|
Log-Analyse und Auswertung: Probleme nach Virensann mit MalwarebytesWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
02.05.2011, 11:14 | #16 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Probleme nach Virensann mit Malwarebytes Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
__________________ Logfiles bitte immer in CODE-Tags posten |
04.05.2011, 20:16 | #17 |
| Probleme nach Virensann mit Malwarebytes Combofix Logfile:
__________________Code:
ATTFilter ComboFix 11-05-03.08 - Simon 04.05.2011 21:00:24.2.4 - x64 ausgeführt von:: c:\users\Simon\Desktop\CoFi.exe.exe AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7} SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((( Dateien erstellt von 2011-04-04 bis 2011-05-04 )))))))))))))))))))))))))))))) . . 2011-05-04 19:06 . 2011-05-04 19:06 -------- d-----w- c:\users\Default\AppData\Local\temp 2011-05-04 18:49 . 2011-05-04 18:49 -------- d-----w- c:\program files\CCleaner 2011-05-04 18:19 . 2011-05-04 18:36 -------- d-----w- C:\CoFi.exe 2011-05-04 17:36 . 2011-04-11 08:21 8802128 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{1BBCC92D-EF75-485F-8258-3BAAEC2FC3CE}\mpengine.dll 2011-04-30 08:56 . 2011-04-30 08:56 -------- d-----w- C:\_OTL 2011-04-27 14:37 . 2011-04-27 14:37 1186056 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll 2011-04-27 11:26 . 2011-03-03 15:06 32256 ----a-w- c:\windows\system32\Apphlpdm.dll 2011-04-27 11:26 . 2011-03-03 14:56 28672 ----a-w- c:\windows\SysWow64\Apphlpdm.dll 2011-04-27 11:26 . 2011-03-03 13:01 4240384 ----a-w- c:\windows\SysWow64\GameUXLegacyGDFs.dll 2011-04-27 11:26 . 2011-03-03 13:25 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll 2011-04-26 10:42 . 2011-04-26 10:42 -------- d-----w- c:\users\Simon\AppData\Roaming\Malwarebytes 2011-04-26 10:42 . 2010-12-20 16:09 38224 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys 2011-04-26 10:42 . 2011-04-26 10:42 -------- d-----w- c:\programdata\Malwarebytes 2011-04-26 10:42 . 2011-04-26 10:42 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2011-04-26 10:42 . 2010-12-20 16:08 24152 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-04-18 18:14 . 2011-03-03 10:50 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat 2011-04-18 17:55 . 2011-02-16 15:29 34304 ----a-w- c:\windows\SysWow64\atmlib.dll 2011-04-18 17:55 . 2011-02-16 13:24 292864 ----a-w- c:\windows\SysWow64\atmfd.dll 2011-04-18 17:55 . 2011-02-16 15:36 48128 ----a-w- c:\windows\system32\atmlib.dll 2011-04-18 17:55 . 2011-02-16 13:44 367616 ----a-w- c:\windows\system32\atmfd.dll 2011-04-18 17:55 . 2011-03-10 16:12 1161728 ----a-w- c:\windows\SysWow64\mfc42u.dll 2011-04-18 17:55 . 2011-03-10 16:12 1136640 ----a-w- c:\windows\SysWow64\mfc42.dll 2011-04-18 17:55 . 2011-03-10 16:30 1360384 ----a-w- c:\windows\system32\mfc42u.dll 2011-04-18 17:55 . 2011-03-10 16:30 1398784 ----a-w- c:\windows\system32\mfc42.dll 2011-04-16 10:17 . 2011-03-02 15:10 117760 ----a-w- c:\windows\system32\dnsrslvr.dll 2011-04-16 10:17 . 2009-05-04 10:38 28672 ----a-w- c:\windows\system32\dnscacheugc.exe 2011-04-16 10:17 . 2009-05-04 10:11 25088 ----a-w- c:\windows\SysWow64\dnscacheugc.exe 2011-04-07 21:55 . 2011-04-07 21:56 -------- d-----w- c:\users\Simon\AppData\Roaming\dvdcss 2011-04-07 21:46 . 2011-04-25 18:57 -------- d-----r- c:\users\Simon\Dropbox 2011-04-07 21:42 . 2011-04-25 18:57 -------- d-----w- c:\users\Simon\AppData\Roaming\Dropbox . . . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-03-03 15:06 . 2011-04-27 11:26 100352 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll 2011-03-03 15:06 . 2011-04-27 11:26 331776 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll 2011-03-03 15:06 . 2011-04-27 11:26 281600 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll 2011-03-03 14:56 . 2011-04-27 11:26 173056 ----a-w- c:\windows\apppatch\AcXtrnal.dll 2011-03-03 14:56 . 2011-04-27 11:26 459776 ----a-w- c:\windows\apppatch\AcSpecfc.dll 2011-03-03 14:56 . 2011-04-27 11:26 541696 ----a-w- c:\windows\apppatch\AcLayers.dll 2011-03-03 14:56 . 2011-04-27 11:26 2153984 ----a-w- c:\windows\apppatch\AcGenral.dll . . ((((((((((((((((((((((((((((( SnapShot@2011-05-04_18.30.06 ))))))))))))))))))))))))))))))))))))))))) . - 2009-09-06 18:15 . 2011-05-04 17:18 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2009-09-06 18:15 . 2011-05-04 18:49 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2009-09-06 18:15 . 2011-05-04 17:18 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2009-09-06 18:15 . 2011-05-04 18:49 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2009-09-06 18:15 . 2011-05-04 18:49 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2009-09-06 18:15 . 2011-05-04 17:18 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat . (((((((((((((((((((((((((((( Autostartpunkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . *Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. REGEDIT4 . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2011-02-18 05:12 94208 ----a-w- c:\users\Simon\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2011-02-18 05:12 94208 ----a-w- c:\users\Simon\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2011-02-18 05:12 94208 ----a-w- c:\users\Simon\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SmpcSys"="c:\program files\PACKARD BELL\SetUpMyPC\SmpSys.exe" [2008-07-07 1038136] "ICQ"="c:\program files (x86)\ICQ7.2\ICQ.exe" [2011-01-05 133432] "swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-08-19 68856] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "SmpcSys"="c:\program files\Packard Bell\SetupMyPC\SmpSys.exe" [2008-07-07 1038136] "avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2010-12-13 281768] "ArcSoft Connection Service"="c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-27 207424] "SunJavaUpdateSched"="c:\program files (x86)\Java\jre6\bin\jusched.exe" [2009-09-09 149280] "AVMWlanClient"="c:\program files (x86)\avmwlanstick\wlangui.exe" [2009-03-20 1904640] . c:\users\Simon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Dropbox.lnk - c:\users\Simon\AppData\Roaming\Dropbox\bin\Dropbox.exe [2011-3-31 23360040] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ TMMonitor.lnk - c:\program files (x86)\ArcSoft\TotalMedia 3.5\TMMonitor.exe [2009-9-7 258048] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) . [hkey_local_machine\software\Wow6432Node\microsoft\windows\currentversion\explorer\ShellExecuteHooks] . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "aux"=wdmaud.drv . R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe [2008-01-21 27648] R2 gupdate1ca72baeaac123f;Google Update Service (gupdate1ca72baeaac123f);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-12-01 133104] R2 HssWd;Hotspot Shield Monitoring Service;m:\youtube_view_us\Hotspot Shield\bin\hsswd.exe [2010-10-15 326704] R3 avmeject;AVM Eject;c:\windows\system32\drivers\avmeject.sys [x] R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-12-01 133104] R3 UXDCMN;UXDCMN;I:\UXDCMN.SYS [x] R3 uxddrv;Dynamically loaded UxdDrv;I:\uxddrv.sys [x] R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 1020768] S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x] S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2011-04-28 136360] S2 ETService;Empowering Technology Service;c:\program files\Packard Bell\Packard Bell Recovery Management\Service\ETService.exe [2008-07-16 24576] S2 ICQ Service;ICQ Service;c:\program files (x86)\ICQ6Toolbar\ICQ Service.exe [2010-09-06 247096] S2 ISWKL;ZoneAlarm Toolbar ISWKL;c:\program files\CheckPoint\ZAForceField\ISWKL.sys [2010-06-15 33528] S2 IswSvc;ZoneAlarm Toolbar IswSvc;c:\program files\CheckPoint\ZAForceField\IswSvc.exe [2010-06-15 823288] S3 fwlanusbn;FRITZ!WLAN N;c:\windows\system32\DRIVERS\fwlanusbn.sys [x] S3 RTL2832U_IRHID;HID Infrared Remote Receiver;c:\windows\system32\DRIVERS\RTL2832U_IRHID.sys [2009-03-05 46112] S3 RTL2832UBDA;REALTEK 2832U BDA Driver;c:\windows\system32\drivers\RTL2832UBDA.sys [2009-03-04 94240] S3 RTL2832UUSB;REALTEK 2832U USB Driver;c:\windows\system32\Drivers\RTL2832UUSB.sys [2009-03-04 38432] . . HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs ezSharedSvc . Inhalt des "geplante Tasks" Ordners . 2011-05-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-12-01 19:17] . 2011-05-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-12-01 19:17] . . --------- x86-64 ----------- . . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}] m:\youtube_view_us\Hotspot Shield\HssIE\HssIE_64.dll [BU] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2011-02-18 05:12 97792 ----a-w- c:\users\Simon\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2011-02-18 05:12 97792 ----a-w- c:\users\Simon\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2011-02-18 05:12 97792 ----a-w- c:\users\Simon\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4] @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}] 2011-02-18 05:12 97792 ----a-w- c:\users\Simon\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-10-16 15940640] . ------- Zusätzlicher Suchlauf ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = mStart Page = mLocal Page = IE: Free YouTube to Mp3 Converter - c:\users\Simon\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm FF - ProfilePath - c:\users\Simon\AppData\Roaming\Mozilla\Firefox\Profiles\793b4mqu.default\ FF - prefs.js: browser.search.defaulturl - FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/ FF - prefs.js: keyword.URL - hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=SPC2&o=15000&locale=de_DE&apn_uid=A759091C-6C3E-4214-B1FC-AB77058C8D7E&apn_ptnrs=PV&apn_sauid=618BEEE3-6AE4-40C0-A3E0-77A33CF44906&apn_dtid=&q= . . --------------------- Gesperrte Registrierungsschluessel --------------------- . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.10" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}] @Denied: (A 2) (Everyone) . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0] @="Shockwave Flash" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}] @Denied: (A 2) (Everyone) @="" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0] @="FlashBroker" . [HKEY_LOCAL_MACHINE\software\Wow6432Node\Classes] "SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59, 00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\ . Zeit der Fertigstellung: 2011-05-04 21:08:59 ComboFix-quarantined-files.txt 2011-05-04 19:08 ComboFix2.txt 2011-05-04 18:36 . Vor Suchlauf: 15 Verzeichnis(se), 127.440.916.480 Bytes frei Nach Suchlauf: 16 Verzeichnis(se), 131.640.299.520 Bytes frei . - - End Of File - - 472BBCAE47E824C1F8C7FF7B3F279D14 |
05.05.2011, 09:38 | #18 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Probleme nach Virensann mit Malwarebytes Combofix - Scripten
__________________1. Starte das Notepad (Start / Ausführen / notepad[Enter]) 2. Jetzt füge mit copy/paste den ganzen Inhalt der untenstehenden Codebox in das Notepad Fenster ein. Code:
ATTFilter Folder:: c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History c:\program files\CheckPoint Driver:: UXDCMN ISWKL IswSvc 4. Deaktivere den Guard Deines Antivirenprogramms und eine eventuell vorhandene Software Firewall. (Auch Guards von Ad-, Spyware Programmen und den Tea Timer (wenn vorhanden) !) 5. Dann ziehe die CFScript.txt auf die cofi.exe, so wie es im unteren Bild zu sehen ist. Damit wird Combofix neu gestartet. 6. Nach dem Neustart (es wird gefragt ob Du neustarten willst), poste bitte die folgenden Log Dateien: Combofix.txt Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________ |
05.05.2011, 18:01 | #19 |
| Probleme nach Virensann mit Malwarebytes Combofix Logfile: Code:
ATTFilter ComboFix 11-05-03.08 - Simon 05.05.2011 18:35:02.3.4 - x64 Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.49.1031.18.4093.2680 [GMT 2:00] ausgeführt von:: c:\users\Simon\Desktop\CoFi.exe.exe Benutzte Befehlsschalter :: c:\users\Simon\Desktop\CFScript.txt AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7} SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . (((((((((((((((((((((((((((((((((((( Weitere Löschungen )))))))))))))))))))))))))))))))))))))))))))))))) . . c:\program files\CheckPoint c:\program files\CheckPoint\ZAForceField\akxcpt.ini c:\program files\CheckPoint\ZAForceField\CFG\Heuristics.xml c:\program files\CheckPoint\ZAForceField\CFG\Normal.xml c:\program files\CheckPoint\ZAForceField\CFG\Privacy.xml c:\program files\CheckPoint\ZAForceField\Clean_tool.exe c:\program files\CheckPoint\ZAForceField\CPLic.dll c:\program files\CheckPoint\ZAForceField\ForceField.exe c:\program files\CheckPoint\ZAForceField\ForceField64.xml c:\program files\CheckPoint\ZAForceField\GUI\FileSaveRunProtectionGreenTooltip.xml c:\program files\CheckPoint\ZAForceField\GUI\GuiAbout.xml c:\program files\CheckPoint\ZAForceField\GUI\GuiAdvancedPanelHintTooltip.xml c:\program files\CheckPoint\ZAForceField\GUI\GuiAKFalsePosHintTooltip.xml c:\program files\CheckPoint\ZAForceField\GUI\GuiClearVfsHintTooltip.xml c:\program files\CheckPoint\ZAForceField\GUI\GuiConfirmClose.xml c:\program files\CheckPoint\ZAForceField\GUI\GuiDumpMinimal.xml c:\program files\CheckPoint\ZAForceField\GUI\GuiDumpPostpone.xml c:\program files\CheckPoint\ZAForceField\GUI\GuiDumpProgress.xml c:\program files\CheckPoint\ZAForceField\GUI\GuiDumpSelect.xml c:\program files\CheckPoint\ZAForceField\GUI\GuiEmailConfirm.xml c:\program files\CheckPoint\ZAForceField\GUI\GuiFFConfirmClose.xml c:\program files\CheckPoint\ZAForceField\GUI\GuiFFXpiHelpTooltip.xml c:\program files\CheckPoint\ZAForceField\GUI\GuiFFXpiInstallConfirm.xml c:\program files\CheckPoint\ZAForceField\GUI\GuiFileAccessConfirm.xml c:\program files\CheckPoint\ZAForceField\GUI\GuiFileSaveRunConfirmBad.xml c:\program files\CheckPoint\ZAForceField\GUI\GuiFileSaveRunConfirmWarn.xml c:\program files\CheckPoint\ZAForceField\GUI\GuiFileSaveRunProtection.xml