Probleme mit mehreren Trojanern

mojoo · 25.09.2010, 16:45

Hallo

Ich habe anscheinend Probleme mit mehreren Trojanern. In den letzten Tagen haben sich auf meinem Computer anscheinend durch den Anschluss einer Wechselfestplatte, die nicht mir gehörte einige Trojaner eingenistet. Dies äußerte sich vorallem dadurch, dass Ich beim surfen im Internet bei Google suchen immer wieder auf Spam Seiten verlinkt wurde und zudem kommt es beim Start von Windows auch immer wieder zur Fehlermeldung das die Anwendung Spoolsv.exe auf den geschützten Speicher zugreifen möchte. (Ein Fenster mit einem Eingabefeld, vor dem ein A steht.) Ein Drucker ist übrigens nicht installiert und die Datei Spoolsv findet sich nicht nur im System32 Ordner sondern auch in drei anderen Ordnern wieder.

Ich habe diese Trojaner zwar mittels AntiVir und Spyware Doktor wieder entfernen können, (sowohl der AntiVir Guard als auch der Spyware Doktor Guard laufen aktiv im Hintergrund) jedoch bin ich skeptisch ob dies auch erfolgreich war, da ich weiterhin auf Spamseiten verlinkt werde und auch die Fehlermeldung weiterhin beim Windowsstart kommt.
Zusätzlich habe Ich auch versucht Malwarebytes zu starten, dies lies sich jedoch auf meinem Computer nicht starten.

Bei den gefunden Trojaner/Maleware handelt es sich um:
- Trackware.Trackingsystem!rem
- Spyware.know_bad_sites
- Adware Top Search
- Trojan Downloader.Fraud.load
- Hijacker.Instafinder
- TR/Crypt.XPACK.Gen
(+ einiger Cookies, deren Bedrohung jedoch als niedrig eingestuft wurde und die von Spyware Doktor entfernt wurden)

Zudem startet der Computer auch sehr langsam, und das System läuft instabiler.

Vielen Dank für eure Hilfe
mojoo

Anschließend das OTL-Protokoll:

[quote]
OTL logfile created on: 25.09.2010 15:51:24 - Run 2
OTL by OldTimer - Version 3.2.14.1 Folder = C:\Dokumente und Einstellungen\Name\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

1.014,00 Mb Total Physical Memory | 567,00 Mb Available Physical Memory | 56,00% Memory free
2,00 Gb Paging File | 1,00 Gb Available in Paging File | 33,00% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 43,88 Gb Total Space | 14,57 Gb Free Space | 33,20% Space Free | Partition Type: FAT32
Drive D: | 44,37 Gb Total Space | 14,28 Gb Free Space | 32,18% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ACER-917A74570E
Current User Name: Name
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Dokumente und Einstellungen\Mathias\desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Programme\Spyware Doctor\TFEngine\TFService.exe (PC Tools)
PRC - C:\Programme\Spyware Doctor\BDT\BDTUpdateService.exe (Threat Expert Ltd.)
PRC - C:\Programme\Spyware Doctor\pctsTray.exe (PC Tools)
PRC - C:\Programme\Spyware Doctor\pctsSvc.exe (PC Tools)
PRC - C:\Programme\Spyware Doctor\pctsAuxs.exe (PC Tools)
PRC - C:\Programme\Skype\Toolbars\Shared\SkypeNames2.exe (Skype Technologies S.A.)
PRC - C:\Programme\Clarus\Samsung SecretZone\MSSvc.exe ()
PRC - C:\Programme\Citrix\ICA Client\concentr.exe (Citrix Systems, Inc.)
PRC - C:\Programme\Citrix\ICA Client\wfcrun32.exe (Citrix Systems, Inc.)
PRC - C:\Programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
PRC - C:\Programme\Avira\AntiVir PersonalEdition Classic\avguard.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir PersonalEdition Classic\avgnt.exe (Avira GmbH)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple, Inc.)
PRC - C:\WINDOWS\FixCamera.exe ()
PRC - C:\WINDOWS\vsnp325.exe ()
PRC - C:\WINDOWS\tsnp325.exe ()
PRC - C:\Programme\AN QuickNote\QuickNote.exe ()
PRC - C:\Programme\Launch Manager\LManager.exe (Dritek System Inc.)
PRC - C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe (Hewlett-Packard Company)
PRC - C:\Acer\Empowering Technology\eRecovery\Monitor.exe (acer Inc.)
PRC - C:\Acer\Empowering Technology\ePower\ePower_DMC.exe (Acer Incorporated)
PRC - C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe (HiTRUST)
PRC - C:\Programme\Acer\Acer Arcade\Kernel\TV\CLSched.exe ()
PRC - C:\Programme\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe ()
PRC - C:\Programme\Acer\Acer Arcade\PCMService.exe (CyberLink Corp.)
PRC - C:\Programme\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLService.exe (Cyberlink)
PRC - C:\Programme\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe (Cyberlink)
PRC - C:\WINDOWS\system32\igfxext.exe (Intel Corporation)
PRC - C:\Acer\Empowering Technology\admtray.exe (Avocent Inc.)
PRC - C:\Acer\Empowering Technology\admServ.exe (Avocent Inc.)
PRC - C:\WINDOWS\system32\slee81.exe ()
PRC - C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE (Microsoft Corporation)

========== Modules (SafeList) ==========

MOD - C:\Dokumente und Einstellungen\Mathias\desktop\OTL.exe (OldTimer Tools)
MOD - C:\Programme\Spyware Doctor\TFEngine\TFWAH.dll (PC Tools)
MOD - C:\Programme\Spyware Doctor\PCTGMhk.dll (PC Tools)
MOD - C:\Programme\Spyware Doctor\smum32.dll (PC Tools)
MOD - C:\WINDOWS\system32\msvbvm60.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\mfc42.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\dinput.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation)
MOD - C:\WINDOWS\system32\sysenv.dll (HiTRUST)
MOD - C:\WINDOWS\system32\MSNChatHook.dll ()
MOD - C:\Acer\Empowering Technology\ePower\SysHook.dll ()
MOD - C:\WINDOWS\system32\mfc42loc.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\MFC71u.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\MFC71DEU.DLL (Microsoft Corporation)
MOD - C:\WINDOWS\system32\msvcr71.dll (Microsoft Corporation)

