| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Unerwünschte Weiterleitung bei Google Suche (Ask.com)Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
24.10.2010, 14:59
| #16 |
| /// Winkelfunktion /// TB-Süch-Tiger™   |  Unerwünschte Weiterleitung bei Google Suche (Ask.com) Den hab ich doch genannt!
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
24.10.2010, 14:59
| #17 |
 | Unerwünschte Weiterleitung bei Google Suche (Ask.com) Muss ich dafür einen individuellen Code in die Codebox von OTL eingeben?
__________________ |
|
24.10.2010, 18:03
| #18 |
| | Unerwünschte Weiterleitung bei Google Suche (Ask.com) Hier das OTL Fix Log File:
__________________All processes killed ========== OTL ========== HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\\NameServer| /E : value set successfully! File E:\autorun.inf not found. File not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c9707c94-3c72-11de-82ec-00238b1ed1ba}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c9707c94-3c72-11de-82ec-00238b1ed1ba}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c9707c94-3c72-11de-82ec-00238b1ed1ba}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c9707c94-3c72-11de-82ec-00238b1ed1ba}\ not found. File G:\LaunchU3.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E\ deleted successfully. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E\ not found. File E:\LaunchU3.exe not found. ========== COMMANDS ========== C:\Windows\System32\drivers\etc\Hosts moved successfully. HOSTS file reset successfully [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Johannes ->Temp folder emptied: 223914561 bytes ->Temporary Internet Files folder emptied: 221228147 bytes ->Java cache emptied: 67796859 bytes ->FireFox cache emptied: 91786874 bytes ->Google Chrome cache emptied: 10251805 bytes ->Flash cache emptied: 68964 bytes User: Public %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 50430543 bytes RecycleBin emptied: 6613259999 bytes Total Files Cleaned = 6,942.00 mb OTL by OldTimer - Version 3.2.15.2 log created on 10242010_184415 Files\Folders moved on Reboot... Registry entries deleted on Reboot... |
|
24.10.2010, 19:48
| #19 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Unerwünschte Weiterleitung bei Google Suche (Ask.com) Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
25.10.2010, 23:08
| #20 |
| | Unerwünschte Weiterleitung bei Google Suche (Ask.com) Habe CombiFix ausgeführt. Der Laptop hat zwischenzeitlich neu gestartet wegen "Rootaktivitäten" und hat sich danach einmal aufgehangen. Danach lief CombiFix ohne Probleme durch. Beim Neustart hat Antivir (das ich davor eigentlich abgestellt hatte) einen Trojaner gefunden "RootKit.Gen3". Zu guter letzt hab ich die CC Cleaner Systembereinigung durchgführt. Hier das Log File zum CombiFix, zum CC Cleaner gibt es wohl keins: Combofix Logfile: Code:
ATTFilter ComboFix 10-10-24.06 - Johannes 10/25/2010 23:14:48.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.49.1031.18.3066.1825 [GMT 2:00]
ausgeführt von:: c:\users\Johannes\Desktop\cofi.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\userinit.exe . . . ist infiziert!!
.
((((((((((((((((((((((( Dateien erstellt von 2010-09-25 bis 2010-10-25 ))))))))))))))))))))))))))))))
.
2010-10-25 21:28 . 2010-10-25 21:28 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
2010-10-25 21:28 . 2010-10-25 21:28 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-10-24 16:44 . 2010-10-24 16:44 -------- d-----w- C:\_OTL
2010-10-22 08:05 . 2010-10-07 23:21 6146896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{B309F0EB-AC7E-41C7-BB3D-B5ACA66EDEEB}\mpengine.dll
2010-10-21 20:22 . 2010-10-21 20:22 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\Mozilla
2010-10-21 19:22 . 2010-10-21 19:22 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Roaming\Malwarebytes
2010-10-17 15:32 . 2010-09-13 13:56 168960 ----a-w- c:\program files\Windows Media Player\wmplayer.exe
2010-10-17 15:32 . 2010-09-13 13:56 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2010-10-17 15:30 . 2010-05-04 19:13 231424 ----a-w- c:\windows\system32\msshsq.dll
2010-10-17 15:30 . 2010-08-20 16:05 867328 ----a-w- c:\windows\system32\wmpmde.dll
2010-10-17 15:30 . 2010-08-31 15:44 531968 ----a-w- c:\windows\system32\comctl32.dll
2010-10-16 12:39 . 2010-10-16 12:39 -------- d-----w- c:\users\Johannes\AppData\Roaming\Malwarebytes
2010-10-16 12:02 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-10-16 12:02 . 2010-10-16 12:02 -------- d-----w- c:\programdata\Malwarebytes
2010-10-16 12:02 . 2010-10-22 15:06 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-10-16 12:02 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-10-16 11:21 . 2010-10-16 11:21 -------- d-----w- c:\users\Johannes\AppData\Local\Mozilla
2010-10-16 10:23 . 2010-10-16 10:23 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Roaming\Apple Computer
2010-10-16 10:23 . 2010-10-16 10:23 -------- d-sh--w- c:\windows\system32\%APPDATA%
2010-10-16 10:23 . 2010-10-16 10:23 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\PowerCinema
2010-09-29 17:39 . 2010-06-22 13:30 2048 ----a-w- c:\windows\system32\tzres.dll
2010-09-29 17:39 . 2010-08-26 04:23 13312 ----a-w- c:\program files\Internet Explorer\iecompat.dll
2010-09-26 08:07 . 2010-09-26 08:07 -------- d-----w- c:\program files\iPod
2010-09-26 08:06 . 2010-09-26 08:08 -------- d-----w- c:\program files\iTunes
2010-09-26 08:00 . 2010-09-26 08:00 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin7.dll
2010-09-26 08:00 . 2010-09-26 08:00 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin6.dll
2010-09-26 08:00 . 2010-09-26 08:00 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin5.dll
2010-09-26 08:00 . 2010-09-26 08:00 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin4.dll
2010-09-26 08:00 . 2010-09-26 08:00 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin3.dll
2010-09-26 08:00 . 2010-09-26 08:00 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin2.dll
2010-09-26 08:00 . 2010-09-26 08:00 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin.dll
2010-09-26 07:59 . 2010-09-26 08:00 -------- d-----w- c:\program files\QuickTime
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-19 09:41 . 2009-10-04 16:59 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-09-08 09:17 . 2010-09-08 09:17 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-09-08 09:17 . 2010-09-08 09:17 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-08-17 14:11 . 2010-09-14 19:59 128000 ----a-w- c:\windows\system32\spoolsv.exe
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{8dbb6d8e-e4a6-4e3b-9753-af78b226441c}"= "c:\program files\Softonic_Deutsch\tbSoft.dll" [2008-09-15 1784856]
[HKEY_CLASSES_ROOT\clsid\{8dbb6d8e-e4a6-4e3b-9753-af78b226441c}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8dbb6d8e-e4a6-4e3b-9753-af78b226441c}]
2008-09-15 04:47 1784856 ----a-w- c:\program files\Softonic_Deutsch\tbSoft.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{8dbb6d8e-e4a6-4e3b-9753-af78b226441c}"= "c:\program files\Softonic_Deutsch\tbSoft.dll" [2008-09-15 1784856]
[HKEY_CLASSES_ROOT\clsid\{8dbb6d8e-e4a6-4e3b-9753-af78b226441c}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{8DBB6D8E-E4A6-4E3B-9753-AF78B226441C}"= "c:\program files\Softonic_Deutsch\tbSoft.dll" [2008-09-15 1784856]
[HKEY_CLASSES_ROOT\clsid\{8dbb6d8e-e4a6-4e3b-9753-af78b226441c}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\users\Johannes\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\users\Johannes\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\users\Johannes\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2008-05-14 15:05 121392 ----a-w- c:\program files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-05-07 68856]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-04-06 26102056]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-07-20 182808]
"RtHDVCpl"="RtHDVCpl.exe" [2008-05-07 6139904]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-04-25 1049896]
"eDataSecurity Loader"="c:\program files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe" [2008-05-14 526896]
"eAudio"="c:\program files\Acer\Empowering Technology\eAudio\eAudio.exe" [2008-05-30 544768]
"BkupTray"="c:\program files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe" [2008-04-25 28672]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-07-18 13543968]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-07-18 92704]
"PLFSetI"="c:\windows\PLFSetI.exe" [2007-10-23 200704]
"LManager"="c:\progra~1\LAUNCH~1\QtZgAcer.EXE" [2008-06-04 817672]
"ePower_DMC"="c:\program files\Acer\Empowering Technology\ePower\ePower_DMC.exe" [2008-08-01 405504]
"ZPdtWzdVitaKey MC3000"="c:\program files\Acer\Acer Bio Protection\PdtWzd.exe" [2008-10-27 3676160]
