Ich hoffe mal das ich es richtig gemacht hab...

Resultat ist...


========== OTL ==========
Prefs.js: "BearShare Web Search" removed from browser.search.defaultenginename
Prefs.js: "Search" removed from browser.search.defaultthis.engineName
Prefs.js: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}" removed from browser.search.defaulturl
Prefs.js: "BearShare Web Search" removed from browser.search.order.1
Prefs.js: "Search" removed from browser.search.selectedEngine
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\MsgCenterExe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\SpybotSD TeaTimer deleted successfully.
C:\Programme\Spybot - Search & Destroy\TeaTimer.exe moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Uniblue RegistryBooster 2 deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\autoexec.bat moved successfully.
File move failed. E:\AUTORUN.inf scheduled to be moved on reboot.
File not found.
File move failed. E:\AutoRun.exe scheduled to be moved on reboot.
File move failed. E:\AutoRunGUI.dll scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b65d4206-6194-11de-8226-0019db518a3f}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b65d4206-6194-11de-8226-0019db518a3f}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b65d4206-6194-11de-8226-0019db518a3f}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b65d4206-6194-11de-8226-0019db518a3f}\ not found.
File M:\LaunchU3.exe -a not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d00ca5fe-f22e-11db-a252-806e6f6e6963}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d00ca5fe-f22e-11db-a252-806e6f6e6963}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d00ca5fe-f22e-11db-a252-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d00ca5fe-f22e-11db-a252-806e6f6e6963}\ not found.
File move failed. E:\Madden08.exe scheduled to be moved on reboot.
C:\Windows\System32\wsnmp32d.dll moved successfully.
ADS C:\Windows:01131222C357D2C5 deleted successfully.
ADS C:\ProgramData\TEMP:8AB6C1D7 deleted successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.23.0 log created on 06082011_133509

Files\Folders moved on Reboot...
File move failed. E:\AUTORUN.inf scheduled to be moved on reboot.
File move failed. E:\AutoRun.exe scheduled to be moved on reboot.
File move failed. E:\AutoRunGUI.dll scheduled to be moved on reboot.
File move failed. E:\Madden08.exe scheduled to be moved on reboot.

Registry entries deleted on Reboot...

Bitte nun dieses Tool von Kaspersky ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Das Tool so einstellen wie unten im Bild angegeben - also beide Haken setzen, auf Start scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.




Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, bitte unhide ausführen:
Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop.
Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )
Vista und 7 User müssen das Tool per Rechtsklick als Administrator ausführen!

Blöde Frage... muß ich Antivir deinstallieren oder geht Kaspersky auch so?

Deaktivier mal lieber vorher.

So das kam raus...