c:\program files\CheckPoint\ZAForceField\GUI\GuiFirstRun.xml c:\program files\CheckPoint\ZAForceField\GUI\GuiHeuristicsInfoHintTooltip.xml c:\program files\CheckPoint\ZAForceField\GUI\GuiIswAutoUpdate.xml c:\program files\CheckPoint\ZAForceField\GUI\GuiIswAutoUpdateRestartSystemConfirm.xml c:\program files\CheckPoint\ZAForceField\GUI\GuiIswAutoUpdateShutdownConfirm.xml c:\program files\CheckPoint\ZAForceField\GUI\GuiIswFlushConfirm.xml c:\program files\CheckPoint\ZAForceField\GUI\GuiIswShutdownConfirm.xml c:\program files\CheckPoint\ZAForceField\GUI\GuiLicDaysLeftPanel.xml c:\program files\CheckPoint\ZAForceField\GUI\GuiLicKeyAcceptedNeedNoRestart.xml c:\program files\CheckPoint\ZAForceField\GUI\GuiLicKeyAcceptedNeedRestart.xml c:\program files\CheckPoint\ZAForceField\GUI\GuiLicKeyEnter.xml c:\program files\CheckPoint\ZAForceField\GUI\GuiLicKeyExpired.xml c:\program files\CheckPoint\ZAForceField\GUI\GuiLicKeyPirated.xml c:\program files\CheckPoint\ZAForceField\GUI\GuiLicKeyServerCheck.xml c:\program files\CheckPoint\ZAForceField\GUI\GuiLicKeyServerSyncFailed.xml c:\program files\CheckPoint\ZAForceField\GUI\GuiLicKeyUnexpectedError.xml c:\program files\CheckPoint\ZAForceField\GUI\GuiLicKeyWhereToFind.xml c:\program files\CheckPoint\ZAForceField\GUI\GuiLicServerTooltip.xml c:\program files\CheckPoint\ZAForceField\GUI\GuiManAdvanced.xml c:\program files\CheckPoint\ZAForceField\GUI\GuiManBase.xml c:\program files\CheckPoint\ZAForceField\GUI\GuiManGeneral.xml c:\program files\CheckPoint\ZAForceField\GUI\GuiPrivateBrowserAlert.xml c:\program files\CheckPoint\ZAForceField\GUI\GuiProtectionSummaryTooltip.xml c:\program files\CheckPoint\ZAForceField\GUI\GuiSbStatistics.xml c:\program files\CheckPoint\ZAForceField\GUI\GuiScanResultDetailsHintTooltip.xml c:\program files\CheckPoint\ZAForceField\GUI\GuiSearchConfirm.xml c:\program files\CheckPoint\ZAForceField\GUI\GuiSendURLConfirm.xml c:\program files\CheckPoint\ZAForceField\GUI\GuiSettingsTakeEffectConfirm.xml c:\program files\CheckPoint\ZAForceField\GUI\GuiShutdownConfirm.xml c:\program files\CheckPoint\ZAForceField\GUI\GuiSiteInfo.xml c:\program files\CheckPoint\ZAForceField\GUI\GuiSplash.xml c:\program files\CheckPoint\ZAForceField\GUI\GuiSubscription.xml c:\program files\CheckPoint\ZAForceField\GUI\GuiTheme.xml c:\program files\CheckPoint\ZAForceField\GUI\GuiUnsignedHintTooltip.xml c:\program files\CheckPoint\ZAForceField\GUI\GuiUnvirtualizedWindowsUpdateConfirm.xml c:\program files\CheckPoint\ZAForceField\GUI\GuiUrlAccess.xml c:\program files\CheckPoint\ZAForceField\GUI\GuiUrlProgress.xml c:\program files\CheckPoint\ZAForceField\GUI\GuiViewIswComponentsVersion.xml c:\program files\CheckPoint\ZAForceField\GUI\HtmlPages\goback.html c:\program files\CheckPoint\ZAForceField\GUI\HtmlPages\logo.bmp c:\program files\CheckPoint\ZAForceField\GUI\TCPhishingHintTooltip.xml c:\program files\CheckPoint\ZAForceField\GUI\TcSiteRedirectWarning.xml c:\program files\CheckPoint\ZAForceField\GUI\TCSuspiciousAlert.xml c:\program files\CheckPoint\ZAForceField\GUI\TCUnsafeAlertHeuristics.xml c:\program files\CheckPoint\ZAForceField\GUI\TCUnsafeAlertRed.xml c:\program files\CheckPoint\ZAForceField\GUI\ToolBarNormalModeNormalView.xml c:\program files\CheckPoint\ZAForceField\GUI\ToolBarNormalModeShortView.xml c:\program files\CheckPoint\ZAForceField\GUI\ToolBarPrivacyModeNormalView.xml c:\program files\CheckPoint\ZAForceField\GUI\ToolBarPrivacyModeShortView.xml c:\program files\CheckPoint\ZAForceField\GUI\tooltip_protection.xml c:\program files\CheckPoint\ZAForceField\GUI\tooltip_status.xml c:\program files\CheckPoint\ZAForceField\injectxcpt.ini c:\program files\CheckPoint\ZAForceField\install.log c:\program files\CheckPoint\ZAForceField\ISW_no_shext.xml c:\program files\CheckPoint\ZAForceField\ISWAPPCOMPAT.xml c:\program files\CheckPoint\ZAForceField\ISWCOMMON.xml c:\program files\CheckPoint\ZAForceField\ISWDLG.dll c:\program files\CheckPoint\ZAForceField\ISWKL.sys c:\program files\CheckPoint\ZAForceField\ISWLDR.dat c:\program files\CheckPoint\ZAForceField\ISWLDRC.dat c:\program files\CheckPoint\ZAForceField\ISWPOL.xml c:\program files\CheckPoint\ZAForceField\ISWPOLFLUSH.xml c:\program files\CheckPoint\ZAForceField\iswrcs.dll c:\program files\CheckPoint\ZAForceField\ISWSVC.exe c:\program files\CheckPoint\ZAForceField\IswSvcPreload.txt c:\program files\CheckPoint\ZAForceField\ISWUILib.dll c:\program files\CheckPoint\ZAForceField\ISWUL.dll c:\program files\CheckPoint\ZAForceField\ISWUL_MIN\ISWUL.dll c:\program files\CheckPoint\ZAForceField\ISWVEXTCU.ini c:\program files\CheckPoint\ZAForceField\ISWWOW64.dll c:\program files\CheckPoint\ZAForceField\license.txt c:\program files\CheckPoint\ZAForceField\NormalNonVirtual.xml c:\program files\CheckPoint\ZAForceField\NormalVirtual.xml c:\program files\CheckPoint\ZAForceField\Plugins\icsscan.dll c:\program files\CheckPoint\ZAForceField\Plugins\ISWDMP.dll c:\program files\CheckPoint\ZAForceField\Plugins\ISWFWMON.dll c:\program files\CheckPoint\ZAForceField\Plugins\ISWMENUS.dll c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll c:\program files\CheckPoint\ZAForceField\Plugins\ISWSTATS.dll c:\program files\CheckPoint\ZAForceField\Plugins\ISWUPD.dll c:\program files\CheckPoint\ZAForceField\Plugins\ISWUPDE.exe c:\program files\CheckPoint\ZAForceField\Plugins\plugins.txt c:\program files\CheckPoint\ZAForceField\Plugins\SiteChecker.dll c:\program files\CheckPoint\ZAForceField\Plugins\updating.dll c:\program files\CheckPoint\ZAForceField\README.txt c:\program files\CheckPoint\ZAForceField\svcreg.cmd c:\program files\CheckPoint\ZAForceField\TBI.exe c:\program files\CheckPoint\ZAForceField\Trustchecker\bin\AltFFApi.dll c:\program files\CheckPoint\ZAForceField\Trustchecker\bin\liblua.dll c:\program files\CheckPoint\ZAForceField\Trustchecker\bin\libtextcat.dll c:\program files\CheckPoint\ZAForceField\Trustchecker\bin\PageBlocked.html c:\program files\CheckPoint\ZAForceField\Trustchecker\bin\samplesites.dll c:\program files\CheckPoint\ZAForceField\Trustchecker\bin\TCData.dll c:\program files\CheckPoint\ZAForceField\Trustchecker\bin\TrustChecker.dll c:\program files\CheckPoint\ZAForceField\Trustchecker\Search\Ask.ico c:\program files\CheckPoint\ZAForceField\Trustchecker\Search\askcom.xml c:\program files\CheckPoint\ZAForceField\Trustchecker\tcgt.cache c:\program files\CheckPoint\ZAForceField\Uninstall.exe c:\program files\CheckPoint\ZAForceField\Updates\LocalCatalog.xml c:\program files\CheckPoint\ZAForceField\WOW64\CPLic.dll c:\program files\CheckPoint\ZAForceField\WOW64\ISWDLG.dll c:\program files\CheckPoint\ZAForceField\WOW64\ISWLDR.dat c:\program files\CheckPoint\ZAForceField\WOW64\ISWLDRC.dat c:\program files\CheckPoint\ZAForceField\WOW64\iswrcs.dll c:\program files\CheckPoint\ZAForceField\WOW64\ISWUILib.dll c:\program files\CheckPoint\ZAForceField\WOW64\ISWUL.dll c:\program files\CheckPoint\ZAForceField\WOW64\ISWUL_MIN\ISWUL.dll