Hi, Bootkit info unten und OSAM/GERM als Anlage. Muss ich noch was weiteres machen. Danke..


Bootkit Remover
(c) 2009 eSage Lab
www.esagelab.com

Program version: 1.1.0.0
OS Version: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)

System volume is \\.\C:
\\.\C: -> \\.\PhysicalDrive0 at offset 0x00000000`00007e00
Boot sector MD5 is: d664e84aadbe3d3f1889c0571722d7fa

Size Device Name MBR Status
--------------------------------------------
74 GB \\.\PhysicalDrive0 Unknown boot code

Unknown boot code has been found on some of your physical disks.
To inspect the boot code manually, dump the master boot sector:
remover.exe dump <device_name> [output_file]
To disinfect the master boot sector, use the following command:
remover.exe fix <device_name>


Done;
Press any key to quit...

OSAM Logfile:

Code: Alles auswählenAufklappen

ATTFilter

Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 07:22:49 on 27.08.2010

OS: Windows XP Home Edition Service Pack 3 (Build 2600)
Default Browser: Microsoft Corporation Internet Explorer 7.00.6000.17080

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Common]
-----( %SystemRoot%\Tasks )-----
"AppleSoftwareUpdate.job" - "Apple Inc." - C:\Programme\Apple Software Update\SoftwareUpdate.exe
"GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Programme\Google\Update\GoogleUpdate.exe
"GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Programme\Google\Update\GoogleUpdate.exe

[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"infocardcpl.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\infocardcpl.cpl
"javacpl.cpl" - "Sun Microsystems, Inc." - C:\WINDOWS\system32\javacpl.cpl
"NeroBurnRights.cpl" - "Ahead Software AG" - C:\WINDOWS\system32\NeroBurnRights.cpl
"prefscpl.cpl" - "RealNetworks, Inc." - C:\WINDOWS\system32\prefscpl.cpl
"slcpappl.cpl" - ? - C:\WINDOWS\system32\slcpappl.cpl
"XMOUSE.CPL" - ? - C:\WINDOWS\system32\XMOUSE.CPL
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"Adobe Gamma" - "Adobe Systems, Inc." - C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma.cpl
"Avira AntiVir PersonalEdition Premium " - "Avira GmbH" - C:\PROGRA~1\Avira\ANTIVI~1\avconfig.cpl
"Avira AntiVir PersonalEdition Premium Konfiguration" - ? - C:\PROGRA~1\ANTIVI~1\avconfig.cpl  (File not found)
"NokiaConnectionManager" - "Nokia" - C:\PROGRA~1\Nokia\NOKIAP~1\CONNEC~1.CPL
"QuickTime" - "Apple Inc." - C:\Programme\QuickTime\QTSystem\QuickTime.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"ACEDRV08" (ACEDRV08) - "Protect Software GmbH" - C:\WINDOWS\system32\drivers\ACEDRV08.sys
"ACEDRV09" (ACEDRV09) - "Protect Software GmbH" - C:\WINDOWS\system32\drivers\ACEDRV09.sys
"acedrv11" (acedrv11) - "Protect Software GmbH" - C:\WINDOWS\system32\drivers\acedrv11.sys
"Apple Mobile USB Driver" (USBAAPL) - "Apple, Inc." - C:\WINDOWS\System32\Drivers\usbaapl.sys
"ASCTRM" (ASCTRM) - "Windows (R) 2000 DDK provider" - C:\WINDOWS\system32\drivers\ASCTRM.sys
"avgio" (avgio) - "Avira GmbH" - C:\Programme\Avira\AntiVir PersonalEdition Premium\avgio.sys
"avgntflt" (avgntflt) - "Avira GmbH" - C:\Programme\Avira\AntiVir PersonalEdition Premium\avgntflt.sys
"avipbb" (avipbb) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\avipbb.sys
"Bluetooth Audio" (BtAudio) - ? - C:\WINDOWS\System32\DRIVERS\btaudio.sys  (File not found)
"Bluetooth Audio Service" (BlueletAudio) - ? - C:\WINDOWS\System32\DRIVERS\blueletaudio.sys  (File not found)
"Bluetooth HID Enumerator" (BTHidEnum) - ? - C:\WINDOWS\System32\DRIVERS\vbtenum.sys  (File not found)
"Bluetooth HID Manager Service" (BTHidMgr) - ? - C:\WINDOWS\System32\Drivers\BTHidMgr.sys  (File not found)
"Bluetooth LAN Access Server" (BTWDNDIS) - ? - C:\WINDOWS\System32\DRIVERS\btwdndis.sys  (File not found)
"Bluetooth Network Filter" (BTNetFilter) - ? - C:\WINDOWS\system32\drivers\BTNetFilter.sys  (File found, but it contains no detailed information)
"Bluetooth PAN Network Adapter" (BT) - ? - C:\WINDOWS\System32\DRIVERS\btnetdrv.sys  (File not found)
"Bluetooth USB For Bluetooth Service" (Btcsrusb) - ? - C:\WINDOWS\System32\Drivers\btcusb.sys  (File not found)
"Bluetooth VComm Manager Service" (VcommMgr) - ? - C:\WINDOWS\System32\Drivers\VcommMgr.sys  (File not found)
"Bluetooth Virtual Communications Driver" (BTDriver) - ? - C:\WINDOWS\System32\DRIVERS\btport.sys  (File not found)
"catchme" (catchme) - ? - C:\DOKUME~1\Arti\LOKALE~1\Temp\catchme.sys  (File not found)
"Changer" (Changer) - ? - C:\WINDOWS\system32\drivers\Changer.sys  (File not found)
"i2omgmt" (i2omgmt) - ? - C:\WINDOWS\system32\drivers\i2omgmt.sys  (File not found)
"lbrtfdc" (lbrtfdc) - ? - C:\WINDOWS\system32\drivers\lbrtfdc.sys  (File not found)
"MBAMSwissArmy" (MBAMSwissArmy) - "Malwarebytes Corporation" - C:\WINDOWS\system32\drivers\mbamswissarmy.sys
"Padus ASPI Shell" (Pfc) - "Padus, Inc." - C:\WINDOWS\System32\drivers\pfc.sys
"PCIDump" (PCIDump) - ? - C:\WINDOWS\system32\drivers\PCIDump.sys  (File not found)
"PDCOMP" (PDCOMP) - ? - C:\WINDOWS\system32\drivers\PDCOMP.sys  (File not found)
"PDFRAME" (PDFRAME) - ? - C:\WINDOWS\system32\drivers\PDFRAME.sys  (File not found)
"PDRELI" (PDRELI) - ? - C:\WINDOWS\system32\drivers\PDRELI.sys  (File not found)
"PDRFRAME" (PDRFRAME) - ? - C:\WINDOWS\system32\drivers\PDRFRAME.sys  (File not found)
"PxHelp20" (PxHelp20) - "Sonic Solutions" - C:\WINDOWS\System32\Drivers\PxHelp20.sys
"ssmdrv" (ssmdrv) - "AVIRA GmbH" - C:\WINDOWS\System32\DRIVERS\ssmdrv.sys
"UnlockerDriver4 Driver" (UnlockerDriver4) - ? - C:\Programme\Unlocker\UnlockerDriver4.sys  (File found, but it contains no detailed information)
"Virtual Serial port driver" (VComm) - ? - C:\WINDOWS\System32\DRIVERS\VComm.sys  (File not found)
"WAN Miniport (ATW)" (wanatw) - ? - C:\WINDOWS\System32\DRIVERS\wanatw4.sys  (File not found)
"WDICA" (WDICA) - ? - C:\WINDOWS\system32\drivers\WDICA.sys  (File not found)

