Trojaner-Board
Seite 2 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Virus cleansweep.exe nicht komplett entfernt? (https://www.trojaner-board.de/93617-virus-cleansweep-exe-komplett-entfernt.html)

Oh_nein 10.12.2010 16:41
Ok, hier also die Logs von GMER, OSAM und MBRCheck:

Code:
GMER 1.0.15.15530 - hxxp://www.gmer.net
Rootkit scan 2010-12-10 16:29:06
Windows 6.0.6001 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\iaStor0 Hitachi_ rev.PB3O
Running: tf0j0krw.exe; Driver: C:\Users\Lars\AppData\Local\Temp\kgtdapoc.sys


---- User code sections - GMER 1.0.15 ----

.text          C:\Windows\Explorer.EXE[480] ntdll.dll!NtProtectVirtualMemory                                                                                            779F8968 5 Bytes  JMP 0197000A
.text          C:\Windows\Explorer.EXE[480] ntdll.dll!NtWriteVirtualMemory                                                                                              779F92A8 5 Bytes  JMP 0198000A
.text          C:\Windows\Explorer.EXE[480] ntdll.dll!KiUserExceptionDispatcher                                                                                        779F99E8 5 Bytes  JMP 0181000A
.text          C:\Windows\Explorer.EXE[480] SHELL32.dll!InitNetworkAddressControl + 2939                                                                                766D0064 4 Bytes  [20, 28, 76, 00] {AND [EAX], CH; JBE 0x4}
.text          C:\Windows\Explorer.EXE[480] SHELL32.dll!ShellExecuteExW + 121F                                                                                          767011DC 4 Bytes  [10, 1B, 76, 00] {ADC [EBX], BL; JBE 0x4}
.text          C:\Windows\system32\svchost.exe[1128] ntdll.dll!NtProtectVirtualMemory                                                                                  779F8968 5 Bytes  JMP 0039000A
.text          C:\Windows\system32\svchost.exe[1128] ntdll.dll!NtWriteVirtualMemory                                                                                    779F92A8 5 Bytes  JMP 0082000A
.text          C:\Windows\system32\svchost.exe[1128] ntdll.dll!KiUserExceptionDispatcher                                                                                779F99E8 5 Bytes  JMP 0038000A
.text          C:\Windows\system32\svchost.exe[1128] ole32.dll!CoCreateInstance                                                                                        7746E188 5 Bytes  JMP 008B000A
.text          C:\Windows\system32\svchost.exe[1128] USER32.dll!GetCursorPos                                                                                            77590F5E 5 Bytes  JMP 0191000A

---- User IAT/EAT - GMER 1.0.15 ----

IAT            C:\Windows\Explorer.EXE[480] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!CreateThread]                                                              [00762A00] C:\Program Files\EgisTec\MyWinLocker 3\x86\psdprotect.dll (PSD DragDrop Protection/Egis Technology Inc.)
IAT            C:\Windows\Explorer.EXE[480] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FreeLibraryAndExitThread]                                                  [00761E00] C:\Program Files\EgisTec\MyWinLocker 3\x86\psdprotect.dll (PSD DragDrop Protection/Egis Technology Inc.)
IAT            C:\Windows\Explorer.EXE[480] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress]                                                            [00762D50] C:\Program Files\EgisTec\MyWinLocker 3\x86\psdprotect.dll (PSD DragDrop Protection/Egis Technology Inc.)
IAT            C:\Windows\Explorer.EXE[480] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA]                                                              [007611D0] C:\Program Files\EgisTec\MyWinLocker 3\x86\psdprotect.dll (PSD DragDrop Protection/Egis Technology Inc.)
IAT            C:\Program Files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe[2264] @ C:\Windows\system32\SHELL32.dll [USER32.dll!ExitWindowsEx]            [008A1210] C:\Program Files\NewTech Infosystems\Acer Backup Manager\Pehook.dll (Backup Manager Module/NewTech Infosystems, Inc.)

---- Devices - GMER 1.0.15 ----

AttachedDevice  \FileSystem\Ntfs \Ntfs                                                                                                                                  mwlPSDFilter.sys (PSD Filter Driver/Egis Incorporated.)
AttachedDevice  \Driver\kbdclass \Device\KeyboardClass0                                                                                                                  Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice  \Driver\kbdclass \Device\KeyboardClass1                                                                                                                  Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice  \FileSystem\fastfat \Fat                                                                                                                                fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation)

Device          \Device\Ide\IAAStorageDevice-1 -> \??\IDE#DiskHitachi_HTS545032B9A300_________________PB3OC60F#4&8780f3b&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}  device not found

---- Disk sectors - GMER 1.0.15 ----

Disk            \Device\Harddisk0\DR0                                                                                                                                    sector 00 (MBR): rootkit-like behavior;
Disk            \Device\Harddisk0\DR0                                                                                                                                    sector 01: rootkit-like behavior;
Disk            \Device\Harddisk0\DR0                                                                                                                                    sector 04: rootkit-like behavior;
Disk            \Device\Harddisk0\DR0                                                                                                                                    sector 05: rootkit-like behavior;
Disk            \Device\Harddisk0\DR0                                                                                                                                    sector 07: rootkit-like behavior;
Disk            \Device\Harddisk0\DR0                                                                                                                                    sectors 625142192 (+255): rootkit-like behavior;

---- EOF - GMER 1.0.15 ----
Code:
Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 16:35:58 on 10.12.2010

OS: Windows Vista Home Premium Edition Service Pack 1 (Build 6001), 32-bit
Default Browser: Mozilla Corporation Firefox 3.6.13

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[AppInit DLLs]
-----( HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows )-----
"AppInit_DLLs" - "Google" - C:\PROGRA~1\GOOGLE\GOOGLE~1\GOOGLEDESKTOPNETWORK3.DLL
"AppInit_DLLs" - "Google" - C:\PROGRA~1\GOOGLE\GOOGLE~1\GOEC62~1.DLL

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"avgntflt" (avgntflt) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avgntflt.sys
"avipbb" (avipbb) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avipbb.sys
"catchme" (catchme) - ? - C:\Users\Lars\AppData\Local\Temp\catchme.sys  (File not found)
"IP in IP Tunnel Driver" (IpInIp) - ? - C:\Windows\System32\DRIVERS\ipinip.sys  (File not found)
"IPX Traffic Filter Driver" (NwlnkFlt) - ? - C:\Windows\System32\DRIVERS\nwlnkflt.sys  (File not found)
"IPX Traffic Forwarder Driver" (NwlnkFwd) - ? - C:\Windows\System32\DRIVERS\nwlnkfwd.sys  (File not found)
"kgtdapoc" (kgtdapoc) - ? - C:\Users\Lars\AppData\Local\Temp\kgtdapoc.sys  (Hidden registry entry, rootkit activity | File not found)
"mwlPSDFilter" (mwlPSDFilter) - "Egis Incorporated." - C:\Windows\System32\DRIVERS\mwlPSDFilter.sys
"mwlPSDNServ" (mwlPSDNServ) - "Egis Incorporated." - C:\Windows\System32\DRIVERS\mwlPSDNServ.sys
"mwlPSDVDisk" (mwlPSDVDisk) - "Egis Incorporated." - C:\Windows\System32\DRIVERS\mwlPSDVDisk.sys
"NTIDrvr" (NTIDrvr) - "NewTech Infosystems, Inc." - C:\Windows\system32\drivers\NTIDrvr.sys
"ssmdrv" (ssmdrv) - "Avira GmbH" - C:\Windows\System32\DRIVERS\ssmdrv.sys
"UBHelper" (UBHelper) - "NewTech Infosystems Corporation" - C:\Windows\system32\drivers\UBHelper.sys