c:\program files\CheckPoint\ZAForceField\WOW64\Plugins\ISWDMP.dll c:\program files\CheckPoint\ZAForceField\WOW64\Plugins\ISWFWMON.dll c:\program files\CheckPoint\ZAForceField\WOW64\Plugins\ISWSHEX.dll c:\program files\CheckPoint\ZAForceField\WOW64\Plugins\ISWUPD.dll c:\program files\CheckPoint\ZAForceField\WOW64\Plugins\ISWVEXT.dll c:\program files\CheckPoint\ZAForceField\WOW64\Plugins\updating.dll c:\program files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\AltFFApi.dll c:\program files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\npFFApi.dll c:\program files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustChecker.dll c:\program files\CheckPoint\ZAForceField\WOW64\TrustChecker\chrome.manifest c:\program files\CheckPoint\ZAForceField\WOW64\TrustChecker\chrome\mozilladownload.jar c:\program files\CheckPoint\ZAForceField\WOW64\TrustChecker\chrome\trustchecker.jar c:\program files\CheckPoint\ZAForceField\WOW64\TrustChecker\components\nsITCPlugins.xpt c:\program files\CheckPoint\ZAForceField\WOW64\TrustChecker\components\nsITrustCheckerMozilla.xpt c:\program files\CheckPoint\ZAForceField\WOW64\TrustChecker\components\TrustCheckerMozillaPlugin.dll c:\program files\CheckPoint\ZAForceField\WOW64\TrustChecker\install.rdf c:\program files\CheckPoint\ZAForceField\WOW64\TrustChecker\update_1.5.232.0.rdf c:\program files\CheckPoint\ZAForceField\ZAFFDiag.exe c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\desktop.ini c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\desktop.ini c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2U9M35IT\bg_dark_mainnav_level2_standardpage_long[1].png c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2U9M35IT\bg_mainnav_level2_separator[1].gif c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2U9M35IT\bg_standardpage_bottom[1].png c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2U9M35IT\buttons-sprite[1].png c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2U9M35IT\desktop.ini c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2U9M35IT\footer-links-bg[1].png c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2U9M35IT\GoogleToolbar_32_73DD003E17144CAC.dll[1].lz c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2U9M35IT\GoogleToolbar_32_E857042E7D2E74E0.dll[1].lz c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2U9M35IT\GoogleToolbarDynamic_mui_de_09C19AB1E0C43781.dll[1].lz c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2U9M35IT\GoogleToolbarDynamic_mui_de_D7CFBCF21E80E850.dll[1].lz c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2U9M35IT\GoogleToolbarUser_64_BADB6DECFC517831.exe[1].lz c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2U9M35IT\GoogleToolbarUser_64_BCA4B64C7F249C8F.exe[1].lz c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2U9M35IT\gradient-box-bg[1].png c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2U9M35IT\KievitWeb-Bold[1].eot c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2U9M35IT\KievitWeb-BoldIta[1].eot c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2U9M35IT\link-arrows[1].png c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2U9M35IT\support-overview[1].png c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2U9M35IT\tab_active_right[1].gif c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\desktop.ini c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\M5M8VNOQ\74372433[1].txt c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\M5M8VNOQ\bg_directsearch[1].gif c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\M5M8VNOQ\bg_mainnav_level2_separator_active_right[1].gif c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\M5M8VNOQ\bg_mainnav_level3_separator[1].gif c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\M5M8VNOQ\bg_pagination[1].gif c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\M5M8VNOQ\bg_standardpage_top[1].png c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\M5M8VNOQ\desktop.ini c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\M5M8VNOQ\fastsearch_B7C5AC242193BB3E.dll[1].lz c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\M5M8VNOQ\flags[1].png c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\M5M8VNOQ\footer-links-corners[1].png c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\M5M8VNOQ\GoogleToolbarDynamic_32_D5B8545F3CFB02D4.dll[1].lz c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\M5M8VNOQ\GoogleToolbarDynamic_32_E0B3D00E06C2FA01.dll[1].lz c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\M5M8VNOQ\GoogleToolbarManager_0E996B068B56FCA2.exe[1].lz c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\M5M8VNOQ\GoogleToolbarManager_E582EA556D8DE101.exe[1].lz c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\M5M8VNOQ\KievitWeb-BookIta[1].eot c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\M5M8VNOQ\new-logo[1].png c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\M5M8VNOQ\SearchWithGoogleUpdate_C5C67DF5D46FB314.exe[1].lz c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UGFI3ED2\bg_dropdown_arrow_grey[1].gif c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UGFI3ED2\bg_mainnav_level3[1].png c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UGFI3ED2\bg_standardpage_middle[1].png c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UGFI3ED2\box-rounded-corners-with-border-sprite[1].gif c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UGFI3ED2\desktop.ini c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UGFI3ED2\ga[1].js c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UGFI3ED2\GoogleToolbar_64_18A9496A32B30FED.dll[1].lz c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UGFI3ED2\GoogleToolbar_64_41D8280252A4200C.dll[1].lz c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UGFI3ED2\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll[1].lz c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UGFI3ED2\GoogleToolbarDynamic_mui_en_9655453EC427A513.dll[1].lz c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UGFI3ED2\GoogleUpdaterService_5898FABCFA121C11.exe[1].lz c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UGFI3ED2\icon-set[1].gif c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UGFI3ED2\icon_set-bedrohung[1].gif c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UGFI3ED2\KievitWeb-Book[1].eot c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UGFI3ED2\magnifier[1].gif c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UGFI3ED2\SearchWithGoogleUpdate_C58171F2E8870EA4.exe[1].lz c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UGFI3ED2\tab_active_left[1].gif c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UHXXFROW\825f9a34fd269d998957b92c2f529387[1].js c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UHXXFROW\bg_mainnav_level2_separator_active[1].gif c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UHXXFROW\bg_round_corners_transparent[1].gif