[Explorer]
-----( HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components )-----
{89B4C1CD-B018-4511-B0A1-5476DBF70820} "StubPath" - "Microsoft Corporation" - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{7D4D6379-F301-4311-BEBA-E26EB0561882} "NeroDigitalColumnHandler Class" - "Nero AG" - C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroDigitalExt.dll
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Programme\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll
-----( HKLM\Software\Classes\Protocols\Filter )-----
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
-----( HKLM\Software\Classes\Protocols\Handler )-----
{3D9F03FA-7A94-11D3-BE81-0050048385D1} "Data Page Pluggable Protocol mso-offdap Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\WEBCOM~1\10\OWC10.DLL
{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL
{0A9007C0-4076-11D3-8789-0000F8105754} "Microsoft Infotech Storage Protocol for IE 4.0" - "Microsoft Corporation" - c:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\msitss.dll
{91774881-D725-4E58-B298-07617B9B86A8} "Skype IE add-on Pluggable Protocol" - "Skype Technologies S.A." - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} "Acrobat Elements Context Menu" - "Adobe Systems Inc." - C:\Programme\Adobe\Acrobat 7.0\Acrobat Elements\ContextMenu.dll
{42071714-76d4-11d1-8b24-00a0c9068ff3} "CPL-Erweiterung für Anzeigeverschiebung" - ? - deskpan.dll  (File not found)
{1D2680C9-0E2A-469d-B787-065558BC7D43} "Fusion Cache" - "Microsoft Corporation" - c:\WINDOWS\system32\mscoree.dll
{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} "iTunes" - "Apple Inc." - C:\Programme\iTunes\iTunesMiniPlayer.dll
{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} "Kontextmenü für die Verschlüsselung" - ? -   (File not found | COM-object registry key not found)
{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Programme\Microsoft Office\Office10\msohev.dll
{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\msoshext.dll
{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\msoshext.dll
{ED65AB21-B24F-11d3-BA80-00C0CA16AA37} "Mobile" - ? -   (File not found | COM-object registry key not found)
{ED65AB22-B24F-11d3-BA80-00C0CA16AA37} "Mobile ContextMenuHandler" - ? -   (File not found | COM-object registry key not found)
{ED65AB23-B24F-11d3-BA80-00C0CA16AA37} "Mobile PropertySheetHandler" - ? -   (File not found | COM-object registry key not found)
{B327765E-D724-4347-8B16-78AE18552FC3} "NeroDigitalIconHandler Class" - "Nero AG" - C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroDigitalExt.dll
{7F1CF152-04F8-453A-B34C-E609530A9DC8} "NeroDigitalPropSheetHandler Class" - "Nero AG" - C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroDigitalExt.dll
{416651E4-9C3C-11D9-8BDE-F66BAD1E3F3A} "Nokia Phone Browser" - "Nokia" - C:\Programme\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
{0006F045-0000-0000-C000-000000000046} "Outlook File Icon Extension" - "Microsoft Corporation" - C:\Programme\Microsoft Office\Office10\OLKFSTUB.DLL
{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira GmbH" - C:\Programme\Avira\AntiVir PersonalEdition Premium\shlext.dll
{E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} "Shell Icon Handler for Application References" - "Microsoft Corporation" - c:\WINDOWS\system32\dfshim.dll
{764BF0E1-F219-11ce-972D-00AA00A14F56} "Shellerweiterungen für die Dateikomprimierung" - ? -   (File not found | COM-object registry key not found)
{e82a2d71-5b2f-43a0-97b8-81be15854de8} "ShellLink for Application References" - "Microsoft Corporation" - c:\WINDOWS\system32\dfshim.dll
{BD88A479-9623-4897-8546-BC62B9628F44} "SPTHandler" - ? -   (File not found | COM-object registry key not found)
{DDE4BEEB-DDE6-48fd-8EB5-035C09923F83} "UnlockerShellExtension" - ? - C:\Programme\Unlocker\UnlockerCOM.dll  (File found, but it contains no detailed information)
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} "Webordner" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Folders\msonsext.dll
{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - ? - C:\Programme\WinRAR\rarext.dll  (File found, but it contains no detailed information)

