toolbar mit Pop-Up-Blocker" - ? -   (File not found | COM-object registry key not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} "Adobe PDF Reader Link Helper" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
{AA58ED58-01DD-4d91-8333-CF10577473F7} "Google Toolbar Helper" - "Google Inc." - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} "Google Toolbar Notifier BHO" - "Google Inc." - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll
{72853161-30C5-4D22-B7F9-0BBC1D38A37E} "Groove GFS Browser Helper" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} "Java(tm) Plug-In SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\ssv.dll
{D4027C7F-154A-4066-A1AD-4243D8127440} "LimeWire Toolbar" - "Ask.com" - C:\Program Files\Ask.com\GenericAskToolbar.dll
{0C37B053-FD68-456a-82E1-D788EE342E6F} "MHTBPos00 Class" - ? - C:\Program Files\Family Toolbar\tbcore3.dll
{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} "Skype add-on for Internet Explorer" - "Skype Technologies S.A." - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} "Windows Live Toolbar Helper" - "Microsoft Corporation" - C:\Program Files\Windows Live Toolbar\msntb.dll
{02478D38-C3F9-4EFB-9B51-7695ECA05670} "{02478D38-C3F9-4EFB-9B51-7695ECA05670}" - ? -   (File not found | COM-object registry key not found)

[Logon]
-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"Acer VCM.lnk" - "Acer" - C:\Program Files\Acer\Acer VCM\AcerVCM.exe  (Shortcut exists | File exists)
"desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
"Empowering Technology Launcher.lnk" - "Acer Inc." - C:\Acer\Empowering Technology\eAPLauncher.exe  (Shortcut exists | File exists)
"MediaChecker.lnk" - "PLANNING Co., Ltd" - C:\Program Files\HOTALBUMMyBOX\MediaChecker.exe  (Shortcut exists | File exists)
-----( %SystemDrive%\_OTL\MovedFiles\09182010_122442\C_Users\Public\Documents\Windows )-----
"desktop.ini" - ? - C:\_OTL\MovedFiles\09182010_122442\C_Users\Public\Documents\Windows\desktop.ini
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----
"Acer Tour Reminder" - "Acer Inc." - C:\Acer\AcerTour\Reminder.exe
"Skype" - "Skype Technologies S.A." - "C:\Program Files\Skype\\Phone\Skype.exe" /nosplash /minimized
"swg" - "Google Inc." - "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
-----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )-----
"StartupPrograms" - ? - rdpclip  (File not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"Adobe Reader Speed Launcher" - "Adobe Systems Incorporated" - "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"eAudio" - "CyberLink" - "C:\Acer\Empowering Technology\eAudio\eAudio.exe"
"eDataSecurity Loader" - "HiTRUST" - C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
"GrooveMonitor" - "Microsoft Corporation" - "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
"IAAnotif" - "Intel Corporation" - "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
"iTunesHelper" - "Apple Inc." - "C:\Program Files\iTunes\iTunesHelper.exe"
"LManager" - "Dritek System Inc." - C:\PROGRA~1\LAUNCH~1\LManager.exe
" Malwarebytes Anti-Malware  (reboot)" - "Malwarebytes Corporation" - "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
"MBBalloon" - "PLANNING Co., Ltd." - C:\Program Files\HOTALBUMMyBOX\MBBalloon.exe
"PlayMovie" - "CyberLink Corp." - "C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe"
"QuickTime Task" - "Apple Inc." - "C:\Program Files\QuickTime\QTTask.exe" -atboottime
"ShStatEXE" - "McAfee, Inc." - "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
"StartCCC" - ? - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe  (File found, but it contains no detailed information)
"WarReg_PopUp" - "Acer Inc." - C:\Acer\WR_PopUp\WarReg_PopUp.exe

[Print Monitors]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----
"PCL hpz3l054" - "Hewlett-Packard Company" - C:\Windows\system32\hpz3l054.dll
"Send To Microsoft OneNote Monitor" - "Microsoft Corporation" - C:\Windows\system32\msonpmon.dll