========== Win32 Services (SafeList) ==========

SRV - (AppMgmt) -- C:\WINDOWS\System32\appmgmts.dll File not found
SRV - (ThreatFire) -- C:\Programme\Spyware Doctor\TFEngine\TFService.exe (PC Tools)
SRV - (Browser Defender Update Service) -- C:\Programme\Spyware Doctor\BDT\BDTUpdateService.exe (Threat Expert Ltd.)
SRV - (sdCoreService) -- C:\Programme\Spyware Doctor\pctsSvc.exe (PC Tools)
SRV - (sdAuxService) -- C:\Programme\Spyware Doctor\pctsAuxs.exe (PC Tools)
SRV - (MSR Service) -- C:\Programme\Clarus\Samsung SecretZone\MSSvc.exe ()
SRV - (SeaPort) -- C:\Programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir PersonalEdition Classic\avguard.exe (Avira GmbH)
SRV - (AntiVirScheduler) -- C:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe (Avira GmbH)
SRV - (rpcapd) Remote Packet Capture Protocol v.0 (experimental) -- C:\Programme\WinPcap\rpcapd.exe (CACE Technologies)
SRV - (Apple Mobile Device) -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple, Inc.)
SRV - (ServiceLayer) -- C:\Programme\PC Connectivity Solution\ServiceLayer.exe (Nokia.)
SRV - (LightScribeService) -- C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe (Hewlett-Packard Company)
SRV - (CLSched) CyberLink Task Scheduler (CTS) -- C:\Programme\Acer\Acer Arcade\Kernel\TV\CLSched.exe ()
SRV - (CLCapSvc) CyberLink Background Capture Service (CBCS) -- C:\Programme\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe ()
SRV - (CyberLink Media Library Service) -- C:\Programme\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe (Cyberlink)
SRV - (AWService) -- C:\Acer\Empowering Technology\admServ.exe (Avocent Inc.)
SRV - (SLEE_81_SERVICE) -- C:\WINDOWS\system32\slee81.exe ()
SRV - (IDriverT) -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (ose) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (MDM) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV - (ntcdrdrv) -- C:\WINDOWS\System32\DRIVERS\ntcdrdrv.sys File not found
DRV - (mvd20) -- File not found
DRV - (mdf15) -- File not found
DRV - (Lbd) -- C:\WINDOWS\System32\DRIVERS\Lbd.sys File not found
DRV - (pctplsg) -- C:\WINDOWS\system32\drivers\pctplsg.sys (PC Tools)
DRV - (pctgntdi) -- C:\WINDOWS\system32\drivers\pctgntdi.sys (PC Tools)
DRV - (TfSysMon) -- C:\WINDOWS\system32\drivers\TfSysMon.sys (PC Tools)
DRV - (TfFsMon) -- C:\WINDOWS\system32\drivers\TfFsMon.sys (PC Tools)
DRV - (TfNetMon) -- C:\WINDOWS\system32\drivers\TfNetMon.sys (PC Tools)
DRV - (PCTCore) -- C:\WINDOWS\system32\drivers\PCTCore.sys (PC Tools)
DRV - (ctxusbm) -- C:\WINDOWS\system32\drivers\ctxusbm.sys (Citrix Systems, Inc.)
DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Programme\Avira\AntiVir PersonalEdition Classic\avgntflt.sys (Avira GmbH)
DRV - (avgio) -- C:\Programme\Avira\AntiVir PersonalEdition Classic\avgio.sys (Avira GmbH)
DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (AVIRA GmbH)
DRV - (nm) -- C:\WINDOWS\system32\drivers\nmnt.sys (Microsoft Corporation)
DRV - (amdagp) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys (Advanced Micro Devices, Inc.)
DRV - (sisagp) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys (Silicon Integrated Systems Corporation)
DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\Hdaudbus.sys (Windows (R) Server 2003 DDK provider)
DRV - (NPF) -- C:\WINDOWS\system32\drivers\npf.sys (CACE Technologies)
DRV - (SNP325) USB PC Camera (SNPSTD325) -- C:\WINDOWS\system32\drivers\snp325.sys (Sonix Co. Ltd.)
DRV - (hwdatacard) -- C:\WINDOWS\system32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV - (nmwcd) -- C:\WINDOWS\system32\drivers\nmwcd.sys (Nokia)
DRV - (nmwcdcm) -- C:\WINDOWS\system32\drivers\nmwcdcm.sys (Nokia)
DRV - (nmwcdcj) -- C:\WINDOWS\system32\drivers\nmwcdcj.sys (Nokia)
DRV - (nmwcdc) -- C:\WINDOWS\system32\drivers\nmwcdc.sys (Nokia)
DRV - (eeCtrl) -- C:\Programme\Gemeinsame Dateien\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)
DRV - (w200bus) Sony Ericsson W200 driver (WDM) -- C:\WINDOWS\system32\drivers\w200bus.sys (MCCI)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys (Realtek Semiconductor Corp.)
DRV - (NTIDrvr) -- C:\WINDOWS\system32\drivers\NTIDrvr.sys (NewTech Infosystems, Inc.)
DRV - (w39n51) Intel(R) -- C:\WINDOWS\system32\drivers\w39n51.sys (Intel® Corporation)
DRV - (ESDCR) -- C:\WINDOWS\system32\drivers\ESD7SK.sys (ENE Technology Inc.)
DRV - (ESMCR) -- C:\WINDOWS\system32\drivers\ESM7SK.sys (ENE Technology Inc.)
DRV - (EMSCR) -- C:\WINDOWS\system32\drivers\EMS7SK.sys (ENE Technology Inc.)
DRV - (BCM43XX) -- C:\WINDOWS\system32\drivers\BCMWL5.SYS (Broadcom Corporation)
DRV - (SMCIRDA) -- C:\WINDOWS\system32\drivers\smcirda.sys (SMSC)
DRV - (bcm4sbxp) -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys (Broadcom Corporation)
DRV - (HSFHWAZL) -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys (Conexant Systems, Inc.)
DRV - (HSF_DPV) -- C:\WINDOWS\system32\drivers\HSF_DPV.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)
DRV - (OsaFsLoc) -- C:\WINDOWS\system32\drivers\OsaFsLoc.sys (OSA Technologies)
DRV - (NdisFilt) -- C:\WINDOWS\system32\drivers\NdisFilt.sys (OSA Technologies)
DRV - (SynTP) -- C:\WINDOWS\system32\drivers\SynTP.sys (Synaptics, Inc.)
DRV - (osaio) -- C:\WINDOWS\system32\drivers\osaio.sys (OSA Technologies, An Avocent Company)
DRV - (SLEE_81_DRIVER) -- C:\WINDOWS\system32\drivers\slee81.sys ()
DRV - (NETMNT) -- C:\WINDOWS\system32\drivers\NETMNT.sys ()
DRV - (G3GRUMDM) -- C:\WINDOWS\system32\drivers\g3grumdm.sys (Option N.V.)
DRV - (G3GRUSER) -- C:\WINDOWS\system32\drivers\g3gruser.sys (Option N.V.)
DRV - (osanbm) -- C:\WINDOWS\system32\drivers\osanbm.sys (Windows (R) 2000 DDK provider)
DRV - (int15.sys) -- C:\Acer\Empowering Technology\eRecovery\int15.sys ()
DRV - (UBHelper) -- C:\WINDOWS\System32\drivers\UBHelper.sys ()
DRV - (DKbFltr) -- C:\WINDOWS\system32\drivers\DKbFltr.SYS (Dritek System Inc.)
DRV - (dac2w2k) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys (Mylex Corporation)
DRV - (ql1280) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys (QLogic Corporation)
DRV - (ql12160) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys (QLogic Corporation)
DRV - (ql1080) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys (QLogic Corporation)
DRV - (ultra) -- C:\WINDOWS\system32\DRIVERS\ultra.sys (Promise Technology, Inc.)
DRV - (symc8xx) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys (LSI Logic)
DRV - (sym_u3) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys (LSI Logic)
DRV - (sym_hi) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys (LSI Logic)
DRV - (asc) -- C:\WINDOWS\system32\DRIVERS\asc.sys (Advanced System Products, Inc.)
DRV - (Sparrow) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys (Adaptec, Inc.)
DRV - (mraid35x) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys (American Megatrends Inc.)
DRV - (symc810) -- C:\WINDOWS\system32\DRIVERS\symc810.sys (Symbios Logic Inc.)
DRV - (asc3550) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys (Advanced System Products, Inc.)
DRV - (CmdIde) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)
DRV - (AliIde) -- C:\WINDOWS\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (pfc) -- C:\WINDOWS\system32\drivers\pfc.sys (Padus, Inc.)
DRV - (Aspi32) -- C:\WINDOWS\System32\drivers\Aspi32.sys (Adaptec)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.google.at/ [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://news.bbc.co.uk/
IE - HKCU\..\URLSearchHook: {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Programme\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL (Ask.com)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Wikipedia (de)"
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.at"
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: chineseperakun@gmail.com:2.1.1
FF - prefs.js..extensions.enabledItems: {9AA46F4F-4DC7-4c06-97AF-5035170634FE}:3.3.5
FF - prefs.js..extensions.enabledItems: ppkun-hande@gmail.com:1.0
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198
FF - prefs.js..network.proxy.ftp: "143.23.1.122"
FF - prefs.js..network.proxy.ftp_port: 80
FF - prefs.js..network.proxy.gopher: "143.23.1.122"
FF - prefs.js..network.proxy.gopher_port: 80
FF - prefs.js..network.proxy.http: "143.23.1.122"
FF - prefs.js..network.proxy.http_port: 80
FF - prefs.js..network.proxy.socks: "143.23.1.122"
FF - prefs.js..network.proxy.socks_port: 80
FF - prefs.js..network.proxy.ssl: "143.23.1.122"
FF - prefs.js..network.proxy.ssl_port: 80

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Components: C:\Programme\Mozilla Firefox\components [2008.02.02 18:14:20 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2008.02.02 18:14:20 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.24\extensions\\Components: C:\Programme\Mozilla Thunderbird\components [2008.02.02 17:39:06 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.24\extensions\\Plugins: C:\Programme\Mozilla Thunderbird\plugins

[2009.03.24 18:10:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Mathias\Anwendungsdaten\Mozilla\Extensions
[2009.03.24 18:10:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Mathias\Anwendungsdaten\Mozilla\Extensions\mozswing@mozswing.org
[2008.02.02 18:14:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Mathias\Anwendungsdaten\Mozilla\Firefox\Profiles\sa1kvdc8.default\extensions
[2010.08.29 16:37:54 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\Mathias\Anwendungsdaten\Mozilla\Firefox\Profiles\sa1kvdc8.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.09.23 15:26:12 | 000,000,000 | ---D | M] (ImTranslator) -- C:\Dokumente und Einstellungen\Mathias\Anwendungsdaten\Mozilla\Firefox\Profiles\sa1kvdc8.default\extensions\{9AA46F4F-4DC7-4c06-97AF-5035170634FE}
[2010.09.23 15:26:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Mathias\Anwendungsdaten\Mozilla\Firefox\Profiles\sa1kvdc8.default\extensions\chineseperakun@gmail.com
[2010.05.29 15:51:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Mathias\Anwendungsdaten\Mozilla\Firefox\Profiles\sa1kvdc8.default\extensions\ppkun-hande@gmail.com
[2008.02.02 18:14:20 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions
[2010.08.12 15:28:48 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Programme\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2008.09.09 19:59:34 | 000,024,683 | ---- | M] (Ask.com) -- C:\Programme\Mozilla Firefox\plugins\NPAskSBr.dll
[2009.09.12 23:05:42 | 000,124,240 | ---- | M] (Citrix Systems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\CCMSDK.dll
[2009.09.12 23:08:36 | 000,406,864 | ---- | M] () -- C:\Programme\Mozilla Firefox\plugins\npicaN.dll
[2009.09.12 23:06:28 | 000,022,360 | ---- | M] (Citrix Systems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\ctxlogging.dll
[2009.09.12 23:06:32 | 000,091,480 | ---- | M] (Citrix Systems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\confmgr.dll
[2009.09.12 23:06:24 | 000,023,896 | ---- | M] (Citrix Systems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\TcpPServ.dll
[2009.09.12 23:06:22 | 000,070,488 | ---- | M] (Citrix Systems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\CgpCore.dll
[2010.08.30 12:02:22 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.08.30 12:02:22 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.08.30 12:02:22 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.08.30 12:02:22 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.08.30 12:02:24 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml

O1 HOSTS File: ([2004.08.04 05:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Ask Search Assistant BHO) - {0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Programme\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL (Ask.com)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Lexmark Symbolleiste) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Programme\Lexmark Toolbar\toolband.dll ()
O2 - BHO: (PC Tools Browser Guard BHO) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Programme\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Programme\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll (Google Inc.)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O2 - BHO: (Ask Toolbar BHO) - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Programme\AskSBar\bar\1.bin\ASKSBAR.DLL (Ask.com)
O3 - HKLM\..\Toolbar: (Lexmark Symbolleiste) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Programme\Lexmark Toolbar\toolband.dll ()
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Programme\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll (HiTRUST)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Programme\AskSBar\bar\1.bin\ASKSBAR.DLL (Ask.com)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Lexmark Symbolleiste) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Programme\Lexmark Toolbar\toolband.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Programme\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA} - C:\Programme\AskSBar\bar\1.bin\ASKSBAR.DLL (Ask.com)
O4 - HKLM..\Run: [ADMTray.exe] C:\Acer\Empowering Technology\admtray.exe (Avocent Inc.)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir PersonalEdition Classic\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [ConnectionCenter] C:\Programme\Citrix\ICA Client\concentr.exe (Citrix Systems, Inc.)
O4 - HKLM..\Run: [DOT1xSUPP] C:\Programme\DigitalChina\DigitalChinaSupplicant\DigitalChinaSupplicant.exe File not found
O4 - HKLM..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe (HiTRUST)
O4 - HKLM..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe (Acer Incorporated)
O4 - HKLM..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\Monitor.exe (acer Inc.)
O4 - HKLM..\Run: [FixCamera] C:\WINDOWS\FixCamera.exe ()
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [ISTray] C:\Programme\Spyware Doctor\pctsTray.exe (PC Tools)
O4 - HKLM..\Run: [LManager] C:\Programme\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()
O4 - HKLM..\Run: [ntiMUI] C:\Programme\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe ()
O4 - HKLM..\Run: [OM2_Monitor] C:\Programme\OLYMPUS\OLYMPUS Master 2\FirstStart.exe (OLYMPUS IMAGING CORP.)
O4 - HKLM..\Run: [PCMService] C:\Programme\Acer\Acer Arcade\PCMService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [snp325] C:\WINDOWS\vsnp325.exe ()
O4 - HKLM..\Run: [tsnp325] C:\WINDOWS\tsnp325.exe ()
O4 - HKCU..\Run: [OM2_Monitor] C:\Programme\OLYMPUS\OLYMPUS Master 2\MMonitor.exe (OLYMPUS IMAGING CORP.)
O4 - HKCU..\Run: [QuickNote] C:\Programme\AN QuickNote\QuickNote.exe ()
O4 - HKCU..\Run: [swg] C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Adobe Gamma Loader.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Adobe Reader Speed Launch.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Dokumente und Einstellungen\Mathias\Startmenü\Programme\Autostart\Registration DIE SIEDLER - Das Erbe der Könige.LNK = C:\Programme\Ubisoft\Blue Byte\DIE SIEDLER - Das Erbe der Könige\support\Register\RegistrationReminder.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Google Sidewiki... - C:\Programme\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll (Google Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Programme\Gemeinsame Dateien\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Programme\Gemeinsame Dateien\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Programme\Gemeinsame Dateien\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\Programme\Gemeinsame Dateien\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} hxxp://www.kaspersky.com/kos/german/partner/de/kavwebscan_unicode.cab (CKAVWebScan Object)
O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} hxxp://pub.plan.at/mgaxctrlde.cab (Autodesk MapGuide ActiveX Control)
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} hxxp://www.studivz.net/photouploader/ImageUploader4.cab (Image Uploader Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_03-windows-i586.cab (Java Plug-in 1.5.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.06.27 23:44:24 | 000,000,150 | ---- | M] () - C:\AUTOEXEC.BAT -- [ FAT32 ]
O33 - MountPoints2\{2df4c84a-6b15-11df-9a5a-0016d44d50cd}\Shell\AutoRun\command - "" = F:\SamsungSoftware\APPInst.exe -- File not found
O33 - MountPoints2\{3a761f44-24da-11dc-8d1f-0016d44d50cd}\Shell - "" = AutoRun
O33 - MountPoints2\{3a761f44-24da-11dc-8d1f-0016d44d50cd}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{3a761f44-24da-11dc-8d1f-0016d44d50cd}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found
O33 - MountPoints2\{434bfe80-095b-11dc-8ce5-0016d44d50cd}\Shell - "" = AutoRun
O33 - MountPoints2\{434bfe80-095b-11dc-8ce5-0016d44d50cd}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{434bfe80-095b-11dc-8ce5-0016d44d50cd}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found
O33 - MountPoints2\{434bfe82-095b-11dc-8ce5-0016d44d50cd}\Shell - "" = AutoRun
O33 - MountPoints2\{434bfe82-095b-11dc-8ce5-0016d44d50cd}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{434bfe82-095b-11dc-8ce5-0016d44d50cd}\Shell\AutoRun\command - "" = C:\WINDOWS\explorer.exe -- [2008.04.14 04:22:46 | 001,036,800 | ---- | M] (Microsoft Corporation)
O33 - MountPoints2\{51ce2300-15b5-11dc-8d03-0016d44d50cd}\Shell - "" = AutoRun
O33 - MountPoints2\{51ce2300-15b5-11dc-8d03-0016d44d50cd}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{51ce2300-15b5-11dc-8d03-0016d44d50cd}\Shell\AutoRun\command - "" = F:\.\Autorun.exe -- File not found
O33 - MountPoints2\{ce749c4a-0a0c-11dc-8ce9-0016d44d50cd}\Shell - "" = AutoRun
O33 - MountPoints2\{ce749c4a-0a0c-11dc-8ce9-0016d44d50cd}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{ce749c4a-0a0c-11dc-8ce9-0016d44d50cd}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found
O33 - MountPoints2\{ce749c4b-0a0c-11dc-8ce9-0016d44d50cd}\Shell - "" = AutoRun
O33 - MountPoints2\{ce749c4b-0a0c-11dc-8ce9-0016d44d50cd}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{ce749c4b-0a0c-11dc-8ce9-0016d44d50cd}\Shell\AutoRun\command - "" = F:\.\Autorun.exe -- File not found
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\.\Autorun.exe -- File not found
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\SamsungSoftware\APPInst.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010.09.25 15:50:06 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Mathias\Desktop\OTL.exe
[2010.09.24 22:23:05 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Mathias\Anwendungsdaten\Malwarebytes
[2010.09.24 20:52:52 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2010.09.24 19:55:40 | 000,000,000 | ---D | C] -- C:\spoolerlogs
[2010.09.24 19:33:53 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Mathias\Anwendungsdaten\GlarySoft
[2010.09.24 19:25:30 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Mathias\Lokale Einstellungen\Anwendungsdaten\Threat Expert
[2010.09.24 13:37:39 | 000,059,664 | --S- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\TfSysMon.sys
[2010.09.24 13:37:39 | 000,051,984 | --S- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\TfFsMon.sys
[2010.09.24 13:37:39 | 000,033,552 | --S- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\TfNetMon.sys
[2010.09.24 13:04:22 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Mathias\Desktop\bill
[2010.09.24 11:27:07 | 000,149,456 | ---- | C] (PC Tools) -- C:\WINDOWS\SGDetectionTool.dll
[2010.09.24 11:27:06 | 001,652,688 | ---- | C] (Threat Expert Ltd.) -- C:\WINDOWS\PCTBDCore.dll
[2010.09.24 11:27:06 | 001,640,400 | ---- | C] (Threat Expert Ltd.) -- C:\WINDOWS\PCTBDCore.dll.old
[2010.09.24 11:27:06 | 000,165,840 | ---- | C] (Threat Expert Ltd.) -- C:\WINDOWS\PCTBDRes.dll
[2010.09.24 11:26:46 | 000,233,136 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctgntdi.sys
[2010.09.24 11:26:38 | 000,207,280 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTCore.sys
[2010.09.24 11:26:38 | 000,087,784 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTAppEvent.sys
[2010.09.24 11:26:29 | 000,070,408 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctplsg.sys
[2010.09.24 11:26:17 | 000,000,000 | ---D | C] -- C:\Programme\Spyware Doctor
[2010.09.24 11:26:17 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\PC Tools
[2010.09.24 11:26:17 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Mathias\Anwendungsdaten\PC Tools
[2010.09.24 11:26:17 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PC Tools
[2010.09.24 11:26:06 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP
[2010.09.24 11:05:23 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Kaspersky Lab
[2010.09.24 11:05:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Kaspersky Lab
[2010.09.24 09:57:09 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010.09.24 09:57:06 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010.09.24 09:25:32 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
