Windows Vista: Ist dies ein Virus? Was soll ich tun? ACER Laptop

Ist schon riskant alles.

Zunächst erstelle bitte ein Logfile mit dem Programm Hijackthis und poste dieses hier.

Außerdem ladt dir Malwarebytes runter und installier es,danach ein Update machen und einen Komplett Scan, alle funde löschen lassen und den Report hier posten.

SCAN aber im abges. Modus !!

Voerst vielen Dank für die Antwort, also habe mal das Logfile gemacht:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:43:48, on 22.10.2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Acer\Empowering Technology\ENET\ENMTRAY.EXE
C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\System32\rundll32.exe
C:\Users\FRANZI~1\AppData\Local\Temp\RtkBtMnt.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Lavasoft\Ad-Aware\Ad-Aware.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Users\Franziska\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GLSP3FJN\HiJackThis[1].exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.ch/0SEDECH/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.ch/0SEDECH/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ch/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://de.intl.acer.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://de.intl.acer.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.ch/0SEDECH/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar mit Pop-Up-Blocker - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe
O4 - HKLM\..\Run: [RecoverFromReboot] C:\Windows\Temp\RecoverFromReboot.exe
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [Performance Center] C:\Program Files\Ascentive\Performance Center\APCMain.exe -m
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [?????????] ??????????????e
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [gukqacc] "c:\users\franziska\appdata\local\gukqacc.exe" gukqacc
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\Windows\system32\Macromed\Flash\FlashUtil9e.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST')
O4 - Startup: Last.fm Helper.lnk = C:\Program Files\Last.fm\LastFMHelper.exe
O4 - Startup: OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O20 - AppInit_DLLs: eNetHook.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatisches LiveUpdate - Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Bonjour-Dienst (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 9761 bytes
 

unter UPDATE soll ich wohl Windows update verstehen? Wollte dies machen aber leider kan nicht nach neuen Updates gesucht werden es kommt Fehler: Code 80070422: Unbekannter Fehler bei Windows Update. Lass dann heute Abend den komplett SCAN im Abgesicherten Modus laufen. 

hallo,

Systemwiederherstellung deaktivieren.

diese einträge mit HJT fixen:
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe

danach eine plattenbereinigung machen (temp datein usw löschen)
Malwarebytes runterladen (&updaten)
und pc im abgeischertem modus damit scannen.

Donwloadlink für Malwarebytes: klick

mfg Zidane 

BIST DU SICHER ???
http://www.google.de/search?q=C%3A\Acer\Empowering+Technology\&ie=utf-8&oe=utf-8&aq=t&rls=org.mozilla:de:official&client=firefox-a

In keiner dieser Beiträge dort wurden irgend welche
C:\Acer\Empowering Technology\   <<<  Einträge moniert.

Sieht nach ACER-eigener Software aus ....

hallo,

@HCK diese dienste braucht man nicht unbedingt.
aber ok ich werds dan "ausbessern".

mfg Zidane

Und hier das Protokoll von Malware:

Malwarebytes' Anti-Malware 1.29
Database version: 1306
Windows 6.0.6001 Service Pack 1

22.10.2008 20:40:56
mbam-log-2008-10-22 (20-40-56).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 133300
Time elapsed: 32 minute(s), 59 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 7
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 1
Files Infected: 79

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\TypeLib\{497dddb6-6eee-4561-9621-b77dc82c1f84} (Rogue.AscentivePerformance) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{4e980492-027b-47f1-a7ab-ab086dacbb9e} (Rogue.AscentivePerformance) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{5ead8321-fcbb-4c3f-888c-ac373d366c3f} (Rogue.AscentivePerformance) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{31f3cf6e-a71a-4daa-852b-39ac230940b4} (Rogue.AscentivePerformance) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\srosa (Rootkit.Bagle) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\srosa (Rootkit.Bagle) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srosa (Rootkit.Bagle) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\Windows\System32\SysRestore.dll (Rogue.AscentivePerformance) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Windows\System32\drivers\downld (Trojan.Agent) -> Quarantined and deleted successfully.