[Explorer]
-----( HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? -  (File not found | COM-object registry key not found)
{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? -  (File not found | COM-object registry key not found)
{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? -  (File not found | COM-object registry key not found)
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
-----( HKLM\Software\Classes\Protocols\Filter )-----
{807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
-----( HKLM\Software\Classes\Protocols\Handler )-----
{314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\Program Files\Acer\Acer VCM\Skype4COM.dll
{828030A1-22C1-4009-854F-8E305202313F} "livecall" - "Microsoft Corporation" - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
{0A9007C0-4076-11D3-8789-0000F8105754} "Microsoft Infotech Storage Protocol for IE 4.0" - "Microsoft Corporation" - c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll
{828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
{03C514A3-1EFB-4856-9F99-10D7BE1653C0} "Windows Live Mail HTML Asynchronous Pluggable Protocol Handler" - "Microsoft Corporation" - C:\Program Files\Windows Live\Mail\mailcomm.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )-----
{AEB6717E-7E19-11d0-97EE-00C04FD91972} "{AEB6717E-7E19-11d0-97EE-00C04FD91972}" - ? -  (File not found | COM-object registry key not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{911051fa-c21c-4246-b470-070cd8df6dc4} ".cab or .zip files" - ? -  (File not found | COM-object registry key not found)
{1b24a030-9b20-49bc-97ac-1be4426f9e59} "ActiveDirectory Folder" - ? -  (File not found | COM-object registry key not found)
{34449847-FD14-4fc8-A75A-7432F5181EFB} "ActiveDirectory Folder" - ? -  (File not found | COM-object registry key not found)
{0563DB41-F538-4B37-A92D-4659049B7766} "CLSID_WLMCMimeFilter" - "Microsoft Corporation" - C:\Program Files\Windows Live\Mail\mailcomm.dll
{0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48} "Contacts folder" - ? -  (File not found | COM-object registry key not found)
{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} "DragDropProtect Class" - "Egis Technology Inc." - C:\Program Files\EgisTec\MyWinLocker 3\x86\psdprotect.dll
{2C2577C2-63A7-40e3-9B7F-586602617ECB} "Explorer Query Band" - ? -  (File not found | COM-object registry key not found)
{00020d75-0000-0000-c000-000000000046} "lnkfile" - ? -  (File not found | COM-object registry key not found)
{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\msohevi.dll
{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C} "Microsoft Office OneNote Namespace Extension for Windows Desktop Search" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\ONFILTER.DLL
{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{C8494E42-ACDD-4739-B0FB-217361E4894F} "Sam Account Folder" - ? -  (File not found | COM-object registry key not found)
{E29F9716-5C08-4FCD-955A-119FDB5A522D} "Sam Account Folder" - ? -  (File not found | COM-object registry key not found)
{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\shlext.dll
{2BE99FD4-A181-4996-BFA9-58C5FFD11F6C} "Windows Live Photo Gallery Autoplay Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F30F64-AC33-42F5-8FD1-5DC2D3FDE06C} "Windows Live Photo Gallery Editor Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F3712A-CA79-45B4-9E4D-D7891E7F8B9D} "Windows Live Photo Gallery Editor Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F30F90-3E96-453B-AFCD-D71989ECC2C7} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F33137-EE26-412F-8D71-F84E4C2C6625} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F374B7-B390-4884-B372-2FC349F2172B} "Windows Live Photo Gallery Viewer Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F346CB-35A4-465B-8B8F-65A29DBAB1F6} "Windows Live Photo Gallery Viewer Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
{da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" - ? -  (File not found | COM-object registry key not found)
{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - "Alexander Roshal" - C:\Program Files\WinRAR\rarext.dll
{06A2568A-CED6-4187-BB20-400B8C02BE5A} "{06A2568A-CED6-4187-BB20-400B8C02BE5A}" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoAcquireWizard.exe

[Internet Explorer]
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
<binary data> "Google Toolbar" - "Google Inc." - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
<binary data> "ITBar7Layout" - ? -  (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_20" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} "Java Plug-in 1.6.0_20" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_20" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_20.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
{48E73304-E1D6-4330-914C-F5F514E3486C} "An OneNote senden" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
{5F7B1267-94A9-47F5-98DB-E99415F33AEC} "In Blog veröffentlichen" - "Microsoft Corporation" - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
{FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )-----
<binary data> "Google Toolbar" - "Google Inc." - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
{C84D72FE-E17D-4195-BB24-76C02E2E7C4E} "Google Dictionary Compression sdch" - "Google Inc." - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
{AA58ED58-01DD-4d91-8333-CF10577473F7} "Google Toolbar Helper" - "Google Inc." - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} "Google Toolbar Notifier BHO" - "Google Inc." - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll
{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} "Partner BHO Class" - "Google Inc." - C:\ProgramData\Partner\partner.dll
{9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live Anmelde-Hilfsprogramm" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
{5C255C8A-E604-49b4-9D64-90988571CECB} "{5C255C8A-E604-49b4-9D64-90988571CECB}" - ? -  (File not found | COM-object registry key not found)

[Logon]
-----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\Users\Lars\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
"Dropbox.lnk" - ? - C:\Users\Lars\AppData\Roaming\Dropbox\bin\Dropbox.exe  (Shortcut exists | File exists)
-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"Acer VCM.lnk" - "Acer Incorporated" - C:\Program Files\Acer\Acer VCM\AcerVCM.exe  (Shortcut exists | File exists)
"desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----
"F.lux" - ? - "C:\Users\Lars\Local Settings\Apps\F.lux\flux.exe" /noshow  (File found, but it contains no detailed information)
-----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )-----
"StartupPrograms" - ? - rdpclip  (File not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"Acer ePower Management" - "Acer Incorporated" - C:\Program Files\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe
"Adobe Reader Speed Launcher" - "Adobe Systems Incorporated" - "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"avgnt" - "Avira GmbH" - "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
"BackupManagerTray" - "NewTech Infosystems, Inc." - "C:\Program Files\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" -k
"EgisTecLiveUpdate" - "Egis Technology Inc." - "C:\Program Files\EgisTec Egis Software Update\EgisUpdate.exe"
"Google Desktop Search" - "Google" - "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
"IAAnotif" - "Intel Corporation" - C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
"LanguageShortcut" - ? - "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
"LManager" - "Dritek System Inc." - C:\Program Files\Launch Manager\LManager.exe
"mwlDaemon" - "Egis Technology Inc." - C:\Program Files\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe
"ODDPwr" - "Acer Incorporated" - "C:\Program Files\Acer\Optical Drive Power Management\ODDPwr.exe"
"PLFSetI" - ? - C:\Windows\PLFSetI.exe
"SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
"WinampAgent" - "Nullsoft, Inc." - "C:\Program Files\Winamp\winampa.exe"