[2010.09.24 09:25:31 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2009.07.10 20:35:39 | 000,057,344 | ---- | C] ( ) -- C:\WINDOWS\System32\vsnpx32.dll
[2009.07.10 16:02:44 | 000,147,456 | ---- | C] ( ) -- C:\WINDOWS\System32\rsnp325.dll
[2009.07.10 16:02:44 | 000,057,344 | ---- | C] ( ) -- C:\WINDOWS\System32\vsnp325.dll
[2009.07.10 16:02:44 | 000,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\csnp325.dll
[8 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010.09.25 15:50:04 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Mathias\Desktop\OTL.exe
[2010.09.25 15:27:16 | 000,001,088 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010.09.25 15:27:08 | 000,001,084 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010.09.25 14:49:32 | 000,000,451 | ---- | M] () -- C:\WINDOWS\System32\eRLog.ini
[2010.09.25 14:47:36 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010.09.25 14:46:18 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010.09.25 14:46:10 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010.09.25 14:46:08 | 1063,374,848 | -HS- | M] () -- C:\hiberfil.sys
[2010.09.25 14:22:20 | 008,388,608 | -H-- | M] () -- C:\Dokumente und Einstellungen\Mathias\NTUSER.DAT
[2010.09.25 14:21:58 | 000,000,300 | -HS- | M] () -- C:\Dokumente und Einstellungen\Mathias\ntuser.ini
[2010.09.25 10:45:52 | 000,002,243 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Skype.lnk
[2010.09.24 20:52:58 | 000,000,984 | ---- | M] () -- C:\WINDOWS\win.ini
[2010.09.24 20:51:56 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010.09.24 14:29:24 | 000,666,470 | ---- | M] () -- C:\Dokumente und Einstellungen\Mathias\Desktop\campusmap.pdf
[2010.09.24 11:26:38 | 000,001,495 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Spyware Doctor.lnk
[2010.09.24 10:44:26 | 000,000,470 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010.09.23 16:07:52 | 000,088,924 | ---- | M] () -- C:\Dokumente und Einstellungen\Mathias\Eigene Dateien\Samsung.m3u
[2010.09.20 16:40:50 | 000,112,640 | ---- | M] () -- C:\Dokumente und Einstellungen\Mathias\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.08.31 10:55:42 | 000,379,240 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010.08.30 12:04:16 | 001,039,710 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010.08.30 12:04:16 | 000,464,744 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2010.08.30 12:04:16 | 000,446,040 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010.08.30 12:04:16 | 000,086,948 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2010.08.30 12:04:16 | 000,073,246 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[8 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010.09.24 22:48:32 | 1063,374,848 | -HS- | C] () -- C:\hiberfil.sys
[2010.09.24 14:29:23 | 000,666,470 | ---- | C] () -- C:\Dokumente und Einstellungen\Mathias\Desktop\campusmap.pdf
[2010.09.24 11:27:07 | 000,767,952 | ---- | C] () -- C:\WINDOWS\BDTSupport.dll.old
[2010.09.24 11:27:07 | 000,767,952 | ---- | C] () -- C:\WINDOWS\BDTSupport.dll
[2010.09.24 11:27:07 | 000,000,882 | ---- | C] () -- C:\WINDOWS\RegSDImport.xml
[2010.09.24 11:27:07 | 000,000,879 | ---- | C] () -- C:\WINDOWS\RegISSImport.xml
[2010.09.24 11:27:07 | 000,000,131 | ---- | C] () -- C:\WINDOWS\IDB.zip
[2010.09.24 11:27:06 | 001,152,444 | ---- | C] () -- C:\WINDOWS\UDB.zip
[2010.09.24 11:26:46 | 000,007,387 | ---- | C] () -- C:\WINDOWS\System32\drivers\pctgntdi.cat
[2010.09.24 11:26:38 | 000,007,412 | ---- | C] () -- C:\WINDOWS\System32\drivers\PCTAppEvent.cat
[2010.09.24 11:26:38 | 000,007,383 | ---- | C] () -- C:\WINDOWS\System32\drivers\pctcore.cat
[2010.09.24 11:26:36 | 000,001,495 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Spyware Doctor.lnk
[2010.09.24 11:26:29 | 000,007,383 | ---- | C] () -- C:\WINDOWS\System32\drivers\pctplsg.cat
[2010.03.22 13:30:25 | 000,484,352 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2009.07.10 16:02:46 | 000,015,498 | ---- | C] () -- C:\WINDOWS\snp325.ini
[2009.03.10 22:04:01 | 000,589,312 | ---- | C] () -- C:\WINDOWS\System32\idapi32.dll
[2008.08.26 21:08:20 | 000,000,071 | ---- | C] () -- C:\WINDOWS\pex.INI
[2008.03.21 15:42:06 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\sysprs7.dll
[2008.03.21 15:42:06 | 000,000,205 | ---- | C] () -- C:\WINDOWS\System32\lsprst7.dll
[2008.03.21 15:39:11 | 000,001,024 | ---- | C] () -- C:\WINDOWS\System32\clauth2.dll
[2008.03.21 15:39:11 | 000,001,024 | ---- | C] () -- C:\WINDOWS\System32\clauth1.dll
[2008.03.21 15:39:11 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\ssprs.dll
[2008.03.21 15:39:11 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\serauth2.dll
[2008.03.21 15:39:11 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\serauth1.dll
[2008.03.21 15:39:11 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\nsprs.dll
[2008.02.13 22:30:29 | 000,000,025 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2008.01.08 12:34:18 | 000,000,305 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\addr_file.html
[2007.11.20 19:34:33 | 000,000,112 | ---- | C] () -- C:\WINDOWS\ActiveSkin.INI
[2007.11.06 22:19:28 | 000,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll
[2007.10.29 13:20:10 | 001,936,528 | ---- | C] () -- C:\WINDOWS\System32\ltmm15.dll
[2007.10.10 20:32:34 | 000,000,036 | ---- | C] () -- C:\WINDOWS\webica.ini
[2007.09.19 17:58:39 | 000,299,008 | ---- | C] () -- C:\WINDOWS\System32\LAME_MP3.dll
[2007.06.30 15:21:55 | 000,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll
[2007.06.30 15:21:54 | 000,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll
[2007.06.30 15:21:54 | 000,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll
[2007.02.12 23:01:08 | 000,000,113 | ---- | C] () -- C:\WINDOWS\bkg.ini
[2007.02.07 19:42:00 | 000,000,147 | ---- | C] () -- C:\WINDOWS\Ulead32.ini
[2006.12.15 21:57:41 | 000,000,119 | ---- | C] () -- C:\WINDOWS\ChssBase.ini
[2006.12.05 19:28:40 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2006.12.05 19:26:47 | 000,000,140 | ---- | C] () -- C:\Dokumente und Einstellungen\Mathias\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat
[2006.12.05 18:03:12 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\LXPRMON.DLL
[2006.12.05 18:03:12 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\LXPMONUI.DLL
[2006.12.05 17:36:55 | 000,010,133 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2006.12.05 17:28:30 | 000,000,192 | ---- | C] () -- C:\WINDOWS\winamp.ini
[2006.12.05 17:08:26 | 000,112,640 | ---- | C] () -- C:\Dokumente und Einstellungen\Mathias\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006.12.05 17:02:11 | 000,000,508 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006.12.05 13:50:54 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\NwtGatewayDLL.dll
[2006.12.05 13:50:54 | 000,000,255 | ---- | C] () -- C:\WINDOWS\System32\NwtGatewayConfig.ini
[2006.12.05 13:50:54 | 000,000,255 | ---- | C] () -- C:\WINDOWS\NwtGatewayConfig.ini
[2006.12.05 13:37:33 | 000,000,451 | ---- | C] () -- C:\WINDOWS\System32\eRLog.ini
[2006.09.21 22:45:37 | 000,000,084 | ---- | C] () -- C:\WINDOWS\EMEAPAGE.INI
[2006.06.27 23:45:08 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIBUN4.dll
[2006.06.27 23:44:08 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIMPEG2.dll
[2006.06.27 23:44:08 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIMP3.dll
[2006.06.27 23:44:08 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIFCD3.dll
[2006.06.27 23:44:08 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTICDMK7.dll
[2006.04.01 12:24:50 | 000,000,081 | ---- | C] () -- C:\WINDOWS\ALaunch.ini
[2005.12.27 15:50:26 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\APISlice.dll
[2005.12.27 15:50:26 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\SC_res.dll
[2005.12.27 15:50:26 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\EN_res.dll
[2005.12.27 15:50:26 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\TC_res.dll
[2005.12.27 15:50:26 | 000,010,752 | ---- | C] () -- C:\WINDOWS\System32\MSNChatHook.dll
[2005.12.14 20:59:52 | 000,000,038 | ---- | C] () -- C:\WINDOWS\Acer.ini
[2005.11.29 13:12:38 | 000,037,706 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2005.05.13 09:59:48 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\slee81.sys
[2005.05.02 12:13:42 | 000,009,600 | ---- | C] () -- C:\WINDOWS\System32\drivers\NETMNT.sys
[2005.02.17 09:30:30 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004.12.17 16:14:44 | 000,013,952 | ---- | C] () -- C:\WINDOWS\System32\drivers\UBHelper.sys
[2004.08.04 05:00:00 | 000,003,776 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004.06.06 12:53:42 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2004.06.05 12:56:16 | 000,679,936 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2004.02.13 13:49:44 | 000,356,352 | ---- | C] () -- C:\WINDOWS\EMCRI.dll
[2003.12.29 20:45:08 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\ServiceControl.dll
[2003.02.20 17:53:42 | 000,005,702 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002.10.15 23:54:04 | 000,153,088 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2001.12.26 15:12:30 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\multiplex_vcd.dll
[2001.09.03 22:46:38 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\Hmpg12.dll
[2001.07.30 15:33:56 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\HMPV2_ENC.dll
[2001.07.23 21:04:36 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\HMPV2_ENC_MMX.dll