Files Infected:
C:\Windows\System32\SysRestore.dll (Rogue.AscentivePerformance) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\1074098.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\1082802.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\1083380.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\1094315.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\1097295.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\1099417.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\1106093.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\1110165.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\1112770.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\1157231.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\1163361.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\121789.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\149620.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\150041.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\173488.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\175345.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\180025.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\182333.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\184595.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\192224.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\196218.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\196670.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\215562.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\219711.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\225951.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\227153.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\233439.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\239383.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\239492.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\244016.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\246387.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\255155.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\255373.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\255872.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\256715.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\259351.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\260552.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\262097.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\265170.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\274951.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\289553.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\293968.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\294420.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\303047.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\303655.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\308398.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\323421.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\324809.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\326291.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\326525.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\330051.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\332266.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\332734.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\333951.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\337508.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\339941.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\340924.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\346603.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\348989.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\400844.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\407334.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\410547.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\416803.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\429252.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\433854.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\732643.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\738321.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\738836.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\744031.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\746683.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\750474.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\753079.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\755013.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\799832.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\downld\816992.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\mdelk.exe (Trojan.Spammer) -> Quarantined and deleted successfully.
C:\Windows\System32\wintems.exe (Trojan.Spammer) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\srosa.sys (Rootkit.Bagle) -> Quarantined and deleted successfully.
 

und dann noch der Vista - Scan:

Die 30 neuesten Dateien im Ordner Windows:
 
***** ***** ***** ***** ***** 
***** Scanning C:\Windows ***** 
***** ***** ***** ***** ***** 
 
 22.10.2008 bootstat.dat 20 58:67'584 
 22.10.2008 ntbtlog.txt 20 53:612'520 
 22.10.2008 WindowsUpdate.log 20 48:1'598'714 
 19.10.2008 diagwrn.xml 17 55:1'905 
 19.10.2008 diagerr.xml 17 55:1'905 
 19.10.2008 setupact.log 17 55:2'887 
 19.10.2008 setuperr.log 17 49:0 
Class 19.10.2008 First 15 59:2'593 
 19.10.2008 MEMORY.DMP 01 30:263'182'608 
 19.10.2008 PFRO.log 01 30:83'084 
Party 29.09.2008 Beach 21 24:725'573 
Class 28.09.2008 First 21 04:18'787 
Mania 23.09.2008 Spa 18 26:14'730 
 09.08.2008 WindowsShell.Manifest 22 40:749 
 09.08.2008 DtcInstall.log 22 37:3'297 
 18.03.2008 DPINST.LOG 22 32:15'452 
 19.01.2008 regedit.exe 09 33:134'656 
 19.01.2008 notepad.exe 09 33:151'040 
 19.01.2008 HelpPane.exe 09 33:498'176 
 19.01.2008 fveupdate.exe 09 33:13'312 
 19.01.2008 explorer.exe 09 33:2'927'104 
 19.01.2008 bfsvc.exe 09 33:58'880 
 04.01.2008 ie7_main.log 13 43:1'984 
 04.01.2008 nsreg.dat 02 50:0 
 10.10.2007 msxml4-KB941833-enu.LOG 18 13:258'342 
 01.09.2007 SpywareDoctor505Installation.log 22 15:1'142 
 17.08.2007 msxml4-KB936181-enu.LOG 03 02:254'912 
 
 
Die 50 neuesten Dateien im Ordner Windows\system32:
 