2011/06/08 15:30:32.0839 4100 TDSS rootkit removing tool 2.5.1.0 May 13 2011 13:20:29
2011/06/08 15:30:35.0971 4100 ================================================================================
2011/06/08 15:30:35.0971 4100 SystemInfo:
2011/06/08 15:30:35.0971 4100
2011/06/08 15:30:35.0971 4100 OS Version: 6.0.6002 ServicePack: 2.0
2011/06/08 15:30:35.0971 4100 Product type: Workstation
2011/06/08 15:30:35.0971 4100 ComputerName: FABO-PC
2011/06/08 15:30:35.0976 4100 UserName: Fabo
2011/06/08 15:30:35.0976 4100 Windows directory: C:\Windows
2011/06/08 15:30:35.0976 4100 System windows directory: C:\Windows
2011/06/08 15:30:35.0976 4100 Processor architecture: Intel x86
2011/06/08 15:30:35.0976 4100 Number of processors: 2
2011/06/08 15:30:35.0976 4100 Page size: 0x1000
2011/06/08 15:30:35.0976 4100 Boot type: Normal boot
2011/06/08 15:30:35.0976 4100 ================================================================================
2011/06/08 15:30:38.0482 4100 Initialize success
2011/06/08 15:30:43.0328 2684 ================================================================================
2011/06/08 15:30:43.0328 2684 Scan started
2011/06/08 15:30:43.0328 2684 Mode: Manual;
2011/06/08 15:30:43.0328 2684 ================================================================================
2011/06/08 15:30:50.0323 2684 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
2011/06/08 15:30:50.0735 2684 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
2011/06/08 15:30:51.0109 2684 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
2011/06/08 15:30:51.0600 2684 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
2011/06/08 15:30:52.0085 2684 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
2011/06/08 15:30:52.0666 2684 Afc (a7b8a3a79d35215d798a300df49ed23f) C:\Windows\system32\drivers\Afc.sys
2011/06/08 15:30:53.0243 2684 AFD (a201207363aa900abf1a388468688570) C:\Windows\system32\drivers\afd.sys
2011/06/08 15:30:53.0763 2684 agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys
2011/06/08 15:30:54.0161 2684 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
2011/06/08 15:30:54.0577 2684 aliide (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys
2011/06/08 15:30:54.0920 2684 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys
2011/06/08 15:30:55.0574 2684 amdide (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys
2011/06/08 15:30:56.0080 2684 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
2011/06/08 15:30:56.0517 2684 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys
2011/06/08 15:30:57.0003 2684 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
2011/06/08 15:30:57.0451 2684 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
2011/06/08 15:30:57.0791 2684 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/06/08 15:30:58.0300 2684 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
2011/06/08 15:30:58.0807 2684 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
2011/06/08 15:30:59.0591 2684 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
2011/06/08 15:31:00.0034 2684 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
2011/06/08 15:31:00.0383 2684 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
2011/06/08 15:31:00.0856 2684 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
2011/06/08 15:31:01.0373 2684 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
2011/06/08 15:31:01.0833 2684 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
2011/06/08 15:31:02.0331 2684 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
2011/06/08 15:31:02.0688 2684 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
2011/06/08 15:31:03.0211 2684 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/06/08 15:31:03.0452 2684 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
2011/06/08 15:31:03.0790 2684 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
2011/06/08 15:31:04.0053 2684 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
2011/06/08 15:31:04.0472 2684 cmdide (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys
2011/06/08 15:31:04.0558 2684 Compbatt (82b8c91d327cfecf76cb58716f7d4997) C:\Windows\system32\drivers\compbatt.sys
2011/06/08 15:31:04.0664 2684 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
2011/06/08 15:31:04.0767 2684 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
2011/06/08 15:31:05.0004 2684 DfsC (218d8ae46c88e82014f5d73d0236d9b2) C:\Windows\system32\Drivers\dfsc.sys
2011/06/08 15:31:05.0515 2684 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
2011/06/08 15:31:05.0706 2684 DLABMFSM (a53723176d0002feb486eff8e17812f2) C:\Windows\system32\DLA\DLABMFSM.SYS
2011/06/08 15:31:06.0056 2684 DLABOIOM (d4587063acea776699251e177d719586) C:\Windows\system32\DLA\DLABOIOM.SYS
2011/06/08 15:31:06.0391 2684 DLACDBHM (5230cdb7e715f3a3b4a882e254cdd35d) C:\Windows\system32\Drivers\DLACDBHM.SYS
2011/06/08 15:31:06.0579 2684 DLADResM (1cc77bf6481567b617f7d204932a10e4) C:\Windows\system32\DLA\DLADResM.SYS
2011/06/08 15:31:06.0769 2684 DLAIFS_M (24400137e387a24410c52a591f3cfb4d) C:\Windows\system32\DLA\DLAIFS_M.SYS
2011/06/08 15:31:06.0988 2684 DLAOPIOM (29a303feceb28641ecebdae89eb71c63) C:\Windows\system32\DLA\DLAOPIOM.SYS
2011/06/08 15:31:07.0280 2684 DLAPoolM (c93e33a22a1ae0c5508f3fb1f6d0a50c) C:\Windows\system32\DLA\DLAPoolM.SYS
2011/06/08 15:31:07.0572 2684 DLARTL_M (91886fed52a3f9966207bce46cfd794f) C:\Windows\system32\Drivers\DLARTL_M.SYS
2011/06/08 15:31:07.0993 2684 DLAUDFAM (b953498c35a31e5ac98f49adbcf3e627) C:\Windows\system32\DLA\DLAUDFAM.SYS
2011/06/08 15:31:08.0362 2684 DLAUDF_M (4897704c093c1f59ce58fc65e1e1ef1e) C:\Windows\system32\DLA\DLAUDF_M.SYS
2011/06/08 15:31:08.0762 2684 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
2011/06/08 15:31:09.0151 2684 DRVMCDB (c00440385cf9f3d142917c63f989e244) C:\Windows\system32\Drivers\DRVMCDB.SYS
2011/06/08 15:31:09.0535 2684 DRVNDDM (ffc371525aa55d1bae18715ebcb8797c) C:\Windows\system32\Drivers\DRVNDDM.SYS
2011/06/08 15:31:10.0105 2684 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
2011/06/08 15:31:11.0177 2684 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
2011/06/08 15:31:11.0804 2684 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
2011/06/08 15:31:12.0264 2684 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
2011/06/08 15:31:12.0823 2684 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
2011/06/08 15:31:13.0141 2684 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
2011/06/08 15:31:13.0569 2684 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
2011/06/08 15:31:14.0144 2684 FET5X86V (8787449f8ef116db0e8e06c3555746a7) C:\Windows\system32\DRIVERS\fetnd5bv.sys
2011/06/08 15:31:14.0476 2684 FETNDIS (b2b2c38e916184ff8523c7439ddd417f) C:\Windows\system32\DRIVERS\fetnd5.sys
2011/06/08 15:31:14.0925 2684 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
2011/06/08 15:31:15.0146 2684 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
2011/06/08 15:31:15.0434 2684 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/06/08 15:31:15.0711 2684 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
2011/06/08 15:31:16.0299 2684 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
2011/06/08 15:31:16.0804 2684 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
2011/06/08 15:31:17.0389 2684 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\Drivers\GEARAspiWDM.sys
2011/06/08 15:31:17.0983 2684 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
2011/06/08 15:31:18.0354 2684 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/06/08 15:31:18.0765 2684 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
2011/06/08 15:31:18.0953 2684 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
2011/06/08 15:31:19.0204 2684 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
2011/06/08 15:31:19.0421 2684 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
2011/06/08 15:31:19.0797 2684 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
2011/06/08 15:31:20.0033 2684 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
2011/06/08 15:31:20.0488 2684 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/06/08 15:31:20.0840 2684 iaStor (294110966cedd127629c5be48367c8cf) C:\Windows\system32\drivers\iastor.sys
2011/06/08 15:31:21.0028 2684 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
2011/06/08 15:31:21.0391 2684 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
2011/06/08 15:31:22.0159 2684 IntcAzAudAddService (c61b3b87f3856cef0c9f204028c6860d) C:\Windows\system32\drivers\RTKVHDA.sys
2011/06/08 15:31:23.0080 2684 intelide (97469037714070e45194ed318d636401) C:\Windows\system32\drivers\intelide.sys
2011/06/08 15:31:23.0351 2684 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
2011/06/08 15:31:23.0706 2684 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/06/08 15:31:24.0035 2684 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
2011/06/08 15:31:24.0317 2684 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
2011/06/08 15:31:24.0625 2684 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
2011/06/08 15:31:24.0865 2684 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys
2011/06/08 15:31:25.0256 2684 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/06/08 15:31:25.0340 2684 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
2011/06/08 15:31:25.0650 2684 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
2011/06/08 15:31:25.0787 2684 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/06/08 15:31:25.0862 2684 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/06/08 15:31:26.0631 2684 KL1 (186b54479d98e48aee0e9ada4b3c4d31) C:\Windows\system32\DRIVERS\kl1.sys
2011/06/08 15:31:27.0049 2684 kl2 (bf485bfba13c0ab116701fd9c55324d0) C:\Windows\system32\DRIVERS\kl2.sys
2011/06/08 15:31:27.0457 2684 KLIF (af04d0ce7939324e9a605b159295706c) C:\Windows\system32\DRIVERS\klif.sys
2011/06/08 15:31:27.0859 2684 KLIM6 (6295a19003f935ecc6ccbe9e2376427b) C:\Windows\system32\DRIVERS\klim6.sys
2011/06/08 15:31:28.0230 2684 klmouflt (3de1771c135328420315e21dde229bba) C:\Windows\system32\DRIVERS\klmouflt.sys
2011/06/08 15:31:28.0685 2684 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
2011/06/08 15:31:29.0413 2684 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
2011/06/08 15:31:29.0748 2684 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
2011/06/08 15:31:30.0083 2684 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
2011/06/08 15:31:30.0363 2684 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
2011/06/08 15:31:30.0935 2684 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
2011/06/08 15:31:31.0267 2684 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
2011/06/08 15:31:31.0561 2684 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
2011/06/08 15:31:31.0822 2684 monitor (ec839ba91e45cce6eadafc418fff8206) C:\Windows\system32\DRIVERS\monitor.sys
2011/06/08 15:31:32.0193 2684 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
2011/06/08 15:31:32.0529 2684 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
2011/06/08 15:31:32.0920 2684 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
2011/06/08 15:31:33.0247 2684 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
2011/06/08 15:31:33.0747 2684 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
2011/06/08 15:31:34.0171 2684 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
2011/06/08 15:31:34.0491 2684 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
2011/06/08 15:31:34.0824 2684 mrxsmb (5fe5cf325f5b02ebc60832d3440cb414) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/06/08 15:31:34.0978 2684 mrxsmb10 (30b9c769446af379a2afb72b0392604d) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/06/08 15:31:35.0258 2684 mrxsmb20 (fea239b3ec4877e2b7e23204af589ddf) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/06/08 15:31:35.0542 2684 msahci (742aed7939e734c36b7e8d6228ce26b7) C:\Windows\system32\drivers\msahci.sys
