Windows Update nicht möglich / Google Suche leitet auf Werbung um |
||
---|---|---|
#0
| ||
17.05.2011, 15:12
...neu hier
Beiträge: 5 |
||
|
||
17.05.2011, 17:44
...neu hier
Themenstarter Beiträge: 5 |
#2
Komischerweise lässt mich mein Computer die log files nicht posten, und verweigert mir auf diesen Post zu antworten. Obwohl ich mit dem Internet verbunden bin, kommt dann, diese seite kann nicht angezeigt werden....
Jemand ne Idee, an was das liegen kann? Vielen Dank! |
|
|
||
18.05.2011, 01:47
Moderator
Beiträge: 5694 |
#3
Woher schreibst Du denn die Beiträge? Also Du hast ganz frisch aufgesetzt?
|
|
|
||
18.05.2011, 11:14
...neu hier
Themenstarter Beiträge: 5 |
#4
Ich habe meine C Partition neu aufgesetzt.
Ein Windows Update geht nicht, auch auf die Seite update.windows.com kann ich nicht. Google leitet bei der Suche auf Werbe-Seiten um, sobald man einen Treffer anklicken möchte. Häufig erscheint die Meldung:; "Hostprozess für Windows Dienste funktioniert nicht mehr." Nutze Windows Vista (32 bit) Ich probiere die logfiles jetzt mal über den anhang. Zitat OTL logfile created on: 17.05.2011 14:57:15 - Run 1 Anhang: OTL.Txt
|
|
|
||
18.05.2011, 11:16
...neu hier
Themenstarter Beiträge: 5 |
#5
OTL EXTRAS
OTL Extras logfile created on: 17.05.2011 14:57:15 - Run 1 OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\michael\Desktop Windows Vista Business Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation Internet Explorer (Version = 7.0.6001.18000) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 58,00% Memory free 6,00 Gb Paging File | 5,00 Gb Available in Paging File | 78,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 144,17 Gb Total Space | 128,71 Gb Free Space | 89,28% Space Free | Partition Type: NTFS Drive D: | 72,02 Gb Total Space | 12,68 Gb Free Space | 17,60% Space Free | Partition Type: NTFS Drive E: | 72,13 Gb Total Space | 58,09 Gb Free Space | 80,54% Space Free | Partition Type: NTFS Drive F: | 93,87 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS Computer Name: MICHAEL-PC | User Name: michael | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Extra Registry (SafeList) ==========[/color] [color=#E56717]========== File Associations ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) .url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- E:\mozilla firefox\firefox.exe (Mozilla Corporation) [color=#E56717]========== Shell Spawning ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) htmlfile [edit] -- "E:\MsOffice\Office10\msohtmed.exe" %1 (Microsoft Corporation) htmlfile [print] -- "E:\MsOffice\Office10\msohtmed.exe" /p %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [color=#E56717]========== Security Center Settings ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 "VistaSp1" = Reg Error: Unknown registry data type -- File not found [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [color=#E56717]========== Firewall Settings ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [color=#E56717]========== Authorized Applications List ==========[/color] [color=#E56717]========== Vista Active Open Ports Exception List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] [color=#E56717]========== Vista Active Application Exception List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{1F5865F8-D3BD-4EAF-84BA-B1052E3F4F12}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe | "{203CE903-C4D0-4357-96B4-80FAF221538E}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\client\agentsvc.exe | "{20923879-D8EF-400A-91E7-839589ED5584}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe | "{8C1D3BA8-4A55-44BE-8D2F-5773D5E6899A}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe | "{B68C547F-31B7-4B9F-BF08-13B03DF3B825}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe | "{FF489EB1-B5D1-4EB4-BFD8-DBC5147961B1}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\client\agentsvc.exe | [color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{028ED9C4-25EE-4DEE-9CF4-91034BC89B18}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ) "{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3 "{07629207-FAA0-4F1A-8092-BF5085BE511F}" = Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch) "{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting "{11316260-6666-467B-AC34-183FCB5D4335}" = Acer Mobility Center Plug-In "{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now