"ArcadeDeluxeAgent"="c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe" [2008-07-24 147456]
"CLMLServer"="c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe" [2008-07-24 167936]
"PlayMovie"="c:\program files\Acer Arcade Deluxe\PlayMovie\PMVService.exe" [2008-07-18 167936]
"WarReg_PopUp"="c:\program files\Acer\WR_PopUp\WarReg_PopUp.exe" [2008-01-29 303104]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-09-14 30192]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-14 39792]
"openvpn-gui"="c:\program files\OpenVPN\bin\openvpn-gui.exe" [2005-08-18 99328]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-08-06 149280]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-09-08 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-09-24 421160]
c:\users\Johannes\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Johannes\AppData\Roaming\Dropbox\bin\Dropbox.exe [2010-2-26 21979992]
FRITZ!DSL Protect.lnk - c:\program files\FRITZ!DSL\FwebProt.exe [2009-4-9 1061688]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Acer VCM.lnk - c:\program files\Acer\Acer VCM\AcerVCM.exe [2008-10-28 1216512]
BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-4-23 727592]
FRITZ!DSL Startcenter.lnk - c:\windows\Installer\{74A929E2-FBD8-4736-A84E-2ABBB2ABADF2}\Icon2457326B4.exe [2010-4-29 29184]
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2010-4-5 494920]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"DisableCAD"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\AWinNotifyVitaKey MC3000]
2008-10-27 21:44 3197952 ----a-w- c:\program files\Acer\Acer Bio Protection\WinNotify.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\spba]
2008-03-25 14:24 567560 ----a-w- c:\program files\Common Files\SPBA\homefus2.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-4069621161-912532974-1855927034-1000]
"EnableNotificationsRef"=dword:00000001
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-06 135664]
R3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2010-09-14 30192]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S0 AlfaFF;AlfaFF File System mini-filter;c:\windows\system32\Drivers\AlfaFF.sys [2008-10-27 42608]
S2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};c:\program files\Acer Arcade Deluxe\PlayMovie\000.fcl [2008-07-18 61424]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289]
S2 BUNAgentSvc;NTI Backup Now 5 Agent Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe [2008-03-03 16384]
S2 CLHNService;CLHNService;c:\program files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe [2008-01-16 81504]
S2 ETService;Empowering Technology Service;c:\program files\Acer\Empowering Technology\Service\ETService.exe [2008-06-02 24576]
S2 IGBASVC;iGroupTec Service;c:\program files\Acer\Acer Bio Protection\BASVC.exe [2008-10-27 3602432]
S2 IGDCTRL;AVM IGD CTRL Service;c:\program files\FRITZ!DSL\IGDCTRL.EXE [2009-07-28 73528]
S2 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2008-04-25 45056]
S2 NTIPPKernel;NTIPPKernel;c:\program files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\NTIPPKernel.sys [2008-01-16 122368]
S2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2008-04-25 131072]
S2 RS_Service;Raw Socket Service;c:\program files\Acer\Acer VCM\RS_Service.exe [2008-01-10 233472]
S3 NETw5v32;Intel(R) Wireless WiFi Link Adaptertreiber für Windows Vista 32-Bit;c:\windows\system32\DRIVERS\NETw5v32.sys [2010-01-13 6628352]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2008-06-25 44064]
S3 tap0801;TAP-Win32 Adapter V8;c:\windows\system32\DRIVERS\tap0801.sys [2006-10-01 26624]
S3 winbondcir;Winbond IR Transceiver;c:\windows\system32\DRIVERS\winbondcir.sys [2007-03-28 43008]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Inhalt des "geplante Tasks" Ordners
2010-10-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-06 18:49]
2010-10-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-06 18:49]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.gmx.de/
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=1008&m=aspire_6930g
uInternet Settings,ProxyOverride = *.local
IE: An vorhandene PDF-Datei anfügen - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Bild an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: Linkziel an vorhandene PDF-Datei anhängen - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Linkziel in Adobe PDF konvertieren - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Seite an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
LSP: c:\program files\FRITZ!DSL\\sarah.dll
FF - ProfilePath - c:\users\Johannes\AppData\Roaming\Mozilla\Firefox\Profiles\j9g7c9nr.default\
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX Richtlinien ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
HKLM-Run- Malwarebytes Anti-Malware (reboot) - c:\program files\Malwarebytes' Anti-Malware\mbam.exe
HKU-Default-Run-FRITZ!protect - FwebProt.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2010-10-25 23:31
Windows 6.0.6002 Service Pack 2 NTFS
Scanne versteckte Prozesse...
Scanne versteckte Autostarteinträge...
Scanne versteckte Dateien...
c:\windows\TEMP\TMP00000004B42A08A191B4A8EF 524288 bytes executable
Scan erfolgreich abgeschlossen
versteckte Dateien: 1
**************************************************************************
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}]
"ImagePath"="\??\c:\program files\Acer Arcade Deluxe\PlayMovie\000.fcl"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
- - - - - - - > 'Explorer.exe'(6028)
c:\users\Johannes\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll
c:\program files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
c:\program files\Acer\Empowering Technology\eDataSecurity\x86\sysenv.dll
c:\windows\system32\btmmhook.dll
c:\windows\System32\SysHook.dll
c:\windows\system32\btncopy.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\windows\system32\rundll32.exe
c:\program files\Common Files\SPBA\upeksvr.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Acer\Acer Bio Protection\CompPtcVUI.exe
c:\program files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\windows\system32\spool\DRIVERS\W32X86\3\HP1006MC.EXE
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\acer\Mobility Center\MobilityService.exe
c:\program files\Cyberlink\Shared files\RichVideo.exe
c:\program files\RealVNC\VNC4\WinVNC4.exe
c:\windows\system32\DRIVERS\xaudio.exe
c:\windows\system32\conime.exe
c:\windows\RtHDVCpl.exe
c:\windows\System32\rundll32.exe
c:\program files\Launch Manager\QtZgAcer.EXE
c:\windows\ehome\ehmsas.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Acer\Acer VCM\acp2HID.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2010-10-25 23:41:29 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2010-10-25 21:41
Vor Suchlauf: 14 Verzeichnis(se), 91,416,784,896 Bytes frei
Nach Suchlauf: 20 Verzeichnis(se), 91,075,751,936 Bytes frei
- - End Of File - - 3D69ACBC29770DBF4E7FCE450E45C69A
|
|
27.10.2010, 08:46
| #21 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Unerwünschte Weiterleitung bei Google Suche (Ask.com) Bitte diese Datei laden => File-Upload.net - userinit.exe Und direkt auf C: ohne Unterordner speichern also als c:\userinit.exe. Sie ist aus meiner WinXP-SP3-Installation und sauber. Die benötigt Dein Rechner  Dann gehts so weiter: Combofix - Scripten 1. Starte das Notepad (Start / Ausführen / notepad[Enter]) 2. Jetzt füge mit copy/paste den ganzen Inhalt der untenstehenden Codebox in das Notepad Fenster ein. Code:
ATTFilter FCopy::
c:\userinit.exe | c:\windows\system32\userinit.exe
Filelook::
c:\windows\system32\dllcache\userinit.exe
4. Deaktivere den Guard Deines Antivirenprogramms und eine eventuell vorhandene Software Firewall. (Auch Guards von Ad-, Spyware Programmen und den Tea Timer (wenn vorhanden) !) 5. Dann ziehe die CFScript.txt auf die cofi.exe, so wie es im unteren Bild zu sehen ist. Damit wird Combofix neu gestartet.  6. Nach dem Neustart (es wird gefragt ob Du neustarten willst), poste bitte die folgenden Log Dateien: Combofix.txt Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________ --> Unerwünschte Weiterleitung bei Google Suche (Ask.com) |
|
29.10.2010, 09:26
| #22 |
| | Unerwünschte Weiterleitung bei Google Suche (Ask.com) Hier die Log Datei zum Combofix Script: Combofix Logfile: Code:
ATTFilter ComboFix 10-10-27.A3 - Johannes 10/29/2010 9:53.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.49.1031.18.3066.1861 [GMT 2:00]
ausgeführt von:: c:\users\Johannes\Desktop\cofi.exe
Benutzte Befehlsschalter :: c:\users\Johannes\Desktop\CFScript.txt
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
((((((((((((((((((((((( Dateien erstellt von 2010-09-28 bis 2010-10-29 ))))))))))))))))))))))))))))))
.