[Print Monitors]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----
"Send To Microsoft OneNote Monitor" - "Microsoft Corporation" - C:\Windows\system32\msonpmon.dll

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"Acer ePower Service" (ePowerSvc) - "Acer Incorporated" - C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe
"Acer ODD Power Service" (ODDPwrSvc) - "Acer Incorporated" - C:\Program Files\Acer\Optical Drive Power Management\ODDPWRSvc.exe
"Avira AntiVir Guard" (AntiVirService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
"Avira AntiVir Planer" (AntiVirSchedulerService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\sched.exe
"Dritek WMI Service" (DsiWMIService) - "Dritek System Inc." - C:\Program Files\Launch Manager\dsiwmis.exe
"Google Desktop Manager 5.9.1005.12335" (GoogleDesktopManager-051210-111108) - "Google" - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
"Google Software Updater" (gusvc) - "Google" - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
"Intel(R) Matrix Storage Event Monitor" (IAANTMON) - "Intel Corporation" - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
"Microsoft Office Diagnostics Service" (odserv) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
"MyWinLocker Service" (MWLService) - "Egis Technology Inc." - C:\Program Files\EgisTec\MyWinLocker 3\x86\MWLService.exe
"NTI Backup Now 5 Backup Service" (NTIBackupSvc) - "NewTech InfoSystems, Inc." - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
"NTI Backup Now 5 Scheduler Service" (NTISchedulerSvc) - "NewTech Infosystems, Inc." - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
"NTI IScheduleSvc" (NTI IScheduleSvc) - "NewTech Infosystems, Inc." - C:\Program Files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
"Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
"Partner Service" (Partner Service) - "Google Inc." - C:\ProgramData\Partner\partner.exe
"Raw Socket Service" (RS_Service) - "Acer Incorporated" - C:\Program Files\Acer\Acer VCM\RS_Service.exe

===[ Logfile end ]=========================================[ Logfile end ]===

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru
Code:
MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:                       
Windows Version:                Windows Vista Home Premium Edition
Windows Information:                Service Pack 1 (build 6001), 32-bit
Base Board Manufacturer:        Acer
BIOS Manufacturer:                INSYDE
System Manufacturer:                Acer
System Product Name:                Aspire 4810T
Logical Drives Mask:                0x0000000c