========== LOP Check ==========

[2006.06.01 02:17:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Acer
[2006.12.12 21:31:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\BVRP Software
[2007.02.07 19:39:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Ulead Systems
[2007.12.27 14:09:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\GBelectronics
[2008.01.24 18:38:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Installations
[2008.01.24 18:40:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PC Suite
[2008.03.22 19:41:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\NtiDvdCopy
[2008.09.09 19:59:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Azureus
[2010.03.21 15:23:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Citrix
[2010.09.24 11:26:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP
[2006.06.01 02:17:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Mathias\Anwendungsdaten\Acer
[2006.12.05 17:34:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Mathias\Anwendungsdaten\CDZilla
[2006.12.12 21:36:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Mathias\Anwendungsdaten\Opera
[2006.12.15 21:54:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Mathias\Anwendungsdaten\ChessBase
[2007.01.29 13:09:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Mathias\Anwendungsdaten\InterVideo
[2007.02.03 16:29:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Mathias\Anwendungsdaten\AnoNet
[2007.02.07 19:54:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Mathias\Anwendungsdaten\Ulead Systems
[2007.10.10 20:31:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Mathias\Anwendungsdaten\ICAClient
[2007.10.29 13:18:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Mathias\Anwendungsdaten\GetRightToGo
[2008.01.24 18:39:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Mathias\Anwendungsdaten\PC Suite
[2008.01.24 18:40:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Mathias\Anwendungsdaten\Nokia
[2008.02.02 17:39:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Mathias\Anwendungsdaten\Thunderbird
[2008.02.02 18:05:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Mathias\Anwendungsdaten\QuickNote
[2008.02.13 21:41:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Mathias\Anwendungsdaten\UFOAI
[2008.02.20 19:39:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Mathias\Anwendungsdaten\XnView
[2008.05.14 17:29:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Mathias\Anwendungsdaten\aborange
[2008.09.09 19:59:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Mathias\Anwendungsdaten\Azureus
[2009.01.27 19:21:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Mathias\Anwendungsdaten\MSNInstaller
[2009.03.11 08:40:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Mathias\Anwendungsdaten\Python-Eggs
[2009.03.11 08:40:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Mathias\Anwendungsdaten\Open Source Applications Foundation
[2010.03.22 13:30:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Mathias\Anwendungsdaten\FreeAudioPack
[2010.06.13 14:19:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Mathias\Anwendungsdaten\ADDINSOFT
[2010.09.24 19:33:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Mathias\Anwendungsdaten\GlarySoft
[2010.09.24 10:44:26 | 000,000,470 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job [quote]

Logfile Nr. 2

"GridVista" = Acer GridVista
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"Instafinder" = Instafinder
"InstallShield_{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker
"InstallShield_{15B70821-7893-4607-805A-BB80F3EA8279}" = Acer Empowering Technology framework
"InstallShield_{385979FE-DC4F-4140-8EAD-A59625000D72}" = NTI Backup NOW! 4
"InstallShield_{6CA897D0-67F5-4F75-8261-DC8BFCA6DA42}" = Acer eLock Management
"InstallShield_{DEE08946-40F0-4890-853E-60A6C3306041}" = Acer ePerformance Management
"InstallShield_{E38BC648-883B-4EE5-966C-94C4B7AB3E0B}" = Acer eSettings Management
"Intelli HyperSpeed 2006 (v1.8)" = Intelli HyperSpeed 2006
"IrfanView" = IrfanView (remove only)
"Kaspersky Online Scanner" = Kaspersky Online Scanner
"Lame MP3 Codec (for the ACM)" = Lame ACM MP3 Codec
"LEd_is1" = LEd Beta 0.53
"Lexmark Fax Solutions" = Lexmark Fax-Lösungen
"LManager" = Launch Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"mmswitch" = Morgan Stream Switcher
"Mnemosyne_is1" = Mnemosyne 1.2.2
"Mozilla Firefox (3.6.10)" = Mozilla Firefox (3.6.10)
"Mozilla Thunderbird (2.0.0.24)" = Mozilla Thunderbird (2.0.0.24)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSNINST" = MSN
"NEFView" = NEFView
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"ODBC" = ODBC
"PC Wizard 2008_is1" = PC Wizard 2008.1.82
"Replay Media Catcher2.10" = Replay Media Catcher
"Riva FLV Player_is1" = Riva FLV Player
"Spyware Doctor" = Spyware Doctor 7.0
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Uninstall_is1" = Uninstall 1.0.0.1
"VobSub" = VobSub v2.23 (Remove Only)
"Winamp" = Winamp
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinPcapInst" = WinPcap 4.0.2
"WinRAR archiver" = WinRAR Archivierer
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01005" = Microsoft User-Mode Driver Framework Feature Pack 1.5
"Xamba 2 Home" = Xamba 2 Home
"XnView_is1" = XnView 1.92.1
"Xpage Internet Studio 6 Special Edition" = Xpage Internet Studio 6 Special Edition
"XviD_is1" = XviD MPEG-4 Video Codec

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 24.09.2010 13:56:20 | Computer Name = ACER-917A74570E | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung spoolsv.exe, Version 5.1.2600.5512, fehlgeschlagenes
Modul ntdll.dll, Version 5.1.2600.5755, Fehleradresse 0x00002651.

Error - 24.09.2010 15:00:17 | Computer Name = ACER-917A74570E | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung ntimui.exe, Version 0.0.0.0, fehlgeschlagenes
Modul unknown, Version 0.0.0.0, Fehleradresse 0x00000000.

Error - 25.09.2010 00:16:31 | Computer Name = ACER-917A74570E | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung spoolsv.exe, Version 5.1.2600.6024, fehlgeschlagenes
Modul unknown, Version 0.0.0.0, Fehleradresse 0x001a633b.

Error - 25.09.2010 00:27:11 | Computer Name = ACER-917A74570E | Source = Google Update | ID = 20
Description =

Error - 25.09.2010 01:27:13 | Computer Name = ACER-917A74570E | Source = Google Update | ID = 20
Description =

Error - 25.09.2010 08:06:19 | Computer Name = ACER-917A74570E | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung spoolsv.exe, Version 5.1.2600.6024, fehlgeschlagenes
Modul ntdll.dll, Version 5.1.2600.5755, Fehleradresse 0x00002651.

[ System Events ]
Error - 25.09.2010 00:10:11 | Computer Name = ACER-917A74570E | Source = Service Control Manager | ID = 7009
Description = Zeitüberschreitung (30000 ms) beim Verbindungsversuch mit Dienst AdminWorks
Agent X6.

Error - 25.09.2010 00:10:42 | Computer Name = ACER-917A74570E | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
Lbd

Error - 25.09.2010 00:17:21 | Computer Name = ACER-917A74570E | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Druckwarteschlange" wurde unerwartet beendet. Dies ist
bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden
durchgeführt: Starten Sie den Dienst neu..

Error - 25.09.2010 03:24:43 | Computer Name = ACER-917A74570E | Source = NETLOGON | ID = 3095
Description = Dieser Computer ist als Mitglied einer Arbeitsgruppe konfiguriert,
nicht als Mitglied einer Domäne. Der Anmeldedienst braucht bei dieser Konfiguration
nicht gestartet zu sein.

Error - 25.09.2010 03:25:30 | Computer Name = ACER-917A74570E | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
Lbd

Error - 25.09.2010 08:01:26 | Computer Name = ACER-917A74570E | Source = NETLOGON | ID = 3095
Description = Dieser Computer ist als Mitglied einer Arbeitsgruppe konfiguriert,
nicht als Mitglied einer Domäne. Der Anmeldedienst braucht bei dieser Konfiguration
nicht gestartet zu sein.

Error - 25.09.2010 08:02:26 | Computer Name = ACER-917A74570E | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
Lbd

Error - 25.09.2010 08:07:30 | Computer Name = ACER-917A74570E | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Druckwarteschlange" wurde unerwartet beendet. Dies ist
bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden
durchgeführt: Starten Sie den Dienst neu..

Error - 25.09.2010 08:46:32 | Computer Name = ACER-917A74570E | Source = NETLOGON | ID = 3095
Description = Dieser Computer ist als Mitglied einer Arbeitsgruppe konfiguriert,
nicht als Mitglied einer Domäne. Der Anmeldedienst braucht bei dieser Konfiguration
nicht gestartet zu sein.

Error - 25.09.2010 08:47:27 | Computer Name = ACER-917A74570E | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
Lbd

cosinus · 26.09.2010, 11:55

Hallo und

Die Schädlingsnamen allein reichen nicht! Poste bitte das Log von AntiVir!