2010-10-29 08:05 . 2010-10-29 08:05 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
2010-10-29 08:05 . 2010-10-29 08:05 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-10-26 20:54 . 2010-10-07 23:21 6146896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{2789C837-4A00-4649-A7B1-30DE2252A82F}\mpengine.dll
2010-10-26 20:54 . 2010-08-26 16:34 1696256 ----a-w- c:\windows\system32\gameux.dll
2010-10-26 20:54 . 2010-08-26 16:33 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2010-10-26 20:54 . 2010-08-26 14:23 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2010-10-25 21:57 . 2010-10-25 21:57 -------- d-----w- c:\program files\CCleaner
2010-10-24 16:44 . 2010-10-24 16:44 -------- d-----w- C:\_OTL
2010-10-21 20:22 . 2010-10-21 20:22 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\Mozilla
2010-10-21 19:22 . 2010-10-21 19:22 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Roaming\Malwarebytes
2010-10-17 15:32 . 2010-09-13 13:56 168960 ----a-w- c:\program files\Windows Media Player\wmplayer.exe
2010-10-17 15:32 . 2010-09-13 13:56 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2010-10-17 15:30 . 2010-05-04 19:13 231424 ----a-w- c:\windows\system32\msshsq.dll
2010-10-17 15:30 . 2010-08-20 16:05 867328 ----a-w- c:\windows\system32\wmpmde.dll
2010-10-17 15:30 . 2010-08-31 15:44 531968 ----a-w- c:\windows\system32\comctl32.dll
2010-10-16 12:39 . 2010-10-16 12:39 -------- d-----w- c:\users\Johannes\AppData\Roaming\Malwarebytes
2010-10-16 12:02 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-10-16 12:02 . 2010-10-16 12:02 -------- d-----w- c:\programdata\Malwarebytes
2010-10-16 12:02 . 2010-10-22 15:06 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-10-16 12:02 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-10-16 11:21 . 2010-10-16 11:21 -------- d-----w- c:\users\Johannes\AppData\Local\Mozilla
2010-10-16 10:23 . 2010-10-16 10:23 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Roaming\Apple Computer
2010-10-16 10:23 . 2010-10-16 10:23 -------- d-sh--w- c:\windows\system32\%APPDATA%
2010-10-16 10:23 . 2010-10-16 10:23 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\PowerCinema
2010-09-29 17:39 . 2010-06-22 13:30 2048 ----a-w- c:\windows\system32\tzres.dll
2010-09-29 17:39 . 2010-08-26 04:23 13312 ----a-w- c:\program files\Internet Explorer\iecompat.dll
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-19 09:41 . 2009-10-04 16:59 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-09-08 09:17 . 2010-09-08 09:17 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-09-08 09:17 . 2010-09-08 09:17 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-08-26 16:33 . 2010-10-26 20:54 173056 ----a-w- c:\windows\apppatch\AcXtrnal.dll
2010-08-26 16:33 . 2010-10-26 20:54 542720 ----a-w- c:\windows\apppatch\AcLayers.dll
2010-08-26 16:33 . 2010-10-26 20:54 458752 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2010-08-26 16:33 . 2010-10-26 20:54 2159616 ----a-w- c:\windows\apppatch\AcGenral.dll
2010-08-17 14:11 . 2010-09-14 19:59 128000 ----a-w- c:\windows\system32\spoolsv.exe
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{8dbb6d8e-e4a6-4e3b-9753-af78b226441c}"= "c:\program files\Softonic_Deutsch\tbSoft.dll" [2008-09-15 1784856]
[HKEY_CLASSES_ROOT\clsid\{8dbb6d8e-e4a6-4e3b-9753-af78b226441c}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8dbb6d8e-e4a6-4e3b-9753-af78b226441c}]
2008-09-15 04:47 1784856 ----a-w- c:\program files\Softonic_Deutsch\tbSoft.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{8dbb6d8e-e4a6-4e3b-9753-af78b226441c}"= "c:\program files\Softonic_Deutsch\tbSoft.dll" [2008-09-15 1784856]
[HKEY_CLASSES_ROOT\clsid\{8dbb6d8e-e4a6-4e3b-9753-af78b226441c}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{8DBB6D8E-E4A6-4E3B-9753-AF78B226441C}"= "c:\program files\Softonic_Deutsch\tbSoft.dll" [2008-09-15 1784856]
[HKEY_CLASSES_ROOT\clsid\{8dbb6d8e-e4a6-4e3b-9753-af78b226441c}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\users\Johannes\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\users\Johannes\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\users\Johannes\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2008-05-14 15:05 121392 ----a-w- c:\program files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-05-07 68856]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-04-06 26102056]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-07-20 182808]
"RtHDVCpl"="RtHDVCpl.exe" [2008-05-07 6139904]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-04-25 1049896]
"eDataSecurity Loader"="c:\program files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe" [2008-05-14 526896]
"eAudio"="c:\program files\Acer\Empowering Technology\eAudio\eAudio.exe" [2008-05-30 544768]
"BkupTray"="c:\program files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe" [2008-04-25 28672]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-07-18 13543968]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-07-18 92704]
"PLFSetI"="c:\windows\PLFSetI.exe" [2007-10-23 200704]
"LManager"="c:\progra~1\LAUNCH~1\QtZgAcer.EXE" [2008-06-04 817672]
"ePower_DMC"="c:\program files\Acer\Empowering Technology\ePower\ePower_DMC.exe" [2008-08-01 405504]
"ZPdtWzdVitaKey MC3000"="c:\program files\Acer\Acer Bio Protection\PdtWzd.exe" [2008-10-27 3676160]
"ArcadeDeluxeAgent"="c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe" [2008-07-24 147456]
"CLMLServer"="c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe" [2008-07-24 167936]
"PlayMovie"="c:\program files\Acer Arcade Deluxe\PlayMovie\PMVService.exe" [2008-07-18 167936]
"WarReg_PopUp"="c:\program files\Acer\WR_PopUp\WarReg_PopUp.exe" [2008-01-29 303104]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-09-14 30192]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-14 39792]
"openvpn-gui"="c:\program files\OpenVPN\bin\openvpn-gui.exe" [2005-08-18 99328]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-08-06 149280]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-09-08 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-09-24 421160]
c:\users\Johannes\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Johannes\AppData\Roaming\Dropbox\bin\Dropbox.exe [2010-2-26 21979992]
FRITZ!DSL Protect.lnk - c:\program files\FRITZ!DSL\FwebProt.exe [2009-4-9 1061688]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Acer VCM.lnk - c:\program files\Acer\Acer VCM\AcerVCM.exe [2008-10-28 1216512]
BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-4-23 727592]
FRITZ!DSL Startcenter.lnk - c:\windows\Installer\{74A929E2-FBD8-4736-A84E-2ABBB2ABADF2}\Icon2457326B4.exe [2010-4-29 29184]
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2010-4-5 494920]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"DisableCAD"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\AWinNotifyVitaKey MC3000]
2008-10-27 21:44 3197952 ----a-w- c:\program files\Acer\Acer Bio Protection\WinNotify.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\spba]
2008-03-25 14:24 567560 ----a-w- c:\program files\Common Files\SPBA\homefus2.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-4069621161-912532974-1855927034-1000]
"EnableNotificationsRef"=dword:00000001
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-06 135664]
R2 IGBASVC;iGroupTec Service;c:\program files\Acer\Acer Bio Protection\BASVC.exe [2008-10-27 3602432]
R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2008-04-25 131072]
R3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2010-09-14 30192]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S0 AlfaFF;AlfaFF File System mini-filter;c:\windows\system32\Drivers\AlfaFF.sys [2008-10-27 42608]
S2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};c:\program files\Acer Arcade Deluxe\PlayMovie\000.fcl [2008-07-18 61424]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289]
S2 BUNAgentSvc;NTI Backup Now 5 Agent Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe [2008-03-03 16384]
S2 CLHNService;CLHNService;c:\program files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe [2008-01-16 81504]
S2 ETService;Empowering Technology Service;c:\program files\Acer\Empowering Technology\Service\ETService.exe [2008-06-02 24576]
S2 IGDCTRL;AVM IGD CTRL Service;c:\program files\FRITZ!DSL\IGDCTRL.EXE [2009-07-28 73528]
S2 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2008-04-25 45056]
S2 NTIPPKernel;NTIPPKernel;c:\program files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\NTIPPKernel.sys [2008-01-16 122368]
S2 RS_Service;Raw Socket Service;c:\program files\Acer\Acer VCM\RS_Service.exe [2008-01-10 233472]
S3 NETw5v32;Intel(R) Wireless WiFi Link Adaptertreiber für Windows Vista 32-Bit;c:\windows\system32\DRIVERS\NETw5v32.sys [2010-01-13 6628352]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2008-06-25 44064]
S3 tap0801;TAP-Win32 Adapter V8;c:\windows\system32\DRIVERS\tap0801.sys [2006-10-01 26624]
S3 winbondcir;Winbond IR Transceiver;c:\windows\system32\DRIVERS\winbondcir.sys [2007-03-28 43008]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Inhalt des "geplante Tasks" Ordners
2010-10-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-06 18:49]
2010-10-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-06 18:49]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.gmx.de/
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=1008&m=aspire_6930g
uInternet Settings,ProxyOverride = *.local
IE: An vorhandene PDF-Datei anfügen - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Bild an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: Linkziel an vorhandene PDF-Datei anhängen - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Linkziel in Adobe PDF konvertieren - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Seite an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
FF - ProfilePath - c:\users\Johannes\AppData\Roaming\Mozilla\Firefox\Profiles\j9g7c9nr.default\
FF - plugin: c:\program files\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX Richtlinien ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2010-10-29 10:05
Windows 6.0.6002 Service Pack 2 NTFS
Scanne versteckte Prozesse...