Kernel Drivers (total 145):
  0x81C0A000 \SystemRoot\system32\ntkrnlpa.exe
  0x81FC3000 \SystemRoot\system32\hal.dll
  0x86A29000 \SystemRoot\system32\kdcom.dll
  0x8040C000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
  0x8046C000 \SystemRoot\system32\PSHED.dll
  0x8047D000 \SystemRoot\system32\BOOTVID.dll
  0x80485000 \SystemRoot\system32\CLFS.SYS
  0x804C6000 \SystemRoot\system32\CI.dll
  0x80601000 \SystemRoot\system32\drivers\Wdf01000.sys
  0x8067D000 \SystemRoot\system32\drivers\WDFLDR.SYS
  0x8068A000 \SystemRoot\system32\drivers\acpi.sys
  0x806D0000 \SystemRoot\system32\drivers\WMILIB.SYS
  0x806D9000 \SystemRoot\system32\drivers\msisadrv.sys
  0x806E1000 \SystemRoot\system32\drivers\pci.sys
  0x80708000 \SystemRoot\System32\drivers\partmgr.sys
  0x80717000 \SystemRoot\system32\DRIVERS\compbatt.sys
  0x8071A000 \SystemRoot\system32\DRIVERS\BATTC.SYS
  0x80724000 \SystemRoot\system32\drivers\volmgr.sys
  0x80733000 \SystemRoot\System32\drivers\volmgrx.sys
  0x8077D000 \SystemRoot\System32\drivers\mountmgr.sys
  0x8220A000 \SystemRoot\system32\DRIVERS\iaStor.sys
  0x822E5000 \SystemRoot\system32\drivers\atapi.sys
  0x822ED000 \SystemRoot\system32\drivers\ataport.SYS
  0x8230B000 \SystemRoot\system32\drivers\fltmgr.sys
  0x8233D000 \SystemRoot\system32\drivers\fileinfo.sys
  0x8234D000 \SystemRoot\System32\Drivers\ksecdd.sys
  0x8240C000 \SystemRoot\system32\drivers\ndis.sys
  0x82517000 \SystemRoot\system32\drivers\msrpc.sys
  0x82542000 \SystemRoot\system32\drivers\NETIO.SYS
  0x82606000 \SystemRoot\System32\Drivers\Ntfs.sys
  0x82715000 \SystemRoot\system32\drivers\volsnap.sys
  0x8274E000 \SystemRoot\System32\Drivers\spldr.sys
  0x82756000 \SystemRoot\System32\Drivers\mup.sys
  0x82765000 \SystemRoot\System32\drivers\ecache.sys
  0x8278C000 \SystemRoot\system32\drivers\disk.sys
  0x8279D000 \SystemRoot\system32\drivers\CLASSPNP.SYS
  0x827BE000 \SystemRoot\system32\drivers\crcdisk.sys
  0x8D0E6000 \SystemRoot\system32\DRIVERS\tunnel.sys
  0x8D0F1000 \SystemRoot\system32\DRIVERS\tunmp.sys
  0x8D0FA000 \SystemRoot\system32\DRIVERS\intelppm.sys
  0x8D600000 \SystemRoot\system32\DRIVERS\igdkmd32.sys
  0x8DF30000 \SystemRoot\System32\drivers\dxgkrnl.sys
  0x8DFCF000 \SystemRoot\System32\drivers\watchdog.sys
  0x8DFDC000 \SystemRoot\system32\DRIVERS\usbuhci.sys
  0x8D109000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
  0x8DFE7000 \SystemRoot\system32\DRIVERS\usbehci.sys
  0x8D147000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
  0x8D159000 \SystemRoot\system32\DRIVERS\L1C60x86.sys
  0x8E001000 \SystemRoot\system32\DRIVERS\NETw5v32.sys
  0x8E38A000 \SystemRoot\system32\DRIVERS\i8042prt.sys
  0x8E39D000 \SystemRoot\system32\DRIVERS\DKbFltr.sys
  0x8E3A7000 \SystemRoot\system32\DRIVERS\kbdclass.sys
  0x8E3B2000 \SystemRoot\system32\DRIVERS\SynTP.sys
  0x8E3E3000 \SystemRoot\system32\DRIVERS\USBD.SYS
  0x8E3E5000 \SystemRoot\system32\DRIVERS\mouclass.sys
  0x8E3F0000 \SystemRoot\system32\DRIVERS\CmBatt.sys
  0x8E3F4000 \??\C:\Windows\system32\drivers\UBHelper.sys
  0x8D169000 \SystemRoot\system32\DRIVERS\cdrom.sys
  0x8DFF6000 \??\C:\Windows\system32\drivers\NTIDrvr.sys
  0x8D181000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
  0x8D18A000 \SystemRoot\system32\DRIVERS\msiscsi.sys
  0x8D1B8000 \SystemRoot\system32\DRIVERS\storport.sys
  0x8D000000 \SystemRoot\system32\DRIVERS\TDI.SYS
  0x827D4000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
  0x827EB000 \SystemRoot\system32\DRIVERS\ndistapi.sys
  0x8257C000 \SystemRoot\system32\DRIVERS\ndiswan.sys
  0x8259F000 \SystemRoot\system32\DRIVERS\raspppoe.sys
  0x825AE000 \SystemRoot\system32\DRIVERS\raspptp.sys
  0x825C2000 \SystemRoot\system32\DRIVERS\rassstp.sys
  0x825D7000 \SystemRoot\system32\DRIVERS\termdd.sys
  0x8E3FC000 \SystemRoot\system32\DRIVERS\swenum.sys
  0x823BE000 \SystemRoot\system32\DRIVERS\ks.sys
  0x827F6000 \SystemRoot\system32\DRIVERS\mssmbios.sys
  0x825E7000 \SystemRoot\system32\DRIVERS\umbus.sys
  0x8078D000 \SystemRoot\system32\DRIVERS\usbhub.sys
  0x823E8000 \SystemRoot\System32\Drivers\NDProxy.SYS
  0x8E602000 \SystemRoot\system32\drivers\RTKVHDA.sys
  0x8E841000 \SystemRoot\system32\drivers\portcls.sys
  0x8E86E000 \SystemRoot\system32\drivers\drmk.sys
  0x8E893000 \SystemRoot\system32\drivers\IntcHdmi.sys
  0x8E8B4000 \SystemRoot\system32\DRIVERS\mwlPSDFilter.sys
  0x8E8BD000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
  0x8E8C6000 \SystemRoot\System32\Drivers\Null.SYS
  0x8E8CD000 \SystemRoot\System32\Drivers\Beep.SYS
  0x8E8D4000 \SystemRoot\System32\drivers\vga.sys
  0x8E8E0000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
  0x8E901000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
  0x8E909000 \SystemRoot\system32\drivers\rdpencdd.sys
  0x8E911000 \SystemRoot\System32\Drivers\Msfs.SYS
  0x8E91C000 \SystemRoot\System32\Drivers\Npfs.SYS
  0x8E92A000 \SystemRoot\System32\DRIVERS\rasacd.sys
  0x8EC00000 \SystemRoot\System32\drivers\tcpip.sys
  0x8ECE7000 \SystemRoot\System32\drivers\fwpkclnt.sys
  0x8ED02000 \SystemRoot\system32\DRIVERS\tdx.sys
  0x8ED18000 \SystemRoot\system32\DRIVERS\smb.sys
  0x8ED2C000 \SystemRoot\System32\DRIVERS\netbt.sys
  0x8ED5E000 \SystemRoot\system32\drivers\afd.sys
  0x8EDA6000 \SystemRoot\system32\DRIVERS\pacer.sys
  0x8EDBC000 \SystemRoot\system32\DRIVERS\netbios.sys
  0x8EDCA000 \SystemRoot\system32\DRIVERS\wanarp.sys
  0x8EDDD000 \SystemRoot\system32\DRIVERS\ssmdrv.sys
  0x8E933000 \SystemRoot\system32\DRIVERS\rdbss.sys
  0x8EDE3000 \SystemRoot\system32\drivers\nsiproxy.sys
  0x8EDED000 \SystemRoot\system32\DRIVERS\mwlPSDVDisk.sys
  0x8E96F000 \SystemRoot\system32\DRIVERS\mwlPSDNServ.sys
  0x8E978000 \SystemRoot\System32\Drivers\dfsc.sys
  0x8E98F000 \SystemRoot\system32\DRIVERS\avipbb.sys
  0x8E9B2000 \SystemRoot\System32\Drivers\fastfat.SYS
  0x8E9DA000 \SystemRoot\System32\Drivers\crashdmp.sys
  0x8D00B000 \SystemRoot\System32\Drivers\dump_iaStor.sys
  0x8E9E7000 \SystemRoot\system32\DRIVERS\usbccgp.sys
  0x807C1000 \SystemRoot\System32\Drivers\usbvideo.sys
  0x827C7000 \SystemRoot\system32\DRIVERS\hidusb.sys
  0x807E2000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
  0x8D1F9000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
  0x825F4000 \SystemRoot\system32\DRIVERS\mouhid.sys
  0x94420000 \SystemRoot\System32\win32k.sys
  0x82400000 \SystemRoot\System32\drivers\Dxapi.sys
  0x805A6000 \SystemRoot\system32\DRIVERS\monitor.sys
  0x94640000 \SystemRoot\System32\TSDDD.dll
  0x94660000 \SystemRoot\System32\cdd.dll
  0x805B5000 \SystemRoot\system32\drivers\luafv.sys
  0x805D0000 \SystemRoot\system32\DRIVERS\avgntflt.sys
  0xA700E000 \SystemRoot\system32\DRIVERS\irda.sys
  0xA702C000 \SystemRoot\system32\DRIVERS\lltdio.sys
  0xA703C000 \SystemRoot\system32\DRIVERS\nwifi.sys
  0xA7066000 \SystemRoot\system32\DRIVERS\ndisuio.sys
  0xA7070000 \SystemRoot\system32\DRIVERS\rspndr.sys
  0xA7083000 \SystemRoot\system32\drivers\spsys.sys
  0xA7132000 \SystemRoot\system32\drivers\HTTP.sys
  0xA719D000 \SystemRoot\System32\DRIVERS\srvnet.sys
  0xA71BA000 \SystemRoot\system32\DRIVERS\bowser.sys
  0xA71D3000 \SystemRoot\System32\drivers\mpsdrv.sys
  0xA7A00000 \SystemRoot\system32\drivers\mrxdav.sys
  0xA7A20000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
  0xA7A3F000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
  0xA7A78000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
  0xA7A90000 \SystemRoot\System32\DRIVERS\srv2.sys
  0xA7AB7000 \SystemRoot\System32\DRIVERS\srv.sys
  0xA7B03000 \SystemRoot\system32\drivers\peauth.sys
  0xA7BE1000 \SystemRoot\System32\Drivers\secdrv.SYS
  0xA7BEB000 \SystemRoot\System32\drivers\tcpipreg.sys
  0xA71E8000 \SystemRoot\system32\DRIVERS\cdfs.sys
  0x805E5000 \??\C:\Users\Lars\AppData\Local\Temp\kgtdapoc.sys
  0x779A0000 \Windows\System32\ntdll.dll