Bitte routinemäßig auch einen Vollscan mit Malwarebytes machen und Log posten, poste alle älteren Logs falls Du Malwarebytes schon in der Vergangenheit ausgeführt hast.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

mojoo · 26.09.2010, 16:55

Hallo Cosinus

Vielen Dank für deine rasche Antwort. Ich habe heute auch noch einen Suchlauf mit Kaspersky Antivirus durchgeführt und konnte dabei einige der Trojaner beseitigen (Seitdem läuft das System wieder normal, daher keine Fehlermeldungen beim Start von Windows, keine Spamseiten mehr nach Google suchen und es läuft auch wieder schneller). Nach diesem Durchlauf, konnte ich auch Malwarebytes starten, was ich vorher nicht konnte. Habe nun mit Malwarebytes gescannt und dabei noch eine Bedrohung gefunden.
Handelt es sich hierbei um eine Bedrohung, die Kaspersky "übersehen" hat, oder hat Malwarebytes etwas entdeckt das gar keine reale Bedrohung ist - Jedenfalls lies es sich problemlos mit Malwarebytes entfernen.
Wie soll ich dabei weiter vorgehen? Ist mein System jetzt sauber?
Anbei die Logfiles von Malwarebyte und Kaspersky Antivirus. (Antivir wurde von Kaspersky abgeschaltet.)

vielen Dank
Mojoo

Kaspersky log:

Zitat:

Desinfiziert (3)
26.09.2010 11:54:31 Desinfiziert Virus MEM:Rootkit.Win32.TDSS.d System Memory Hoch
26.09.2010 12:00:53 Desinfiziert Virus Virus.Win32.TDSS.b C:\WINDOWS\SYSTEM32\DRIVERS\QL1280.SYS Hoch
26.09.2010 14:05:57 Desinfiziert trojanisches Programm Trojan-Downloader.Java.Agent.gr c:\dokumente und einstellungen\Name\lokale einstellungen\temp\jar_cache2335034910622998846.tmp Hoch
Gelöscht (6)
26.09.2010 14:05:57 Gelöscht Virus Rootkit.Win32.TDSS.ufl c:\windows\temp\c3s7e317e.sys Hoch
26.09.2010 14:05:57 Gelöscht trojanisches Programm Trojan-Downloader.Java.Agent.gr c:\dokumente und einstellungen\Name\lokale einstellungen\temp\jar_cache2335034910622998846.tmp/dev/s/AdgredY.class Hoch
26.09.2010 14:05:56 Gelöscht trojanisches Programm Trojan-Downloader.Java.Agent.gs c:\dokumente und einstellungen\Name\lokale einstellungen\temp\jar_cache2335034910622998846.tmp/dev/s/DyesyasZ.class Hoch
26.09.2010 14:05:56 Gelöscht trojanisches Programm Trojan-Downloader.Java.Agent.gt c:\dokumente und einstellungen\Name\lokale einstellungen\temp\jar_cache2335034910622998846.tmp/dev/s/LoaderX.class Hoch
26.09.2010 14:16:13 Gelöscht Adware not-a-virus:AdWare.Win32.TopSearch.a c:\programme\instafinder\instafinder.exe Mittel
26.09.2010 14:16:48 Gelöscht Adware not-a-virus:AdWare.Win32.TopSearch.b c:\programme\instafinder\instafinder.dll Mittel
Unter Quarantäne (2)
26.09.2010 14:06:39 Unter Quarantäne Virus HEUR:Trojan.Win32.Generic c:\dokumente und einstellungen\Name\lokale einstellungen\temp\pdfupd.exe Hoch
26.09.2010 14:07:18 Unter Quarantäne Virus HEUR:Trojan.Win32.Generic c:\dokumente und einstellungen\Name\lokale einstellungen\temp\0.9909531833686549.exe Hoch

Malwarebytes log:

Zitat:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4698

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

26.09.2010 16:58:31
mbam-log-2010-09-26 (16-58-31).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|F:\|)
Durchsuchte Objekte: 246951
Laufzeit: 1 Stunde(n), 51 Minute(n), 47 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 1
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_LOCAL_MACHINE\SOFTWARE\Baidu (Trojan.Cinmus) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

cosinus · 26.09.2010, 18:20

Hast Du noch das Log von AntiVir?

mojoo · 26.09.2010, 18:52

Nein leider nicht, hab das nicht abgespeichert.

cosinus · 26.09.2010, 19:53

Beende alle Programme, starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:

ATTFilter

:OTL
DRV - (ntcdrdrv) -- C:\WINDOWS\System32\DRIVERS\ntcdrdrv.sys File not found
DRV - (mvd20) -- File not found
DRV - (mdf15) -- File not found
FF - prefs.js..network.proxy.ftp: "143.23.1.122"
FF - prefs.js..network.proxy.ftp_port: 80
FF - prefs.js..network.proxy.gopher: "143.23.1.122"
FF - prefs.js..network.proxy.gopher_port: 80
FF - prefs.js..network.proxy.http: "143.23.1.122"
FF - prefs.js..network.proxy.http_port: 80
FF - prefs.js..network.proxy.socks: "143.23.1.122"
FF - prefs.js..network.proxy.socks_port: 80
FF - prefs.js..network.proxy.ssl: "143.23.1.122"
FF - prefs.js..network.proxy.ssl_port: 80
O33 - MountPoints2\{2df4c84a-6b15-11df-9a5a-0016d44d50cd}\Shell\AutoRun\command - "" = F:\SamsungSoftware\APPInst.exe -- File not found
O33 - MountPoints2\{3a761f44-24da-11dc-8d1f-0016d44d50cd}\Shell - "" = AutoRun
O33 - MountPoints2\{3a761f44-24da-11dc-8d1f-0016d44d50cd}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{3a761f44-24da-11dc-8d1f-0016d44d50cd}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found
O33 - MountPoints2\{434bfe80-095b-11dc-8ce5-0016d44d50cd}\Shell - "" = AutoRun
O33 - MountPoints2\{434bfe80-095b-11dc-8ce5-0016d44d50cd}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{434bfe80-095b-11dc-8ce5-0016d44d50cd}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found
O33 - MountPoints2\{434bfe82-095b-11dc-8ce5-0016d44d50cd}\Shell - "" = AutoRun
O33 - MountPoints2\{434bfe82-095b-11dc-8ce5-0016d44d50cd}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{434bfe82-095b-11dc-8ce5-0016d44d50cd}\Shell\AutoRun\command - "" = C:\WINDOWS\explorer.exe -- [2008.04.14 04:22:46 | 001,036,800 | ---- | M] (Microsoft Corporation)
O33 - MountPoints2\{51ce2300-15b5-11dc-8d03-0016d44d50cd}\Shell - "" = AutoRun
O33 - MountPoints2\{51ce2300-15b5-11dc-8d03-0016d44d50cd}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{51ce2300-15b5-11dc-8d03-0016d44d50cd}\Shell\AutoRun\command - "" = F:\.\Autorun.exe -- File not found
O33 - MountPoints2\{ce749c4a-0a0c-11dc-8ce9-0016d44d50cd}\Shell - "" = AutoRun
O33 - MountPoints2\{ce749c4a-0a0c-11dc-8ce9-0016d44d50cd}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{ce749c4a-0a0c-11dc-8ce9-0016d44d50cd}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found
O33 - MountPoints2\{ce749c4b-0a0c-11dc-8ce9-0016d44d50cd}\Shell - "" = AutoRun
O33 - MountPoints2\{ce749c4b-0a0c-11dc-8ce9-0016d44d50cd}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{ce749c4b-0a0c-11dc-8ce9-0016d44d50cd}\Shell\AutoRun\command - "" = F:\.\Autorun.exe -- File not found
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\.\Autorun.exe -- File not found
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\SamsungSoftware\APPInst.exe -- File not found
:Commands
[purity]
[resethosts]
[emptytemp]

Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

mojoo · 26.09.2010, 20:29

Hab ich gemacht, der Computer hat anschließend neu gebootet. Dabei ist eine Fehlermeldung gekommen, dass er eine setup.exe Datei nicht findet. Nach drücken von ok hat der Computer aber normal gestartet. (Ich weiß nicht ob das wichtig ist, daher schreib ich es lieber mit dazu.)
Nachtrag: Bei einem zweiten Neustart - wollte mir den genauen Pfad der Fehlermeldung aufschreiben - kam diese nicht mehr.
Nachtrag II: Weiß wiederum nicht ob das wichtig ist, aber die Zeiteinstellung auf meinem Computer hat sich geändert und zwar wurde von Londoner Zeit wieder zurück auf Mitteleuropäische Zeit gestellt.

Zitat:

All processes killed
========== OTL ==========
Service ntcdrdrv stopped successfully!
Service ntcdrdrv deleted successfully!
File C:\WINDOWS\System32\DRIVERS\ntcdrdrv.sys File not found not found.
Error: Unable to stop service mvd20!
Service\Driver key mvd20 not found.
File File not found not found.
Error: Unable to stop service mdf15!
Service\Driver key mdf15 not found.
File File not found not found.
Prefs.js: "143.23.1.122" removed from network.proxy.ftp
Prefs.js: 80 removed from network.proxy.ftp_port
Prefs.js: "143.23.1.122" removed from network.proxy.gopher
Prefs.js: 80 removed from network.proxy.gopher_port
Prefs.js: "143.23.1.122" removed from network.proxy.http
Prefs.js: 80 removed from network.proxy.http_port
Prefs.js: "143.23.1.122" removed from network.proxy.socks
Prefs.js: 80 removed from network.proxy.socks_port
Prefs.js: "143.23.1.122" removed from network.proxy.ssl
Prefs.js: 80 removed from network.proxy.ssl_port
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2df4c84a-6b15-11df-9a5a-0016d44d50cd}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2df4c84a-6b15-11df-9a5a-0016d44d50cd}\ not found.
F:\SamsungSoftware\AppInst.exe moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3a761f44-24da-11dc-8d1f-0016d44d50cd}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3a761f44-24da-11dc-8d1f-0016d44d50cd}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3a761f44-24da-11dc-8d1f-0016d44d50cd}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3a761f44-24da-11dc-8d1f-0016d44d50cd}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3a761f44-24da-11dc-8d1f-0016d44d50cd}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3a761f44-24da-11dc-8d1f-0016d44d50cd}\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{434bfe80-095b-11dc-8ce5-0016d44d50cd}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{434bfe80-095b-11dc-8ce5-0016d44d50cd}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{434bfe80-095b-11dc-8ce5-0016d44d50cd}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{434bfe80-095b-11dc-8ce5-0016d44d50cd}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{434bfe80-095b-11dc-8ce5-0016d44d50cd}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{434bfe80-095b-11dc-8ce5-0016d44d50cd}\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{434bfe82-095b-11dc-8ce5-0016d44d50cd}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{434bfe82-095b-11dc-8ce5-0016d44d50cd}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{434bfe82-095b-11dc-8ce5-0016d44d50cd}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{434bfe82-095b-11dc-8ce5-0016d44d50cd}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{434bfe82-095b-11dc-8ce5-0016d44d50cd}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{434bfe82-095b-11dc-8ce5-0016d44d50cd}\ not found.
Item C:\WINDOWS\explorer.exe is whitelisted and cannot be moved.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{51ce2300-15b5-11dc-8d03-0016d44d50cd}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{51ce2300-15b5-11dc-8d03-0016d44d50cd}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{51ce2300-15b5-11dc-8d03-0016d44d50cd}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{51ce2300-15b5-11dc-8d03-0016d44d50cd}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{51ce2300-15b5-11dc-8d03-0016d44d50cd}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{51ce2300-15b5-11dc-8d03-0016d44d50cd}\ not found.
File F:\.\Autorun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ce749c4a-0a0c-11dc-8ce9-0016d44d50cd}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ce749c4a-0a0c-11dc-8ce9-0016d44d50cd}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ce749c4a-0a0c-11dc-8ce9-0016d44d50cd}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ce749c4a-0a0c-11dc-8ce9-0016d44d50cd}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ce749c4a-0a0c-11dc-8ce9-0016d44d50cd}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ce749c4a-0a0c-11dc-8ce9-0016d44d50cd}\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ce749c4b-0a0c-11dc-8ce9-0016d44d50cd}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ce749c4b-0a0c-11dc-8ce9-0016d44d50cd}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ce749c4b-0a0c-11dc-8ce9-0016d44d50cd}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ce749c4b-0a0c-11dc-8ce9-0016d44d50cd}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ce749c4b-0a0c-11dc-8ce9-0016d44d50cd}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ce749c4b-0a0c-11dc-8ce9-0016d44d50cd}\ not found.
File F:\.\Autorun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\ not found.
File F:\.\Autorun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\G\ deleted successfully.
File G:\SamsungSoftware\APPInst.exe not found.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: Default User
->Temp folder emptied: 500224 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: All Users