Scanne versteckte Autostarteinträge...
Scanne versteckte Dateien...
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}]
"ImagePath"="\??\c:\program files\Acer Arcade Deluxe\PlayMovie\000.fcl"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
- - - - - - - > 'Explorer.exe'(3472)
c:\users\Johannes\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll
c:\program files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
c:\program files\Acer\Empowering Technology\eDataSecurity\x86\sysenv.dll
c:\windows\system32\btmmhook.dll
c:\windows\System32\SysHook.dll
.
Zeit der Fertigstellung: 2010-10-29 10:10:40
ComboFix-quarantined-files.txt 2010-10-29 08:10
ComboFix2.txt 2010-10-25 21:41
Vor Suchlauf: 19 Verzeichnis(se), 93,544,345,600 Bytes frei
Nach Suchlauf: 19 Verzeichnis(se), 93,525,942,272 Bytes frei
- - End Of File - - 86EF34F41F3EF416CB596243A6193CE2
|
|
29.10.2010, 12:47
| #23 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Unerwünschte Weiterleitung bei Google Suche (Ask.com) Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus Downloade Dir anschließend bitte MBRCheck (by a_d_13) und speichere die Datei auf dem Desktop.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
30.10.2010, 18:56
| #24 |
| | Unerwünschte Weiterleitung bei Google Suche (Ask.com) GMER ist leider immer wieder abgestürzt (immer bei der Datei: \Device\Harddisk\ShadowCopy1). OSAM lief hingegen innerhalb einer Minute ohne Probleme durch und auch MBRCheck ging ohne Probleme. Hier das OSAM Log File: OSAM Logfile: Code:
ATTFilter Report of OSAM: Autorun Manager v5.0.11926.0 Online Solutions. Complex Protection for Information Systems Saved at 19:48:37 on 30.10.2010 OS: Windows Vista Home Premium Edition Service Pack 2 (Build 6002), 32-bit Default Browser: Mozilla Corporation Firefox 3.6.12 Scanner Settings [x] Rootkits detection (hidden registry) [x] Rootkits detection (hidden files) [x] Retrieve files information [x] Check Microsoft signatures Filters [ ] Trusted entries [ ] Empty entries [x] Hidden registry entries (rootkit activity) [x] Exclusively opened files [x] Not found files [x] Files without detailed information [x] Existing files [ ] Non-startable services [ ] Non-startable drivers [x] Active entries [x] Disabled entries [AppInit DLLs] -----( HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows )----- "AppInit_DLLs" - "Google" - C:\PROGRA~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll "AppInit_DLLs" - "Google" - C:\PROGRA~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll [Common] -----( %SystemRoot%\Tasks )----- "GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe "GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe [Control Panel Objects] -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )----- "QuickTime" - "Apple Inc." - C:\Program Files\QuickTime\QTSystem\QuickTime.cpl [Drivers] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "AlfaFF File System mini-filter" (AlfaFF) - "Alfa Corporation" - C:\Windows\System32\Drivers\AlfaFF.sys "Apple Mobile USB Driver" (USBAAPL) - "Apple, Inc." - C:\Windows\System32\Drivers\usbaapl.sys "avgio" (avgio) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\avgio.sys "avgntflt" (avgntflt) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avgntflt.sys "avipbb" (avipbb) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avipbb.sys "catchme" (catchme) - ? - C:\Users\Johannes\AppData\Local\Temp\catchme.sys (File not found) "int15" (int15) - ? - C:\Windows\system32\drivers\int15.sys (File found, but it contains no detailed information) "IP in IP Tunnel Driver" (IpInIp) - ? - C:\Windows\System32\DRIVERS\ipinip.sys (File not found) "IPX Traffic Filter Driver" (NwlnkFlt) - ? - C:\Windows\System32\DRIVERS\nwlnkflt.sys (File not found) "IPX Traffic Forwarder Driver" (NwlnkFwd) - ? - C:\Windows\System32\DRIVERS\nwlnkfwd.sys (File not found) "NTIPPKernel" (NTIPPKernel) - "Cyberlink Corp." - C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\NTIPPKernel.sys "PSDFilter" (PSDFilter) - "Egis Incorporated" - C:\Windows\System32\DRIVERS\psdfilter.sys "PSDNServ" (PSDNServ) - "Egis Incorporated" - C:\Windows\System32\DRIVERS\PSDNServ.sys "PSDVdisk" (psdvdisk) - "Egis Incorporated" - C:\Windows\System32\DRIVERS\PSDVdisk.sys "ssmdrv" (ssmdrv) - "Avira GmbH" - C:\Windows\System32\DRIVERS\ssmdrv.sys "TAP-Win32 Adapter V8" (tap0801) - "The OpenVPN Project" - C:\Windows\System32\DRIVERS\tap0801.sys "UBHelper" (UBHelper) - "NewTech Infosystems Corporation" - C:\Windows\system32\drivers\UBHelper.sys "Upper Class Filter Driver" (NTIDrvr) - "NewTech Infosystems, Inc." - C:\Windows\System32\DRIVERS\NTIDrvr.sys "{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}" ({49DE1C67-83F8-4102-99E0-C16DCC7EEC796}) - "Cyberlink Corp." - C:\Program Files\Acer Arcade Deluxe\PlayMovie\000.fcl [Explorer] -----( HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? - (File not found | COM-object registry key not found) {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? - (File not found | COM-object registry key not found) {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? - (File not found | COM-object registry key not found) -----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )----- {F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll -----( HKLM\Software\Classes\Protocols\Filter )----- {807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL -----( HKLM\Software\Classes\Protocols\Handler )----- {314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL {0A9007C0-4076-11D3-8789-0000F8105754} "Microsoft Infotech Storage Protocol for IE 4.0" - "Microsoft Corporation" - c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll {91774881-D725-4E58-B298-07617B9B86A8} "Skype IE add-on Pluggable Protocol" - "Skype Technologies S.A." - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )----- {AEB6717E-7E19-11d0-97EE-00C04FD91972} "{AEB6717E-7E19-11d0-97EE-00C04FD91972}" - ? - (File not found | COM-object registry key not found) -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {911051fa-c21c-4246-b470-070cd8df6dc4} ".cab or .zip files" - ? - (File not found | COM-object registry key not found) {1b24a030-9b20-49bc-97ac-1be4426f9e59} "ActiveDirectory Folder" - ? - (File not found | COM-object registry key not found) {34449847-FD14-4fc8-A75A-7432F5181EFB} "ActiveDirectory Folder" - ? - (File not found | COM-object registry key not found) {0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48} "Contacts folder" - ? - (File not found | COM-object registry key not found) {30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} "DragDropProtect Class" - "Egis Inc." - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll {2b45bd21-71f8-4c8c-a87a-7eeb25a1a3e0} "EPM-PO Shell Extensions" - ? - epm-po.dll (File not found) {2C2577C2-63A7-40e3-9B7F-586602617ECB} "Explorer Query Band" - ? - (File not found | COM-object registry key not