Processes (total 81):
      0 System Idle Process
      4 System
    440 C:\Windows\System32\smss.exe
    512 csrss.exe
    556 C:\Windows\System32\wininit.exe
    564 csrss.exe
    596 C:\Windows\System32\winlogon.exe
    628 C:\Windows\System32\services.exe
    676 C:\Windows\System32\lsass.exe
    684 C:\Windows\System32\lsm.exe
    836 C:\Windows\System32\svchost.exe
    908 C:\Windows\System32\svchost.exe
    944 C:\Windows\System32\svchost.exe
    1032 C:\Windows\System32\svchost.exe
    1100 C:\Windows\System32\svchost.exe
    1128 C:\Windows\System32\svchost.exe
    1204 C:\Windows\System32\audiodg.exe
    1248 C:\Windows\System32\SLsvc.exe
    1272 C:\Windows\System32\svchost.exe
    1364 C:\Windows\System32\svchost.exe
    1620 C:\Windows\System32\spoolsv.exe
    1644 C:\Program Files\Avira\AntiVir Desktop\sched.exe
    1668 C:\Windows\System32\svchost.exe
    2012 C:\Windows\System32\taskeng.exe
    116 C:\Windows\System32\dwm.exe
    480 C:\Windows\explorer.exe
    820 C:\Windows\System32\taskeng.exe
    1580 C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
    1740 C:\Windows\System32\igfxtray.exe
    1496 C:\Windows\System32\hkcmd.exe
    1724 C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    1700 C:\Windows\System32\igfxpers.exe
    1884 C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    472 C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
    568 C:\Windows\PLFSetI.exe
    552 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    1384 C:\Program Files\Launch Manager\LManager.exe
    784 C:\Program Files\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
    1060 C:\Program Files\Launch Manager\dsiwmis.exe
    2096 C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe
    2104 C:\Program Files\Acer\Optical Drive Power Management\ODDPWR.exe
    2112 C:\Program Files\EgisTec Egis Software Update\EgisUpdate.exe
    2128 C:\Program Files\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe
    2136 C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
    2152 C:\Program Files\Winamp\winampa.exe
    2160 C:\Program Files\Common Files\Java\Java Update\jusched.exe
    2172 C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
    2180 C:\Users\Lars\Local Settings\Apps\F.lux\flux.exe
    2188 C:\Program Files\Acer\Acer VCM\AcerVCM.exe
    2196 C:\Users\Lars\AppData\Roaming\Dropbox\bin\Dropbox.exe
    2224 C:\Program Files\EgisTec\MyWinLocker 3\x86\MWLService.exe
    2264 C:\Program Files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
    2332 C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
    2360 C:\Windows\System32\igfxsrvc.exe
    2432 C:\Program Files\Acer\Optical Drive Power Management\ODDPWRSvc.exe
    2520 C:\Windows\System32\svchost.exe
    2540 C:\Program Files\Acer\Acer VCM\RS_Service.exe
    2592 C:\Windows\System32\svchost.exe
    2660 C:\Windows\System32\SearchIndexer.exe
    2708 C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
    3100 C:\Windows\System32\wbem\unsecapp.exe
    3412 WmiPrvSE.exe
    3432 WmiPrvSE.exe
    3728 C:\Windows\System32\igfxext.exe
    3976 C:\Program Files\Acer\Acer PowerSmart Manager\ePowerTray.exe
    2260 C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    2744 C:\Windows\System32\wbem\unsecapp.exe
    1696 C:\Windows\System32\igfxext.exe
    2948 C:\Windows\System32\igfxsrvc.exe
    828 C:\Windows\System32\conime.exe
    3584 C:\Program Files\Acer\Acer PowerSmart Manager\ePowerEvent.exe
    2828 C:\Windows\System32\notepad.exe
    1420 C:\Program Files\Mozilla Firefox\firefox.exe
    3776 C:\Program Files\WinRAR\WinRAR.exe
    3344 C:\Users\Lars\Desktop\osam\osam.exe
    3496 C:\Windows\System32\SearchProtocolHost.exe
    2816 C:\Windows\System32\SearchFilterHost.exe
    3916 C:\Windows\System32\notepad.exe
    776 C:\Windows\System32\dllhost.exe
    2796 C:\Users\Lars\Downloads\MBRCheck.exe
    2972 C:\Windows\System32\conime.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000002`71100000  (NTFS)

PhysicalDrive0 Model Number: HitachiHTS545032B9A300, Rev: PB3OC60F

      Size  Device Name          MBR Status
  --------------------------------------------
    298 GB  \\.\PhysicalDrive0  Unknown MBR code
            SHA1: 00DA077E92625BC67BBA239DB4218A4A12648922


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Done!

cosinus 10.12.2010 19:28
Hast Du noch andere Betriebssysteme außer Vista installiert?

Wenn nicht: Schau mal hier => Vista Notfall/Recovery-CD 32-Bit - Dr. Windows

Lad das iso runter, brenn es zB mit ImgBurn per Imagebrennfunktion auf eine CD und starte damit den Rechner (von dieser CD booten).

Falls Du eine normale Vista-Installations-DVD hast, brauchst Du das o.g. Image nicht sondern kannst einfach von der Vista-DVD booten.

Klick auf Computerreparaturoptionen, weiter, Eingabeaufforderung - die Konsole öffnet sich. Da bitte bootrec.exe /fixboot eintippen (mit enter bestätigen), dann bootrec.exe /fixmbr eintippen (mit enter bestätigen) - Rechner neustarten, CD vorher rausnehmen.

Oh_nein 10.12.2010 22:16
So, hab gerade die Computerreparation über Vista durchgeführt.

Ist das ok und richtig so gewesen, dass ich das Fenster der Eingabeaufforderung nach Eingabe von bootrec.exe/fixboot und bootrec.exe/fixmbr einfach geschlossen habe? Direkt nach der Eingabe wurde mir in der Zeile darunter zumindest in beiden Fällen der Erfolg der Eingabe bestätigt.

Sollte ich jetzt einfach wieder etwas warten, ob die unerwünschten Seiten/Computerabtürze weiter auftauchen, oder gibt es noch eine andere Möglichkeit, wie man es überprüfen kann?