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"@C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100" (WPFFontCache_v0400) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
"Apple Mobile Device" (Apple Mobile Device) - "Apple Inc." - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
"Cyberlink RichVideo Service(CRVS)" (RichVideo) - ? - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
"Dienst "Bonjour"" (Bonjour Service) - "Apple Inc." - C:\Program Files\Bonjour\mDNSResponder.exe
"eDSService.exe" (eDataSecurity Service) - "HiTRSUT" - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
"eLock Service" (eLockService) - "Acer Inc." - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
"eNet Service" (eNet Service) - "Acer Inc." - C:\Acer\Empowering Technology\eNet\eNet Service.exe
"ePower Service" (WMIService) - "acer" - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
"eRecovery Service" (eRecoveryService) - "Acer Inc." - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
"eSettings Service" (eSettingsService) - ? - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
"Google Software Updater" (gusvc) - "Google" - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
"Google Update Service (gupdate)" (gupdate) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"Intel(R) Matrix Storage Event Monitor" (IAANTMON) - "Intel Corporation" - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
"iPod-Dienst" (iPod Service) - "Apple Inc." - C:\Program Files\iPod\bin\iPodService.exe
"LightScribeService Direct Disc Labeling Service" (LightScribeService) - "Hewlett-Packard Company" - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
"McAfee McShield" (McShield) - "McAfee, Inc." - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
"McAfee Task Manager" (McTaskManager) - "McAfee, Inc." - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
"Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
"Microsoft Office Diagnostics Service" (odserv) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
"Microsoft Office Groove Audit Service" (Microsoft Office Groove Audit Service) - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
"MobilityService" (MobilityService) - ? - C:\Acer\Mobility Center\MobilityService.exe  (File found, but it contains no detailed information)
"O2Micro Flash Memory Card Service" (o2flash) - "O2Micro International" - C:\Program Files\O2Micro Oz128 Driver\o2flash.exe
"Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
"Symantec Lic NetConnect service" (CLTNetCnService) - ? - "c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon  (File not found)

[Winsock Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )-----
"mdnsNSP" - "Apple Inc." - C:\Program Files\Bonjour\mdnsNSP.dll

===[ Logfile end ]=========================================[ Logfile end ]===

--- --- ---

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru

cosinus · 20.09.2010, 18:47

Downloade Dir bitte MBRCheck (by a_d_13) und speichere die Datei auf dem Desktop.

Doppelklick auf die MBRCheck.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Das Tool braucht nur eine Sekunde.
Danach solltest du eine MBRCheck_<Datum>_<Uhrzeit>.txt auf dem Desktop finden.

Poste mir bitte den Inhalt des .txt Dokumentes

ines000 · 20.09.2010, 18:56

Bitteschön:

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows Vista Home Premium Edition
Windows Information: Service Pack 2 (build 6002), 32-bit
Base Board Manufacturer: Acer
BIOS Manufacturer: Phoenix Technologies LTD
System Manufacturer: Acer
System Product Name: Aspire 4920
Logical Drives Mask: 0x0000001c