[Internet Explorer]
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
<binary data> "Adobe PDF" - "Adobe Systems Incorporated" - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
<binary data> "ITBar7Layout" - ? -   (File not found | COM-object registry key not found)
<binary data> "{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7}" - ? -   (File not found | COM-object registry key not found)
<binary data> "{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}" - ? -   (File not found | COM-object registry key not found)
<binary data> "{4B3803EA-5230-4DC3-A7FC-33638F3D3542}" - ? -   (File not found | COM-object registry key not found)
<binary data> "{EF99BD32-C1FB-11D2-892F-0090271D4F88}" - ? -   (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{8BBDC81D-81B3-49EE-87E8-47B7A707FAE8} "GoToMeeting Web Starter" - "Citrix Online, a division of Citrix Systems, Inc." - C:\WINDOWS\Downloaded Program Files\g2mdlax.dll / https://www2.gotomeeting.com/default/applets/g2mdlax.cab
{E06E2E99-0AA1-11D4-ABA6-0060082AA75C} "GpcContainer Class" - "WebEx Communications, Inc" - C:\WINDOWS\Downloaded Program Files\ieatgpc.dll / https://iwl.webex.com/client/T26L/webex/ieatgpc.cab
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_21" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_21.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} "Java Plug-in 1.6.0_21" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_21.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_21" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_21.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
{493ACF15-5CD9-4474-82A6-91670C3DD66E} "LinkedIn Email Analysis Control" - "LinkedIn" - C:\WINDOWS\DOWNLO~1\LINKED~1.DLL / hxxp://www.linkedin.com/cab/LinkedInEmailAnalysisControl.cab
{02BCC737-B171-4746-94C9-0D8A0B2C0089} "Microsoft Office Template and Media Control" - "Microsoft Corporation" - C:\WINDOWS\Downloaded Program Files\IEAWSDC.DLL / hxxp://office.microsoft.com/templates/ieawsdc.cab
{02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} "QuickTime Object" - "Apple Inc." - C:\Programme\QuickTime\QTPlugin.ocx / hxxp://www.apple.com/qtactivex/qtplugin.cab
{166B1BCA-3F9C-11CF-8075-444553540000} "Shockwave ActiveX Control" - "Macromedia, Inc." - C:\WINDOWS\system32\Macromed\Director\SwDir.dll / hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
{D27CDB6E-AE6D-11CF-96B8-444553540000} "Shockwave Flash Object" - "Adobe Systems, Inc." - C:\WINDOWS\system32\Macromed\Flash\Flash10b.ocx / hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C} "{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}" - ? -   (File not found | COM-object registry key not found) / hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} "{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA}" - ? -   (File not found | COM-object registry key not found) / hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_05-windows-i586.cab
{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA} "{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA}" - ? -   (File not found | COM-object registry key not found) / hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_08-windows-i586.cab
{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} "{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA}" - ? -   (File not found | COM-object registry key not found) / hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab
{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} "{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}" - ? -   (File not found | COM-object registry key not found) / hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab
{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} "{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}" - ? -   (File not found | COM-object registry key not found) / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} "{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}" - ? -   (File not found | COM-object registry key not found) / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} "{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}" - ? -   (File not found | COM-object registry key not found) / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} "{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}" - ? -   (File not found | COM-object registry key not found) / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} "{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA}" - ? -   (File not found | COM-object registry key not found) / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab
{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} "{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}" - ? -   (File not found | COM-object registry key not found) / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
"@C:\Programme\Messenger\Msgslang.dll,-61144" - "Microsoft Corporation" - C:\Programme\Messenger\msmsgs.exe
{07A11D74-9D25-4fea-A833-8B0D76A5577A} "An Mindjet MindManager senden" - "Mindjet" - C:\Programme\Mindjet\MindManager 7\Mm7InternetExplorer.dll
{898EA8C8-E7FF-479B-8935-AEC46303B9E5} "Skype add-on for Internet Explorer" - "Skype Technologies S.A." - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )-----
<binary data> "Adobe PDF" - "Adobe Systems Incorporated" - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} "AcroIEHlprObj Class" - "Adobe Systems Incorporated" - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
{AE7CD045-E861-484f-8273-0445EE161910} "Adobe PDF Conversion Toolbar Helper" - "Adobe Systems Incorporated" - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
{07A11D74-9D25-4fea-A833-8B0D76A5577A} "CmjBrowserHelperObject Object" - "Mindjet" - C:\Programme\Mindjet\MindManager 7\Mm7InternetExplorer.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jp2ssv.dll
{E7E6F031-17CE-4C07-BC86-EABFE594F69C} "JQSIEStartDetectorImpl Class" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} "Skype add-on for Internet Explorer" - "Skype Technologies S.A." - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