2011/06/08 15:31:35.0765 2684 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
2011/06/08 15:31:36.0159 2684 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
2011/06/08 15:31:36.0507 2684 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
2011/06/08 15:31:37.0035 2684 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
2011/06/08 15:31:37.0397 2684 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/06/08 15:31:37.0689 2684 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
2011/06/08 15:31:38.0031 2684 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
2011/06/08 15:31:38.0551 2684 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/06/08 15:31:38.0949 2684 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
2011/06/08 15:31:39.0124 2684 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
2011/06/08 15:31:39.0437 2684 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
2011/06/08 15:31:39.0903 2684 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
2011/06/08 15:31:40.0527 2684 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/06/08 15:31:40.0888 2684 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/06/08 15:31:41.0176 2684 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/06/08 15:31:41.0412 2684 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
2011/06/08 15:31:41.0772 2684 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
2011/06/08 15:31:41.0990 2684 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
2011/06/08 15:31:42.0558 2684 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
2011/06/08 15:31:42.0958 2684 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
2011/06/08 15:31:43.0396 2684 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
2011/06/08 15:31:43.0984 2684 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
2011/06/08 15:31:45.0023 2684 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
2011/06/08 15:31:45.0454 2684 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
2011/06/08 15:31:45.0863 2684 nvatabus (7d960340be5b0e008bb94e4c3b991339) C:\Windows\system32\drivers\nvatabus.sys
2011/06/08 15:31:47.0058 2684 nvlddmkm (7d80ff0e34a0d04bef343df07b4707cf) C:\Windows\system32\DRIVERS\nvlddmkm.sys
2011/06/08 15:31:50.0081 2684 nvraid (52f54c59a0ec7920c23638313e99e43c) C:\Windows\system32\drivers\nvraid.sys
2011/06/08 15:31:50.0514 2684 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys
2011/06/08 15:31:50.0969 2684 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys
2011/06/08 15:31:52.0117 2684 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
2011/06/08 15:31:52.0627 2684 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
2011/06/08 15:31:53.0038 2684 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
2011/06/08 15:31:53.0435 2684 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
2011/06/08 15:31:53.0890 2684 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
2011/06/08 15:31:54.0542 2684 pciide (3b1901e401473e03eb8c874271e50c26) C:\Windows\system32\drivers\pciide.sys
2011/06/08 15:31:55.0137 2684 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
2011/06/08 15:31:56.0550 2684 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
2011/06/08 15:31:57.0684 2684 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
2011/06/08 15:31:58.0132 2684 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
2011/06/08 15:31:58.0821 2684 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
2011/06/08 15:31:59.0773 2684 PxHelp20 (40fedd328f98245ad201cf5f9f311724) C:\Windows\system32\Drivers\PxHelp20.sys
2011/06/08 15:32:00.0876 2684 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
2011/06/08 15:32:01.0996 2684 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
2011/06/08 15:32:02.0636 2684 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
2011/06/08 15:32:03.0125 2684 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
2011/06/08 15:32:03.0734 2684 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/06/08 15:32:04.0252 2684 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/06/08 15:32:04.0812 2684 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
2011/06/08 15:32:05.0309 2684 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
2011/06/08 15:32:05.0714 2684 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/06/08 15:32:06.0306 2684 rdpdr (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys
2011/06/08 15:32:07.0488 2684 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
2011/06/08 15:32:07.0846 2684 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
2011/06/08 15:32:08.0360 2684 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
2011/06/08 15:32:09.0154 2684 RT73 (5eff124bfabac3e7fc2908be28906b1b) C:\Windows\system32\DRIVERS\Dr71WU.sys
2011/06/08 15:32:09.0739 2684 RxFilter (85eceb9936e1112d055409647fc8579a) C:\Windows\system32\DRIVERS\RxFilter.sys
2011/06/08 15:32:10.0042 2684 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
2011/06/08 15:32:11.0157 2684 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2011/06/08 15:32:11.0658 2684 Serenum (ce9ec966638ef0b10b864ddedf62a099) C:\Windows\system32\DRIVERS\serenum.sys
2011/06/08 15:32:12.0521 2684 Serial (6d663022db3e7058907784ae14b69898) C:\Windows\system32\DRIVERS\serial.sys
2011/06/08 15:32:13.0668 2684 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
2011/06/08 15:32:14.0794 2684 sffdisk (103b79418da647736ee95645f305f68a) C:\Windows\system32\drivers\sffdisk.sys
2011/06/08 15:32:15.0771 2684 sffp_mmc (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys
2011/06/08 15:32:16.0773 2684 sffp_sd (9cfa05fcfcb7124e69cfc812b72f9614) C:\Windows\system32\drivers\sffp_sd.sys
2011/06/08 15:32:17.0395 2684 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
2011/06/08 15:32:17.0689 2684 sisagp (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys
2011/06/08 15:32:18.0375 2684 SiSRaid2 (b8a2f8dcdc75f19962d975727f393920) C:\Windows\system32\drivers\sisraid2.sys
2011/06/08 15:32:18.0822 2684 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
2011/06/08 15:32:19.0234 2684 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
2011/06/08 15:32:19.0771 2684 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
2011/06/08 15:32:20.0029 2684 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
2011/06/08 15:32:20.0294 2684 srv2 (a5940ca32ed206f90be9fabdf6e92de4) C:\Windows\system32\DRIVERS\srv2.sys
2011/06/08 15:32:20.0869 2684 srvnet (37aa1d560d5fa486c4b11c2f276ada61) C:\Windows\system32\DRIVERS\srvnet.sys
2011/06/08 15:32:21.0142 2684 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys
2011/06/08 15:32:21.0631 2684 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
2011/06/08 15:32:22.0519 2684 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
2011/06/08 15:32:23.0029 2684 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
2011/06/08 15:32:24.0241 2684 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
2011/06/08 15:32:25.0959 2684 Tcpip (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\drivers\tcpip.sys
2011/06/08 15:32:27.0624 2684 Tcpip6 (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\DRIVERS\tcpip.sys
2011/06/08 15:32:27.0851 2684 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
2011/06/08 15:32:28.0116 2684 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
2011/06/08 15:32:29.0323 2684 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
2011/06/08 15:32:30.0240 2684 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
2011/06/08 15:32:31.0406 2684 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
2011/06/08 15:32:32.0618 2684 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/06/08 15:32:33.0281 2684 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
2011/06/08 15:32:34.0501 2684 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
2011/06/08 15:32:35.0645 2684 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
2011/06/08 15:32:36.0650 2684 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
2011/06/08 15:32:37.0254 2684 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys
2011/06/08 15:32:37.0766 2684 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
2011/06/08 15:32:39.0019 2684 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
2011/06/08 15:32:39.0935 2684 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
2011/06/08 15:32:40.0672 2684 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
2011/06/08 15:32:41.0106 2684 USB28xxBGA (75860c1e8f36d13a96a8cb426e4c18ae) C:\Windows\system32\DRIVERS\emBDA.sys
2011/06/08 15:32:41.0551 2684 USB28xxOEM (67bbbfb2528ce47d715884bce634cf9e) C:\Windows\system32\DRIVERS\emOEM.sys
2011/06/08 15:32:42.0431 2684 USBAAPL (d4fb6ecc60a428564ba8768b0e23c0fc) C:\Windows\system32\Drivers\usbaapl.sys
2011/06/08 15:32:43.0144 2684 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/06/08 15:32:43.0468 2684 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
2011/06/08 15:32:43.0720 2684 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
2011/06/08 15:32:44.0121 2684 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
2011/06/08 15:32:44.0273 2684 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
2011/06/08 15:32:44.0489 2684 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
2011/06/08 15:32:44.0677 2684 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
2011/06/08 15:32:44.0781 2684 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/06/08 15:32:44.0876 2684 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/06/08 15:32:45.0225 2684 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/06/08 15:32:45.0794 2684 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
2011/06/08 15:32:46.0189 2684 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys
2011/06/08 15:32:46.0511 2684 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
2011/06/08 15:32:47.0005 2684 viaide (58c8d5ac5c3eef40e7e704a5ced7987d) C:\Windows\system32\drivers\viaide.sys
2011/06/08 15:32:47.0659 2684 viamraid (9f3f276c7300ed211129757a411b605f) C:\Windows\system32\drivers\viamraid.sys
2011/06/08 15:32:47.0772 2684 videX32 (f95c0fcfbcbda6d8f202d2df4052f88d) C:\Windows\system32\DRIVERS\videX32.sys
2011/06/08 15:32:48.0020 2684 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
2011/06/08 15:32:48.0398 2684 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
2011/06/08 15:32:48.0952 2684 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
2011/06/08 15:32:49.0375 2684 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
2011/06/08 15:32:49.0846 2684 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
2011/06/08 15:32:50.0416 2684 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/06/08 15:32:50.0825 2684 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/06/08 15:32:51.0144 2684 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
2011/06/08 15:32:51.0762 2684 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
2011/06/08 15:32:52.0463 2684 WmiAcpi (701a9f884a294327e9141d73746ee279) C:\Windows\system32\drivers\wmiacpi.sys
2011/06/08 15:32:53.0177 2684 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
2011/06/08 15:32:53.0654 2684 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
2011/06/08 15:32:54.0419 2684 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/06/08 15:32:55.0060 2684 xfilt (bec604cdc548a528ebd3d7aa1dd46a89) C:\Windows\system32\DRIVERS\xfilt.sys
2011/06/08 15:32:55.0500 2684 ================================================================================
2011/06/08 15:32:55.0500 2684 Scan finished
2011/06/08 15:32:55.0500 2684 ================================================================================

Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix

• Lade dir ComboFix hier herunter auf deinen Desktop. Benenne es beim Runterladen um in cofi.exe.

• Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.

• Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
  Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.

• Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.

Wichtiger Hinweis:

Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Ich hoffe das das stimmt...

Ergebnis...

Combofix Logfile:

Code: Alles auswählenAufklappen

ATTFilter

ComboFix 11-06-07.03 - Fabo 08.06.2011  16:18:59.1.2 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.49.1031.18.1022.434 [GMT 2:00]
ausgeführt von:: c:\users\Fabo\Downloads\ComboFix.exe
AV: Kaspersky Internet Security *Disabled/Updated* {2EAA32A5-1EE1-1B22-95DA-337730C6E984}
FW: Kaspersky Internet Security *Disabled* {1691B380-548E-1A7A-BE85-9A42CE15AEFF}
SP: Kaspersky Internet Security *Disabled/Updated* {95CBD341-38DB-14AC-AF6A-08054B41A339}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\firststeps\FirstSteps.exe
c:\programdata\Microsoft\Windows\Start Menu\Programs\moviebox
c:\programdata\Microsoft\Windows\Start Menu\Programs\moviebox\Uninstall.lnk
c:\users\Fabo\AppData\Roaming\Microsoft\Windows\Recent\Comfy Cakes.pif
.
.
(((((((((((((((((((((((   Dateien erstellt von 2011-05-08 bis 2011-06-08  ))))))))))))))))))))))))))))))
.
.
2011-06-08 14:34 . 2011-06-08 14:34	--------	d-----w-	c:\users\Default\AppData\Local\temp
2011-06-08 14:11 . 2011-06-08 14:12	--------	d-----w-	C:\32788R22FWJFW
2011-06-08 13:01 . 2011-04-24 21:13	110992	----a-w-	c:\program files\Mozilla Firefox\extensions\KavAntiBanner@Kaspersky.ru\components\abhelperxpcom.dll
2011-06-08 13:01 . 2011-04-24 21:13	147856	----a-w-	c:\program files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru\components\kavlinkfilter.dll
2011-06-08 12:56 . 2011-06-08 13:15	115369	----a-w-	c:\windows\system32\drivers\klin.dat
2011-06-08 12:56 . 2011-06-08 12:56	97859	----a-w-	c:\windows\system32\drivers\klick.dat
2011-06-08 12:52 . 2011-06-08 13:10	--------	d-----w-	c:\programdata\Kaspersky Lab
2011-06-08 12:52 . 2011-06-08 12:52	--------	d-----w-	c:\program files\Kaspersky Lab
2011-06-08 11:35 . 2011-06-08 11:35	--------	d-----w-	C:\_OTL
2011-06-07 21:03 . 2011-05-29 07:11	39984	----a-w-	c:\windows\system32\drivers\mbamswissarmy.sys
2011-06-07 21:03 . 2011-05-29 07:11	22712	----a-w-	c:\windows\system32\drivers\mbam.sys
2011-06-07 13:41 . 2011-05-09 20:46	6962000	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{DADE2822-FD36-4BC7-8925-47A8D559A179}\mpengine.dll
2011-05-26 22:39 . 2011-05-26 22:39	--------	d-----w-	c:\users\Fabo\AppData\Roaming\Malwarebytes
2011-05-26 22:39 . 2011-05-26 22:39	--------	d-----w-	c:\programdata\Malwarebytes
2011-05-26 22:38 . 2011-06-07 21:03	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2011-05-23 22:08 . 2011-05-23 22:08	404640	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2011-05-19 21:07 . 2011-05-19 21:08	--------	d-----w-	c:\users\Fabo\AppData\Roaming\DVDVideoSoft
2011-05-11 15:12 . 2011-04-07 12:01	2409784	----a-w-	c:\program files\Windows Mail\OESpamFilter.dat
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-24 17:14 . 2009-10-03 00:10	222080	------w-	c:\windows\system32\MpSigStub.exe
2011-04-24 21:13 . 2011-04-24 21:13	229776	----a-w-	c:\windows\system32\klogon.dll
2011-04-06 14:20 . 2011-04-06 14:20	91424	----a-w-	c:\windows\system32\dnssd.dll
2011-04-06 14:20 . 2011-04-06 14:20	75040	----a-w-	c:\windows\system32\jdns_sd.dll
2011-04-06 14:20 . 2011-04-06 14:20	197920	----a-w-	c:\windows\system32\dnssdX.dll
2011-04-06 14:20 . 2011-04-06 14:20	107808	----a-w-	c:\windows\system32\dns-sd.exe
2011-03-12 21:55 . 2011-04-27 13:56	876032	----a-w-	c:\windows\system32\XpsPrint.dll
2011-03-10 17:03 . 2011-04-21 15:49	1162240	----a-w-	c:\windows\system32\mfc42u.dll
2011-03-10 17:03 . 2011-04-21 15:49	1136640	----a-w-	c:\windows\system32\mfc42.dll
2011-03-10 16:36 . 2011-03-10 16:36	23856	----a-w-	c:\windows\system32\drivers\klim6.sys
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2005-08-11 249856]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2006-12-29 4317184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 81920]
"QuickFinder Scheduler"="c:\program files\WordPerfect Office X3\Programs\QFSCHD130.EXE" [2005-11-30 77892]
"Corel Photo Downloader"="c:\program files\Corel\Corel Photo Album 6\MediaDetect.exe" [2005-11-16 106496]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2006-12-05 90191]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-12-05 7766016]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-12-05 81920]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2008-04-17 98616]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2010-09-24 40368]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-04-14 421160]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe" [2011-04-24 202296]
.
c:\users\Fabo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.0.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2008-12-15 384000]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
PHOTOfunSTUDIO -viewer-.lnk - c:\program files\Panasonic\PHOTOfunSTUDIO -viewer-\PhAutoRun.exe [2008-8-28 40960]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S1 kl2;kl2;c:\windows\system32\DRIVERS\kl2.sys [2011-03-04 11352]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [2011-03-10 23856]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [2009-11-02 19984]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - KLMD25
*Deregistered* - klmd25
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation	REG_MULTI_SZ   	FontCache
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/
mStart Page = hxxp://de.yahoo.com
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://de.rd.yahoo.com/customize/ie/defaults/su/msgr8/*hxxp://de.search.yahoo.com
IE: Free YouTube Download - c:\users\Fabo\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
IE: Free YouTube to iPod Converter - c:\users\Fabo\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetoipodconverter.htm
IE: Free YouTube to Mp3 Converter - c:\users\Fabo\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Öffnen mit WordPerfect - c:\program files\WordPerfect Office X3\Programs\WPLauncher.hta
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Fabo\AppData\Roaming\Mozilla\Firefox\Profiles\tj9n2h07.default\
FF - prefs.js: browser.search.defaulturl - 
FF - prefs.js: browser.search.selectedEngine - 
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&q=
FF - Ext: United States English Spellchecker: en-US@dictionaries.addons.mozilla.org - %profile%\extensions\en-US@dictionaries.addons.mozilla.org
FF - Ext: German Dictionary: de-DE@dictionaries.addons.mozilla.org - %profile%\extensions\de-DE@dictionaries.addons.mozilla.org
FF - Ext: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - %profile%\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
FF - Ext: TVU Web Player: firefox@tvunetworks.com - %profile%\extensions\firefox@tvunetworks.com
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Suche Deutschland Toolbar: {937f343c-c9c2-4235-b544-7fc4da2f2594} - %profile%\extensions\{937f343c-c9c2-4235-b544-7fc4da2f2594}
FF - Ext: Zynga Toolbar: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - %profile%\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}
FF - Ext: Yahoo! Toolbar: {635abd67-4fe9-1b23-4f01-e679fa7484c1} - %profile%\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
FF - Ext: DVDVideoSoft Menu: {ACAA314B-EEBA-48e4-AD47-84E31C44796C} - %profile%\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
FF - Ext: DVDVideoSoftTB Toolbar: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - %profile%\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
FF - Ext: vShare Plugin: vshare@toolbar - %profile%\extensions\vshare@toolbar
FF - Ext: Garmin Communicator: {195A3098-0BD5-4e90-AE22-BA1C540AFD1E} - %profile%\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
FF - Ext: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - c:\program files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
FF - Ext: Anti-Banner: KavAntiBanner@Kaspersky.ru - c:\program files\Mozilla Firefox\extensions\KavAntiBanner@Kaspersky.ru
FF - Ext: Modul zur Link-Untersuchung: linkfilter@kaspersky.ru - c:\program files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Virtuelle Tastatur: virtualKeyboard@kaspersky.ru - c:\program files\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\virtualKeyboard@kaspersky.ru
FF - user.js: yahoo.homepage.dontask - true
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
AddRemove-Age of Empires 2.0 - c:\program files\Microsoft Games\Age of Empires II\UNINSTAL.EXE
AddRemove-ShockwaveFlash - c:\windows\system32\Macromed\Flash\FlashUtil9c.exe
AddRemove-{7585478E9D9B42108671C12F8714CEFE} - c:\program files\DivX\DivXConverterUninstall.exe
AddRemove-{7B63B2922B174135AFC0E1377DD81EC2} - c:\program files\DivX\DivXCodecUninstall.exe
AddRemove-{B13A7C41581B411290FBC0395694E2A9} - c:\program files\DivX\DivXConverterUninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2011-06-08 16:34
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse... 
.
 [0] 0x24548908
.
Scanne versteckte Autostarteinträge... 
.
Scanne versteckte Dateien... 
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-3180720396-1922566386-2137624434-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:8f,40,22,18,14,f5,b1,d4,16,be,7f,93,fc,c3,53,a9,87,ec,13,8e,51,ba,87,
   be,c9,ac,95,e0,9e,71,16,e1,c6,8e,f6,cb,24,27,ac,eb,1a,ce,de,fa,5e,9c,f8,a7,\
"??"=hex:d5,bd,3e,be,24,6f,8d,e4,bb,d5,19,49,b2,b8,56,1d
.
Zeit der Fertigstellung: 2011-06-08  16:40:58
ComboFix-quarantined-files.txt  2011-06-08 14:40
.
Vor Suchlauf: 14 Verzeichnis(se), 19.552.825.344 Bytes frei
Nach Suchlauf: 19 Verzeichnis(se), 23.346.364.416 Bytes frei
.
- - End Of File - - 6232BE2965ECB5A4016A9C8535F5A6FA
         