***** ***** ***** ***** ***** 
***** Scanning C:\Windows\system32 ***** 
***** ***** ***** ***** ***** 
 
 22.10.2008 ban_list.txt 21 02:15'897 
 22.10.2008 7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 20 58:3'168 
 22.10.2008 7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 20 58:3'168 
 19.10.2008 nvapps.xml 17 45:87'036 
 19.10.2008 FNTCACHE.DAT 17 01:261'472 
 19.10.2008 perfh009.dat 00 49:587'178 
 19.10.2008 perfh007.dat 00 49:618'442 
 19.10.2008 perfc009.dat 00 49:101'250 
 19.10.2008 perfc007.dat 00 49:122'648 
 19.10.2008 PerfStringBackup.INI 00 49:1'418'612 
 07.10.2008 mrt.exe 21 19:16'721'856 
 02.10.2008 wininet.dll 05 49:827'392 
 02.10.2008 urlmon.dll 05 49:1'166'336 
 02.10.2008 mstime.dll 05 49:671'232 
 02.10.2008 mshtml.dll 05 49:3'578'880 
 02.10.2008 jsproxy.dll 05 49:28'160 
 02.10.2008 ieframe.dll 05 49:6'068'736 
 02.10.2008 iertutil.dll 05 49:270'336 
 02.10.2008 mshtml.tlb 03 32:1'383'424 
 18.09.2008 ntkrnlpa.exe 07 09:3'601'464 
 18.09.2008 ntoskrnl.exe 07 09:3'549'240 
 18.09.2008 win32k.sys 04 16:2'032'640 
 06.09.2008 QuickTimeVR.qtx 15 09:90'112 
 06.09.2008 QuickTime.qts 15 09:57'344 
 29.08.2008 dns-sd.exe 10 18:87'336 
 29.08.2008 dnssd.dll 09 53:61'440 
 09.08.2008 ifxcardm.dll 22 01:101'888 
 09.08.2008 axaltocm.dll 22 01:82'432 
 02.08.2008 cdd.dll 05 26:36'864 
 31.07.2008 Apphlpdm.dll 05 32:28'160 
 31.07.2008 GameUXLegacyGDFs.dll 03 13:4'240'384 
 19.07.2008 wuauclt.exe 07 10:53'448 
 19.07.2008 wups2.dll 07 10:45'768 
 19.07.2008 wups.dll 07 10:36'552 
 19.07.2008 wuapi.dll 07 09:563'912 
 19.07.2008 wuaueng.dll 07 09:1'811'656 
 19.07.2008 wucltux.dll 05 44:1'524'736 
 19.07.2008 wudriver.dll 05 44:83'456 
 18.07.2008 wuwebv.dll 22 08:163'904 
 18.07.2008 wuapp.exe 20 44:31'232 
 16.07.2008 tzres.dll 03 32:2'048 
 26.06.2008 wmpeffects.dll 05 29:303'616 
 26.06.2008 NaturalLanguage6.dll 05 29:801'280 
 26.06.2008 emdmgmt.dll 05 29:565'248 
 26.06.2008 dataclen.dll 05 29:45'056 
 26.06.2008 NlsLexicons0009.dll 03 45:2'644'480 
 26.06.2008 NlsLexicons0007.dll 03 45:12'240'896 
 
 
***** ***** ***** ***** ***** 
***** Scanning C:\Windows\system32\drivers\etc\hosts ***** 
***** ***** ***** ***** ***** 
 
# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
#      102.54.94.97     rhino.acme.com          # source server
#       38.25.63.10     x.acme.com              # x client host

127.0.0.1       localhost
::1             localhost
 
 

***** ***** ***** ***** ***** 
***** Scanning Processe ***** 
***** ***** ***** ***** ***** 
 

Abbildname                     PID Sitzungsname       Sitz.-Nr. Speichernutzung
========================= ======== ================ =========== ===============
System Idle Process              0 Services                   0            24 K
System                           4 Services                   0         1'948 K
smss.exe                       440 Services                   0           560 K
csrss.exe                      576 Services                   0         4'000 K
wininit.exe                    628 Services                   0         3'048 K
csrss.exe                      640 Console                    1         9'496 K
services.exe                   672 Services                   0         6'076 K
lsass.exe                      684 Services                   0         6'700 K
lsm.exe                        704 Services                   0         4'188 K
winlogon.exe                   776 Console                    1         4'620 K
svchost.exe                    880 Services                   0         5'276 K
svchost.exe                    940 Services                   0         5'312 K
svchost.exe                   1008 Services                   0         8'660 K
svchost.exe                   1088 Services                   0        51'072 K
svchost.exe                   1112 Services                   0        19'128 K
audiodg.exe                   1220 Services                   0        13'024 K
SLsvc.exe                     1252 Services                   0         3'608 K
svchost.exe                   1308 Services                   0         9'172 K
svchost.exe                   1468 Services                   0        10'856 K
aawservice.exe                1616 Services                   0         1'324 K
dwm.exe                       1724 Console                    1        56'116 K
explorer.exe                  1748 Console                    1        41'164 K
RtHDVCpl.exe                  1888 Console                    1         5'644 K
SynTPEnh.exe                  1916 Console                    1         4'584 K
eDSloader.exe                 1924 Console                    1         5'672 K
sidebar.exe                    500 Console                    1        17'464 K
ehtray.exe                     516 Console                    1         2'452 K
msnmsgr.exe                     12 Console                    1        14'824 K
mscoc.exe                      644 Console                    1         6'800 K
ONENOTEM.EXE                  1060 Console                    1         1'240 K
rundll32.exe                  1700 Console                    1         3'912 K
ehmsas.exe                     508 Console                    1         3'480 K
sidebar.exe                   2188 Console                    1        12'528 K
eNMTray.exe                   2276 Console                    1        22'016 K
RtkBtMnt.exe                  2400 Console                    1         3'352 K
Acer.Empowering.Framework     2408 Console                    1        26'068 K
eRAgent.exe                   2444 Console                    1         4'544 K
AppleMobileDeviceService.     2708 Services                   0         2'972 K
AluSchedulerSvc.exe           2756 Services                   0           856 K
mDNSResponder.exe             2832 Services                   0         3'932 K
eDSService.exe                2872 Services                   0         3'372 K
eLockServ.exe                 2960 Services                   0        10'932 K
eNet Service.exe              3164 Services                   0        10'656 K
LSSrvc.exe                    3324 Services                   0         2'824 K
MobilityService.exe           3348 Services                   0         9'324 K
svchost.exe                   3456 Services                   0         3'368 K
RichVideo.exe                 3472 Services                   0         3'296 K
svchost.exe                   3540 Services                   0         4'896 K
svchost.exe                   3596 Services                   0         1'796 K
SearchIndexer.exe             3648 Services                   0        21'364 K
XAudio.exe                    3688 Services                   0         1'944 K
eRecoveryService.exe          3708 Services                   0        10'152 K
capuserv.exe                  3888 Services                   0        18'424 K
WmiPrvSE.exe                  4056 Services                   0         7'564 K
ePowerSvc.exe                 2296 Services                   0        12'500 K
WmiPrvSE.exe                  1824 Services                   0         4'776 K
wmpnscfg.exe                  1800 Console                    1         4'492 K
wmpnetwk.exe                  4040 Services                   0         7'876 K
taskeng.exe                   5100 Services                   0         5'576 K
iexplore.exe                  3788 Console                    1       119'992 K
WLLoginProxy.exe               316 Console                    1         8'476 K
SearchProtocolHost.exe        5616 Services                   0         8'496 K
SearchFilterHost.exe          6032 Services                   0         6'288 K
WinRAR.exe                    4692 Console                    1        16'608 K
cmd.exe                       4720 Console                    1         4'024 K
conime.exe                    5584 Console                    1         3'852 K
tasklist.exe                   932 Console                    1         4'800 K
 