[Logon]
-----( %AllUsersProfile%\Startmenü\Programme\Autostart )-----
"Adobe Acrobat Speed Launcher.lnk" - "Adobe Systems Incorporated" - C:\Programme\Adobe\Acrobat 7.0\Acrobat\acrobat_sl.exe  (Shortcut exists | File exists)
"Adobe Gamma Loader.lnk" - "Adobe Systems, Inc." - C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe  (Shortcut exists | File exists)
"Adobe Gamma.lnk" - "Adobe Systems, Inc." - C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe  (Shortcut exists | File exists)
"InterVideo WinCinema Manager.lnk" - "InterVideo Inc." - C:\Programme\InterVideo\Common\Bin\WinCinemaMgr.exe  (Shortcut exists | File exists)
"Lexware Info Service.lnk" - "Lexware GmbH & Co. KG" - C:\Programme\Gemeinsame Dateien\Lexware\Update Manager\LxUpdateManager.exe  (Shortcut exists | File exists)
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----
"Duden Korrektor SysTray" - "Expert System S.p.A." - C:\Programme\Duden\Duden Korrektor\dktray.exe
"PC Suite Tray" - "Nokia" - "C:\Programme\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
"Skype" - "Skype Technologies S.A." - "C:\Programme\Skype\Phone\Skype.exe" /nosplash /minimized
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"Acrobat Assistant 7.0" - "Adobe Systems Inc." - "C:\Programme\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
"ATIPTA" - "ATI Technologies, Inc." - C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
"avgnt" - "Avira GmbH" - "C:\Programme\Avira\AntiVir PersonalEdition Premium\avgnt.exe" /min
"CanonSolutionMenu" - "CANON INC." - C:\Programme\Canon\SolutionMenu\CNSLMAIN.exe /logon
"iTunesHelper" - "Apple Inc." - "C:\Programme\iTunes\iTunesHelper.exe"
"LexwareInfoService" - "Lexware GmbH & Co. KG" - C:\Programme\Gemeinsame Dateien\Lexware\Update Manager\LxUpdateManager.exe /autostart
"LXSUPMON" - "Lexmark" - C:\WINDOWS\system32\LXSUPMON.EXE RUN
"MMReminderService" - "Mindjet" - C:\Programme\Mindjet\MindManager 7\MMReminderService.exe
"NeroFilterCheck" - "Ahead Software Gmbh" - C:\WINDOWS\system32\NeroCheck.exe
"PrinTray" - "Lexmark" - C:\WINDOWS\System32\spool\DRIVERS\W32X86\2\printray.exe
"QuickTime Task" - "Apple Inc." - "C:\Programme\QuickTime\QTTask.exe" -atboottime
"sealmon" - "SealedMedia" - C:\Programme\SealedMedia\sealmon.exe
"SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe"

[Print Monitors]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----
"Adobe PDF Port" - "Adobe Systems Incorporated." - C:\WINDOWS\system32\AdobePDF.dll
"Lexmark Network Port" - "Lexmark International, Inc." - C:\WINDOWS\system32\LEXLMPM.DLL