--- --- ---

Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.


Downloade Dir danach bitte MBRCheck (by a_d_13) und speichere die Datei auf dem Desktop.

• Doppelklick auf die MBRCheck.exe.
  Vista und Win7 User mit Rechtsklick "als Administrator starten"
• Das Tool braucht nur wenige Sekunden.
• Danach solltest du eine MBRCheck_<Datum>_<Uhrzeit>.txt auf dem Desktop finden.

Poste mir bitte den Inhalt des .txt Dokumentes

Ich versteh nur nicht wie ich das mit dem Strg+V machen soll...

Das ist übrigens das Ergebnis von GMER

GMER Logfile:

Code: Alles auswählenAufklappen

ATTFilter

GMER 1.0.15.15640 - hxxp://www.gmer.net
Rootkit scan 2011-06-08 22:50:11
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 ST3250820AS rev.3.AAC
Running: r3wtuqob.exe; Driver: C:\Users\Fabo\AppData\Local\Temp\kwtdypog.sys


---- Kernel code sections - GMER 1.0.15 ----

.text  C:\Windows\system32\DRIVERS\nvlddmkm.sys                                                 section is writeable [0x8A608340, 0x292767, 0xE8000020]

---- User code sections - GMER 1.0.15 ----

.text  C:\Program Files\Mozilla Firefox\plugin-container.exe[1328] USER32.dll!TrackPopupMenu    761A14F3 5 Bytes  JMP 67F3C334 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text  C:\Program Files\Mozilla Firefox\firefox.exe[3796] ntdll.dll!LdrLoadDll                  77AB93A8 5 Bytes  JMP 013E13F0 C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation)

---- Files - GMER 1.0.15 ----

File   C:\Users\Fabo\AppData\Local\Mozilla\Firefox\Profiles\tj9n2h07.default\Cache\DD9C6869d01  35562 bytes
File   C:\Users\Fabo\AppData\Local\Mozilla\Firefox\Profiles\tj9n2h07.default\Cache\875299D5d01  21677 bytes
File   C:\Users\Fabo\AppData\Local\Mozilla\Firefox\Profiles\tj9n2h07.default\Cache\C85D1396d01  20469 bytes
File   C:\Users\Fabo\AppData\Local\Mozilla\Firefox\Profiles\tj9n2h07.default\Cache\FADD69FFd01  19390 bytes
File   C:\Users\Fabo\AppData\Local\Mozilla\Firefox\Profiles\tj9n2h07.default\Cache\FDE5D754d01  18563 bytes
File   C:\Users\Fabo\AppData\Local\Mozilla\Firefox\Profiles\tj9n2h07.default\Cache\A2E3A6E9d01  19348 bytes
File   C:\Users\Fabo\AppData\Local\Mozilla\Firefox\Profiles\tj9n2h07.default\Cache\F33F6250d01  23674 bytes
File   C:\Users\Fabo\AppData\Local\Mozilla\Firefox\Profiles\tj9n2h07.default\Cache\F8D0BAF6d01  17031 bytes

---- EOF - GMER 1.0.15 ----
         

--- --- ---

Zitat:

Ich versteh nur nicht wie ich das mit dem Strg+V machen soll...

STRG+V ist bloß eine Tastenkombination für Rechtsklick, Einfügen.
STRG+C für Rechtsklick, kopieren
Und STRG+A markiert alles, ansonsten müsstest du mit der Maus manuell überalles fahren und das dann kopieren

OSAM Logfile:

Code: Alles auswählenAufklappen

ATTFilter

Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 23:02:07 on 08.06.2011

OS: Windows Vista Home Premium Edition Service Pack 2 (Build 6002), 32-bit
Default Browser: Mozilla Corporation Firefox 3.6.17