Trotzdem noch einmal vielen Dank für die vielen Mühen und Ideen bis hierhin. Ist sicher nicht selbstverständlich. :daumenhoc

cosinus 10.12.2010 23:04
Mach bitte ein neues Log mit mbrcheck ;)

Oh_nein 10.12.2010 23:25
Muss ich GMER und OSAM vorher auch noch einmal drüberlaufen lassen, bevor ich das Log beim MBRCheck erstellen kann?

Falls nicht, voilá.

Code:
MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:                       
Windows Version:                Windows Vista Home Premium Edition
Windows Information:                Service Pack 1 (build 6001), 32-bit
Base Board Manufacturer:        Acer
BIOS Manufacturer:                INSYDE
System Manufacturer:                Acer
System Product Name:                Aspire 4810T
Logical Drives Mask:                0x0000000c

Kernel Drivers (total 145):
  0x81C1B000 \SystemRoot\system32\ntkrnlpa.exe
  0x81FD4000 \SystemRoot\system32\hal.dll
  0x8040D000 \SystemRoot\system32\kdcom.dll
  0x80415000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
  0x80475000 \SystemRoot\system32\PSHED.dll
  0x80486000 \SystemRoot\system32\BOOTVID.dll
  0x8048E000 \SystemRoot\system32\CLFS.SYS
  0x804CF000 \SystemRoot\system32\CI.dll
  0x80609000 \SystemRoot\system32\drivers\Wdf01000.sys
  0x80685000 \SystemRoot\system32\drivers\WDFLDR.SYS
  0x80692000 \SystemRoot\system32\drivers\acpi.sys
  0x806D8000 \SystemRoot\system32\drivers\WMILIB.SYS
  0x806E1000 \SystemRoot\system32\drivers\msisadrv.sys
  0x806E9000 \SystemRoot\system32\drivers\pci.sys
  0x80710000 \SystemRoot\System32\drivers\partmgr.sys
  0x8071F000 \SystemRoot\system32\DRIVERS\compbatt.sys
  0x80722000 \SystemRoot\system32\DRIVERS\BATTC.SYS
  0x8072C000 \SystemRoot\system32\drivers\volmgr.sys
  0x8073B000 \SystemRoot\System32\drivers\volmgrx.sys
  0x80785000 \SystemRoot\System32\drivers\mountmgr.sys
  0x8220D000 \SystemRoot\system32\DRIVERS\iaStor.sys
  0x822E8000 \SystemRoot\system32\drivers\atapi.sys
  0x822F0000 \SystemRoot\system32\drivers\ataport.SYS
  0x8230E000 \SystemRoot\system32\drivers\fltmgr.sys
  0x82340000 \SystemRoot\system32\drivers\fileinfo.sys
  0x82350000 \SystemRoot\System32\Drivers\ksecdd.sys
  0x89A01000 \SystemRoot\system32\drivers\ndis.sys
  0x89B0C000 \SystemRoot\system32\drivers\msrpc.sys
  0x89B37000 \SystemRoot\system32\drivers\NETIO.SYS
  0x89C02000 \SystemRoot\System32\Drivers\Ntfs.sys
  0x89D11000 \SystemRoot\system32\drivers\volsnap.sys
  0x89D4A000 \SystemRoot\System32\Drivers\spldr.sys
  0x89D52000 \SystemRoot\System32\Drivers\mup.sys
  0x89D61000 \SystemRoot\System32\drivers\ecache.sys
  0x89D88000 \SystemRoot\system32\drivers\disk.sys
  0x89D99000 \SystemRoot\system32\drivers\CLASSPNP.SYS
  0x89DBA000 \SystemRoot\system32\drivers\crcdisk.sys
  0x8C8DB000 \SystemRoot\system32\DRIVERS\tunnel.sys
  0x8C8E6000 \SystemRoot\system32\DRIVERS\tunmp.sys
  0x8C8EF000 \SystemRoot\system32\DRIVERS\intelppm.sys
  0x8CE08000 \SystemRoot\system32\DRIVERS\igdkmd32.sys
  0x8D738000 \SystemRoot\System32\drivers\dxgkrnl.sys
  0x8D7D7000 \SystemRoot\System32\drivers\watchdog.sys
  0x8D7E4000 \SystemRoot\system32\DRIVERS\usbuhci.sys
  0x8C8FE000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
  0x8D7EF000 \SystemRoot\system32\DRIVERS\usbehci.sys
  0x8C93C000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
  0x8C94E000 \SystemRoot\system32\DRIVERS\L1C60x86.sys
  0x8D80F000 \SystemRoot\system32\DRIVERS\NETw5v32.sys
  0x8DB98000 \SystemRoot\system32\DRIVERS\i8042prt.sys
  0x8DBAB000 \SystemRoot\system32\DRIVERS\DKbFltr.sys
  0x8DBB5000 \SystemRoot\system32\DRIVERS\kbdclass.sys
  0x8DBC0000 \SystemRoot\system32\DRIVERS\SynTP.sys
  0x8DBF1000 \SystemRoot\system32\DRIVERS\USBD.SYS
  0x8DBF3000 \SystemRoot\system32\DRIVERS\mouclass.sys
  0x8D800000 \SystemRoot\system32\DRIVERS\CmBatt.sys
  0x8D804000 \??\C:\Windows\system32\drivers\UBHelper.sys
  0x8CE00000 \??\C:\Windows\system32\drivers\NTIDrvr.sys
  0x8C976000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
  0x8C97F000 \SystemRoot\system32\DRIVERS\msiscsi.sys
  0x8C9AD000 \SystemRoot\system32\DRIVERS\storport.sys
  0x8C9EE000 \SystemRoot\system32\DRIVERS\TDI.SYS
  0x89DD0000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
  0x89DE7000 \SystemRoot\system32\DRIVERS\ndistapi.sys
  0x89B71000 \SystemRoot\system32\DRIVERS\ndiswan.sys
  0x89B94000 \SystemRoot\system32\DRIVERS\raspppoe.sys
  0x89BA3000 \SystemRoot\system32\DRIVERS\raspptp.sys
  0x89BB7000 \SystemRoot\system32\DRIVERS\rassstp.sys
  0x89BCC000 \SystemRoot\system32\DRIVERS\termdd.sys
  0x8D80C000 \SystemRoot\system32\DRIVERS\swenum.sys
  0x823C1000 \SystemRoot\system32\DRIVERS\ks.sys
  0x89DF2000 \SystemRoot\system32\DRIVERS\mssmbios.sys
  0x89BDC000 \SystemRoot\system32\DRIVERS\umbus.sys
  0x80795000 \SystemRoot\system32\DRIVERS\usbhub.sys
  0x89BE9000 \SystemRoot\System32\Drivers\NDProxy.SYS
  0x8DE07000 \SystemRoot\system32\drivers\RTKVHDA.sys
  0x8E046000 \SystemRoot\system32\drivers\portcls.sys
  0x8E073000 \SystemRoot\system32\drivers\drmk.sys
  0x8E098000 \SystemRoot\system32\drivers\IntcHdmi.sys
  0x8E0B9000 \SystemRoot\system32\DRIVERS\mwlPSDFilter.sys
  0x8E0C2000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
  0x8E0CB000 \SystemRoot\System32\Drivers\Null.SYS
  0x8E0D2000 \SystemRoot\System32\Drivers\Beep.SYS
  0x8E0D9000 \SystemRoot\System32\drivers\vga.sys
  0x8E0E5000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
  0x8E106000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
  0x8E10E000 \SystemRoot\system32\drivers\rdpencdd.sys
  0x8E116000 \SystemRoot\System32\Drivers\Msfs.SYS
  0x8E121000 \SystemRoot\System32\Drivers\Npfs.SYS
  0x8E12F000 \SystemRoot\System32\DRIVERS\rasacd.sys
  0x8E408000 \SystemRoot\System32\drivers\tcpip.sys
  0x8E4EF000 \SystemRoot\System32\drivers\fwpkclnt.sys
  0x8E50A000 \SystemRoot\system32\DRIVERS\tdx.sys
  0x8E520000 \SystemRoot\system32\DRIVERS\smb.sys
  0x8E534000 \SystemRoot\System32\DRIVERS\netbt.sys
  0x8E566000 \SystemRoot\system32\drivers\afd.sys
  0x8E5AE000 \SystemRoot\system32\DRIVERS\pacer.sys
  0x8E5C4000 \SystemRoot\system32\DRIVERS\netbios.sys
  0x8E5D2000 \SystemRoot\system32\DRIVERS\wanarp.sys
  0x8E5E5000 \SystemRoot\system32\DRIVERS\ssmdrv.sys
  0x8E138000 \SystemRoot\system32\DRIVERS\rdbss.sys
  0x8E5EB000 \SystemRoot\system32\drivers\nsiproxy.sys
  0x8E174000 \SystemRoot\system32\DRIVERS\mwlPSDVDisk.sys
  0x8E5F5000 \SystemRoot\system32\DRIVERS\mwlPSDNServ.sys
  0x8E186000 \SystemRoot\System32\Drivers\dfsc.sys
  0x8E19D000 \SystemRoot\system32\DRIVERS\avipbb.sys
  0x8E1C0000 \SystemRoot\System32\Drivers\fastfat.SYS
  0x8E1E8000 \SystemRoot\system32\DRIVERS\hidusb.sys
  0x8C800000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
  0x8E400000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
  0x8E1F1000 \SystemRoot\system32\DRIVERS\mouhid.sys
  0x8C810000 \SystemRoot\system32\DRIVERS\usbccgp.sys
  0x8C827000 \SystemRoot\System32\Drivers\usbvideo.sys
  0x8C848000 \SystemRoot\system32\DRIVERS\udfs.sys
  0x8C883000 \SystemRoot\System32\Drivers\crashdmp.sys
  0x8F001000 \SystemRoot\System32\Drivers\dump_iaStor.sys
  0x93E40000 \SystemRoot\System32\win32k.sys
  0x8F0DC000 \SystemRoot\System32\drivers\Dxapi.sys
  0x8F0E6000 \SystemRoot\system32\DRIVERS\monitor.sys
  0x94060000 \SystemRoot\System32\TSDDD.dll
  0x94080000 \SystemRoot\System32\cdd.dll
  0x8F0F5000 \SystemRoot\system32\drivers\luafv.sys
  0x8F110000 \SystemRoot\system32\DRIVERS\avgntflt.sys
  0x8F125000 \SystemRoot\system32\DRIVERS\irda.sys
  0x8F143000 \SystemRoot\system32\DRIVERS\lltdio.sys
  0x8F153000 \SystemRoot\system32\DRIVERS\nwifi.sys
  0x8F17D000 \SystemRoot\system32\DRIVERS\ndisuio.sys
  0x8F187000 \SystemRoot\system32\DRIVERS\rspndr.sys
  0xA6809000 \SystemRoot\system32\drivers\HTTP.sys
  0xA6874000 \SystemRoot\System32\DRIVERS\srvnet.sys
  0xA6891000 \SystemRoot\system32\DRIVERS\bowser.sys
  0xA68AA000 \SystemRoot\System32\drivers\mpsdrv.sys
  0xA68BF000 \SystemRoot\system32\drivers\mrxdav.sys
  0xA68DF000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
  0xA68FE000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
  0xA6937000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
  0xA694F000 \SystemRoot\System32\DRIVERS\srv2.sys
  0xA6976000 \SystemRoot\System32\DRIVERS\srv.sys
  0xA740F000 \SystemRoot\system32\drivers\spsys.sys
  0xA74BE000 \SystemRoot\system32\drivers\peauth.sys
  0xA759C000 \SystemRoot\System32\Drivers\secdrv.SYS
  0xA75A6000 \SystemRoot\System32\drivers\tcpipreg.sys
  0xA75B2000 \SystemRoot\system32\DRIVERS\cdfs.sys
  0xA75C8000 \SystemRoot\system32\DRIVERS\cdrom.sys
  0x77C10000 \Windows\System32\ntdll.dll