found) {8F9D8FBE-C5C1-4B65-986E-51235C9283E8} "FPLaunchCache" - "Arachnoid Biometrics Identification Group Corp." - C:\Program Files\Acer\Acer Bio Protection\FPLaunchCache.dll {FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} "IE User Assist" - ? - (File not found | COM-object registry key not found) {B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} "iTunes" - "Apple Inc." - C:\Program Files\iTunes\iTunesMiniPlayer.dll {00020d75-0000-0000-c000-000000000046} "lnkfile" - ? - (File not found | COM-object registry key not found) {42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\msohevi.dll {993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll {5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C} "Microsoft Office OneNote Namespace Extension for Windows Desktop Search" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\ONFILTER.DLL {C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll {7842554E-6BED-11D2-8CDB-B05550C10000} "Monitor Class" - "Broadcom Corporation." - C:\Windows\system32\btncopy.dll {C8494E42-ACDD-4739-B0FB-217361E4894F} "Sam Account Folder" - ? - (File not found | COM-object registry key not found) {E29F9716-5C08-4FCD-955A-119FDB5A522D} "Sam Account Folder" - ? - (File not found | COM-object registry key not found) {45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\shlext.dll {da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" - ? - (File not found | COM-object registry key not found) {E0D79304-84BE-11CE-9641-444553540000} "WinZip" - "WinZip Computing, S.L." - C:\Program Files\WinZip\wzshlstb.dll {E0D79305-84BE-11CE-9641-444553540000} "WinZip" - "WinZip Computing, S.L." - C:\Program Files\WinZip\wzshlstb.dll {E0D79306-84BE-11CE-9641-444553540000} "WinZip" - "WinZip Computing, S.L." - C:\Program Files\WinZip\wzshlstb.dll {E0D79307-84BE-11CE-9641-444553540000} "WinZip" - "WinZip Computing, S.L." - C:\Program Files\WinZip\wzshlstb.dll [Internet Explorer] -----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )----- <binary data> "Google Toolbar" - "Google Inc." - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll ITBar7Height "ITBar7Height" - ? - (File not found | COM-object registry key not found) <binary data> "ITBar7Layout" - ? - (File not found | COM-object registry key not found) <binary data> "Softonic Deutsch Toolbar" - "Conduit Ltd." - C:\Program Files\Softonic_Deutsch\tbSoft.dll <binary data> "{47833539-D0C5-4125-9FA8-0819E2EAAC93}" - ? - (File not found | COM-object registry key not found) -----( HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks )----- {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} "Softonic Deutsch Toolbar" - "Conduit Ltd." - C:\Program Files\Softonic_Deutsch\tbSoft.dll -----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )----- {8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_15" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} "Java Plug-in 1.6.0_15" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_15" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_15.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab {E2883E8F-472F-4FB0-9522-AC9BF37916A7} "{E2883E8F-472F-4FB0-9522-AC9BF37916A7}" - ? - (File not found | COM-object registry key not found) / hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )----- "@btrez.dll,-4015" - ? - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm {48E73304-E1D6-4330-914C-F5F514E3486C} "An OneNote senden" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll "Quick-Launching Area" - ? - C:\Program Files\Acer\Acer Bio Protection\PwdBank.exe {FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL {898EA8C8-E7FF-479B-8935-AEC46303B9E5} "Skype add-on for Internet Explorer" - "Skype Technologies S.A." - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )----- <binary data> "Acer eDataSecurity Management" - "Egis Incorporated." - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll <binary data> "Google Toolbar" - "Google Inc." - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} "Softonic Deutsch Toolbar" - "Conduit Ltd." - C:\Program Files\Softonic_Deutsch\tbSoft.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )----- {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} "Adobe PDF Reader" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll {AA58ED58-01DD-4d91-8333-CF10577473F7} "Google Toolbar Helper" - "Google Inc." - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} "Google Toolbar Notifier BHO" - "Google Inc." - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll {DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} "ShowBarObj Class" - "Egis" - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} "Skype add-on for Internet Explorer" - "Skype Technologies S.A." - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} "Softonic Deutsch Toolbar" - "Conduit Ltd." - C:\Program Files\Softonic_Deutsch\tbSoft.dll {02478D38-C3F9-4efb-9B51-7695ECA05670} "{02478D38-C3F9-4efb-9B51-7695ECA05670}" - ? - (File not found | COM-object registry key not found) [Logon] -----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )----- "desktop.ini" - ? - C:\Users\Johannes\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini "FRITZ!DSL Protect.lnk" - "AVM Berlin" - C:\Program Files\FRITZ!DSL\FwebProt.exe (Shortcut exists | File exists) -----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )----- "Acer VCM.lnk" - "Acer Incorporated" - C:\Program Files\Acer\Acer VCM\AcerVCM.exe (Shortcut exists | File exists) "desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini "FRITZ!DSL Startcenter.lnk" - "AVM Berlin" - C:\Program Files\FRITZ!DSL\StCenter.exe (Shortcut exists | File exists) "BTTray.lnk" - "Broadcom Corporation." - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Shortcut exists | File exists) "WinZip Quick Pick.lnk" - "WinZip Computing, S.L." - C:\Program Files\WinZip\WZQKPICK.EXE (Shortcut exists | File exists) -----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )----- "Skype" - "Skype Technologies S.A." - "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized "swg" - "Google Inc." - "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" -----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )----- "StartupPrograms" - ? - rdpclip (File not found) -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )----- "Adobe Reader Speed Launcher" - "Adobe Systems Incorporated" - "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" "ArcadeDeluxeAgent" - "CyberLink Corp." - "C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe" "avgnt" - "Avira GmbH" - "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min "BkupTray" - ? - "C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe" "CLMLServer" - "CyberLink" - "C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe" "eAudio" - "Acer Incorporated" - "C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe" "eDataSecurity