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"bdeadmin.cpl" - "Borland Software Corporation" - C:\Windows\system32\bdeadmin.cpl
"FlashPlayerCPLApp.cpl" - "Adobe Systems Incorporated" - C:\Windows\system32\FlashPlayerCPLApp.cpl
"ISUSPM.cpl" - "Macrovision Corporation" - C:\Windows\system32\ISUSPM.cpl
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"QuickTime" - "Apple Inc." - C:\Program Files\QuickTime\QTSystem\QuickTime.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"avgntflt" (avgntflt) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avgntflt.sys
"avipbb" (avipbb) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avipbb.sys
"catchme" (catchme) - ? - C:\Users\Fabo\AppData\Local\Temp\catchme.sys  (File not found)
"DLABMFSM" (DLABMFSM) - "Roxio" - C:\Windows\System32\DLA\DLABMFSM.SYS
"DLABOIOM" (DLABOIOM) - "Roxio" - C:\Windows\System32\DLA\DLABOIOM.SYS
"DLACDBHM" (DLACDBHM) - "Roxio" - C:\Windows\System32\Drivers\DLACDBHM.SYS
"DLADResM" (DLADResM) - "Roxio" - C:\Windows\System32\DLA\DLADResM.SYS
"DLAIFS_M" (DLAIFS_M) - "Roxio" - C:\Windows\System32\DLA\DLAIFS_M.SYS
"DLAOPIOM" (DLAOPIOM) - "Roxio" - C:\Windows\System32\DLA\DLAOPIOM.SYS
"DLAPoolM" (DLAPoolM) - "Roxio" - C:\Windows\System32\DLA\DLAPoolM.SYS
"DLARTL_M" (DLARTL_M) - "Roxio" - C:\Windows\System32\Drivers\DLARTL_M.SYS
"DLAUDFAM" (DLAUDFAM) - "Roxio" - C:\Windows\System32\DLA\DLAUDFAM.SYS
"DLAUDF_M" (DLAUDF_M) - "Roxio" - C:\Windows\System32\DLA\DLAUDF_M.SYS
"DRVMCDB" (DRVMCDB) - "Sonic Solutions" - C:\Windows\System32\Drivers\DRVMCDB.SYS
"DRVNDDM" (DRVNDDM) - "Roxio" - C:\Windows\System32\Drivers\DRVNDDM.SYS
"IP in IP Tunnel Driver" (IpInIp) - ? - C:\Windows\System32\DRIVERS\ipinip.sys  (File not found)
"IPX Traffic Filter Driver" (NwlnkFlt) - ? - C:\Windows\System32\DRIVERS\nwlnkflt.sys  (File not found)
"IPX Traffic Forwarder Driver" (NwlnkFwd) - ? - C:\Windows\System32\DRIVERS\nwlnkfwd.sys  (File not found)
"kwtdypog" (kwtdypog) - ? - C:\Users\Fabo\AppData\Local\Temp\kwtdypog.sys  (Hidden registry entry, rootkit activity | File not found)
"PPdus ASPI Shell" (Afc) - "Arcsoft, Inc." - C:\Windows\System32\drivers\Afc.sys
"PxHelp20" (PxHelp20) - "Sonic Solutions" - C:\Windows\System32\Drivers\PxHelp20.sys
"ssmdrv" (ssmdrv) - "Avira GmbH" - C:\Windows\System32\DRIVERS\ssmdrv.sys

[Explorer]
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{911051fa-c21c-4246-b470-070cd8df6dc4} ".cab or .zip files" - ? -   (File not found | COM-object registry key not found)
{23170F69-40C1-278A-1000-000100020000} "7-Zip Shell Extension" - "Igor Pavlov" - C:\Program Files\7-Zip\7-zip.dll
{1b24a030-9b20-49bc-97ac-1be4426f9e59} "ActiveDirectory Folder" - ? -   (File not found | COM-object registry key not found)
{34449847-FD14-4fc8-A75A-7432F5181EFB} "ActiveDirectory Folder" - ? -   (File not found | COM-object registry key not found)
{0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48} "Contacts folder" - ? -   (File not found | COM-object registry key not found)
{2C2577C2-63A7-40e3-9B7F-586602617ECB} "Explorer Query Band" - ? -   (File not found | COM-object registry key not found)
{FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} "IE User Assist" - ? -   (File not found | COM-object registry key not found)
{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} "iTunes" - "Apple Inc." - C:\Program Files\iTunes\iTunesMiniPlayer.dll
{00020d75-0000-0000-c000-000000000046} "lnkfile" - ? -   (File not found | COM-object registry key not found)
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "OpenOffice.org Column Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{087B3AE3-E237-4467-B8DB-5A38AB959AC9} "OpenOffice.org Infotip Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{63542C48-9552-494A-84F7-73AA6A7C99C1} "OpenOffice.org Property Sheet Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{3B092F0C-7696-40E3-A80F-68D74DA84210} "OpenOffice.org Thumbnail Viewer" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{5E44E225-A408-11CF-B581-008029601108} "Roxio DragToDisc Shell Extension" - "Roxio" - c:\Program Files\Roxio\Drag-to-Disc\Shellex.dll
{C8494E42-ACDD-4739-B0FB-217361E4894F} "Sam Account Folder" - ? -   (File not found | COM-object registry key not found)
{E29F9716-5C08-4FCD-955A-119FDB5A522D} "Sam Account Folder" - ? -   (File not found | COM-object registry key not found)
{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\shlext.dll
{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} "Shell Extensions for RealOne Player" - ? -   (File not found | COM-object registry key not found)
{da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" - ? -   (File not found | COM-object registry key not found)
{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - ? - C:\Program Files\WinRAR\rarext.dll  (File found, but it contains no detailed information)

[Internet Explorer]
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
<binary data> "EPSON Web-To-Page" - "SEIKO EPSON CORPORATION" - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
ITBar7Height "ITBar7Height" - ? -   (File not found | COM-object registry key not found)
<binary data> "ITBar7Layout" - ? -   (File not found | COM-object registry key not found)
-----( HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks )-----
{EF99BD32-C1FB-11D2-892F-0090271D4F88} "Yahoo! Toolbar" - ? -   (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_19" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab
{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} "Java Plug-in 1.6.0_19" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_19" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_19.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab
{D27CDB6E-AE6D-11CF-96B8-444553540000} "Shockwave Flash Object" - "Adobe Systems, Inc." - C:\Windows\system32\Macromed\Flash\Flash9d.ocx / hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
{53707962-6F74-2D53-2644-206D7942484F} "ClsidExtension" - "Safer Networking Limited" - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )-----
<binary data> "EPSON Web-To-Page" - "SEIKO EPSON CORPORATION" - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} "Adobe PDF Reader" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
{E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} "EpsonToolBandKicker Class" - "SEIKO EPSON CORPORATION" - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll
{53707962-6F74-2D53-2644-206D7942484F} "Spybot-S&D IE Protection" - "Safer Networking Limited" - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} "SSVHelper Class" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\ssv.dll

[Logon]
-----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\Users\Fabo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
"OpenOffice.org 3.0.lnk" - ? - C:\Program Files\OpenOffice.org 3\program\quickstart.exe  (Shortcut exists | File found, but it contains no detailed information | File exists)
-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
"PHOTOfunSTUDIO -viewer-.lnk" - "Matsushita Electric Industrial Co., Ltd." - C:\Program Files\Panasonic\PHOTOfunSTUDIO -viewer-\PhAutoRun.exe  (Shortcut exists | File exists)
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----
"ISUSPM Startup" - "Macrovision Corporation" - "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
-----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )-----
"StartupPrograms" - ? - rdpclip  (File not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"Adobe ARM" - "Adobe Systems Incorporated" - "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"Adobe Reader Speed Launcher" - "Adobe Systems Incorporated" - "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"ArcSoft Connection Service" - "ArcSoft Inc." - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
"avgnt" - "Avira GmbH" - "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
"Corel Photo Downloader" - "Corel, Inc." - C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
"ISUSScheduler" - "Macrovision Corporation" - "c:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
"iTunesHelper" - "Apple Inc." - "C:\Program Files\iTunes\iTunesHelper.exe"
"QuickFinder Scheduler" - "Corel Corporation" - "C:\Program Files\WordPerfect Office X3\Programs\QFSCHD130.EXE"
"QuickTime Task" - "Apple Inc." - "C:\Program Files\QuickTime\QTTask.exe" -atboottime

