Hallo,

ich habe zwei rar Dateien hochgeladen, allerdings gab es beim Verpacken eine Fehlermeldung:

"! Quarantine.rar: Konnte C:\Qoobox\Quarantine\C\WINDOWS\system32\Drivers\cdrom.sys.vir nicht öffnen.
! Zugriff verweigert
"

LG
S.

Du solltest den Virenscanner vorher deaktivieren!

Hallo,

das habe ich versucht. Er schaltet sich ab und zu von selbst wieder ein - ich versuche es gleich nochmal!

Hier schonmal das nächste Log:

GMER 1.0.15.15281 - hxxp://www.gmer.net
Rootkit scan 2010-08-17 12:04:37
Windows 5.1.2600 Service Pack 2
Running: 30nyeklegmer.exe; Driver: C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\ugrdypob.sys


---- System - GMER 1.0.15 ----

SSDT F8D61136 ZwCreateKey
SSDT F8D6112C ZwCreateThread
SSDT F8D6113B ZwDeleteKey
SSDT F8D61145 ZwDeleteValueKey
SSDT F8D61163 ZwLoadDriver
SSDT F8D6114A ZwLoadKey
SSDT F8D61118 ZwOpenProcess
SSDT F8D6111D ZwOpenThread
SSDT F8D61154 ZwReplaceKey
SSDT F8D6114F ZwRestoreKey
SSDT F8D61168 ZwSetSystemInformation
SSDT F8D61140 ZwSetValueKey
SSDT F8D61127 ZwTerminateProcess
SSDT F8D61122 ZwWriteVirtualMemory

---- Kernel code sections - GMER 1.0.15 ----

.reloc C:\WINDOWS\system32\drivers\acehlp09.sys section is executable [0xF83B2780, 0x28F7A, 0xE0000060]
.text C:\WINDOWS\system32\drivers\ACEDRV05.sys section is writeable [0xEF9B2000, 0x30A4A, 0xE8000020]
.pklstb C:\WINDOWS\system32\drivers\ACEDRV05.sys entry point in ".pklstb" section [0xEF9F4000]
.relo2 C:\WINDOWS\system32\drivers\ACEDRV05.sys unknown last section [0xEFA0F000, 0x8E, 0x42000040]
.text C:\WINDOWS\system32\drivers\ACEDRV07.sys section is writeable [0xEF608000, 0x328BA, 0xE8000020]
.pklstb C:\WINDOWS\system32\drivers\ACEDRV07.sys entry point in ".pklstb" section [0xEF64C000]
.relo2 C:\WINDOWS\system32\drivers\ACEDRV07.sys unknown last section [0xEF668000, 0x8E, 0x42000040]
.reloc C:\WINDOWS\system32\drivers\acedrv09.sys section is executable [0xEF028000, 0x4E05A, 0xE0000060]

---- Registry - GMER 1.0.15 ----

Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System@OOSAFEERASE02.00.00.01MSWINDOWS B57024AE705024F378BE0EA3EA11B70F1F0636341C58C46525C634445922DA3E5C134459E7B4FD8FDFAFCE84326DB74E16937F221264B49740ADE6E3B45CF2A2A179B72EF8818186AF7008 C8F0FB4ECC543A2D526CCD02D7C13A9B138E87F596D062631BFEC3A8897B6431A8FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC 9E127BECC74C8EDD5E5BE2F6E667C038D530D6EB34528EDD5E5BE2F6E6675D575E7D6A3B98088C7C3EC12A7E7CEB8170402FF3362F76E56E26B146D245EBDDF724119BD94FC20F2101ED43 68DF7A4213163ECDDE92102BDA5B2815599FB1250E8B234AF705D39936CD6C1C76B989DF13F2CD6695F62FC1ACCA30F8D310E9FD32FB80E0F4D3F4E7AAF465D75C883A0FF5EA422BB26DC3 781DE70BC4E05672EF72696B3ED64E8E5A030EB87C25CEA6255454B7E9660933BEF9EB323574379CA2F18E57A4748883F155F276772E14D99F5A4B7D59B2E0D72AA452CFE6D77A30E466E6 EDBA7D1DA2D6CD42E316A9E1531E48AE1311EE90FC72125B4459A46F66299935890AEFA835D22A5E7B0E1CC709E5F021B18C45B8E3764C0AA173CBE26C856B7E3E02224E7656BFEA6A7561 57E05C3E8AC2AD34FC4336EEA8317D902C65324C8ACCF53B3295F274D5914625A8380FAC94E5388F0442D4AD426E260CA3670FC3E630993AFE335F44CA8

Hallo nochmal.