c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UHXXFROW\bg_standardpage_body[1].png c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UHXXFROW\col-border[1].gif c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UHXXFROW\desktop.ini c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UHXXFROW\f0e84f682515e9f48fcf44828fe81cf9[1].css c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UHXXFROW\f33bd0e0f2522151d82152233d1876d5[1].js c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UHXXFROW\footernav-seperator[1].gif c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UHXXFROW\GoogleCld_3F6C343113693CD9.dll[1].lz c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UHXXFROW\GoogleCld_AE2927CDD77381B4.dll[1].lz c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UHXXFROW\GoogleToolbarDynamic_64_3A8A20607C96A7B3.dll[1].lz c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UHXXFROW\GoogleToolbarDynamic_64_7B73A586FAD2C6CD.dll[1].lz c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UHXXFROW\GoogleToolbarUser_32_1D643E0FC0BE74CC.exe[1].lz c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UHXXFROW\GoogleToolbarUser_32_AE9B99EC70822BD0.exe[1].lz c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UHXXFROW\mainnav_bg[1].gif c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UHXXFROW\red-stripe-gradient[1].png c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\desktop.ini c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\desktop.ini c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\simon@avira[2].txt c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\simon@www.avira[2].txt . . ((((((((((((((((((((((((((((((((((((((( Treiber/Dienste ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Legacy_ISWKL -------\Service_ISWKL -------\Service_IswSvc -------\Service_UXDCMN . . ((((((((((((((((((((((( Dateien erstellt von 2011-04-05 bis 2011-05-05 )))))))))))))))))))))))))))))) . . 2011-05-05 16:41 . 2011-05-05 16:41 -------- d-----w- c:\users\Default\AppData\Local\temp 2011-05-04 18:49 . 2011-05-04 18:49 -------- d-----w- c:\program files\CCleaner 2011-05-04 18:19 . 2011-05-04 18:36 -------- d-----w- C:\CoFi.exe 2011-05-04 17:36 . 2011-04-11 08:21 8802128 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{1BBCC92D-EF75-485F-8258-3BAAEC2FC3CE}\mpengine.dll 2011-04-30 08:56 . 2011-04-30 08:56 -------- d-----w- C:\_OTL 2011-04-27 14:37 . 2011-04-27 14:37 1186056 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll 2011-04-27 11:26 . 2011-03-03 15:06 32256 ----a-w- c:\windows\system32\Apphlpdm.dll 2011-04-27 11:26 . 2011-03-03 14:56 28672 ----a-w- c:\windows\SysWow64\Apphlpdm.dll 2011-04-27 11:26 . 2011-03-03 13:01 4240384 ----a-w- c:\windows\SysWow64\GameUXLegacyGDFs.dll 2011-04-27 11:26 . 2011-03-03 13:25 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll 2011-04-26 10:42 . 2011-04-26 10:42 -------- d-----w- c:\users\Simon\AppData\Roaming\Malwarebytes 2011-04-26 10:42 . 2010-12-20 16:09 38224 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys 2011-04-26 10:42 . 2011-04-26 10:42 -------- d-----w- c:\programdata\Malwarebytes 2011-04-26 10:42 . 2011-04-26 10:42 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2011-04-26 10:42 . 2010-12-20 16:08 24152 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-04-18 18:14 . 2011-03-03 10:50 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat 2011-04-18 17:55 . 2011-02-16 15:29 34304 ----a-w- c:\windows\SysWow64\atmlib.dll 2011-04-18 17:55 . 2011-02-16 13:24 292864 ----a-w- c:\windows\SysWow64\atmfd.dll 2011-04-18 17:55 . 2011-02-16 15:36 48128 ----a-w- c:\windows\system32\atmlib.dll 2011-04-18 17:55 . 2011-02-16 13:44 367616 ----a-w- c:\windows\system32\atmfd.dll 2011-04-18 17:55 . 2011-03-10 16:12 1161728 ----a-w- c:\windows\SysWow64\mfc42u.dll 2011-04-18 17:55 . 2011-03-10 16:12 1136640 ----a-w- c:\windows\SysWow64\mfc42.dll 2011-04-18 17:55 . 2011-03-10 16:30 1360384 ----a-w- c:\windows\system32\mfc42u.dll 2011-04-18 17:55 . 2011-03-10 16:30 1398784 ----a-w- c:\windows\system32\mfc42.dll 2011-04-16 10:17 . 2011-03-02 15:10 117760 ----a-w- c:\windows\system32\dnsrslvr.dll 2011-04-16 10:17 . 2009-05-04 10:38 28672 ----a-w- c:\windows\system32\dnscacheugc.exe 2011-04-16 10:17 . 2009-05-04 10:11 25088 ----a-w- c:\windows\SysWow64\dnscacheugc.exe 2011-04-07 21:55 . 2011-04-07 21:56 -------- d-----w- c:\users\Simon\AppData\Roaming\dvdcss 2011-04-07 21:46 . 2011-05-05 16:09 -------- d-----r- c:\users\Simon\Dropbox 2011-04-07 21:42 . 2011-05-05 16:09 -------- d-----w- c:\users\Simon\AppData\Roaming\Dropbox . . . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-03-03 15:06 . 2011-04-27 11:26 100352 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll 2011-03-03 15:06 . 2011-04-27 11:26 331776 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll 2011-03-03 15:06 . 2011-04-27 11:26 281600 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll 2011-03-03 14:56 . 2011-04-27 11:26 173056 ----a-w- c:\windows\apppatch\AcXtrnal.dll 2011-03-03 14:56 . 2011-04-27 11:26 459776 ----a-w- c:\windows\apppatch\AcSpecfc.dll 2011-03-03 14:56 . 2011-04-27 11:26 541696 ----a-w- c:\windows\apppatch\AcLayers.dll 2011-03-03 14:56 . 2011-04-27 11:26 2153984 ----a-w- c:\windows\apppatch\AcGenral.dll . . ((((((((((((((((((((((((((((( SnapShot@2011-05-04_18.30.06 ))))))))))))))))))))))))))))))))))))))))) . - 2008-01-21 03:20 . 2011-05-04 17:16 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2008-01-21 03:20 . 2011-05-05 16:43 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2008-01-21 03:20 . 2011-05-05 16:43 81920 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2008-01-21 03:20 . 2011-05-04 17:16 81920 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2008-01-21 03:20 . 2011-05-05 16:43 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2008-01-21 03:20 . 2011-05-04 17:16 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2008-01-21 02:23 . 2011-05-05 16:10 56868 c:\windows\system32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin + 2006-11-02 15:45 . 2011-05-05 16:10 83566 c:\windows\system32\WDI\BootPerformanceDiagnostics_SystemData.bin - 2009-09-06 18:19 . 2011-05-04 17:17 16702 c:\windows\system32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1332130780-3182642251-3336314582-1000_UserData.bin + 2009-09-06 18:19 . 2011-05-05 16:10 16702 c:\windows\system32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1332130780-3182642251-3336314582-1000_UserData.bin + 2009-11-26 09:07 . 2011-05-05 16:43 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2009-11-26 09:07 . 2011-05-04 17:14 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2009-11-26 09:07 . 2011-05-05 16:43 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2009-11-26 09:07 . 2011-05-04 17:14 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2011-05-04 17:14 . 2011-05-04 17:14 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat + 2011-05-05 16:43 . 