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"@C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100" (WPFFontCache_v0400) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
"Apple Mobile Device" (Apple Mobile Device) - "Apple Inc." - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
"ArcSoft Connect Daemon" (ACDaemon) - "ArcSoft Inc." - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
"Avira AntiVir Guard" (AntiVirService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
"Avira AntiVir Planer" (AntiVirSchedulerService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\sched.exe
"Dienst "Bonjour"" (Bonjour Service) - "Apple Inc." - C:\Program Files\Bonjour\mDNSResponder.exe
"Fujitsu Siemens Computers Diagnostic Testhandler" (TestHandler) - "Fujitsu Siemens Computers" - C:\firststeps\OnlineDiagnostic\TestManager\TestHandler.exe
"InstallDriver Table Manager" (IDriverT) - "Macrovision Corporation" - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
"iPod-Dienst" (iPod Service) - "Apple Inc." - C:\Program Files\iPod\bin\iPodService.exe
"Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
"RoxMediaDB9" (RoxMediaDB9) - "Sonic Solutions" - c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
"SBSD Security Center Service" (SBSDWSCService) - "Safer Networking Ltd." - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
"stllssvr" (stllssvr) - "MicroVision Development, Inc." - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
"Symantec Lic NetConnect service" (CLTNetCnService) - ? - "c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon  (File not found)

[Winsock Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )-----
"mdnsNSP" - "Apple Inc." - C:\Program Files\Bonjour\mdnsNSP.dll

===[ Logfile end ]=========================================[ Logfile end ]===
         

--- --- ---

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows Vista Home Premium Edition
Windows Information: Service Pack 2 (build 6002), 32-bit
Logical Drives Mask: 0x000007fc

Kernel Drivers (total 156):
0x8204B000 \SystemRoot\system32\ntkrnlpa.exe
0x82018000 \SystemRoot\system32\hal.dll
0x80405000 \SystemRoot\system32\kdcom.dll
0x8040C000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x8047C000 \SystemRoot\system32\PSHED.dll
0x8048D000 \SystemRoot\system32\BOOTVID.dll
0x80495000 \SystemRoot\system32\CLFS.SYS
0x804D6000 \SystemRoot\system32\CI.dll
0x80608000 \SystemRoot\system32\drivers\Wdf01000.sys
0x80684000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x80691000 \SystemRoot\system32\drivers\acpi.sys
0x806D7000 \SystemRoot\system32\drivers\WMILIB.SYS
0x806E0000 \SystemRoot\system32\drivers\msisadrv.sys
0x806E8000 \SystemRoot\system32\drivers\pci.sys
0x8070F000 \SystemRoot\System32\drivers\partmgr.sys
0x8071E000 \SystemRoot\system32\drivers\volmgr.sys
0x8072D000 \SystemRoot\System32\drivers\volmgrx.sys
0x80777000 \SystemRoot\system32\DRIVERS\videX32.sys
0x8077F000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
0x8078D000 \SystemRoot\System32\drivers\mountmgr.sys
0x8079D000 \SystemRoot\system32\drivers\atapi.sys
0x807A5000 \SystemRoot\system32\drivers\ataport.SYS
0x807C3000 \SystemRoot\system32\drivers\vsmraid.sys
0x805B6000 \SystemRoot\system32\drivers\storport.sys
0x8260E000 \SystemRoot\system32\drivers\fltmgr.sys
0x82640000 \SystemRoot\system32\drivers\fileinfo.sys
0x82650000 \SystemRoot\System32\Drivers\DRVMCDB.SYS
0x82666000 \SystemRoot\system32\DRIVERS\xfilt.sys
0x8266F000 \SystemRoot\System32\Drivers\PxHelp20.sys
0x82679000 \SystemRoot\System32\Drivers\ksecdd.sys
0x826EA000 \SystemRoot\system32\drivers\ndis.sys
0x82C0E000 \SystemRoot\system32\drivers\msrpc.sys
0x82C39000 \SystemRoot\system32\drivers\NETIO.SYS
0x82C74000 \SystemRoot\System32\drivers\tcpip.sys
0x82D5E000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x82E03000 \SystemRoot\System32\Drivers\Ntfs.sys
0x82F13000 \SystemRoot\system32\drivers\volsnap.sys
0x82F4C000 \SystemRoot\System32\Drivers\spldr.sys
0x82F54000 \SystemRoot\System32\Drivers\mup.sys
0x82F63000 \SystemRoot\System32\drivers\ecache.sys
0x82F8A000 \SystemRoot\system32\drivers\disk.sys
0x82F9B000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x82FBC000 \SystemRoot\system32\drivers\crcdisk.sys
0x82FE5000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x82FF0000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x82D79000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x8A608000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
0x8AA48000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x8AAE8000 \SystemRoot\System32\drivers\watchdog.sys
0x8AAF4000 \SystemRoot\system32\drivers\Afc.sys
0x8AAFC000 \SystemRoot\System32\Drivers\DLACDBHM.SYS
0x8AAFE000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x8AB16000 \SystemRoot\System32\Drivers\GEARAspiWDM.sys
0x8AB1C000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x8AB27000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x8AB65000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x8AB74000 \SystemRoot\system32\DRIVERS\fetnd5bv.sys
0x8AB7F000 \SystemRoot\system32\DRIVERS\ohci1394.sys
0x8AB8F000 \SystemRoot\system32\DRIVERS\1394BUS.SYS
0x8AB9D000 \SystemRoot\system32\DRIVERS\serial.sys
0x8ABB7000 \SystemRoot\system32\DRIVERS\serenum.sys
0x8AC0D000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x8AC9A000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x8ACC9000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x8ACD4000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x8ACEB000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x8ACF6000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x8AD19000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x8AD28000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x8AD3C000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x8AD51000 \SystemRoot\system32\DRIVERS\termdd.sys
0x8AD61000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x8AD6C000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x8AD77000 \SystemRoot\system32\DRIVERS\swenum.sys
0x8AD79000 \SystemRoot\system32\DRIVERS\ks.sys
0x8ADA3000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x8ADAD000 \SystemRoot\system32\DRIVERS\umbus.sys
0x8ADBA000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x8ADEF000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x8B004000 \SystemRoot\system32\drivers\RTKVHDA.sys
0x8B19A000 \SystemRoot\system32\drivers\portcls.sys
0x8B1C7000 \SystemRoot\system32\drivers\drmk.sys
0x8B1EC000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x8B1F5000 \SystemRoot\System32\Drivers\Null.SYS
0x8AC00000 \SystemRoot\System32\Drivers\Beep.SYS
0x8AC07000 \SystemRoot\System32\Drivers\DLARTL_M.SYS
0x8ABCA000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x8ABD1000 \SystemRoot\System32\drivers\vga.sys
0x8ABDD000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x82D88000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0x8B1FC000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x8A600000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x8ABC1000 \SystemRoot\system32\drivers\rdpencdd.sys
0x82D9D000 \SystemRoot\System32\Drivers\Msfs.SYS
0x82DA8000 \SystemRoot\System32\Drivers\Npfs.SYS
0x82DB6000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x82DBF000 \SystemRoot\system32\DRIVERS\tdx.sys
0x82DD5000 \SystemRoot\system32\DRIVERS\smb.sys
0x8B407000 \SystemRoot\system32\drivers\afd.sys
0x8B44F000 \SystemRoot\System32\DRIVERS\netbt.sys
0x8B481000 \SystemRoot\system32\DRIVERS\pacer.sys
0x8B497000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x8B4A0000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x8B4B0000 \SystemRoot\system32\DRIVERS\netbios.sys
0x8B4BE000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x8B4D1000 \SystemRoot\system32\DRIVERS\ssmdrv.sys
0x8B4D7000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x8B513000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x8B51B000 \SystemRoot\system32\drivers\nsiproxy.sys
0x8B525000 \SystemRoot\System32\Drivers\dfsc.sys
0x8B53C000 \SystemRoot\system32\DRIVERS\avipbb.sys
0x8B562000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x8B579000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x8B582000 \SystemRoot\system32\DRIVERS\udfs.sys
0x8B5BD000 \SystemRoot\System32\Drivers\crashdmp.sys
0x8B5CA000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x8B5D5000 \SystemRoot\System32\Drivers\dump_atapi.sys
0x930A0000 \SystemRoot\System32\win32k.sys
0x8B5DD000 \SystemRoot\System32\drivers\Dxapi.sys
0x8B5E7000 \SystemRoot\system32\DRIVERS\monitor.sys
0x932C0000 \SystemRoot\System32\TSDDD.dll
0x932E0000 \SystemRoot\System32\cdd.dll
0x82FC5000 \SystemRoot\system32\drivers\luafv.sys
0x82DE9000 \SystemRoot\system32\DRIVERS\avgntflt.sys
0x82C00000 \SystemRoot\System32\Drivers\DRVNDDM.SYS
0x8B5F6000 \SystemRoot\System32\DLA\DLADResM.SYS
0x807E1000 \SystemRoot\System32\DLA\DLAIFS_M.SYS
0x8B5F7000 \SystemRoot\System32\DLA\DLAOPIOM.SYS
0x8B5FC000 \SystemRoot\System32\DLA\DLAPoolM.SYS
0x8B400000 \SystemRoot\System32\DLA\DLABMFSM.SYS
0x82FF9000 \SystemRoot\System32\DLA\DLABOIOM.SYS
0x96E02000 \SystemRoot\System32\DLA\DLAUDFAM.SYS
0x96E18000 \SystemRoot\System32\DLA\DLAUDF_M.SYS
0x96E37000 \SystemRoot\system32\drivers\spsys.sys
0x96EE7000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x96EF7000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x96F21000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x96F2B000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x96F3E000 \SystemRoot\system32\drivers\HTTP.sys
0x96FAB000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x96FC8000 \SystemRoot\system32\DRIVERS\bowser.sys
0x96FE1000 \SystemRoot\System32\drivers\mpsdrv.sys
0x98C0B000 \SystemRoot\system32\drivers\mrxdav.sys
0x98C2C000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x98C4B000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x98C84000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x98C9C000 \SystemRoot\System32\DRIVERS\srv2.sys
0x98CC4000 \SystemRoot\System32\DRIVERS\srv.sys
0x98D13000 \SystemRoot\system32\drivers\peauth.sys
0x98DF1000 \SystemRoot\System32\Drivers\secdrv.SYS
0x82600000 \SystemRoot\System32\drivers\tcpipreg.sys
0x96400000 \SystemRoot\system32\DRIVERS\WUDFRd.sys
0x96415000 \SystemRoot\system32\DRIVERS\WUDFPf.sys
0x96427000 \SystemRoot\system32\DRIVERS\cdfs.sys
0x9643D000 \??\C:\Users\Fabo\AppData\Local\Temp\kwtdypog.sys
0x77A90000 \Windows\System32\ntdll.dll