Kernel Drivers (total 158):
0x8220E000 \SystemRoot\system32\ntkrnlpa.exe
0x825C7000 \SystemRoot\system32\hal.dll
0x80409000 \SystemRoot\system32\kdcom.dll
0x80410000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x80480000 \SystemRoot\system32\PSHED.dll
0x80491000 \SystemRoot\system32\BOOTVID.dll
0x80499000 \SystemRoot\system32\CLFS.SYS
0x804DA000 \SystemRoot\system32\CI.dll
0x80602000 \SystemRoot\system32\drivers\Wdf01000.sys
0x8067E000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x8068B000 \SystemRoot\system32\drivers\acpi.sys
0x806D1000 \SystemRoot\system32\drivers\WMILIB.SYS
0x806DA000 \SystemRoot\system32\drivers\msisadrv.sys
0x806E2000 \SystemRoot\system32\drivers\pci.sys
0x80709000 \SystemRoot\System32\drivers\partmgr.sys
0x80718000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x8071B000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x80725000 \SystemRoot\system32\drivers\volmgr.sys
0x80734000 \SystemRoot\System32\drivers\volmgrx.sys
0x8077E000 \SystemRoot\system32\drivers\intelide.sys
0x80785000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x80793000 \SystemRoot\System32\drivers\mountmgr.sys
0x82C0C000 \SystemRoot\system32\DRIVERS\iaStor.sys
0x82CD3000 \SystemRoot\system32\drivers\atapi.sys
0x82CDB000 \SystemRoot\system32\drivers\ataport.SYS
0x82CF9000 \SystemRoot\system32\DRIVERS\o2media.sys
0x82D03000 \SystemRoot\system32\DRIVERS\SCSIPORT.SYS
0x82D29000 \SystemRoot\system32\DRIVERS\o2sd.sys
0x82D32000 \SystemRoot\system32\drivers\fltmgr.sys
0x82D64000 \SystemRoot\system32\drivers\fileinfo.sys
0x82D74000 \SystemRoot\system32\DRIVERS\psdfilter.sys
0x82D7D000 \SystemRoot\system32\Drivers\PzWDM.sys
0x82D80000 \SystemRoot\System32\Drivers\ksecdd.sys
0x82E08000 \SystemRoot\system32\drivers\ndis.sys
0x82F13000 \SystemRoot\system32\drivers\msrpc.sys
0x82F3E000 \SystemRoot\system32\drivers\NETIO.SYS
0x88206000 \SystemRoot\System32\drivers\tcpip.sys
0x882F0000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x8830B000 \SystemRoot\system32\drivers\mfetdik.sys
0x88317000 \SystemRoot\system32\drivers\TDI.SYS
0x8840F000 \SystemRoot\System32\Drivers\Ntfs.sys
0x8851F000 \SystemRoot\system32\drivers\volsnap.sys
0x88558000 \SystemRoot\System32\Drivers\spldr.sys
0x88560000 \SystemRoot\system32\drivers\psdvdisk.sys
0x88572000 \SystemRoot\system32\drivers\PSDNServ.sys
0x8857B000 \SystemRoot\System32\Drivers\mup.sys
0x8858A000 \SystemRoot\System32\drivers\ecache.sys
0x885B1000 \SystemRoot\system32\drivers\disk.sys
0x885C2000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x885E3000 \SystemRoot\system32\drivers\crcdisk.sys
0x88400000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x883E9000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x82F79000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x883F2000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x8C402000 \SystemRoot\system32\DRIVERS\atikmdag.sys
0x8CB2A000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x8CBCB000 \SystemRoot\System32\drivers\watchdog.sys
0x8CBD7000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x82F88000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x8CBE2000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x8CC0B000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x8CE0F000 \SystemRoot\system32\DRIVERS\NETw4v32.sys
0x8D038000 \SystemRoot\system32\DRIVERS\ohci1394.sys
0x8D048000 \SystemRoot\system32\DRIVERS\1394BUS.SYS
0x8D056000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x8D05A000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x8D06D000 \SystemRoot\system32\DRIVERS\DKbFltr.sys
0x8D077000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x8D082000 \SystemRoot\system32\DRIVERS\SynTP.sys
0x8D0AE000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x8D0B0000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x8D0BB000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x8D0D3000 \SystemRoot\system32\DRIVERS\NTIDrvr.sys
0x8D0D5000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0x8D0DB000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x8D10A000 \SystemRoot\system32\DRIVERS\storport.sys
0x8D14B000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x8D162000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x8D16D000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x8D190000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x8D19F000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x8D1B3000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x8D1C8000 \SystemRoot\system32\DRIVERS\termdd.sys
0x8D1D8000 \SystemRoot\system32\DRIVERS\swenum.sys
0x8CC98000 \SystemRoot\system32\DRIVERS\ks.sys
0x8D1DA000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x8D1E4000 \SystemRoot\system32\DRIVERS\umbus.sys
0x8CCC2000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x8CCF7000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x8D608000 \SystemRoot\system32\drivers\RTKVHDA.sys
0x8D7B7000 \SystemRoot\system32\drivers\portcls.sys
0x8CD08000 \SystemRoot\system32\drivers\drmk.sys
0x8D803000 \SystemRoot\system32\DRIVERS\AGRSM.sys
0x8D920000 \SystemRoot\system32\drivers\modem.sys
0x8D92D000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x8D936000 \SystemRoot\System32\Drivers\Null.SYS
0x8D93D000 \SystemRoot\System32\Drivers\Beep.SYS
0x8D944000 \SystemRoot\System32\drivers\vga.sys
0x8D950000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x8D971000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x8D979000 \SystemRoot\system32\drivers\rdpencdd.sys
0x8D981000 \SystemRoot\System32\Drivers\Msfs.SYS
0x8D98C000 \SystemRoot\System32\Drivers\Npfs.SYS
0x8D99A000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x8D9A3000 \SystemRoot\system32\DRIVERS\tdx.sys
0x8D9B9000 \SystemRoot\system32\DRIVERS\smb.sys
0x8D9CD000 \SystemRoot\System32\DRIVERS\netbt.sys
0x8CD2D000 \SystemRoot\system32\drivers\afd.sys
0x8D7E4000 \SystemRoot\system32\DRIVERS\pacer.sys
0x8D1F1000 \SystemRoot\system32\DRIVERS\netbios.sys
0x8CD75000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x8D7FA000 \SystemRoot\system32\DRIVERS\ssmdrv.sys
0x8CD88000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x8CE00000 \SystemRoot\system32\drivers\nsiproxy.sys
0x8D600000 \??\C:\Program Files\McAfee\VirusScan Enterprise\mferkdk.sys
0x8CDC4000 \SystemRoot\System32\Drivers\dfsc.sys
0x8CDDB000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x8EC0D000 \SystemRoot\System32\Drivers\BisonC07.sys
0x8ECFA000 \SystemRoot\System32\Drivers\STREAM.SYS
0x8ED07000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x8ED10000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x8ED20000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x8ED27000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x8ED2F000 \SystemRoot\system32\DRIVERS\cdfs.sys
0x8ED45000 \SystemRoot\System32\Drivers\crashdmp.sys
0x88322000 \SystemRoot\System32\Drivers\dump_iaStor.sys
0x958C0000 \SystemRoot\System32\win32k.sys
0x8ED52000 \SystemRoot\System32\drivers\Dxapi.sys
0x8ED5C000 \SystemRoot\system32\DRIVERS\monitor.sys
0x95AE0000 \SystemRoot\System32\TSDDD.dll
0x95B00000 \SystemRoot\System32\cdd.dll
0x8ED6B000 \SystemRoot\system32\drivers\luafv.sys
0x9AC09000 \SystemRoot\system32\drivers\spsys.sys
0x9ACB9000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x9ACC9000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x9ACF3000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x9ACFD000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x9AD10000 \SystemRoot\system32\drivers\HTTP.sys
0x9AD7D000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x9AD9A000 \SystemRoot\system32\DRIVERS\bowser.sys
0x9ADB3000 \SystemRoot\System32\drivers\mpsdrv.sys
0x9ADC8000 \SystemRoot\system32\drivers\mrxdav.sys
0x8ED8E000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x8EDAD000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x8EDE6000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x82FC6000 \SystemRoot\System32\DRIVERS\srv2.sys
0x807A3000 \SystemRoot\System32\DRIVERS\srv.sys
0x805D2000 \SystemRoot\System32\Drivers\fastfat.SYS
0x9ADE9000 \??\C:\Windows\system32\drivers\int15.sys
0xA2201000 \SystemRoot\system32\drivers\peauth.sys
0xA22DF000 \SystemRoot\System32\Drivers\secdrv.SYS
0xA22E9000 \SystemRoot\System32\drivers\tcpipreg.sys
0xA22F5000 \??\C:\Program Files\Acer Arcade Deluxe\Play Movie\000.fcl
0xA22F7000 \SystemRoot\system32\drivers\mfehidk.sys
0xA2393000 \SystemRoot\system32\drivers\mfebopk.sys
0xA239A000 \SystemRoot\system32\drivers\mfeapfk.sys
0xA23A9000 \SystemRoot\system32\drivers\mfeavfk.sys
0x773D0000 \Windows\System32\ntdll.dll