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
".NET Runtime Optimization Service v2.0.50727_X86" (clr_optimization_v2.0.50727_32) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
"Adobe LM Service" (Adobe LM Service) - "Adobe Systems" - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe
"AntiVir PersonalEdition Premium Guard" (AntiVirService) - "Avira GmbH" - C:\Programme\Avira\AntiVir PersonalEdition Premium\avguard.exe
"AntiVir PersonalEdition Premium MailGuard" (AntiVirMailService) - "Avira GmbH" - C:\Programme\Avira\AntiVir PersonalEdition Premium\avmailc.exe
"AntiVir PersonalEdition Premium MailGuard Hilfsdienst" (AVEService) - "Avira GmbH" - C:\Programme\Avira\AntiVir PersonalEdition Premium\avesvc.exe
"AntiVir PersonalEdition Premium Planer" (AntiVirScheduler) - "Avira GmbH" - C:\Programme\Avira\AntiVir PersonalEdition Premium\sched.exe
"Anwendungsverwaltung" (AppMgmt) - ? - C:\WINDOWS\System32\appmgmts.dll  (File not found)
"Apple Mobile Device" (Apple Mobile Device) - "Apple Inc." - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe
"ASP.NET-Zustandsdienst" (aspnet_state) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
"Dienst "Bonjour"" (Bonjour Service) - "Apple Inc." - C:\Programme\Bonjour\mDNSResponder.exe
"Google Update Service (gupdate)" (gupdate) - "Google Inc." - C:\Programme\Google\Update\GoogleUpdate.exe
"Haufe iDesk-Service in C:\Programme\Haufe\iDesk\iDeskService\Zope" (HRService) - ? - C:\Programme\Haufe\iDesk\iDeskService\iDeskService.exe  (File found, but it contains no detailed information)
"InstallDriver Table Manager" (IDriverT) - "Macrovision Corporation" - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe
"InterBaseGuardian" (InterBaseGuardian) - "Inprise Corporation" - C:\PROGRA~1\Borland\INTERB~1\Bin\IBGuard.EXE
"InterBaseServer" (InterBaseServer) - "Inprise Corporation" - C:\PROGRA~1\Borland\INTERB~1\Bin\ibserver.exe
"iPod-Dienst" (iPod Service) - "Apple Inc." - C:\Programme\iPod\bin\iPodService.exe
"Java Quick Starter" (JavaQuickStarterService) - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jqs.exe
"LexBce Server" (LexBceS) - "Lexmark International, Inc." - C:\WINDOWS\system32\LEXBCES.EXE
"ServiceLayer" (ServiceLayer) - "Nokia" - C:\Programme\PC Connectivity Solution\ServiceLayer.exe
"Windows CardSpace" (idsvc) - "Microsoft Corporation" - c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
"Windows Presentation Foundation Font Cache 3.0.0.0" (FontCache3.0.0.0) - "Microsoft Corporation" - c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe

[Winlogon]
-----( HKCU\Control Panel\IOProcs )-----
"MVB" - ? - mvfs32.dll  (File not found)
-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions )-----
{c6dc5466-785a-11d2-84d0-00c04fb169f7} "Softwareinstallation" - ? - appmgmts.dll  (File not found)
-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify )-----
"WgaLogon" - "Microsoft Corporation" - C:\WINDOWS\system32\WgaLogon.dll

[Winsock Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )-----
"mdnsNSP" - "Apple Inc." - C:\Programme\Bonjour\mdnsNSP.dll
-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries )-----
"AVSDA" - "Avira GmbH" - C:\WINDOWS\system32\avsda.dll

===[ Logfile end ]=========================================[ Logfile end ]===
         

--- --- ---

GMER 1.0.15.15281 - hxxp://www.gmer.net
Rootkit scan 2010-08-26 23:49:25
Windows 5.1.2600 Service Pack 3
Running: x2j8g6iu.exe; Driver: C:\DOKUME~1\Arti\LOKALE~1\Temp\fxriyfog.sys


---- System - GMER 1.0.15 ----

SSDT EE52CE54 ZwCreateThread
SSDT EE52CE40 ZwOpenProcess
SSDT EE52CE45 ZwOpenThread
SSDT EE52CE4F ZwTerminateProcess
SSDT EE52CE4A ZwWriteVirtualMemory

---- Kernel code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\drivers\ACEDRV08.sys section is writeable [0xAEC52000, 0x328BA, 0xE8000020]
.pklstb C:\WINDOWS\system32\drivers\ACEDRV08.sys entry point in ".pklstb" section [0xAEC96000]
.relo2 C:\WINDOWS\system32\drivers\ACEDRV08.sys unknown last section [0xAECB2000, 0x8E, 0x42000040]
.text C:\WINDOWS\system32\drivers\ACEDRV09.sys section is writeable [0xAEBEF000, 0x3326E, 0xE8000020]
.pklstb C:\WINDOWS\system32\drivers\ACEDRV09.sys entry point in ".pklstb" section [0xAEC34000]
.relo2 C:\WINDOWS\system32\drivers\ACEDRV09.sys unknown last section [0xAEC50000, 0x8E, 0x42000040]
.reloc C:\WINDOWS\system32\drivers\acedrv11.sys section is executable [0xAEA18480, 0x306DD, 0xE0000060]