 

Microsoft Windows [Version 6.0.6001]
 
 
http://www.paules-pc-forum.de 
***** Malware Team ***** 
 
 
***** Ende des Scans 22.10.2008 um 21:27:10.27 *** 
 
 
 

boar dein pc war ja voll im ..,., bei sovielen ist es eigentlich gleich besser neu aufzusetzen, naja mal sehen ob er bei dir jetzt wieder gut läuft

ja der war echt voll im... und er ist es jetzt noch. ich setzt sowiso neu auf, traue mich nich mehr mich irgendwo einzuloggen

So, nun möchte ich meine Festplatte löschen und alles neu auf den laptop laden. Wie bereits erwähnt, habe ich einen ACER Laptop.

Meine Frage nun:
Reicht mir die CD Windows Anytime Upgrade? Muss ich diese dann einfach einlegen und kann dann dessen Anweisungen folgen? Und kann ich dort auch meine Festplatte löschen oder muss ich das vorher machen? Wenn ja wäre ich froh um Angaben wie das funktioniert.

Nutzt dieses Vorgehen überhaupt noch was oder ist da nichts mehr zu retten?

Vielen lieben Dank für Eure Hilfe.

Die festplatte muß komplet formatiert werden,sonst kommen die schädlinge zurück.Wäre sicher unangenehm.
Aus der OEM Recovery DVD würde ich auf einem sauberem system eine vollwertige DVD machen,Außer es ist eine Direkt von Microsoft bezogene DVD.Ist Die DVD von Acer,dann ist es eine recovery mit unerwünschten dreingaben.
Zum Umwandeln Könnte man Vlite nehmen oder Vergleichbare werkzeuge.
Jedoch müssen von einem sauberem systen Alle erforderlichen  treiber beschafft werden.Irgendwelche dreingaben seitens Acer braucht man nicht zu beschaffen.
Die treiber sind von den bauteilhersteller zu bekommen.
Welche verbaut sind,bekommt man am besten mit sysinfo32 heraus.Den grafiktreiber beschafft man von Acer,im moment ist keine ander option verfügbar,da Omegatreiber für Vista noch in entwicklung sind.
Die treiber werden dann mit Vlite eingebunden und eventuel erschienene Updates seitens Microsoft ebenfalls.
Bei fragen helfen wir hier gerne.

Das Löschen der platte würde ich mit einem werkzeug vom plattenhersteller machen.Im verseuchten system kann man eventuel über den gerätemanger diesen erfahren.Hersteller hier bekannt geben,dann kann man das passende werkzeug zum löschen der platte hier verlinken.
Die platte muß restlos mit Nullen überschrieben werden,dabei gehen alle daten verloren.

TIPP :
Und wenn dann ein sauberes Grundsystem vorliegt , per Image sichern !!
Erspart viel Install-Arbeit  ...