Das war tatsächlich der Fehler. Antivir hatte sich eingeschaltet vielleicht als ich Firefox gestartet hatte? Jedenfalls habe ich es jetzt nochmal hochgeladen ohne Fehlermeldung.

LG
S.

und das nächste Log:

Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 12:20:14 on 17.08.2010
OS: Windows XP Professional Service Pack 2 (Build 2600)
Default Browser: Mozilla Corporation Firefox 3.6.8

Scanner Settings
Rootkits detection (hidden registry)
Rootkits detection (hidden files)
Retrieve files information
Check Microsoft signatures

Filters
Trusted entries
Empty entries
Hidden registry entries (rootkit activity)
Exclusively opened files
Not found files
Files without detailed information
Existing files
Non-startable services
Non-startable drivers
Active entries
Disabled entries

Risk Name Publisher Full Path Status
Common
%SystemRoot%\Tasks
|||| "Google Software Updater.job" "Google" C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe File exists
|| "RealUpgradeScheduledTaskS-1-5-21-606747145-261903793-682003330-500.job" "RealNetworks, Inc." C:\Programme\Real\RealUpgrade\realupgrade.exe File exists
Control Panel Objects
%SystemRoot%\system32
|||||| "alsndmgr.cpl" C:\WINDOWS\system32\alsndmgr.cpl File signed by Microsoft | File found, but it contains no detailed information
|||||| "infocardcpl.cpl" "Microsoft Corporation" C:\WINDOWS\system32\infocardcpl.cpl File exists
|||||| "ISUSPM.cpl" "InstallShield Software Corporation" C:\WINDOWS\system32\ISUSPM.cpl File exists
|||||| "javacpl.cpl" "Sun Microsystems, Inc." C:\WINDOWS\system32\javacpl.cpl File exists
HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls
|||||| "Avira AntiVir Personal - Free Antivirus " "Avira GmbH" C:\PROGRA~1\Avira\ANTIVI~1\avconfig.cpl File exists
|||||| "QuickTime" "Apple Inc." C:\Programme\QuickTime\QTSystem\QuickTime.cpl File exists
Drivers
HKLM\SYSTEM\CurrentControlSet\Services
|||||| "ACEDRV05" (ACEDRV05) "Protect Software GmbH" C:\WINDOWS\system32\drivers\ACEDRV05.sys File exists
|||||| "ACEDRV07" (ACEDRV07) "Protect Software GmbH" C:\WINDOWS\system32\drivers\ACEDRV07.sys File exists
|||||| "acedrv09" (acedrv09) "Protect Software GmbH" C:\WINDOWS\system32\drivers\acedrv09.sys File exists
|||||| "acehlp09" (acehlp09) "Protect Software GmbH" C:\WINDOWS\system32\drivers\acehlp09.sys File exists
"Apple Mobile USB Driver" (USBAAPL) C:\WINDOWS\System32\Drivers\usbaapl.sys File not found
|||||| "avgio" (avgio) "Avira GmbH" C:\Programme\Avira\AntiVir Desktop\avgio.sys File exists
|||||| "avgntflt" (avgntflt) "Avira GmbH" C:\WINDOWS\System32\DRIVERS\avgntflt.sys File exists
|||||| "avipbb" (avipbb) "Avira GmbH" C:\WINDOWS\System32\DRIVERS\avipbb.sys File exists
"catchme" (catchme) C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\catchme.sys File not found
"Changer" (Changer) C:\WINDOWS\system32\drivers\Changer.sys File not found
|||||| "DualCamera" (SQTECH905C) "Service & Quality Technology." C:\WINDOWS\System32\Drivers\Capt905c.sys File exists
"i2omgmt" (i2omgmt) C:\WINDOWS\system32\drivers\i2omgmt.sys File not found
"lbrtfdc" (lbrtfdc) C:\WINDOWS\system32\drivers\lbrtfdc.sys File not found
|||||| "Padus ASPI Shell" (pfc) "Padus, Inc." C:\WINDOWS\System32\drivers\pfc.sys File exists
"PCIDump" (PCIDump) C:\WINDOWS\system32\drivers\PCIDump.sys File not found
"PDCOMP" (PDCOMP) C:\WINDOWS\system32\drivers\PDCOMP.sys File not found
"PDFRAME" (PDFRAME) C:\WINDOWS\system32\drivers\PDFRAME.sys File not found
"PDRELI" (PDRELI) C:\WINDOWS\system32\drivers\PDRELI.sys File not found
"PDRFRAME" (PDRFRAME) C:\WINDOWS\system32\drivers\PDRFRAME.sys File not found
|||||| "PxHelp20" (PxHelp20) "Sonic Solutions" C:\WINDOWS\System32\Drivers\PxHelp20.sys File exists
|||||| "Secdrv" (Secdrv) C:\WINDOWS\System32\DRIVERS\secdrv.sys File signed by Microsoft | File found, but it contains no detailed information
|||||| "ssmdrv" (ssmdrv) "Avira GmbH" C:\WINDOWS\System32\DRIVERS\ssmdrv.sys File exists
|||||| "TCP/IP-Protokolltreiber" (Tcpip) "Microsoft Corporation" C:\WINDOWS\System32\DRIVERS\tcpip.sys File exists
"ugrdypob" (ugrdypob) C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\ugrdypob.sys Hidden registry entry, rootkit activity | File not found
"WDICA" (WDICA) C:\WINDOWS\system32\drivers\WDICA.sys File not found
Explorer
HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components