Loader" - "Egis Incorporated" - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe "ePower_DMC" - "Acer Inc." - C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe "Google Desktop Search" - "Google" - "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup "IAAnotif" - "Intel Corporation" - C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe "iTunesHelper" - "Apple Inc." - "C:\Program Files\iTunes\iTunesHelper.exe" "LManager" - "Dritek System Inc." - C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE "openvpn-gui" - ? - C:\Program Files\OpenVPN\bin\openvpn-gui.exe (File found, but it contains no detailed information) "PlayMovie" - "Acer Corp." - "C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe" "PLFSetI" - ? - C:\Windows\PLFSetI.exe "QuickTime Task" - "Apple Inc." - "C:\Program Files\QuickTime\QTTask.exe" -atboottime "SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Program Files\Java\jre6\bin\jusched.exe" "WarReg_PopUp" - "Acer Incorporated" - C:\Program Files\Acer\WR_PopUp\WarReg_PopUp.exe "ZPdtWzdVitaKey MC3000" - "Arachnoid Biometrics Identification Group Corp." - "C:\Program Files\Acer\Acer Bio Protection\PdtWzd.exe" show [Print Monitors] -----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )----- "avm:" - "AVM Berlin GmbH" - C:\Windows\system32\avmprmon.dll "CutePDF Writer Monitor" - ? - C:\Windows\system32\cpwmon2k.dll (File found, but it contains no detailed information) "Send To Microsoft OneNote Monitor" - "Microsoft Corporation" - C:\Windows\system32\msonpmon.dll [Services] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "@C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100" (WPFFontCache_v0400) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe "Apple Mobile Device" (Apple Mobile Device) - "Apple Inc." - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe "Avira AntiVir Guard" (AntiVirService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\avguard.exe "Avira AntiVir Planer" (AntiVirSchedulerService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\sched.exe "AVM IGD CTRL Service" (IGDCTRL) - "AVM Berlin" - C:\Program Files\FRITZ!DSL\IGDCTRL.EXE "Bonjour Service" (Bonjour Service) - "Apple Inc." - C:\Program Files\Bonjour\mDNSResponder.exe "CLHNService" (CLHNService) - ? - C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe "Cyberlink RichVideo Service(CRVS)" (RichVideo) - ? - C:\Program Files\Cyberlink\Shared files\RichVideo.exe "eDataSecurity Service" (eDataSecurity Service) - "Egis Incorporated" - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe "Empowering Technology Service" (ETService) - ? - C:\Program Files\Acer\Empowering Technology\Service\ETService.exe "Google Desktop Manager 5.9.1005.12335" (GoogleDesktopManager-051210-111108) - "Google" - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe "Google Software Updater" (gusvc) - "Google" - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe "Google Update Service (gupdate)" (gupdate) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe "iGroupTec Service" (IGBASVC) - ? - C:\Program Files\Acer\Acer Bio Protection\BASVC.exe (File found, but it contains no detailed information) "Intel(R) Matrix Storage Event Monitor" (IAANTMON) - "Intel Corporation" - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe "iPod Service" (iPod Service) - "Apple Inc." - C:\Program Files\iPod\bin\iPodService.exe "LightScribeService Direct Disc Labeling Service" (LightScribeService) - "Hewlett-Packard Company" - C:\Program Files\Common Files\LightScribe\LSSrvc.exe "Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe "Microsoft Office Diagnostics Service" (odserv) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE "MobilityService" (MobilityService) - ? - C:\Acer\Mobility Center\MobilityService.exe "NTI Backup Now 5 Agent Service" (BUNAgentSvc) - "NewTech Infosystems, Inc." - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe "NTI Backup Now 5 Backup Service" (NTIBackupSvc) - "NewTech InfoSystems, Inc." - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe "NTI Backup Now 5 Scheduler Service" (NTISchedulerSvc) - ? - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe (File found, but it contains no detailed information) "Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE "OpenVPN Service" (OpenVPNService) - ? - C:\Program Files\OpenVPN\bin\openvpnserv.exe (File found, but it contains no detailed information) "Raw Socket Service" (RS_Service) - "Acer Incorporated" - C:\Program Files\Acer\Acer VCM\RS_Service.exe "VNC Server Version 4" (WinVNC4) - "RealVNC Ltd." - C:\Program Files\RealVNC\VNC4\WinVNC4.exe [Winlogon] -----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify )----- "AWinNotifyVitaKey MC3000" - "Arachnoid Biometrics Identification Group Corp." - C:\Program Files\Acer\Acer Bio Protection\WinNotify.dll "spba" - "UPEK Inc." - C:\Program Files\Common Files\SPBA\homefus2.dll [Winsock Providers] -----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )----- "Sarah NSP" - "AVM Berlin" - C:\Program Files\FRITZ!DSL\sarah.dll -----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries )----- "SARAH LSP" - "AVM Berlin" - C:\Program Files\FRITZ!DSL\sarah.dll ===[ Logfile end ]=========================================[ Logfile end ]=== If You have questions or want to get some help, You can visit Online Solutions :: Index Das MBRCheck Log File: MBRCheck, version 1.2.3 (c) 2010, AD Command-line: Windows Version: Windows Vista Home Premium Edition Windows Information: Service Pack 2 (build 6002), 32-bit Base Board Manufacturer: Acer BIOS Manufacturer: Acer System Manufacturer: Acer System Product Name: Aspire 6930G Logical Drives Mask: 0x0000002c Kernel Drivers (total 163): 0x8201F000 \SystemRoot\system32\ntkrnlpa.exe 0x823D8000 \SystemRoot\system32\hal.dll 0x8040A000 \SystemRoot\system32\kdcom.dll 0x80411000 \SystemRoot\system32\mcupdate_GenuineIntel.dll 0x80481000 \SystemRoot\system32\PSHED.dll 0x80492000 \SystemRoot\system32\BOOTVID.dll 0x8049A000 \SystemRoot\system32\CLFS.SYS 0x804DB000 \SystemRoot\system32\CI.dll 0x8060D000 \SystemRoot\system32\drivers\Wdf01000.sys 0x80689000 \SystemRoot\system32\drivers\WDFLDR.SYS 0x80696000 \SystemRoot\system32\drivers\acpi.sys 0x806DC000 \SystemRoot\system32\drivers\WMILIB.SYS 0x806E5000 \SystemRoot\system32\drivers\msisadrv.sys 0x806ED000 \SystemRoot\system32\drivers\pci.sys 0x80714000 \SystemRoot\System32\drivers\partmgr.sys 0x80723000 \SystemRoot\system32\DRIVERS\compbatt.sys 0x80726000 \SystemRoot\system32\DRIVERS\BATTC.SYS 0x80730000 \SystemRoot\system32\drivers\volmgr.sys 0x8073F000 \SystemRoot\System32\drivers\volmgrx.sys 0x80789000 \SystemRoot\System32\drivers\mountmgr.sys 0x80799000 \SystemRoot\System32\Drivers\UBHelper.sys 0x82609000 \SystemRoot\system32\DRIVERS\iaStor.sys 0x826E2000 \SystemRoot\system32\drivers\atapi.sys 0x826EA000 \SystemRoot\system32\drivers\ataport.SYS 0x82708000 \SystemRoot\system32\drivers\fltmgr.sys 0x8273A000 \SystemRoot\system32\drivers\fileinfo.sys 0x8274A000 \SystemRoot\system32\DRIVERS\psdfilter.sys 0x82753000 \SystemRoot\system32\Drivers\AlfaFF.sys 0x8275C000 \SystemRoot\system32\Drivers\ksecdd.sys 0x8A00A000 \SystemRoot\system32\drivers\ndis.sys 0x8A115000 \SystemRoot\system32\drivers\msrpc.sys 0x8A140000 \SystemRoot\system32\drivers\NETIO.SYS 0x8A20A000 \SystemRoot\System32\Drivers\Ntfs.sys 0x8A31A000 \SystemRoot\system32\drivers\volsnap.sys 0x8A353000 \SystemRoot\System32\Drivers\spldr.sys 0x8A35B000 \SystemRoot\System32\Drivers\mup.sys 0x8A36A000 \SystemRoot\System32\drivers\ecache.sys 0x8A391000 \SystemRoot\system32\drivers\disk.sys 0x8A3A2000 \SystemRoot\system32\drivers\CLASSPNP.SYS 0x8A3C3000 \SystemRoot\system32\drivers\crcdisk.sys 0x8DADE000 \SystemRoot\system32\DRIVERS\tunnel.sys 0x8DAE9000 \SystemRoot\system32\DRIVERS\tunmp.sys 0x8DAF2000 \SystemRoot\system32\DRIVERS\CmBatt.sys 0x8DAF6000 \SystemRoot\system32\DRIVERS\wmiacpi.sys 0x8DE0E000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys 0x8E541000 \SystemRoot\System32\drivers\dxgkrnl.sys 0x8E5E2000 \SystemRoot\System32\drivers\watchdog.sys 0x8E5EE000 \SystemRoot\system32\DRIVERS\usbuhci.sys 0x8DAFF000 \SystemRoot\system32\DRIVERS\USBPORT.SYS 0x8DB3D000 \SystemRoot\system32\DRIVERS\usbehci.sys 0x8DB4C000 \SystemRoot\system32\DRIVERS\HDAudBus.sys 0x8E604000 \SystemRoot\system32\DRIVERS\NETw5v32.sys 0x8EC60000 \SystemRoot\system32\DRIVERS\L1E60x86.sys 0x8EC70000 \SystemRoot\system32\DRIVERS\winbondcir.sys 0x8EC85000 \SystemRoot\system32\DRIVERS\i8042prt.sys 0x8EC98000 \SystemRoot\system32\DRIVERS\DKbFltr.sys 0x8ECA2000 \SystemRoot\system32\DRIVERS\kbdclass.sys 0x8ECAD000 \SystemRoot\system32\DRIVERS\SynTP.sys 0x8ECDD000 \SystemRoot\system32\DRIVERS\USBD.SYS 0x8ECDF000 \SystemRoot\system32\DRIVERS\mouclass.sys 0x8ECEA000 \SystemRoot\system32\DRIVERS\cdrom.sys 0x8ED02000 \SystemRoot\system32\DRIVERS\NTIDrvr.sys 0x8ED0A000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys 0x8ED10000 \SystemRoot\system32\DRIVERS\intelppm.sys 0x8ED1F000 \SystemRoot\system32\DRIVERS\msiscsi.sys 0x8ED4E000 \SystemRoot\system32\DRIVERS\storport.sys 0x8ED8F000 \SystemRoot\system32\DRIVERS\TDI.SYS 0x8ED9A000 \SystemRoot\system32\DRIVERS\rasl2tp.sys 0x8EDB1000 \SystemRoot\system32\DRIVERS\ndistapi.sys 0x8EDBC000 \SystemRoot\system32\DRIVERS\ndiswan.sys 0x8EDDF000 \SystemRoot\system32\DRIVERS\raspppoe.sys 0x8DBD9000 \SystemRoot\system32\DRIVERS\raspptp.sys 0x8A3D9000 \SystemRoot\system32\DRIVERS\rassstp.sys 0x8EDEE000 \SystemRoot\system32\DRIVERS\tap0801.sys 0x8DBED000 \SystemRoot\system32\DRIVERS\termdd.sys 0x8EDF9000 \SystemRoot\system32\DRIVERS\swenum.sys 0x8A17B000 \SystemRoot\system32\DRIVERS\ks.sys 0x8DE00000 \SystemRoot\system32\DRIVERS\circlass.sys 0x8A3EE000 \SystemRoot\system32\DRIVERS\mssmbios.sys 0x8A1A5000 \SystemRoot\system32\DRIVERS\umbus.sys 0x8A1B2000 \SystemRoot\system32\DRIVERS\usbhub.sys 0x8A1E7000 \SystemRoot\System32\Drivers\NDProxy.SYS 0x8EE04000 \SystemRoot\system32\drivers\RTKVHDA.sys 0x8F00C000 \SystemRoot\system32\drivers\portcls.sys 0x8F039000 \SystemRoot\system32\drivers\drmk.sys 0x8F05E000 \SystemRoot\system32\DRIVERS\HSXHWAZL.sys 0x8F09B000 \SystemRoot\system32\DRIVERS\HSX_DPV.sys 0x8F207000 \SystemRoot\system32\DRIVERS\HSX_CNXT.sys 0x8F2BC000 \SystemRoot\system32\drivers\modem.sys 0x8F2C9000 \SystemRoot\system32\drivers\nvhda32v.sys 0x8F2D7000 \SystemRoot\system32\DRIVERS\hidir.sys 0x8F2E2000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS 0x8F2F2000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS 0x8F2F9000 \SystemRoot\system32\DRIVERS\kbdhid.sys 0x8F302000 \SystemRoot\system32\DRIVERS\mouhid.sys 0x8F30A000 \SystemRoot\System32\Drivers\Fs_Rec.SYS 0x8F313000 \SystemRoot\System32\Drivers\Null.SYS 0x8F31A000 \SystemRoot\System32\Drivers\Beep.SYS 0x8F321000 \SystemRoot\System32\drivers\vga.sys 0x8F32D000 \SystemRoot\System32\drivers\VIDEOPRT.SYS 0x8F34E000 \SystemRoot\System32\DRIVERS\RDPCDD.sys 0x8F356000 \SystemRoot\system32\drivers\rdpencdd.sys 0x8F35E000 \SystemRoot\system32\drivers\RTSTOR.SYS 0x8F371000 \SystemRoot\System32\Drivers\Msfs.SYS 0x8F37C000 \SystemRoot\System32\Drivers\Npfs.SYS 0x8F38A000 \SystemRoot\System32\DRIVERS\rasacd.sys 0x8FE08000 \SystemRoot\System32\drivers\tcpip.sys 0x8FEF2000 \SystemRoot\System32\drivers\fwpkclnt.sys 0x8FF0D000 \SystemRoot\system32\DRIVERS\tdx.sys 0x8FF23000 \SystemRoot\system32\DRIVERS\smb.sys 0x8FF37000 \SystemRoot\system32\drivers\afd.sys 0x8FF7F000 \SystemRoot\System32\DRIVERS\netbt.sys 0x8FFB1000 \SystemRoot\system32\drivers\ws2ifsl.sys 0x8FFBA000 \SystemRoot\system32\DRIVERS\pacer.sys 0x8FFD0000 \SystemRoot\system32\DRIVERS\netbios.sys 0x8FFDE000 \SystemRoot\system32\DRIVERS\wanarp.sys 0x8FFF1000 \SystemRoot\system32\DRIVERS\ssmdrv.sys 0x8F393000 \SystemRoot\system32\DRIVERS\rdbss.sys 0x8F3CF000 \SystemRoot\system32\drivers\nsiproxy.sys 0x8F3D9000 \SystemRoot\System32\Drivers\dfsc.sys 0x8F19D000 \SystemRoot\system32\DRIVERS\avipbb.sys 0x8FFF7000 \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys 0x8F1B9000 \SystemRoot\system32\DRIVERS\usbccgp.sys 0x8F1D0000 \SystemRoot\System32\Drivers\usbvideo.sys 0x8F3F0000 \SystemRoot\System32\Drivers\tcusb.sys 0x8F1F1000 \SystemRoot\System32\Drivers\crashdmp.sys 0x8DA00000 \SystemRoot\System32\Drivers\dump_iaStor.sys 0x95CB0000 \SystemRoot\System32\win32k.sys 0x8A200000 \SystemRoot\System32\drivers\Dxapi.sys 0x827CD000 \SystemRoot\system32\DRIVERS\monitor.sys 0x95ED0000 \SystemRoot\System32\TSDDD.dll 0x827DC000 \SystemRoot\system32\drivers\luafv.sys 0x807A1000 \SystemRoot\system32\DRIVERS\avgntflt.sys 0x95EF0000 \SystemRoot\System32\cdd.dll 0x9CA08000 \SystemRoot\system32\drivers\spsys.sys 0x9CAB8000 \SystemRoot\system32\DRIVERS\ipfltdrv.sys 0x9CACA000 \SystemRoot\system32\DRIVERS\lltdio.sys 0x9CADA000 \SystemRoot\system32\DRIVERS\nwifi.sys 0x9CB04000 \SystemRoot\system32\DRIVERS\ndisuio.sys 0x9CB0E000 \SystemRoot\system32\DRIVERS\rspndr.sys 0x9CB21000 \SystemRoot\system32\drivers\HTTP.sys 0x9CB8E000 \SystemRoot\System32\DRIVERS\srvnet.sys 0x9CBAB000 \SystemRoot\system32\DRIVERS\bowser.sys 0x9CBC4000 \SystemRoot\System32\drivers\mpsdrv.sys 0x9CBD9000 \SystemRoot\system32\drivers\mrxdav.sys 0x807B5000 \SystemRoot\system32\DRIVERS\mrxsmb.sys 0x805BB000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys 0x807D4000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys 0x9E402000 \SystemRoot\System32\DRIVERS\srv2.sys 0x9E42A000 \SystemRoot\System32\DRIVERS\srv.sys 0x9E478000 \??\C:\Windows\system32\drivers\int15.sys 0x9E489000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys 0x9E48D000 \??\C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\NTIPPKernel.sys 0x9E4AB000 \SystemRoot\system32\drivers\peauth.sys 0x9E589000 \SystemRoot\system32\DRIVERS\PSDNServ.sys 0x9E592000 \SystemRoot\system32\DRIVERS\PSDVdisk.sys 0x9E5A4000 \SystemRoot\System32\Drivers\secdrv.SYS 0x9E5AE000 \SystemRoot\System32\drivers\tcpipreg.sys 0x9E5BA000 \SystemRoot\system32\DRIVERS\xaudio.sys 0x9E5C2000 \??