Processes (total 70):
0 System Idle Process
4 System
472 C:\Windows\System32\smss.exe
540 csrss.exe
588 C:\Windows\System32\wininit.exe
596 csrss.exe
632 C:\Windows\System32\services.exe
644 C:\Windows\System32\lsass.exe
652 C:\Windows\System32\lsm.exe
736 C:\Windows\System32\winlogon.exe
840 C:\Windows\System32\svchost.exe
964 C:\Windows\System32\svchost.exe
1012 C:\Windows\System32\svchost.exe
1104 C:\Windows\System32\svchost.exe
1180 C:\Windows\System32\svchost.exe
1208 C:\Windows\System32\svchost.exe
1264 C:\Windows\System32\audiodg.exe
1288 C:\Windows\System32\svchost.exe
1308 C:\Windows\System32\SLsvc.exe
1344 C:\Windows\System32\svchost.exe
1516 C:\Windows\System32\svchost.exe
1740 C:\Windows\System32\spoolsv.exe
1768 C:\Program Files\Avira\AntiVir Desktop\sched.exe
1796 C:\Windows\System32\svchost.exe
504 C:\Windows\System32\dwm.exe
600 C:\Windows\System32\taskeng.exe
828 C:\Windows\explorer.exe
956 C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
492 C:\Program Files\Avira\AntiVir Desktop\avguard.exe
1528 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
732 C:\Windows\RtHDVCpl.exe
1940 C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
1372 C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
2076 C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
2092 C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
2108 C:\Program Files\iTunes\iTunesHelper.exe
2128 C:\Program Files\Bonjour\mDNSResponder.exe
2208 C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
2240 C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
2260 C:\Windows\System32\svchost.exe
2300 C:\Windows\System32\svchost.exe
2380 C:\FirstSteps\OnlineDiagnostic\TestManager\TestHandler.exe
2500 C:\Windows\System32\svchost.exe
2524 C:\Program Files\Windows Sidebar\sidebar.exe
2552 C:\Windows\System32\SearchIndexer.exe
2648 C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
2672 C:\Windows\System32\rundll32.exe
2740 C:\Windows\ehome\ehtray.exe
2912 C:\Program Files\Panasonic\PHOTOfunSTUDIO -viewer-\PhAutoRun.exe
3168 WUDFHost.exe
3220 C:\Program Files\OpenOffice.org 3\program\soffice.exe
3284 C:\Windows\ehome\ehmsas.exe
3636 C:\Windows\System32\mobsync.exe
4088 C:\Program Files\OpenOffice.org 3\program\soffice.bin
2928 C:\Program Files\iPod\bin\iPodService.exe
3568 C:\Windows\System32\svchost.exe
4076 C:\Windows\System32\wbem\unsecapp.exe
1496 WmiPrvSE.exe
2412 C:\Windows\System32\taskeng.exe
3796 C:\Program Files\Mozilla Firefox\firefox.exe
1328 C:\Program Files\Mozilla Firefox\plugin-container.exe
2568 C:\Users\Fabo\Downloads\r3wtuqob.exe
512 C:\Program Files\WinRAR\WinRAR.exe
960 C:\Users\Fabo\AppData\Local\Temp\Rar$EX01.469\osam.exe
2724 C:\Windows\System32\notepad.exe
1136 taskeng.exe
2948 C:\Windows\System32\SearchProtocolHost.exe
2532 C:\Windows\System32\SearchFilterHost.exe
3728 C:\Users\Fabo\Downloads\MBRCheck.exe
3648 C:\Windows\System32\conime.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000002`ee100000 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x0000002e`ea800000 (NTFS)

PhysicalDrive0 Model Number: ST3250820AS, Rev: 3.AAC

Size Device Name MBR Status
--------------------------------------------
232 GB \\.\PhysicalDrive0 Windows 2008 MBR code detected
SHA1: 8DF43F2BDE2D9451948FA14B5279969C777A7979


Done!

So noch was...

Vielen dank erstmal für all die Hilfe!
Ist nicht ohne so ein Trojaner los zu werden!!!

Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!


Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt:


ESET Online Scanner

• Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
• Lade und starte Eset Online Scanner
• Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
• Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
• Klicke auf Starten.
• Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
• Klicke am Ende des Suchlaufs auf Fertig stellen.
• Schließe das Fenster von ESET.
• Explorer öffnen.
• C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
• Logfile hier posten.
• Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
• Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Datenbank Version: 6803

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.19048

09.06.2011 15:40:06
mbam-log-2011-06-09 (15-40-05).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 304009
Laufzeit: 1 Stunde(n), 46 Minute(n), 15 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)