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 1794551 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 49554 bytes

User: Name
->Temp folder emptied: 118153637 bytes
->Temporary Internet Files folder emptied: 41352512 bytes
->Java cache emptied: 35709924 bytes
->FireFox cache emptied: 65980834 bytes
->Flash cache emptied: 2822003 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 19569 bytes
%systemroot%\System32 .tmp files removed: 3845120 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 190583160 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 440,00 mb

OTL by OldTimer - Version 3.2.14.1 log created on 09262010_200607

Files\Folders moved on Reboot...
C:\WINDOWS\temp\Perflib_Perfdata_868.dat moved successfully.
File\Folder C:\WINDOWS\temp\klsC240.tmp not found!

Registry entries deleted on Reboot...

cosinus · 27.09.2010, 11:20

Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix

Lade dir ComboFix hier herunter auf deinen Desktop. Benenne es beim Runterladen um in cofi.exe.

Dann folgende Anleitung durchlesen und abarbeiten -> CCleaner Systembereinigung

Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.

Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.

Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.

Wichtiger Hinweis:

Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

mojoo · 27.09.2010, 12:32

Hallo Cosinus

Vielen Dank für die rasche Hilfe. Anbei das logfile von cofix:

Combofix Logfile:

Code:

ATTFilter

ComboFix 10-09-26.04 - Mathias 27.09.2010  13:14:13.1.1 - FAT32x86
Microsoft Windows XP Home Edition  5.1.2600.3.1252.49.1031.18.1014.573 [GMT 2:00]
ausgeführt von:: c:\dokumente und einstellungen\Mathias\Desktop\cofix.exe
AV: Kaspersky Anti-Virus *On-access scanning disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
.

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\dokumente und einstellungen\Mathias\Eigene Dateien\cc_20100927_124910.reg
c:\programme\Instafinder
c:\programme\Instafinder\uninstall.exe

.
(((((((((((((((((((((((   Dateien erstellt von 2010-08-27 bis 2010-09-27  ))))))))))))))))))))))))))))))
.

2010-09-27 10:39 . 2010-09-27 10:39    --------    d-----w-    c:\programme\CCleaner
2010-09-27 09:08 . 2010-09-27 09:09    1037648    ----a-w-    c:\dokumente und einstellungen\All Users\Anwendungsdaten\Kaspersky Lab\AVP11\Data\Updater\Temporary Files\rollback\general\bases\sw2\klavasyswatch.dll
2010-09-27 09:07 . 2010-09-27 09:08    1049936    ----a-w-    c:\dokumente und einstellungen\All Users\Anwendungsdaten\Kaspersky Lab\AVP11\Data\Updater\Temporary Files\temporaryFolder\bases\sw2\klavasyswatch.dll
2010-09-26 18:06 . 2010-09-26 18:06    --------    d-----w-    C:\_OTL
2010-09-26 09:42 . 2010-09-26 09:42    288080    ----a-w-    c:\dokumente und einstellungen\All Users\Anwendungsdaten\Kaspersky Lab\AVP11\Data\Updater\Temporary Files\temporaryFolder\bases\av\kdb\i386\win\avengine.dll
2010-09-26 09:27 . 2010-09-26 09:27    97549    ----a-w-    c:\windows\system32\drivers\klick.dat
2010-09-26 09:27 . 2010-09-26 09:27    113933    ----a-w-    c:\windows\system32\drivers\klin.dat
2010-09-26 09:24 . 2010-09-26 09:24    --------    d-----w-    c:\programme\Kaspersky Lab
2010-09-26 09:15 . 2010-09-26 09:15    --------    d-----w-    c:\dokumente und einstellungen\All Users\Anwendungsdaten\Kaspersky Lab Setup Files
2010-09-24 20:23 . 2010-09-24 20:23    --------    d-----w-    c:\dokumente und einstellungen\Mathias\Anwendungsdaten\Malwarebytes
2010-09-24 18:48 . 2010-09-24 18:48    --------    d-----w-    c:\dokumente und einstellungen\LocalService\Startmenü
2010-09-24 17:55 . 2010-09-24 17:55    --------    d-----w-    C:\spoolerlogs
2010-09-24 17:33 . 2010-09-24 17:33    --------    d-----w-    c:\dokumente und einstellungen\Mathias\Anwendungsdaten\GlarySoft
2010-09-24 17:25 . 2010-09-24 17:25    --------    d-----w-    c:\dokumente und einstellungen\Mathias\Lokale Einstellungen\Anwendungsdaten\Threat Expert
2010-09-24 11:37 . 2010-02-02 08:13    59664    --s---w-    c:\windows\system32\drivers\TfSysMon.sys
2010-09-24 11:37 . 2010-02-02 08:13    51984    --s---w-    c:\windows\system32\drivers\TfFsMon.sys
2010-09-24 11:37 . 2010-02-02 08:13    33552    --s---w-    c:\windows\system32\drivers\TfNetMon.sys
2010-09-24 09:27 . 2010-01-21 23:21    149456    ----a-w-    c:\windows\SGDetectionTool.dll
2010-09-24 09:27 . 2010-01-21 23:21    767952    ----a-w-    c:\windows\BDTSupport.dll
2010-09-24 09:27 . 2008-11-26 10:08    131    ----a-w-    c:\windows\IDB.zip
2010-09-24 09:27 . 2010-01-21 23:21    165840    ----a-w-    c:\windows\PCTBDRes.dll
2010-09-24 09:27 . 2010-01-21 23:21    1652688    ----a-w-    c:\windows\PCTBDCore.dll
2010-09-24 09:27 . 2009-10-27 23:36    1152444    ----a-w-    c:\windows\UDB.zip
2010-09-24 09:26 . 2010-09-26 19:30    233136    ----a-w-    c:\windows\system32\drivers\pctgntdi.sys
2010-09-24 09:26 . 2010-09-26 10:47    87784    ----a-w-    c:\windows\system32\drivers\PCTAppEvent.sys
2010-09-24 09:26 . 2009-09-23 14:10    207280    ----a-w-    c:\windows\system32\drivers\PCTCore.sys
2010-09-24 09:26 . 2010-02-05 07:25    70408    ----a-w-    c:\windows\system32\drivers\pctplsg.sys
2010-09-24 09:26 . 2010-09-24 09:26    --------    d-----w-    c:\programme\Spyware Doctor
2010-09-24 09:26 . 2010-09-24 09:26    --------    d-----w-    c:\programme\Gemeinsame Dateien\PC Tools
2010-09-24 09:26 . 2010-09-24 09:26    --------    d-----w-    c:\dokumente und einstellungen\Mathias\Anwendungsdaten\PC Tools
2010-09-24 09:26 . 2010-09-24 09:26    --------    d-----w-    c:\dokumente und einstellungen\All Users\Anwendungsdaten\PC Tools
2010-09-24 09:26 . 2010-09-24 09:26    --------    d-----w-    c:\dokumente und einstellungen\All Users\Anwendungsdaten\TEMP
2010-09-24 09:05 . 2010-09-24 09:05    --------    d-----w-    c:\dokumente und einstellungen\All Users\Anwendungsdaten\Kaspersky Lab
2010-09-24 09:05 . 2010-09-24 09:05    --------    d-----w-    c:\windows\system32\Kaspersky Lab
2010-09-24 07:57 . 2010-04-29 10:19    38224    ----a-w-    c:\windows\system32\drivers\mbamswissarmy.sys
2010-09-24 07:57 . 2010-04-29 10:19    20952    ----a-w-    c:\windows\system32\drivers\mbam.sys
2010-09-24 07:25 . 2010-09-24 07:25    --------    d-----w-    c:\dokumente und einstellungen\All Users\Anwendungsdaten\Malwarebytes
2010-09-24 07:25 . 2010-09-24 07:25    --------    d-----w-    c:\programme\Malwarebytes' Anti-Malware
2010-08-31 08:57 . 2010-08-31 08:57    --------    d-sh--w-    c:\dokumente und einstellungen\NetworkService\IETldCache