|||||| {89B4C1CD-B018-4511-B0A1-5476DBF70820} "StubPath" "Microsoft Corporation" C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install File exists
HKLM\Software\Classes\Folder\shellex\ColumnHandlers
|||||| {7D4D6379-F301-4311-BEBA-E26EB0561882} "NeroDigitalColumnHandler Class" "Nero AG" C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroDigitalExt.dll File exists
|||||| {F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" "Adobe Systems, Inc." C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.dll File exists
HKLM\Software\Classes\Protocols\Filter
|||||| {1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" "Microsoft Corporation" C:\WINDOWS\system32\mscoree.dll File exists
|||||| {1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" "Microsoft Corporation" C:\WINDOWS\system32\mscoree.dll File exists
|||||| {1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" "Microsoft Corporation" C:\WINDOWS\system32\mscoree.dll File exists
|||||| {807553E5-5146-11D5-A672-00B0D022E945} "text/xml" "Microsoft Corporation" C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL File exists
HKLM\Software\Classes\Protocols\Handler
|||||| {32505114-5902-49B2-880A-1F7738E5A384} "Data Page Plugable Protocal mso-offdap11 Handler" "Microsoft Corporation" C:\PROGRA~1\GEMEIN~1\MICROS~1\WEBCOM~1\11\OWC11.DLL File exists
|||||| {3D9F03FA-7A94-11D3-BE81-0050048385D1} "Data Page Pluggable Protocol mso-offdap Handler" "Microsoft Corporation" C:\PROGRA~1\GEMEIN~1\MICROS~1\WEBCOM~1\10\OWC10.DLL File exists
|||||| {0A9007C0-4076-11D3-8789-0000F8105754} "Microsoft Infotech Storage Protocol for IE 4.0" "Microsoft Corporation" C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\MSITSS.DLL File exists
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
{42071714-76d4-11d1-8b24-00a0c9068ff3} "CPL-Erweiterung für Anzeigeverschiebung" File not found | COM-object registry key not found
|||||| {1D2680C9-0E2A-469d-B787-065558BC7D43} "Fusion Cache" "Microsoft Corporation" C:\WINDOWS\system32\mscoree.dll File exists
|||||| {B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} "iTunes" "Apple Inc." C:\Programme\iTunes\iTunesMiniPlayer.dll File exists
{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} "Kontextmenü für die Verschlüsselung" File not found | COM-object registry key not found
|||||| {42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" "Microsoft Corporation" C:\Programme\Microsoft Office\OFFICE11\msohev.dll File exists
|||||| {00020D75-0000-0000-C000-000000000046} "Microsoft Office Outlook" "Microsoft Corporation" C:\PROGRA~1\MICROS~2\OFFICE11\MLSHEXT.DLL File exists
|||||| {B327765E-D724-4347-8B16-78AE18552FC3} "NeroDigitalIconHandler Class" "Nero AG" C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroDigitalExt.dll File exists
|||||| {7F1CF152-04F8-453A-B34C-E609530A9DC8} "NeroDigitalPropSheetHandler Class" "Nero AG" C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroDigitalExt.dll File exists
|||||| {0006F045-0000-0000-C000-000000000046} "Outlook-Dateisymbolerweiterung" "Microsoft Corporation" C:\PROGRA~1\MICROS~2\OFFICE11\OLKFSTUB.DLL File exists
|||||| {F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} "RealOne Player Context Menu Class" "RealNetworks, Inc." c:\programme\real\realplayer\rpshell.dll File exists
|||||| {E8D43C7E-EFA1-41A2-9AD9-0CFECD1678B7} "SafeEraseObj Class" "O&O Software GmbH" C:\Programme\OO Software\SafeErase\oosesh.dll File exists
|||||| {45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" "Avira GmbH" C:\Programme\Avira\AntiVir Desktop\shlext.dll File exists
|||||| {E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} "Shell Icon Handler for Application References" "Microsoft Corporation" C:\WINDOWS\system32\dfshim.dll File exists
{764BF0E1-F219-11ce-972D-00AA00A14F56} "Shellerweiterungen für die Dateikomprimierung" File not found | COM-object registry key not found
|||||| {e82a2d71-5b2f-43a0-97b8-81be15854de8} "ShellLink for Application References" "Microsoft Corporation" C:\WINDOWS\system32\dfshim.dll File exists
|||||| {B8323370-FF27-11D2-97B6-204C4F4F5020} "SmartFTP Shell Extension DLL" "SmartFTP" C:\Programme\SmartFTP Client 2.0\smarthook.dll File exists
|||||| {BDEADF00-C265-11D0-BCED-00A0C90AB50F} "Webordner" "Microsoft Corporation" C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Folders\msonsext.dll File exists