\C:\Program Files\Acer Arcade Deluxe\PlayMovie\000.fcl 0x9E5E3000 \SystemRoot\system32\DRIVERS\cdfs.sys 0x8A3CC000 \SystemRoot\system32\DRIVERS\asyncmac.sys 0x774E0000 \Windows\System32\ntdll.dll Processes (total 102): 0 System Idle Process 4 System 484 C:\Windows\System32\smss.exe 608 csrss.exe 660 C:\Windows\System32\wininit.exe 672 csrss.exe 704 C:\Windows\System32\services.exe 716 C:\Windows\System32\lsass.exe 724 C:\Windows\System32\lsm.exe 888 C:\Windows\System32\svchost.exe 956 C:\Windows\System32\nvvsvc.exe 984 C:\Windows\System32\svchost.exe 1020 C:\Windows\System32\svchost.exe 1080 C:\Windows\System32\svchost.exe 1112 C:\Windows\System32\svchost.exe 1124 C:\Windows\System32\svchost.exe 1208 C:\Windows\System32\audiodg.exe 1232 C:\Windows\System32\svchost.exe 1256 C:\Windows\System32\winlogon.exe 1280 C:\Windows\System32\SLsvc.exe 1324 C:\Windows\System32\svchost.exe 1460 C:\Windows\System32\svchost.exe 1692 C:\Windows\System32\spoolsv.exe 1748 C:\Program Files\Avira\AntiVir Desktop\sched.exe 1780 C:\Windows\System32\rundll32.exe 1792 C:\Windows\System32\svchost.exe 1832 C:\Program Files\Common Files\SPBA\upeksvr.exe 412 C:\Program Files\Acer\Acer Bio Protection\CompPtcVUI.exe 968 C:\Program Files\Avira\AntiVir Desktop\avguard.exe 1152 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe 1416 C:\Program Files\Bonjour\mDNSResponder.exe 1456 C:\Windows\System32\svchost.exe 1636 C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe 1928 C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe 1912 C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe 316 C:\Program Files\Acer\Empowering Technology\Service\ETService.exe 2136 C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe 2160 C:\Program Files\Acer\Acer Bio Protection\BASVC.exe 2240 C:\Program Files\FRITZ!DSL\IGDCTRL.EXE 2304 C:\Program Files\Common Files\LightScribe\LSSrvc.exe 2336 C:\ACER\Mobility Center\MobilityService.exe 2468 C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe 2516 HP1006MC.EXE 2584 C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe 2612 C:\Windows\System32\svchost.exe 2664 C:\Program Files\Cyberlink\Shared files\RichVideo.exe 2684 C:\Program Files\Acer\Acer VCM\RS_Service.exe 2728 C:\Windows\System32\svchost.exe 2768 C:\Windows\System32\svchost.exe 2824 C:\Program Files\RealVNC\VNC4\winvnc4.exe 2856 C:\Windows\System32\SearchIndexer.exe 2880 C:\Windows\System32\drivers\XAudio.exe 3344 C:\Windows\System32\taskeng.exe 3412 C:\Windows\System32\dwm.exe 3468 C:\Windows\explorer.exe 3608 C:\Windows\System32\taskeng.exe 3720 C:\Program Files\Windows Defender\MSASCui.exe 3732 C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe 3740 C:\Windows\RtHDVCpl.exe 3752 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe 3812 C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe 3928 C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe 3948 C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe 3964 C:\Windows\System32\rundll32.exe 3980 C:\Windows\PLFSetI.exe 4000 C:\Program Files\Launch Manager\QtZgAcer.EXE 4020 C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe 4028 C:\Program Files\Acer\Acer Bio Protection\PdtWzd.exe 4040 C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe 4052 C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe 4064 C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe 4080 C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe 1364 C:\Program Files\OpenVPN\bin\openvpn-gui.exe 428 C:\Program Files\Avira\AntiVir Desktop\avgnt.exe 2032 C:\Program Files\Java\jre6\bin\jusched.exe 1408 C:\Program Files\iTunes\iTunesHelper.exe 2524 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe 2292 C:\Windows\ehome\ehtray.exe 1996 C:\Program Files\Skype\Phone\Skype.exe 2604 C:\Program Files\Acer\Acer VCM\AcerVCM.exe 2464 C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe 700 C:\Program Files\FRITZ!DSL\StCenter.exe 600 C:\Program Files\FRITZ!DSL\FwebProt.exe 3880 C:\Windows\System32\wbem\unsecapp.exe 3924 WmiPrvSE.exe 1216 C:\Windows\ehome\ehmsas.exe 4500 C:\Users\Johannes\AppData\Local\Temp\RtkBtMnt.exe 4744 WmiPrvSE.exe 4900 C:\Program Files\iPod\bin\iPodService.exe 5016 C:\Program Files\Acer\Acer VCM\acp2HID.exe 5700 C:\Program Files\Synaptics\SynTP\SynTPHelper.exe 5712 C:\Program Files\Skype\Plugin Manager\skypePM.exe 4124 C:\Windows\System32\msiexec.exe 4388 C:\Program Files\Mozilla Firefox\firefox.exe 3160 C:\Program Files\Mozilla Firefox\plugin-container.exe 816 C:\Program Files\WinZip\WZQKPICK.EXE 5892 C:\Users\Johannes\Desktop\osam.exe 4740 C:\Program Files\Microsoft Office\Office12\WINWORD.EXE 3540 C:\Windows\System32\SearchProtocolHost.exe 4392 C:\Windows\System32\SearchFilterHost.exe 4640 C:\Users\Johannes\Desktop\MBRCheck.exe 5664 C:\Windows\System32\conime.exe \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000002`80100000 (NTFS) \\.\D: --> \\.\PhysicalDrive0 at offset 0x00000026`82e00000 (NTFS) PhysicalDrive0 Model Number: ST9320320AS, Rev: 0303 Size Device Name MBR Status -------------------------------------------- 298 GB \\.\PhysicalDrive0 Unknown MBR code SHA1: 1BD01CAC429595C1D0CBBF8C10C0B8BA957B5116 Found non-standard or infected MBR. Enter 'Y' and hit ENTER for more options, or 'N' to exit: |
|
30.10.2010, 20:17
| #25 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Unerwünschte Weiterleitung bei Google Suche (Ask.com) Schau mal hier => Vista Notfall/Recovery-CD 32-Bit - Dr. Windows Lad das iso runter, brenn es zB mit ImgBurn per Imagebrennfunktion auf eine CD und starte damit den Rechner (von dieser CD booten). Klick auf Computerreparaturoptionen, weiter, Eingabeaufforderung - die Konsole öffnet sich. Da bitte bootrec.exe /fixboot eintippen (mit enter bestätigen), dann bootrec.exe /fixmbr eintippen (mit enter bestätigen) - Rechner neustarten, CD vorher rausnehmen.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu Unerwünschte Weiterleitung bei Google Suche (Ask.com) |
| 4d36e972-e325-11ce-bfc1-08002be10318, acroiehelper.dll, amerika, ask.com, audiodg.exe, avgntflt.sys, benötige, bereits, c:\windows\system32\rundll32.exe, components, conduit, corp./icp, diner dash, dropbox, excel.exe, firefox.exe, foren, freue, gen, google, google chrome, hallo zusammen, home premium, iastor.sys, igdctrl.exe, individuelle, installier, intranet, laufe, laufen, launch, location, lösungen, malwarebytes, media center, microsoft office word, nvlddmkm.sys, nvstor.sys, office 2007, oldtimer, otl logfile, otl.exe, plug-in, problem, programdata, saver, sched.exe, schritte, searchplugins, security update, seite, service pack 1, skype.exe, softonic, softonic deutsch toolbar, start menu, suche, system restore, unerwünschte, unterstützung, usb 2.0, weiteren, weitergeleitet, weiterleitung, wrapper, würde, zusammen |
Linear-Darstellung