Processes (total 78):
      0 System Idle Process
      4 System
    444 C:\Windows\System32\smss.exe
    516 csrss.exe
    560 C:\Windows\System32\wininit.exe
    568 csrss.exe
    616 C:\Windows\System32\winlogon.exe
    640 C:\Windows\System32\services.exe
    656 C:\Windows\System32\lsass.exe
    664 C:\Windows\System32\lsm.exe
    832 C:\Windows\System32\svchost.exe
    908 C:\Windows\System32\svchost.exe
    940 C:\Windows\System32\svchost.exe
    1024 C:\Windows\System32\svchost.exe
    1104 C:\Windows\System32\svchost.exe
    1116 C:\Windows\System32\svchost.exe
    1192 C:\Windows\System32\audiodg.exe
    1220 C:\Windows\System32\SLsvc.exe
    1256 C:\Windows\System32\svchost.exe
    1332 C:\Windows\System32\svchost.exe
    1596 C:\Windows\System32\spoolsv.exe
    1620 C:\Program Files\Avira\AntiVir Desktop\sched.exe
    1632 C:\Windows\System32\svchost.exe
    1996 C:\Windows\System32\taskeng.exe
    2024 C:\Windows\System32\dwm.exe
    272 C:\Windows\explorer.exe
    504 C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    632 C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
    660 C:\Windows\System32\igfxtray.exe
    1280 C:\Program Files\Launch Manager\dsiwmis.exe
    1348 C:\Windows\System32\hkcmd.exe
    1356 C:\Windows\System32\igfxpers.exe
    1384 C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    816 C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe
    1428 C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
    1872 C:\Windows\PLFSetI.exe
    1820 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    1380 C:\Program Files\Launch Manager\LManager.exe
    312 C:\Program Files\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
    1836 C:\Program Files\EgisTec\MyWinLocker 3\x86\MWLService.exe
    2060 C:\Program Files\Acer\Optical Drive Power Management\ODDPWR.exe
    2068 C:\Program Files\EgisTec Egis Software Update\EgisUpdate.exe
    2092 C:\Program Files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
    2100 C:\Program Files\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe
    2108 C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
    2116 C:\Program Files\Winamp\winampa.exe
    2148 C:\Program Files\Common Files\Java\Java Update\jusched.exe
    2164 C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
    2188 C:\Users\Lars\Local Settings\Apps\F.lux\flux.exe
    2212 C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
    2220 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    2252 C:\Program Files\Acer\Optical Drive Power Management\ODDPWRSvc.exe
    2268 C:\Program Files\Acer\Acer VCM\AcerVCM.exe
    2276 C:\Users\Lars\AppData\Roaming\Dropbox\bin\Dropbox.exe
    2308 C:\Windows\System32\svchost.exe
    2344 C:\Program Files\Acer\Acer VCM\RS_Service.exe
    2396 C:\Windows\System32\svchost.exe
    2484 C:\Windows\System32\SearchIndexer.exe
    2544 C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
    2900 C:\Windows\System32\igfxsrvc.exe
    2944 C:\Windows\System32\wbem\unsecapp.exe
    3088 WmiPrvSE.exe
    3156 C:\Windows\System32\taskeng.exe
    3552 C:\Windows\System32\igfxext.exe
    3896 C:\Windows\System32\rundll32.exe
    3904 WmiPrvSE.exe
    4012 C:\Program Files\Mozilla Firefox\firefox.exe
    2820 C:\Program Files\Acer\Acer PowerSmart Manager\ePowerTray.exe
    2872 C:\Windows\System32\wbem\unsecapp.exe
    2368 C:\Windows\System32\igfxext.exe
    2844 C:\Windows\System32\igfxsrvc.exe
    3212 C:\Program Files\Acer\Acer PowerSmart Manager\ePowerEvent.exe
    3300 C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    1468 C:\Program Files\Mozilla Firefox\plugin-container.exe
    552 C:\Windows\System32\wuauclt.exe
    3924 C:\Windows\servicing\TrustedInstaller.exe
    1792 C:\Users\Lars\Downloads\MBRCheck.exe
    748 C:\Windows\System32\conime.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000002`71100000  (NTFS)