|||||| {B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" C:\Programme\WinRAR\rarext.dll File found, but it contains no detailed information
Internet Explorer
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser
"ITBar7Layout" File not found | COM-object registry key not found
"ITBarLayout" File not found | COM-object registry key not found
|||| "Winamp Toolbar" "AOL LLC" C:\Programme\Winamp Toolbar\winamptb.dll File exists
HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units
|||||| {8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_21"
hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab "Sun Microsystems, Inc." C:\Programme\Java\jre6\bin\npjpi160_21.dll File exists
|||||| {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} "Java Plug-in 1.6.0_21"
hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab "Sun Microsystems, Inc." C:\Programme\Java\jre6\bin\npjpi160_21.dll File exists
|||||| {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_21"
hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab "Sun Microsystems, Inc." C:\Programme\Java\jre6\bin\npjpi160_21.dll File exists
|||||| {166B1BCA-3F9C-11CF-8075-444553540000} "Shockwave ActiveX Control"
hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab "Adobe Systems, Inc." C:\WINDOWS\system32\macromed\Director\SwDir.dll File exists
|||| {17492023-C23A-453E-A040-C7C580BBF700} "Windows Genuine Advantage Validation Tool"
hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab "Microsoft Corporation" C:\WINDOWS\system32\LegitCheckControl.DLL File exists
{00000055-9980-0010-8000-00AA00389B71} "{00000055-9980-0010-8000-00AA00389B71}"
hxxp://codecs.microsoft.com/codecs/i386/fhg.CAB File not found | COM-object registry key not found
{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} "{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA}"
hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab File not found | COM-object registry key not found
{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} "{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}"
hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab File not found | COM-object registry key not found
{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} "{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}"
hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab File not found | COM-object registry key not found
{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} "{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}"
hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab File not found | COM-object registry key not found
{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} "{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}"
hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab File not found | COM-object registry key not found
{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} "{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}"
hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab File not found | COM-object registry key not found
HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions
|||||| {53707962-6F74-2D53-2644-206D7942484F} "ClsidExtension" "Safer Networking Limited" C:\PROGRA~1\SPYBOT~1\SDHelper.dll File exists
|||| {FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Recherchieren" "Microsoft Corporation" C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL File exists
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar
|||| {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} "Winamp Toolbar" "AOL LLC" C:\Programme\Winamp Toolbar\winamptb.dll File exists
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects
|||||| {18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" "Adobe Systems Incorporated" C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll File exists
|||| {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} "Google Toolbar Notifier BHO" "Google Inc." C:\Programme\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll File exists
|||| {DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" "Sun Microsystems, Inc." C:\Programme\Java\jre6\bin\jp2ssv.dll File exists
|||| {E7E6F031-17CE-4C07-BC86-EABFE594F69C} "JQSIEStartDetectorImpl Class" "Sun Microsystems, Inc." C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll File exists
|||||| {53707962-6F74-2D53-2644-206D7942484F} "Spybot-S&D IE Protection" "Safer Networking Limited" C:\PROGRA~1\SPYBOT~1\SDHelper.dll File exists