Processes (total 89):
0 System Idle Process
4 System
464 C:\Windows\System32\smss.exe
596 csrss.exe
660 csrss.exe
668 C:\Windows\System32\wininit.exe
700 C:\Windows\System32\winlogon.exe
752 C:\Windows\System32\services.exe
764 C:\Windows\System32\lsass.exe
772 C:\Windows\System32\lsm.exe
912 C:\Windows\System32\svchost.exe
972 C:\Windows\System32\svchost.exe
1012 C:\Windows\System32\svchost.exe
1100 C:\Windows\System32\Ati2evxx.exe
1120 C:\Windows\System32\svchost.exe
1180 C:\Windows\System32\svchost.exe
1220 C:\Windows\System32\svchost.exe
1296 C:\Windows\System32\audiodg.exe
1328 C:\Windows\System32\svchost.exe
1352 C:\Windows\System32\SLsvc.exe
1428 C:\Windows\System32\svchost.exe
1536 C:\Windows\System32\Ati2evxx.exe
1616 C:\Windows\System32\svchost.exe
1860 C:\Windows\System32\spoolsv.exe
1904 C:\Windows\System32\svchost.exe
408 C:\Windows\System32\dwm.exe
476 C:\Windows\explorer.exe
712 C:\Windows\System32\taskeng.exe
1552 C:\Program Files\Windows Defender\MSASCui.exe
1608 C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
1624 C:\Windows\RtHDVCpl.exe
1696 C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe
1272 C:\Windows\System32\agrsmsvc.exe
1372 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
1880 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
1152 C:\Program Files\Bonjour\mDNSResponder.exe
2052 C:\Windows\System32\taskeng.exe
2092 C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
2164 C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
2516 C:\Acer\Empowering Technology\eNet\eNet Service.exe
2744 C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
2788 C:\Program Files\Common Files\LightScribe\LSSrvc.exe
3248 C:\Acer\Mobility Center\MobilityService.exe
3448 C:\Program Files\O2Micro Oz128 Driver\o2flash.exe
3540 C:\Windows\System32\svchost.exe
3560 C:\Program Files\CyberLink\Shared Files\RichVideo.exe
3600 C:\Windows\System32\svchost.exe
3664 C:\Windows\System32\svchost.exe
3688 C:\Windows\System32\SearchIndexer.exe
3784 C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
3860 C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
3924 C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
2340 WmiPrvSE.exe
1544 WmiPrvSE.exe
2068 unsecapp.exe
3380 C:\Users\INESSC~1\AppData\Local\temp\RtkBtMnt.exe
2908 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
1008 C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe
2292 C:\Program Files\Launch Manager\LManager.exe
3340 C:\Acer\Empowering Technology\eAudio\eAudio.exe
3180 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
2432 C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
2452 C:\Program Files\iTunes\iTunesHelper.exe
1884 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
4036 C:\Windows\ehome\ehtray.exe
2916 C:\Windows\ehome\ehmsas.exe
880 C:\Program Files\Acer\Acer VCM\AcerVCM.exe
4268 C:\Acer\Empowering Technology\eNet\eNMTray.exe
4292 C:\Windows\System32\wbem\unsecapp.exe
4320 C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
4368 C:\Acer\Empowering Technology\Acer.Empowering.Framework.Supervisor.exe
4420 C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
4700 C:\Program Files\Acer\Acer VCM\VC.exe
4712 C:\Program Files\Acer\Acer VCM\acp2HID.exe
4212 C:\Program Files\iPod\bin\iPodService.exe
4580 C:\Program Files\Internet Explorer\iexplore.exe
5840 C:\Program Files\Internet Explorer\iexplore.exe
5608 C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
2796 C:\Windows\System32\Macromed\Flash\FlashUtil10i_ActiveX.exe
5256 C:\Program Files\Internet Explorer\iexplore.exe
5780 C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
3244 C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
6116 C:\Program Files\Internet Explorer\iexplore.exe
5832 C:\Windows\System32\SearchProtocolHost.exe
4564 C:\Windows\System32\SearchFilterHost.exe
888 C:\Program Files\Skype\Toolbars\Shared\SkypeNames2.exe
1532 dllhost.exe
5200 dllhost.exe
4832 C:\Users\Ines Schwarz\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000002`71100000 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000013`79c00000 (NTFS)