PhysicalDrive0 Model Number: HitachiHTS545032B9A300, Rev: PB3OC60F

      Size  Device Name          MBR Status
  --------------------------------------------
    298 GB  \\.\PhysicalDrive0  Windows 2008 MBR code detected
            SHA1: 8DF43F2BDE2D9451948FA14B5279969C777A7979


Done!

cosinus 11.12.2010 14:18
Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SASW und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!

Oh_nein 11.12.2010 19:52
So, Stunden später sind die scans dann auch durch. Hab bislang auch keine Probleme mehr gehabt. Computer stürzt nicht mehr ab und die unerwünschten Seiten poppen auch nicht mehr auf.

Ich hoffe mal die Logfiles sind soweit auch ok?

Code:
mbam-log-2010-12-11 (16-30-44).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Durchsuchte Objekte: 242360
Laufzeit: 2 Stunde(n), 9 Minute(n), 21 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
Code:
SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com

Generated 12/11/2010 at 07:46 PM

Application Version : 4.46.1000

Core Rules Database Version : 5989
Trace Rules Database Version: 3801

Scan type      : Complete Scan
Total Scan Time : 03:00:05

Memory items scanned      : 674
Memory threats detected  : 0
Registry items scanned    : 8559
Registry threats detected : 0
File items scanned        : 118824
File threats detected    : 6

Adware.Tracking Cookie
        C:\Users\Lars\AppData\Roaming\Microsoft\Windows\Cookies\lars@zedo[1].txt
        C:\Users\Lars\AppData\Roaming\Microsoft\Windows\Cookies\lars@statse.webtrendslive[2].txt
        ia.media-imdb.com [ C:\Users\Lars\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RT3VXPTY ]
        inwmedia.net [ C:\Users\Lars\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\RT3VXPTY ]
        media.scanscout.com [ C:\Windows\System32\config\systemprofile\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\4BQAHJMV ]
        secure-us.imrworldwide.com [ C:\Windows\System32\config\systemprofile\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\4BQAHJMV ]

cosinus 12.12.2010 17:36
Sieht ok aus, da wurden nur Cookies gefunden.
Noch Probleme oder weitere Funde in der Zwischenzeit?

Oh_nein 12.12.2010 18:45
Nein, keine weiteren Probleme mehr. Läuft alles einwandfrei.

Abschließend noch einmal recht herzlichen Dank für die schnelle und professionelle Hilfe. Werde euch gerne weiter empfehlen.

:dankeschoen:

cosinus 13.12.2010 08:49
Dann wären wir durch! :abklatsch:

Bitte abschließend die Updates prüfen, unten mein Leitfaden dazu.
Für noch mehr Sicherheit solltest Du nach der beseitigten Infektion auch möglichst alle Passwörter ändern.


Microsoftupdate

Windows XP: Besuch mit dem IE die MS-Updateseite und lass Dir alle wichtigen Updates installieren.

Windows Vista/7: Anleitung Windows-Update



PDF-Reader aktualisieren
Dein Adobe Reader ist nicht aktuell, was ein großes Sicherheitsrisiko darstellt. Du solltest daher besser die alte Version über Systemsteuerung => Software deinstallieren, indem Du dort auf "Adobe Reader x.0" klickst und das Programm entfernst.

Ich empfehle einen alternativen PDF-Reader wie SumatraPDF oder Foxit PDF Reader, beide sind sehr viel schlanker und flotter als der AdobeReader.

Bitte überprüf bei der Gelegenheit auch die Aktualität des Flashplayers, hier der direkte Downloadlink => http://filepony.de/?q=Flash+Player


Java-Update
Veraltete Java-Installationen sind ein Sicherheitsrisiko, daher solltest Du die alten Versionen löschen (falls vorhanden, am besten mit JavaRa) und auf die neuste aktualisieren. Beende dazu alle Programme (v.a. die Browser), klick danach auf Start, Systemsteuerung, Software und deinstalliere darüber alle aufgelisteten Java-Versionen. Lad Dir danach von hier das aktuelle Java SE Runtime Environment (JRE) herunter und installiere es.


Alle Zeitangaben in WEZ +1. Es ist jetzt 07:06 Uhr.
Seite 2 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131