2011-05-05 16:43 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat - 2011-05-04 17:14 . 2011-05-04 17:14 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat + 2011-05-05 16:43 . 2011-05-05 16:43 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat + 2006-11-02 12:46 . 2011-05-05 16:13 595620 c:\windows\system32\perfh009.dat - 2008-01-21 11:09 . 2011-05-04 17:20 628504 c:\windows\system32\perfh007.dat + 2008-01-21 11:09 . 2011-05-05 16:13 628504 c:\windows\system32\perfh007.dat + 2006-11-02 12:46 . 2011-05-05 16:13 103694 c:\windows\system32\perfc009.dat - 2008-01-21 11:09 . 2011-05-04 17:20 126248 c:\windows\system32\perfc007.dat + 2008-01-21 11:09 . 2011-05-05 16:13 126248 c:\windows\system32\perfc007.dat . (((((((((((((((((((((((((((( Autostartpunkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . *Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. REGEDIT4 . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2011-02-18 05:12 94208 ----a-w- c:\users\Simon\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2011-02-18 05:12 94208 ----a-w- c:\users\Simon\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2011-02-18 05:12 94208 ----a-w- c:\users\Simon\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SmpcSys"="c:\program files\PACKARD BELL\SetUpMyPC\SmpSys.exe" [2008-07-07 1038136] "ICQ"="c:\program files (x86)\ICQ7.2\ICQ.exe" [2011-01-05 133432] "swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-08-19 68856] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "SmpcSys"="c:\program files\Packard Bell\SetupMyPC\SmpSys.exe" [2008-07-07 1038136] "avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2010-12-13 281768] "ArcSoft Connection Service"="c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-27 207424] "SunJavaUpdateSched"="c:\program files (x86)\Java\jre6\bin\jusched.exe" [2009-09-09 149280] "AVMWlanClient"="c:\program files (x86)\avmwlanstick\wlangui.exe" [2009-03-20 1904640] . c:\users\Simon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Dropbox.lnk - c:\users\Simon\AppData\Roaming\Dropbox\bin\Dropbox.exe [2011-3-31 23360040] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ TMMonitor.lnk - c:\program files (x86)\ArcSoft\TotalMedia 3.5\TMMonitor.exe [2009-9-7 258048] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) . [hkey_local_machine\software\Wow6432Node\microsoft\windows\currentversion\explorer\ShellExecuteHooks] . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "aux"=wdmaud.drv . R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 gupdate1ca72baeaac123f;Google Update Service (gupdate1ca72baeaac123f);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-12-01 133104] R3 avmeject;AVM Eject;c:\windows\system32\drivers\avmeject.sys [x] R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-12-01 133104] R3 uxddrv;Dynamically loaded UxdDrv;I:\uxddrv.sys [x] R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 1020768] S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x] S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2011-04-28 136360] S2 ETService;Empowering Technology Service;c:\program files\Packard Bell\Packard Bell Recovery Management\Service\ETService.exe [2008-07-16 24576] S2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe [2008-01-21 27648] S2 HssWd;Hotspot Shield Monitoring Service;m:\youtube_view_us\Hotspot Shield\bin\hsswd.exe [2010-10-15 326704] S2 ICQ Service;ICQ Service;c:\program files (x86)\ICQ6Toolbar\ICQ Service.exe [2010-09-06 247096] S3 fwlanusbn;FRITZ!WLAN N;c:\windows\system32\DRIVERS\fwlanusbn.sys [x] S3 RTL2832U_IRHID;HID Infrared Remote Receiver;c:\windows\system32\DRIVERS\RTL2832U_IRHID.sys [2009-03-05 46112] S3 RTL2832UBDA;REALTEK 2832U BDA Driver;c:\windows\system32\drivers\RTL2832UBDA.sys [2009-03-04 94240] S3 RTL2832UUSB;REALTEK 2832U USB Driver;c:\windows\system32\Drivers\RTL2832UUSB.sys [2009-03-04 38432] . . HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs ezSharedSvc . Inhalt des "geplante Tasks" Ordners . 2011-05-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-12-01 19:17] . 2011-05-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-12-01 19:17] . . --------- x86-64 ----------- . . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}] m:\youtube_view_us\Hotspot Shield\HssIE\HssIE_64.dll [BU] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2011-02-18 05:12 97792 ----a-w- c:\users\Simon\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2011-02-18 05:12 97792 ----a-w- c:\users\Simon\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2011-02-18 05:12 97792 ----a-w- c:\users\Simon\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4] @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}] 2011-02-18 05:12 97792 ----a-w- c:\users\Simon\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "combofix"="c:\cofi.exe9375c\CF18603.cfxxe" [X] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-10-16 15940640] . ------- Zusätzlicher Suchlauf ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = mStart Page = mLocal Page = IE: Free YouTube to Mp3 Converter - c:\users\Simon\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm FF - ProfilePath - c:\users\Simon\AppData\Roaming\Mozilla\Firefox\Profiles\793b4mqu.default\ FF - prefs.js: browser.search.defaulturl - FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/ FF - prefs.js: keyword.URL - hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=SPC2&o=15000&locale=de_DE&apn_uid=A759091C-6C3E-4214-B1FC-AB77058C8D7E&apn_ptnrs=PV&apn_sauid=618BEEE3-6AE4-40C0-A3E0-77A33CF44906&apn_dtid=&q= . . --------------------- Gesperrte Registrierungsschluessel --------------------- . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.10" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}] @Denied: (A 2) (Everyone) . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0] @="Shockwave Flash" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}] @Denied: (A 2) (Everyone) @="" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0] @="FlashBroker" . [HKEY_LOCAL_MACHINE\software\Wow6432Node\Classes] "SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59, 00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\ . ------------------------ Weitere laufende Prozesse ------------------------ . c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe c:\program files (x86)\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe c:\program files (x86)\avmwlanstick\WlanNetService.exe c:\windows\system32\HidService.exe m:\youtube_view_us\Hotspot Shield\HssWPR\hsssrv.exe c:\program files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe c:\windows\SysWOW64\IoctlSvc.exe c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac . ************************************************************************** . Zeit der Fertigstellung: 2011-05-05 18:52:07 - PC wurde neu gestartet ComboFix-quarantined-files.txt 2011-05-05 16:52 ComboFix2.txt 2011-05-04 19:08 ComboFix3.txt 2011-05-04 18:36 . Vor Suchlauf: 15 Verzeichnis(se), 131.874.304.000 Bytes frei Nach Suchlauf: 17 Verzeichnis(se), 131.365.056.512 Bytes frei . - - End Of File - - AEB06116383A55F0C33BBE275BEA7337 |