PhysicalDrive0 Model Number: HitachiHTS541616J9SA00, Rev: SB4OC70P

Size Device Name MBR Status
--------------------------------------------
149 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: 31171527C24A94682C92F34EB1E387CDC8AD21FC

Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Done!

cosinus · 20.09.2010, 19:02

Schau mal hier => Vista Notfall/Recovery-CD 32-Bit - Dr. Windows

Lad das iso runter, brenn es per Imagebrennfunktion auf eine CD und starte damit den Rechner (von dieser CD booten). Klick auf Computerreparaturoptionen, weiter, Eingabeaufforderung - die Konsole öffnet sich. Da bitte bootrec.exe /fixboot eintippen (mit enter bestätigen), dann bootrec.exe /fixmbr eintippen (mit enter bestätigen) - Rechner neustarten, CD vorher rausnehmen.

ines000 · 22.09.2010, 12:25

das funktioniert nicht unbedingt.

wenn ich das iso runterlade und dann mit NTI (is am laptop oben) iso brenne und image erstelle, laptop runterfahre u wieder hochfahre kommt nix.
das iso hat das icon von NTI (draufklicken, wird das brennen gestartet) oder dem internetexplorer (wird das iso-herunterladen gestartet). es kommt niemals dein beschriebener lösungsweg.
wenn ich die iso auf der cd starten will, kommen ordner, wo ich aber kein setup oder ähnliches finde, nur .exe die aber alle nichts zutage fördern.

*confusion*
lg, ines

cosinus · 22.09.2010, 12:42

Du musst von der CD booten!!!

Zitat:

laptop runterfahre u wieder hochfahre kommt nix.

Bootreihenfolge ändern!! Der Rechner weiß doch nicht, von welchem Medium Du starten willst!

Bootreihenfolge ändern

ines000 · 22.09.2010, 16:31

done.

passt jetzt alles wieder?

lg, ines

Logs nach Antimaleware doctor und Security Tool

Log-Analyse und Auswertung: Logs nach Antimaleware doctor und Security Tool