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\ControlSet001\Services\BTHPORT\Parameters\Keys\000272802a3a (not active ControlSet)
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\000272802a3a
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\000272802a3a (not active ControlSet)
Reg HKLM\SOFTWARE\Classes\CLSID\{C09C5BC9-8988-03fd-e90f-ed28fa79961f}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{C09C5BC9-8988-03fd-e90f-ed28fa79961f}\InprocServer32@Class 0x00 0x00 0x00 0x00 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{C09C5BC9-8988-03fd-e90f-ed28fa79961f}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{C09C5BC9-8988-03fd-e90f-ed28fa79961f}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{C09C5BC9-8988-1349-6e7a-32c3fa79961f}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{C09C5BC9-8988-1349-6e7a-32c3fa79961f}\InprocServer32@Class 0x00 0x00 0x00 0x00 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{C09C5BC9-8988-1349-6e7a-32c3fa79961f}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{C09C5BC9-8988-1349-6e7a-32c3fa79961f}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{C09C5BC9-8988-445a-a23e-ef8afa79961f}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{C09C5BC9-8988-445a-a23e-ef8afa79961f}\InprocServer32@Class 0x00 0x00 0x00 0x00 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{C09C5BC9-8988-445a-a23e-ef8afa79961f}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{C09C5BC9-8988-445a-a23e-ef8afa79961f}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{C09C5BC9-8988-8450-edca-cc70fa79961f}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{C09C5BC9-8988-8450-edca-cc70fa79961f}\InprocServer32@Class 0x00 0x00 0x00 0x00 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{C09C5BC9-8988-8450-edca-cc70fa79961f}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{C09C5BC9-8988-8450-edca-cc70fa79961f}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{C09C5BC9-8988-9993-dd19-9245fa79961f}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{C09C5BC9-8988-9993-dd19-9245fa79961f}\InprocServer32@Class 0x00 0x00 0x00 0x00 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{C09C5BC9-8988-9993-dd19-9245fa79961f}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{C09C5BC9-8988-9993-dd19-9245fa79961f}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{C09C5BC9-8988-b682-dee8-37e9fa79961f}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{C09C5BC9-8988-b682-dee8-37e9fa79961f}\InprocServer32@Class 0x00 0x00 0x00 0x00 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{C09C5BC9-8988-b682-dee8-37e9fa79961f}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{C09C5BC9-8988-b682-dee8-37e9fa79961f}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{C09C5BC9-8988-d7bf-b7c4-b41efa79961f}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{C09C5BC9-8988-d7bf-b7c4-b41efa79961f}\InprocServer32@Class 0x00 0x00 0x00 0x00 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{C09C5BC9-8988-d7bf-b7c4-b41efa79961f}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{C09C5BC9-8988-d7bf-b7c4-b41efa79961f}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL

Ist das GMER-Log vollständig?
Das von OSAM ist schon soweit ok. Ich brauch auch noch einen Gegencheck mit MBRCheck:

Downloade Dir bitte MBRCheck (by a_d_13) und speichere die Datei auf dem Desktop.

• Doppelklick auf die MBRCheck.exe.
  Vista und Win7 User mit Rechtsklick "als Administrator starten"
• Das Tool braucht nur eine Sekunde.
• Danach solltest du eine MBRCheck_<Datum>_<Uhrzeit>.txt auf dem Desktop finden.

Poste mir bitte den Inhalt des .txt Dokumentes

hi arne, Gmer lief und lief dann habe ich ihn irgendwann gekilled. MBR Check unten. Danke und Gruss, Arti

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows XP Home Edition
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x0000004c