05.05.2011, 19:28 | #20 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Probleme nach Virensann mit Malwarebytes Bitte nun Logs mit GMER und mbrcheck erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg Anleitung zu mbrcheck: Downloade Dir MBRCheck (by a_d_13) und speichere die Datei auf dem Desktop.
__________________ Logfiles bitte immer in CODE-Tags posten |
05.05.2011, 21:08 | #21 |
| Probleme nach Virensann mit Malwarebytes MBRCheck, version 1.2.3 (c) 2010, AD Command-line: Windows Version: Windows Vista Home Premium Edition Windows Information: Service Pack 1 (build 6001), 64-bit Base Board Manufacturer: Packard Bell BV BIOS Manufacturer: Phoenix Technologies, LTD System Manufacturer: PACKARD BELL BV System Product Name: IMEDIA X4614 GE Logical Drives Mask: 0x000016fe Kernel Drivers (total 146): 0x0261F000 \SystemRoot\system32\ntoskrnl.exe 0x02B37000 \SystemRoot\system32\hal.dll 0x0060A000 \SystemRoot\system32\kdcom.dll 0x00614000 \SystemRoot\system32\mcupdate_GenuineIntel.dll 0x00641000 \SystemRoot\system32\PSHED.dll 0x00655000 \SystemRoot\system32\CLFS.SYS 0x006B2000 \SystemRoot\system32\CI.dll 0x00801000 \SystemRoot\system32\drivers\Wdf01000.sys 0x008DB000 \SystemRoot\system32\drivers\WDFLDR.SYS 0x008E9000 \SystemRoot\system32\drivers\acpi.sys 0x0093F000 \SystemRoot\system32\drivers\WMILIB.SYS 0x00948000 \SystemRoot\system32\drivers\msisadrv.sys 0x00952000 \SystemRoot\system32\drivers\pci.sys 0x00982000 \SystemRoot\System32\drivers\partmgr.sys 0x00997000 \SystemRoot\system32\drivers\volmgr.sys 0x00764000 \SystemRoot\System32\drivers\volmgrx.sys 0x009AB000 \SystemRoot\system32\drivers\pciide.sys 0x009B2000 \SystemRoot\system32\drivers\PCIIDEX.SYS 0x009C2000 \SystemRoot\System32\drivers\mountmgr.sys 0x009D5000 \SystemRoot\system32\drivers\atapi.sys 0x007CA000 \SystemRoot\system32\drivers\ataport.SYS 0x009DD000 \SystemRoot\system32\DRIVERS\nvstor64.sys 0x00A0D000 \SystemRoot\system32\DRIVERS\storport.sys 0x00A6A000 \SystemRoot\system32\drivers\fltmgr.sys 0x00AB0000 \SystemRoot\system32\drivers\fileinfo.sys 0x00AC4000 \SystemRoot\System32\Drivers\PxHlpa64.sys 0x00AD1000 \SystemRoot\System32\Drivers\ksecdd.sys 0x00C03000 \SystemRoot\system32\drivers\ndis.sys 0x00B58000 \SystemRoot\system32\drivers\msrpc.sys 0x00BA8000 \SystemRoot\system32\drivers\NETIO.SYS 0x00E0E000 \SystemRoot\System32\drivers\tcpip.sys 0x00F80000 \SystemRoot\System32\drivers\fwpkclnt.sys 0x01003000 \SystemRoot\System32\Drivers\Ntfs.sys 0x01187000 \SystemRoot\system32\drivers\volsnap.sys 0x011CB000 \SystemRoot\System32\Drivers\spldr.sys 0x011D3000 \SystemRoot\System32\Drivers\mup.sys 0x00FAC000 \SystemRoot\System32\drivers\ecache.sys 0x011E5000 \SystemRoot\system32\drivers\disk.sys 0x00DC6000 \SystemRoot\system32\drivers\CLASSPNP.SYS 0x00FD8000 \SystemRoot\system32\drivers\crcdisk.sys 0x02A32000 \SystemRoot\system32\DRIVERS\tunmp.sys 0x02A3B000 \SystemRoot\system32\DRIVERS\intelppm.sys 0x02A4E000 \SystemRoot\system32\DRIVERS\i8042prt.sys 0x02A64000 \SystemRoot\system32\DRIVERS\mouclass.sys 0x02A70000 \SystemRoot\system32\DRIVERS\kbdclass.sys 0x02A7E000 \SystemRoot\system32\DRIVERS\usbohci.sys 0x02A89000 \SystemRoot\system32\DRIVERS\USBPORT.SYS 0x02ACF000 \SystemRoot\system32\DRIVERS\usbehci.sys 0x02AE0000 \SystemRoot\system32\DRIVERS\HDAudBus.sys 0x02AF3000 \SystemRoot\system32\DRIVERS\ohci1394.sys 0x02B05000 \SystemRoot\system32\DRIVERS\1394BUS.SYS 0x02C05000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys 0x0350E000 \SystemRoot\System32\drivers\dxgkrnl.sys 0x035ED000 \SystemRoot\System32\drivers\watchdog.sys 0x02B15000 \SystemRoot\SysWOW64\drivers\Afc.sys 0x02B1E000 \SystemRoot\system32\DRIVERS\cdrom.sys 0x03609000 \SystemRoot\system32\DRIVERS\nvmfdx64.sys 0x03771000 \SystemRoot\system32\DRIVERS\wmiacpi.sys 0x0377A000 \SystemRoot\system32\DRIVERS\msiscsi.sys 0x037B2000 \SystemRoot\system32\DRIVERS\TDI.SYS 0x037BF000 \SystemRoot\system32\DRIVERS\HssDrv.sys 0x037D8000 \SystemRoot\system32\DRIVERS\rasl2tp.sys 0x02B3A000 \SystemRoot\system32\DRIVERS\ndistapi.sys 0x02B46000 \SystemRoot\system32\DRIVERS\ndiswan.sys 0x02B77000 \SystemRoot\system32\DRIVERS\raspppoe.sys 0x02B87000 \SystemRoot\system32\DRIVERS\raspptp.sys 0x02BA5000 \SystemRoot\system32\DRIVERS\rassstp.sys 0x02BBD000 \SystemRoot\system32\DRIVERS\termdd.sys 0x037FB000 \SystemRoot\system32\DRIVERS\swenum.sys 0x03807000 \SystemRoot\system32\DRIVERS\ks.sys 0x0383B000 \SystemRoot\system32\DRIVERS\mssmbios.sys 0x03846000 \SystemRoot\system32\DRIVERS\umbus.sys 0x03856000 \SystemRoot\system32\DRIVERS\usbhub.sys 0x0389D000 \SystemRoot\System32\Drivers\NDProxy.SYS 0x03E0B000 \SystemRoot\system32\drivers\RTKVHD64.sys 0x03F69000 \SystemRoot\system32\drivers\portcls.sys 0x03FA4000 \SystemRoot\system32\drivers\drmk.sys 0x03FC7000 \SystemRoot\system32\drivers\ksthunk.sys 0x03FCD000 \SystemRoot\System32\Drivers\Fs_Rec.SYS 0x03FD7000 \SystemRoot\System32\Drivers\Null.SYS 0x03FEA000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS 0x03FF2000 \SystemRoot\System32\drivers\vga.sys 0x038B1000 \SystemRoot\System32\drivers\VIDEOPRT.SYS 0x03E00000 \SystemRoot\System32\DRIVERS\RDPCDD.sys 0x03FE0000 \SystemRoot\system32\drivers\rdpencdd.sys 0x038D6000 \SystemRoot\System32\Drivers\Msfs.SYS 0x038E1000 \SystemRoot\System32\Drivers\Npfs.SYS 0x038F2000 \SystemRoot\System32\DRIVERS\rasacd.sys 0x038FB000 \SystemRoot\system32\DRIVERS\tdx.sys 0x03918000 \SystemRoot\system32\DRIVERS\usbccgp.sys 0x03E09000 \SystemRoot\system32\DRIVERS\USBD.SYS 0x03934000 \SystemRoot\system32\DRIVERS\usbprint.sys 0x0393F000 \SystemRoot\system32\DRIVERS\usbscan.sys 0x0394F000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS 0x03964000 \SystemRoot\System32\Drivers\RTL2832UUSB.sys 0x03971000 \SystemRoot\system32\drivers\RTL2832UBDA.sys 0x03987000 \SystemRoot\system32\drivers\BdaSup.SYS 0x0398B000 \SystemRoot\system32\DRIVERS\RTL2832U_IRHID.sys 0x03995000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS 0x039A7000 \SystemRoot\system32\DRIVERS\kbdhid.sys 0x03C07000 \SystemRoot\system32\DRIVERS\fwlanusbn.sys 0x03C8E000 \SystemRoot\system32\DRIVERS\smb.sys 0x03CA9000 \SystemRoot\system32\drivers\afd.sys 0x03D16000 \SystemRoot\System32\DRIVERS\netbt.sys 0x03D5A000 \SystemRoot\system32\DRIVERS\pacer.sys 0x03D78000 \SystemRoot\system32\DRIVERS\netbios.sys 0x03D87000 \SystemRoot\system32\DRIVERS\wanarp.sys 0x03DA2000 \SystemRoot\system32\DRIVERS\rdbss.sys 0x03DF0000 \SystemRoot\system32\drivers\nsiproxy.sys 0x039B1000 \SystemRoot\System32\Drivers\dfsc.sys 0x039CE000 \SystemRoot\system32\DRIVERS\avipbb.sys 0x039F0000 \SystemRoot\System32\Drivers\crashdmp.sys 0x02BCF000 \SystemRoot\System32\Drivers\dump_diskdump.sys 0x02BD9000 \SystemRoot\System32\Drivers\dump_nvstor64.sys 