Standard "{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8 "{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3 "{2DFB5485-A3EF-4298-9280-4AF80C9F4BE9}" = Microsoft SQL Server VSS Writer "{411E0CC3-587A-468C-B461-95FAFD05E4DE}" = Adobe InDesign CS3 "{4393DE35-AD67-4F37-95E4-30F06EA0FDB2}" = Adobe Creative Suite 3 Design Premium "{4cb9f93c-9edc-4be9-ae61-af128ddbecfa}" = Business Contact Manager für Outlook 2007 SP1 "{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies "{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3 "{547DCEC7-DD2A-47E9-82C7-5CF1EAB526DA}" = Microsoft SQL Server Native Client "{5518E08A-2053-4A3E-85B2-F912D4666C9F}" = Adobe Setup "{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites "{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All "{6B708481-748A-4EB4-97C1-CD386244FF77}" = Adobe MotionPicture Color Files "{6BBAA81D-6A7E-43AD-8889-2F002DCAAFDD}" = AHV content for Acrobat and Flash "{6F7EA6CA-79F4-44A0-A370-8E82BB16534A}" = NTI Shadow "{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3 "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{73B5D990-04EA-4751-B10F-5534770B91F2}" = Adobe Color EU Recommended Settings "{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3 "{88D422DB-E9C7-4E16-9D80-2999F4FD6AD9}" = Adobe Flash Player 9 Plugin "{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3 "{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support "{8F1B6239-FEA0-450A-A950-B05276CE177C}" = Acer Empowering Technology "{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3 "{90280407-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional mit FrontPage "{90A40407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components "{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3 "{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps "{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific "{A64A5576-D862-44F8-89DC-2B17FCC9B86E}" = Broadcom Gigabit Integrated Controller "{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components "{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings "{AC76BA86-7AD7-1033-7B44-A81000000003}" = Adobe Reader 8.1.0 "{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0 "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy "{B671CBFD-4109-4D35-9252-3062D3CCB7B2}" = Adobe SING CS3 "{B73CFB12-C814-4638-AFFD-7E3AAFAF0B4E}" = Adobe BridgeTalk Plugin CS3 "{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3 "{BC4F8E84-5E29-49EC-B4E7-E6F9CB50986C}" = Adobe Flash Player 9 ActiveX "{BE5F3842-8309-4754-92D5-83E02E6077A3}" = Adobe Extension Manager CS3 "{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2 "{C5BD220A-EFE8-48A5-B70E-9503D535FACE}" = Adobe WAS CS3 "{C8D7A672-F697-4572-AC62-C856053A8DBC}" = Adobe Illustrator CS3 "{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe 1.4.142.1 "{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client "{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files "{D3C605D8-3A5E-4BAD-965D-2C61441BF2AC}" = Adobe Photoshop CS3 "{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings "{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings "{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3 "{EA7B3CC4-366D-4CF6-8350-FD7A7034116E}" = Adobe InDesign CS3 Icon Handler "{FF29A7E2-FF40-4D07-B7E4-2093DE59E10A}" = Adobe Color NA Extra Settings "Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites "Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Adobe_061850775b1c6d22bf2a145678e05e0" = Adobe Creative Suite 3 Design Premium hinzufügen oder entfernen "Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus "AVMFBox" = AVM FRITZ!Box Dokumentation "AVMFBoxPrinter" = AVM FRITZ!Box Druckeranschluss "Business Contact Manager" = Business Contact Manager für Outlook 2007 SP1 "InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now 5 "InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8 "InstallShield_{6F7EA6CA-79F4-44A0-A370-8E82BB16534A}" = NTI Shadow "Microsoft SQL Server 2005" = Microsoft SQL Server 2005 "Mozilla Firefox 4.0.1 (x86 de)" = Mozilla Firefox 4.0.1 (x86 de) "Unlocker" = Unlocker 1.9.1 "Windows7FirewallControl_is1" = Windows7FirewallControl (i386) 4.1.14.73 [color=#E56717]========== Last 10 Event Log Errors ==========[/color] [ Application Events ] Error - 17.05.2011 06:16:40 | Computer Name = michael-PC | Source = System Restore | ID = 8193 Description = Error - 17.05.2011 06:38:01 | Computer Name = michael-PC | Source = MsiInstaller | ID = 11904 Description = Error - 17.05.2011 06:50:10 | Computer Name = michael-PC | Source = WinMgmt | ID = 10 Description = Error - 17.05.2011 06:57:04 | Computer Name = michael-PC | Source = EventSystem | ID = 4621 Description = Error - 17.05.2011 06:58:15 | Computer Name = michael-PC | Source = WinMgmt | ID = 10 Description = Error - 17.05.2011 07:00:55 | Computer Name = michael-PC | Source = WinMgmt | ID = 10 Description = Error - 17.05.2011 08:20:54 | Computer Name = michael-PC | Source = Application Error | ID = 1000 Description = Fehlerhafte Anwendung svchost.exe, Version 6.0.6001.18000, Zeitstempel 0x47918b89, fehlerhaftes Modul ntdll.dll, Version 6.0.6001.18000, Zeitstempel 0x4791a7a6, Ausnahmecode 0xc000071b, Fehleroffset 0x00088ed9, Prozess-ID 0x470, Anwendungsstartzeit 01cc1481ade8ce16. Error - 17.05.2011 08:21:57 | Computer Name = michael-PC | Source = WinMgmt | ID = 10 Description = Error - 17.05.2011 08:42:31 | Computer Name = michael-PC | Source = Application Error | ID = 1000 Description = Fehlerhafte Anwendung svchost.exe, Version 6.0.6001.18000, Zeitstempel 0x47918b89, fehlerhaftes Modul ntdll.dll, Version 6.0.6001.18000, Zeitstempel 0x4791a7a6, Ausnahmecode 0xc000071b, Fehleroffset 0x00088ed9, Prozess-ID 0x458, Anwendungsstartzeit 01cc148cf5a862c9. Error - 17.05.2011 08:42:58 | Computer Name = michael-PC | Source = WinMgmt | ID = 10 Description = [ System Events ] Error - 17.05.2011 06:58:15 | Computer Name = michael-PC | Source = Service Control Manager | ID = 7023 Description = Error - 17.05.2011 06:58:15 | Computer Name = michael-PC | Source = Service Control Manager | ID = 7000 Description = Error - 17.05.2011 07:00:53 | Computer Name = michael-PC | Source = HTTP | ID = 15016 Description = Error - 17.05.2011 07:00:55 | Computer Name = michael-PC | Source = Service Control Manager | ID = 7023 Description = Error - 17.05.2011 07:00:55 | Computer Name = michael-PC | Source = Service Control Manager | ID = 7000 Description = Error - 17.05.2011 07:00:55 | Computer Name = michael-PC | Source = Service Control Manager | ID = 7000 Description = Error - 17.05.2011 08:22:14 | Computer Name = michael-PC | Source = Service Control Manager | ID = 7032 Description = Error - 17.05.2011 08:23:14 | Computer Name = michael-PC | Source = Service Control Manager | ID = 7032 Description = Error - 17.05.2011 08:23:14 | Computer Name = michael-PC | Source = Service Control Manager | ID = 7032 Description = Error - 17.05.2011 08:44:35 | Computer Name = michael-PC | Source = Service Control Manager | ID = 7032 Description = < End of report > GMER GMER 1.0.15.15627 - http://www.gmer.net Rootkit quick scan 2011-05-17 15:06:13 Windows 6.0.6001 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IdePort0 WDC_WD3200BEVT-22ZCT0 rev.11.01A11 Running: 2o0ip8b5.exe; Driver: C:\Users\michael\AppData\Local\Temp\kxliifow.sys ---- Disk sectors - GMER 1.0.15 ---- Disk \Device\Harddisk0\DR0 TDL4@MBR code has been found <-- ROOTKIT !!! Disk \Device\Harddisk0\DR0 sector 00: rootkit-like behavior ---- Devices - GMER 1.0.15 ---- AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation) Device \Device\Ide\IdeDeviceP0T0L0-0 -> \??\IDE#DiskWDC_WD3200BEVT-22ZCT0___________________11.01A11#5&2a11bc5c&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found ---- EOF - GMER 1.0.15 ---- |
|
|
||
18.05.2011, 22:32
Moderator
Beiträge: 5694 |
#6
Du hast ein Rootkit im MBR.
Setze doch das ganze System einmal komplett neu auf wie hier beschrieben: http://board.protecus.de/t13020.htm Dann sollte der MBR neu geschrieben sein und ALLES Neu sein. Nutzt Du eine legale Version? |
|
|
||
19.05.2011, 14:20
...neu hier
Themenstarter Beiträge: 5 |
#7
Ja, mein Windows ist legal.
Ich habe einen Acer, vor ein paar Tagen habe ich Windows bereits neu installiert, dabei wurde das C-Laufwerk gelöscht (ich habe drei Partitionen). Muss ich alle Partitionen löschen? Oder reicht es, wenn die C Partition drauf geht? Was macht der Rootkit im MBR denn? danke |
|
|
||
19.05.2011, 22:58
Moderator
Beiträge: 5694 |
#8
Am besten setzt Du die Kiste komplett neu auf. Das heisst ALLES wie beschrieben machen.
|
|
|
||
Nutze Windows Vista (32 bit)
Habe jetzt eure anleitung gelesen und werde die logfiles posten. ich hoffe ihr könnt mir helfen.