|||| {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} "Winamp Toolbar BHO" "AOL LLC" C:\Programme\Winamp Toolbar\winamptb.dll File exists
Logon
%AllUsersProfile%\Startmenü\Programme\Autostart
|||||| "desktop.ini" C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\desktop.ini File exists
%UserProfile%\Startmenü\Programme\Autostart
|||||| "desktop.ini" C:\Dokumente und Einstellungen\Administrator\Startmenü\Programme\Autostart\desktop.ini File exists
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
|||||| "SpybotSD TeaTimer" "Safer-Networking Ltd." C:\Programme\Spybot - Search & Destroy\TeaTimer.exe File exists
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
|||| "Adobe ARM" "Adobe Systems Incorporated" "C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe" File exists
|||||| "avgnt" "Avira GmbH" "C:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min File exists
|||| "iTunesHelper" "Apple Inc." "C:\Programme\iTunes\iTunesHelper.exe" File exists
|||| "NeroFilterCheck" "Ahead Software Gmbh" C:\WINDOWS\system32\NeroCheck.exe File exists
|||| "QuickTime Task" "Apple Inc." "C:\Programme\QuickTime\qttask.exe" -atboottime File exists
|||| "TkBellExe" "RealNetworks, Inc." "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot File exists
Print Monitors
HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors
|||||| "Microsoft Document Imaging Writer Monitor" "Microsoft Corporation" C:\WINDOWS\system32\mdimon.dll File exists
Services
HKLM\SYSTEM\CurrentControlSet\Services
|||||| ".NET Runtime Optimization Service v2.0.50727_X86" (clr_optimization_v2.0.50727_32) "Microsoft Corporation" C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe File exists
|||||| "Adobe LM Service" (Adobe LM Service) "Adobe Systems" C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe File exists
|||||| "ASP.NET-Zustandsdienst" (aspnet_state) "Microsoft Corporation" C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe File exists
|||||| "Avira AntiVir Guard" (AntiVirService) "Avira GmbH" C:\Programme\Avira\AntiVir Desktop\avguard.exe File exists
|||||| "Avira AntiVir MailGuard" (AntiVirMailService) "Avira GmbH" C:\Programme\Avira\AntiVir Desktop\avmailc.exe File exists
|||||| "Avira AntiVir Planer" (AntiVirSchedulerService) "Avira GmbH" C:\Programme\Avira\AntiVir Desktop\sched.exe File exists
|||||| "Avira AntiVir WebGuard" (AntiVirWebService) "Avira GmbH" C:\Programme\Avira\AntiVir Desktop\AVWEBGRD.EXE File exists
|||||| "Bonjour-Dienst" (Bonjour Service) "Apple Inc." C:\Programme\Bonjour\mDNSResponder.exe File exists
|||||| "FLEXnet Licensing Service" (FLEXnet Licensing Service) "Macrovision Europe Ltd." C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe File exists
|||| "Google Software Updater" (gusvc) "Google" C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe File exists
"HID Input Service" (HidServ) C:\WINDOWS\System32\hidserv.dll File not found
|||||| "iPod Service" (iPod Service) "Apple Inc." C:\Programme\iPod\bin\iPodService.exe File exists
|||||| "Java Quick Starter" (JavaQuickStarterService) "Sun Microsystems, Inc." C:\Programme\Java\jre6\bin\jqs.exe File exists
"Lavasoft Ad-Aware Service" (Lavasoft Ad-Aware Service) "C:\Programme\Lavasoft\Ad-Aware\AAWService.exe" File not found
|||| "Machine Debug Manager" (MDM) "Microsoft Corporation" C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE File exists
|||||| "Office Source Engine" (ose) "Microsoft Corporation" C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE File exists
"ProtexisLicensing" (ProtexisLicensing) "C:\Programme\Gemeinsame Dateien\Protexis\License Service\PSIService.exe" File not found
|||||| "Windows CardSpace" (idsvc) "Microsoft Corporation" C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe File exists
|||||| "Windows Presentation Foundation Font Cache 3.0.0.0" (FontCache3.0.0.0) "Microsoft Corporation" C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe File exists
Winlogon
HKCU\Control Panel\IOProcs
"MVB" mvfs32.dll File not found
Winsock Providers
HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries
|||||| "mdnsNSP" "Apple Inc." C:\Programme\Bonjour\mdnsNSP.dll File exists
HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries
|||||| "AVSDA" "Avira GmbH" C:\Programme\Avira\AntiVir Desktop\avsda.dll File exists