0x000F0000 \SystemRoot\System32\win32k.sys 0x02A00000 \SystemRoot\System32\drivers\Dxapi.sys 0x02A0C000 \SystemRoot\system32\DRIVERS\monitor.sys 0x00480000 \SystemRoot\System32\TSDDD.dll 0x00660000 \SystemRoot\System32\cdd.dll 0x0760A000 \SystemRoot\system32\drivers\luafv.sys 0x0762C000 \SystemRoot\system32\DRIVERS\avgntflt.sys 0x07649000 \SystemRoot\system32\drivers\spsys.sys 0x076E3000 \SystemRoot\system32\DRIVERS\lltdio.sys 0x076F7000 \SystemRoot\system32\DRIVERS\nwifi.sys 0x0772B000 \SystemRoot\system32\DRIVERS\ndisuio.sys 0x07736000 \SystemRoot\system32\DRIVERS\rspndr.sys 0x0774E000 \SystemRoot\system32\drivers\HTTP.sys 0x0860A000 \SystemRoot\System32\DRIVERS\srvnet.sys 0x08633000 \SystemRoot\system32\DRIVERS\bowser.sys 0x08651000 \SystemRoot\System32\drivers\mpsdrv.sys 0x0866B000 \SystemRoot\system32\drivers\mrxdav.sys 0x08692000 \SystemRoot\system32\DRIVERS\mrxsmb.sys 0x086BB000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys 0x08704000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys 0x08723000 \SystemRoot\System32\DRIVERS\srv2.sys 0x08755000 \SystemRoot\System32\DRIVERS\srv.sys 0x09205000 \SystemRoot\system32\drivers\peauth.sys 0x092BB000 \SystemRoot\System32\Drivers\secdrv.SYS 0x092C6000 \SystemRoot\System32\drivers\tcpipreg.sys 0x092D5000 \SystemRoot\system32\DRIVERS\WUDFRd.sys 0x092F5000 \SystemRoot\system32\DRIVERS\WUDFPf.sys 0x0930B000 \SystemRoot\system32\DRIVERS\cdfs.sys 0x09327000 \??\C:\Windows\system32\Drivers\PROCEXP113.SYS 0x0932F000 \SystemRoot\System32\Drivers\fastfat.SYS 0x008E0000 \SystemRoot\System32\ATMFD.DLL 0x778E0000 \Windows\System32\ntdll.dll Processes (total 66): 0 System Idle Process 4 System 448 C:\Windows\System32\smss.exe 516 csrss.exe 556 C:\Windows\System32\wininit.exe 576 csrss.exe 612 C:\Windows\System32\services.exe 624 C:\Windows\System32\lsass.exe 632 C:\Windows\System32\lsm.exe 788 C:\Windows\System32\svchost.exe 844 C:\Windows\System32\winlogon.exe 900 C:\Windows\System32\nvvsvc.exe 932 C:\Windows\System32\svchost.exe 988 C:\Windows\System32\svchost.exe 132 C:\Windows\System32\svchost.exe 288 C:\Windows\System32\svchost.exe 324 C:\Windows\System32\svchost.exe 12 C:\Windows\System32\audiodg.exe 604 C:\Windows\System32\svchost.exe 628 C:\Windows\System32\SLsvc.exe 916 C:\Windows\System32\svchost.exe 1164 C:\Windows\System32\svchost.exe 1348 C:\Windows\System32\rundll32.exe 1476 C:\Windows\System32\spoolsv.exe 1520 C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe 1572 C:\Windows\System32\svchost.exe 1916 C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe 1928 C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe 1996 C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe 2040 C:\Program Files (x86)\avmwlanstick\WLanNetService.exe 1124 C:\Program Files\PACKARD BELL\Packard Bell Recovery Management\Service\ETService.exe 1988 C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe 2076 C:\Windows\SysWOW64\svchost.exe 2104 C:\Windows\System32\HidService.exe 2172 M:\YOUtube_View_US\Hotspot Shield\HssWPR\hsssrv.exe 2192 M:\YOUtube_View_US\Hotspot Shield\bin\hsswd.exe 2208 C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe 2256 C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe 2328 C:\Windows\SysWOW64\IoctlSvc.exe 2348 C:\Windows\System32\svchost.exe 2396 C:\Windows\System32\svchost.exe 2440 C:\Windows\System32\svchost.exe 2516 C:\Windows\System32\SearchIndexer.exe 2664 WUDFHost.exe 1592 C:\Windows\System32\taskeng.exe 3712 C:\Program Files\Windows Media Player\wmpnetwk.exe 3356 C:\Windows\System32\taskeng.exe 1772 C:\Windows\System32\dwm.exe 3364 C:\Windows\explorer.exe 1036 C:\Windows\System32\conime.exe 2056 C:\Program Files\PACKARD BELL\SetUpMyPC\SmpSys.exe 3656 C:\Program Files (x86)\ArcSoft\TotalMedia 3.5\TMMonitor.exe 3280 C:\Users\Simon\AppData\Roaming\Dropbox\bin\Dropbox.exe 1320 C:\Program Files\Windows Media Player\wmpnscfg.exe 3816 C:\Windows\System32\wuauclt.exe 3284 C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe 3244 C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe 3664 C:\Program Files (x86)\Java\jre6\bin\jusched.exe 1376 C:\Program Files (x86)\avmwlanstick\WLanGUI.exe 2764 C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac 964 C:\Windows\splwow64.exe 3920 C:\Windows\System32\SearchProtocolHost.exe 4380 C:\Windows\System32\SearchFilterHost.exe 3700 dllhost.exe 1664 dllhost.exe 4584 C:\Users\Simon\Desktop\MBRCheck.exe \\.\B: --> \\.\PhysicalDrive0 at offset 0x00000058`01f00000 (NTFS) \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000003`a9f00000 (NTFS) \\.\M: --> \\.\PhysicalDrive0 at offset 0x0000004f`b5000000 (NTFS) PhysicalDrive0 Model Number: ST3640623AS, Rev: SD43 Size Device Name MBR Status -------------------------------------------- 596 GB \\.\PhysicalDrive0 MBR Code Faked! SHA1: 639AC5CDF8A5CF3245975932C6A4215450A7B98F Found non-standard or infected MBR. Enter 'Y' and hit ENTER for more options, or 'N' to exit: Kurze Zwischenfrage: Muss ich noch viele solcher Scanns machen? |
06.05.2011, 08:47 | #22 | |
/// Winkelfunktion /// TB-Süch-Tiger™ | Probleme nach Virensann mit MalwarebytesZitat:
Wir sollten den MBR manuell fixen. Sichere für den Fall der Fälle alle wichtigen Daten. Hast Du noch andere Betriebssysteme außer Windows7 installiert? Win7-DVD 64-Bit zur Hand? Wenn nicht: Schau mal hier => Vista Notfall/Recovery-CD 64-Bit - Dr. Windows Lad das iso runter, brenn es zB mit ImgBurn per Imagebrennfunktion auf eine CD und starte damit den Rechner (von dieser CD booten). Falls Du eine normale Win7-Installations-DVD hast, brauchst Du das o.g. Image nicht sondern kannst einfach von dieser DVD booten. Klick auf Computerreparaturoptionen, weiter, Eingabeaufforderung - die Konsole öffnet sich. Da bitte bootrec.exe /fixboot eintippen (mit enter bestätigen), dann bootrec.exe /fixmbr eintippen (mit enter bestätigen) - Rechner neustarten, CD vorher rausnehmen. Erstell danach wieder neue Logs mit MBRCheck und wenn es geht GMER.
__________________ Logfiles bitte immer in CODE-Tags posten |
06.05.2011, 15:54 | #23 |
| Probleme nach Virensann mit Malwarebytes Hallo, das ist mir langsam etwas zu heikel. Gibt es auch noch andere Möglichkeiten? Ist es schlimm, dass MBR nicht geht? Grüße, Simon p.s.: ich habe windows vista und würde ungern alles neu aufbauen und strukturieren. |
06.05.2011, 18:08 | #24 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Probleme nach Virensann mit Malwarebytes Wenn der MBR erfolgreich neu geschrieben wurde, gibt es weder Datenverlust noch Änderungen an den Partitionen noch sonst etwas.
__________________ Logfiles bitte immer in CODE-Tags posten |
Themen zu Probleme nach Virensann mit Malwarebytes |
anleitung, antworten, befall, dateien, einfach, entfernen, erstellt, fehlermeldung, festplatte, forum, google, hallo zusammen, heute, logfiles, löschen, malware, malwarebytes, nicht mehr, ordner, platte, problem, probleme, super, system, wirklich |