Kernel Drivers (total 139):
0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
0x806D1000 \WINDOWS\system32\hal.dll
0xF7B1B000 \WINDOWS\system32\KDCOM.DLL
0xF7A2B000 \WINDOWS\system32\BOOTVID.dll
0xF74EB000 ACPI.sys
0xF7B1D000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xF74DA000 pci.sys
0xF761B000 isapnp.sys
0xF762B000 ohci1394.sys
0xF763B000 \WINDOWS\system32\DRIVERS\1394BUS.SYS
0xF7A2F000 compbatt.sys
0xF7A33000 \WINDOWS\system32\DRIVERS\BATTC.SYS
0xF7BE3000 pciide.sys
0xF789B000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xF7B1F000 intelide.sys
0xF764B000 MountMgr.sys
0xF74BB000 ftdisk.sys
0xF7A37000 ACPIEC.sys
0xF7BE4000 \WINDOWS\system32\DRIVERS\OPRGHDLR.SYS
0xF78A3000 PartMgr.sys
0xF765B000 VolSnap.sys
0xF74A3000 atapi.sys
0xF742E000 iaStor.sys
0xF766B000 viamraid.sys
0xF7416000 \WINDOWS\system32\drivers\SCSIPORT.SYS
0xF78AB000 SiSRaid2.sys
0xF767B000 disk.sys
0xF768B000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xF73F6000 fltmgr.sys
0xF73E4000 sr.sys
0xF78B3000 PxHelp20.sys
0xF73CD000 KSecDD.sys
0xF7340000 Ntfs.sys
0xF7313000 NDIS.sys
0xF7A3B000 RecAgent.sys
0xF72F9000 Mup.sys
0xF772B000 \SystemRoot\system32\DRIVERS\intelppm.sys
0xF67EF000 \SystemRoot\system32\DRIVERS\ati2mtag.sys
0xEB11E000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xEB0F6000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0xF192F000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0xEB0D2000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xF1927000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xEBA86000 \SystemRoot\system32\DRIVERS\w29n51.sys
0xF1C4D000 \SystemRoot\system32\DRIVERS\nic1394.sys
0xEB0C0000 \SystemRoot\system32\DRIVERS\Rtlnicxp.sys
0xF1C3D000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0xF1378000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xEB091000 \SystemRoot\system32\DRIVERS\SynTP.sys
0xEF57B000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xF1370000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xF1C2D000 \SystemRoot\system32\DRIVERS\imapi.sys
0xF1E84000 \SystemRoot\system32\drivers\pfc.sys
0xF1C1D000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xF1C0D000 \SystemRoot\system32\DRIVERS\redbook.sys
0xEB06E000 \SystemRoot\system32\DRIVERS\ks.sys
0xF1368000 \SystemRoot\System32\Drivers\GEARAspiWDM.sys
0xF1E80000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0xF147E000 \SystemRoot\system32\DRIVERS\audstub.sys
0xF1BFD000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xF1E7C000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xEB057000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xF1BED000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xF1BDD000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xF1360000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xEB046000 \SystemRoot\system32\DRIVERS\psched.sys
0xF1BCD000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xF1358000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xF1350000 \SystemRoot\system32\DRIVERS\raspti.sys
0xF1648000 \SystemRoot\system32\DRIVERS\termdd.sys
0xEF5A3000 \SystemRoot\system32\DRIVERS\swenum.sys
0xEB254000 \SystemRoot\system32\DRIVERS\update.sys
0xF1A2D000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xF1638000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xB27DF000 \SystemRoot\system32\DRIVERS\SLDRV\slazldrv.sys
0xF1322000 \SystemRoot\system32\DRIVERS\SLDRV\SlWdmSup.sys
0xB27C0000 \SystemRoot\system32\DRIVERS\SLDRV\Mtlmnt5.sys
0xF1348000 \SystemRoot\System32\Drivers\Modem.SYS
0xB2552000 \SystemRoot\system32\drivers\RtkHDAud.sys
0xB252E000 \SystemRoot\system32\drivers\portcls.sys
0xF1608000 \SystemRoot\system32\drivers\drmk.sys
0xF1316000 \SystemRoot\system32\drivers\MODEMCSA.sys
0xF15F8000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xEF6D5000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xF7CCD000 \SystemRoot\System32\Drivers\Null.SYS
0xF1D56000 \SystemRoot\System32\Drivers\Beep.SYS
0xEB7E2000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xEB7DA000 \SystemRoot\System32\drivers\vga.sys
0xF1D54000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xF1D52000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xEB7D2000 \SystemRoot\System32\Drivers\Msfs.SYS
0xF7A0B000 \SystemRoot\System32\Drivers\Npfs.SYS
0xEB44B000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xB24FB000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xB24A2000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xB247A000 \SystemRoot\system32\DRIVERS\netbt.sys
0xEB443000 \SystemRoot\System32\drivers\ws2ifsl.sys
0xB2458000 \SystemRoot\System32\drivers\afd.sys
0xF15C8000 \SystemRoot\system32\DRIVERS\netbios.sys
0xF7A13000 \SystemRoot\system32\DRIVERS\ssmdrv.sys
0xB242D000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xB23BD000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xF15B8000 \SystemRoot\System32\Drivers\Fips.SYS
0xB2397000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xEB322000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xEB312000 \SystemRoot\system32\DRIVERS\arp1394.sys
0xB2386000 \SystemRoot\system32\DRIVERS\avipbb.sys
0xF1D4E000 \??\C:\Programme\Avira\AntiVir PersonalEdition Premium\avgio.sys
0xEB2E2000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xF7ADF000 \SystemRoot\System32\Drivers\dump_diskdump.sys
0xEB2D2000 \SystemRoot\System32\Drivers\dump_viamraid.sys
0xBF800000 \SystemRoot\System32\win32k.sys
0xF7B03000 \SystemRoot\System32\drivers\Dxapi.sys
0xF78FB000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xF7C5F000 \SystemRoot\System32\drivers\dxgthk.sys
0xED9A8000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0xBF012000 \SystemRoot\System32\ati2dvag.dll
0xBF04E000 \SystemRoot\System32\ati2cqag.dll
0xBF080000 \SystemRoot\System32\atikvmag.dll
0xBF0B2000 \SystemRoot\System32\ati3duag.dll
0xBF2E6000 \SystemRoot\System32\ativvaxx.dll
0xF193F000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0xB0370000 \SystemRoot\system32\DRIVERS\ewusbmdm.sys
0xF795B000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
0xB030E000 \??\C:\WINDOWS\system32\drivers\ACEDRV08.sys
0xB02AB000 \??\C:\WINDOWS\system32\drivers\ACEDRV09.sys
0xF1E90000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xB01B6000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0xB0152000 \??\C:\Programme\Avira\AntiVir PersonalEdition Premium\avgntflt.sys
0xB0089000 \??\C:\WINDOWS\system32\drivers\acedrv11.sys
0xEB66E000 \SystemRoot\System32\Drivers\ASCTRM.SYS
0xAFE31000 \SystemRoot\system32\drivers\wdmaud.sys
0xAFEC6000 \SystemRoot\system32\drivers\sysaudio.sys
0xAF7C2000 \SystemRoot\system32\DRIVERS\srv.sys
0xAE6D1000 \SystemRoot\System32\Drivers\HTTP.sys
0xAEEA0000 \SystemRoot\system32\DRIVERS\asyncmac.sys
0x7C910000 \WINDOWS\system32\ntdll.dll