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru

und hier:

Bootkit Remover
(c) 2009 eSage Lab
esage lab - main

Program version: 1.1.0.0
OS Version: Microsoft Windows XP Professional Service Pack 2 (build 2600)

System volume is \\.\C:
\\.\C: -> \\.\PhysicalDrive0 at offset 0x00000000`00007e00
Boot sector MD5 is: 5ddc20efcc4d1dab37c348c7db7289cf

Size Device Name MBR Status
--------------------------------------------
37 GB \\.\PhysicalDrive0 Unknown boot code

Unknown boot code has been found on some of your physical disks.
To inspect the boot code manually, dump the master boot sector:
remover.exe dump <device_name> [output_file]
To disinfect the master boot sector, use the following command:
remover.exe fix <device_name>


Done;
Press any key to quit...

Zuerst mal bitte - falls noch nicht getan - die Datei remover.exe (vom BootkitRemover) vom Desktop nach c:\windows\system32 kopieren!
Danach die Konsole starten über Start, Ausführen, cmd eintippen, ok.

Den Text im folgenden Codefeld eintippen und mit Enter/Return ausführen:

Code: Alles auswählenAufklappen

ATTFilter

remover.exe fix \\.\PhysicalDrive0
         

Ist geschehen:

Microsoft Windows XP [Version 5.1.2600]
(C) Copyright 1985-2001 Microsoft Corp.

C:\Dokumente und Einstellungen\Administrator>remover.exe fix \\.\PhysicalDrive0
Bootkit Remover
(c) 2009 eSage Lab
www.esagelab.com

Program version: 1.1.0.0
OS Version: Microsoft Windows XP Professional Service Pack 2 (build 2600)

Restoring boot code at \\.\PhysicalDrive0...
OK

Done;
Press any key to quit...

Ok, und zur Kontrolle die remover.exe wieder per Doppelklick ausführen und die Ausgabe posten.

Habe ich ausgeführt und das hier erhalten:
Microsoft Windows XP [Version 5.1.2600]
(C) Copyright 1985-2001 Microsoft Corp.

C:\Dokumente und Einstellungen\Administrator>remover.exe fix \\.\PhysicalDrive0
Bootkit Remover
(c) 2009 eSage Lab
www.esagelab.com

Program version: 1.1.0.0
OS Version: Microsoft Windows XP Professional Service Pack 2 (build 2600)

Restoring boot code at \\.\PhysicalDrive0...
OK

Done;
Press any key to quit...

Das ist die falsche Ausgabe. Oder hast Du den fix nochmal gemacht?
Du sollst die remover.exe nur doppelklick und die Ausgabe posten, prüfen ob (DOS/Win32 Bootcode) gefunden wird (grüne Schrift)

Hallo,

ja - da ist eine grüne Schrift und er schreibt, der habe "Dos/Win 32 Boot code found".

Ist das die Info?
LG
S.

Ja, das ist korrekt!
Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!

Hallo,

hier das Erste Scheint nun wirklich besser zu sein. UNGLAUBLICH!

Malwarebytes' Anti-Malware 1.46
Malwarebytes

Datenbank Version: 4435

Windows 5.1.2600 Service Pack 2
Internet Explorer 7.0.5730.11

17.8.2010 20:09:40
mbam-log-2010-08-17 (20-09-40).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Durchsuchte Objekte: 229301
Laufzeit: 1 Stunde(n), 50 Minute(n), 36 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

Zitat:

Datenbank Version: 4435

hast Du Malwarebytes vorher aktualisiert?