Processes (total 65):
0 System Idle Process
4 System
796 C:\WINDOWS\system32\smss.exe
880 csrss.exe
944 C:\WINDOWS\system32\winlogon.exe
1008 C:\WINDOWS\system32\services.exe
1020 C:\WINDOWS\system32\lsass.exe
1188 C:\WINDOWS\system32\ati2evxx.exe
1200 C:\WINDOWS\system32\svchost.exe
1292 svchost.exe
1352 C:\WINDOWS\system32\svchost.exe
1404 svchost.exe
1552 svchost.exe
1800 C:\WINDOWS\system32\LexBceS.exe
1836 C:\WINDOWS\system32\spoolsv.exe
1844 C:\WINDOWS\system32\Lexpps.exe
1896 C:\Programme\Avira\AntiVir PersonalEdition Premium\avguard.exe
1972 svchost.exe
408 C:\Programme\Avira\AntiVir PersonalEdition Premium\sched.exe
420 C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe
432 C:\Programme\Avira\AntiVir PersonalEdition Premium\avesvc.exe
512 C:\Programme\Bonjour\mDNSResponder.exe
556 svchost.exe
852 C:\WINDOWS\system32\ati2evxx.exe
1480 C:\Programme\Haufe\iDesk\iDeskService\ideskservice.exe
1516 C:\WINDOWS\explorer.exe
236 C:\WINDOWS\system32\rundll32.exe
244 C:\Programme\SealedMedia\sealmon.exe
356 C:\WINDOWS\system32\LXSUPMON.EXE
572 C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
580 C:\Programme\Adobe\Acrobat 7.0\Distillr\acrotray.exe
588 C:\WINDOWS\vsnpstd.exe
684 C:\PROGRA~1\Borland\INTERB~1\BIN\ibguard.exe
700 C:\Programme\Avira\AntiVir PersonalEdition Premium\avgnt.exe
708 C:\Programme\Mindjet\MindManager 7\MmReminderService.exe
624 C:\WINDOWS\system32\ICO.EXE
756 C:\Programme\Java\jre6\bin\jqs.exe
784 C:\Programme\Haufe\iDesk\iDeskService\ideskpython.exe
1068 C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe
1464 C:\Programme\iTunes\iTunesHelper.exe
1472 C:\Programme\Duden\Duden Korrektor\DKTray.exe
1664 C:\Programme\Nokia\Nokia PC Suite 7\PCSuite.exe
1620 C:\WINDOWS\system32\ctfmon.exe
2084 C:\WINDOWS\system32\slserv.exe
2116 C:\WINDOWS\system32\svchost.exe
2156 wdfmgr.exe
2208 C:\Programme\Avira\AntiVir PersonalEdition Premium\avmailc.exe
2304 C:\Programme\Duden\Duden Korrektor\DKCore.exe
2380 C:\Programme\InterVideo\Common\Bin\WinCinemaMgr.exe
2388 C:\Programme\Gemeinsame Dateien\Lexware\Update Manager\LxUpdateManager.exe
3436 C:\PROGRA~1\Borland\INTERB~1\BIN\ibserver.exe
3672 C:\Programme\PC Connectivity Solution\ServiceLayer.exe
3896 C:\Programme\PC Connectivity Solution\Transports\NclUSBSrv.exe
3904 C:\Programme\iPod\bin\iPodService.exe
3936 C:\Programme\PC Connectivity Solution\Transports\NclRSSrv.exe
124 alg.exe
2544 C:\Programme\o2\Surf Box mini\o2 Surf Box mini.exe
924 C:\Programme\Microsoft Office\Office10\OUTLOOK.EXE
2832 C:\Programme\Microsoft Office\Office10\WINWORD.EXE
3752 C:\Programme\Opera\opera.exe
204 C:\Programme\Adobe\Acrobat 7.0\Acrobat\Acrobat.exe
2804 C:\DOKUME~1\Arti\LOKALE~1\temp\Adobelm_Cleanup.0001
1124 C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe
1324 C:\DOKUME~1\Arti\LOKALE~1\temp\Adobelm_Cleanup.0001
3656 C:\Dokumente und Einstellungen\Arti\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)

PhysicalDrive0 Model Number: FUJITSUMHT2080BH, Rev: 0000104B

Size Device Name MBR Status
--------------------------------------------
74 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: 9B59EA042E0781FA8A075B11A34F2E9B384B55D7


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Wir müssen den MBR reparieren. hast Du eine Windows-XP-CD zur Hand?

Hallo Arne, danke! meine festplatte fährt aber ganz normal hoch?

Wir müssen den MBR trotzdem reparieren!! Hast Du nun eine Windows-CD oder nicht?

Hi Arne, leider habe ich xp cd nicht greifbar. was nun? Danke.

Hast Du über Combofix die Wiederherstellungskonsole installieren lassen?

Wiederherstellungskonsole habe ich nicht installieren lassen

Gruss,
Arti

Dann hast Du ein Problem. Führ nochmal Combofix aus und lass die Wiederherstellungskonsole installieren. Du brauchst dafür eine Internetverbindung.


ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix

• Lade dir ComboFix hier herunter auf deinen Desktop. Benenne es beim Runterladen um in cofi.exe.

• Dann folgende Anleitung durchlesen und abarbeiten -> CCleaner Systembereinigung

• Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.

• Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
  Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.

• Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.

Wichtiger Hinweis:

Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Hi Arne, alle schritte [Cclenaer und Combifix] durchgeführt. Wiederherstellungskonsole installiert.

Gruss,
Arti

Gut. Dann starte den Rechner neu und geh im Bootmünu auf die Wiederherstellungskonsole. Sieht ein wenig nach DOS aus, ist es aber nicht. Führe dort die befehle aus (eintippen und mit ok bestätigen, Abfrage (Warnung) mit j bestätigen)

Code: Alles auswählenAufklappen

ATTFilter

fixboot
fixmbr
         

Hallo Arne, habe deine Anweisungen umgesetzt...

Gruss,
Arti