.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-27 11:07 . 2006-12-05 11:30    103672    ----a-w-    c:\dokumente und einstellungen\Mathias\Lokale Einstellungen\Anwendungsdaten\GDIPFONTCACHEV1.DAT
2010-09-27 09:09 . 2010-06-30 16:43    1049936    ----a-w-    c:\dokumente und einstellungen\All Users\Anwendungsdaten\Kaspersky Lab\AVP11\Bases\klavasyswatch.dll
2010-09-26 10:06 . 2004-08-04 03:00    49024    ----a-w-    c:\windows\system32\drivers\QL1280.SYS
2010-09-26 09:46 . 2010-08-17 15:50    288080    ----a-w-    c:\dokumente und einstellungen\All Users\Anwendungsdaten\Kaspersky Lab\AVP11\Bases\avengine.dll
2010-08-30 10:04 . 2006-06-27 21:47    86948    ----a-w-    c:\windows\system32\perfc007.dat
2010-08-30 10:04 . 2006-06-27 21:47    464744    ----a-w-    c:\windows\system32\perfh007.dat
2010-08-26 12:47 . 2010-08-26 12:47    92816    ----a-w-    c:\dokumente und einstellungen\All Users\Anwendungsdaten\Kaspersky Lab Setup Files\Kaspersky Anti-Virus 2011 11.0.1.400\German\setup.exe
2010-08-18 12:16 . 2010-08-18 12:16    271696    ----a-w-    c:\dokumente und einstellungen\All Users\Anwendungsdaten\Kaspersky Lab\AVP11\Bases\sys_critical_obj.dll
2010-08-17 13:17 . 2004-08-04 03:00    58880    ----a-w-    c:\windows\system32\spoolsv.exe
2010-08-12 13:28 . 2010-08-12 13:28    --------    d-----w-    c:\programme\Gemeinsame Dateien\Skype
2010-07-22 15:48 . 2004-08-04 03:00    590848    ----a-w-    c:\windows\system32\rpcrt4.dll
2010-07-22 06:19 . 2008-05-05 05:25    5632    ----a-w-    c:\windows\system32\xpsp4res.dll
2010-07-01 19:35 . 2010-07-01 19:35    228024    ----a-w-    c:\windows\system32\klogon.dll
2010-06-30 16:43 . 2010-06-30 16:43    247120    ----a-w-    c:\dokumente und einstellungen\All Users\Anwendungsdaten\Kaspersky Lab\AVP11\Bases\uds.dll
2010-06-30 16:42 . 2010-06-30 16:42    132432    ----a-w-    c:\dokumente und einstellungen\All Users\Anwendungsdaten\Kaspersky Lab\AVP11\Bases\dns_client.dll
2010-06-30 12:28 . 2004-08-04 03:00    149504    ----a-w-    c:\windows\system32\schannel.dll
2009-08-14 11:33 . 2009-08-14 11:33    652640    ----a-w-    c:\programme\mozilla firefox\plugins\sslsdk_b.dll
2009-09-12 21:05 . 2009-09-12 21:05    124240    ----a-w-    c:\programme\mozilla firefox\plugins\CCMSDK.dll
2009-09-12 21:06 . 2009-09-12 21:06    40280    ----a-w-    c:\programme\mozilla firefox\plugins\icalogon.dll
2009-09-12 21:06 . 2009-09-12 21:06    31064    ----a-w-    c:\programme\mozilla firefox\plugins\icafile.dll
2009-09-12 21:07 . 2009-09-12 21:07    255312    ----a-w-    c:\programme\mozilla firefox\plugins\ctxmui.dll
2009-09-12 21:06 . 2009-09-12 21:06    22360    ----a-w-    c:\programme\mozilla firefox\plugins\ctxlogging.dll
2009-09-12 21:06 . 2009-09-12 21:06    91480    ----a-w-    c:\programme\mozilla firefox\plugins\confmgr.dll
2009-09-12 21:06 . 2009-09-12 21:06    13136    ----a-w-    c:\programme\mozilla firefox\plugins\cgpcfg.dll
2009-09-12 21:06 . 2009-09-12 21:06    23896    ----a-w-    c:\programme\mozilla firefox\plugins\TcpPServ.dll
2009-09-12 21:06 . 2009-09-12 21:06    70488    ----a-w-    c:\programme\mozilla firefox\plugins\CgpCore.dll
.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2}"= "c:\programme\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL" [2008-09-10 66912]

[HKEY_CLASSES_ROOT\clsid\{0579b4b6-0293-4d73-b02d-5ebb0ba0f0a2}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2}]
2008-09-10 17:06    66912    ----a-w-    c:\programme\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickNote"="c:\programme\AN QuickNote\QuickNote.exe" [2007-04-04 454656]
"OM2_Monitor"="c:\programme\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" [2007-09-04 95536]
"Skype"="c:\programme\Skype\\Phone\Skype.exe" [2010-05-13 26192168]
"swg"="c:\programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-07-09 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\programme\Synaptics\SynTP\SynTPEnh.exe" [2005-07-20 729177]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PCMService"="c:\programme\Acer\Acer Arcade\PCMService.exe" [2005-12-13 151552]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-11-28 98304]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-11-28 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-11-28 118784]
"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2005-12-27 69632]
"ADMTray.exe"="c:\acer\Empowering Technology\admtray.exe" [2005-10-24 2462208]
"ntiMUI"="c:\programme\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe" [2005-05-11 45056]
"RTHDCPL"="RTHDCPL.EXE" [2006-06-27 16248320]
"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2006-07-20 593920]
"eRecoveryService"="c:\acer\Empowering Technology\eRecovery\Monitor.exe" [2006-01-24 397312]
"ePower_DMC"="c:\acer\Empowering Technology\ePower\ePower_DMC.exe" [2006-01-17 344064]
"SunJavaUpdateSched"="c:\programme\Java\jre6\bin\jusched.exe" [2008-12-31 136600]
"QuickTime Task"="c:\programme\QuickTime\qttask.exe" [2007-12-11 286720]
"OM2_Monitor"="c:\programme\OLYMPUS\OLYMPUS Master 2\FirstStart.exe" [2007-09-04 54576]
"tsnp325"="c:\windows\tsnp325.exe" [2007-04-21 270336]
"FixCamera"="c:\windows\FixCamera.exe" [2007-07-11 20480]
"snp325"="c:\windows\vsnp325.exe" [2007-05-10 835584]
"ConnectionCenter"="c:\programme\Citrix\ICA Client\concentr.exe" [2009-09-12 103768]
"AVP"="c:\programme\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe" [2010-09-26 352976]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\dokumente und einstellungen\All Users\Startmen\Programme\Autostart\
Adobe Gamma Loader.lnk - c:\programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe [2006-12-24 110592]
Adobe Reader Speed Launch.lnk - c:\programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-4-23 29696]

[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Adobe Reader Speed Launch.lnk]
path=c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^InterVideo WinCinema Manager.lnk]
backup=c:\windows\pss\InterVideo WinCinema Manager.lnkCommon Startup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Digital Video Duplicator OLR
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EzPrint
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSTray

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acer ePower Management]
2006-01-16 09:58    3080192    ----a-w-    c:\acer\Empowering Technology\ePower\Acer ePower Management.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AzMixerSel]
2005-12-20 22:02    53248    ------w-    c:\programme\Realtek\InstallShield\AzMixerSel.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ePower_DMC]
2006-01-17 16:28    344064    ----a-w-    c:\acer\Empowering Technology\ePower\ePower_DMC.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FaxCenterServer]
2006-02-02 07:11    290816    ----a-w-    c:\programme\Lexmark Fax Solutions\fm3032.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]
2006-05-16 01:04    2879488    ----a-w-    c:\windows\SkyTel.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ulead Photo Express 5 SE Calendar Checker]
2004-01-12 18:40    69632    ----a-w-    c:\programme\Ulead Systems\Ulead Photo Express 5 SE\CalCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2008-01-15 21:54    37376    ----a-w-    c:\programme\Winamp\winampa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programme\\Acer\\Acer Arcade\\PCMService.exe"=
"c:\\Programme\\AN QuickNote\\QuickNote.exe"=
"c:\\WINDOWS\\System32\\igfxsrvc.exe"=
"c:\\Programme\\Xpage Internet Studio 6 Special Edition\\jre\\bin\\javaw.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programme\\Messenger\\msmsgs.exe"=
"c:\\Programme\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Programme\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015
"1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016
"500:UDP"= 500:UDP:@xpsp2res.dll,-22017

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [24.09.2010 11:26 207280]
R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [24.09.2010 13:37 51984]
R0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [24.09.2010 13:37 59664]
R1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\drivers\ctxusbm.sys [08.09.2009 18:13 65584]
R1 kl2;kl2;c:\windows\system32\drivers\kl2.sys [09.06.2010 17:43 11352]
R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [24.09.2010 11:26 233136]
R2 Browser Defender Update Service;Browser Defender Update Service;c:\programme\Spyware Doctor\BDT\BDTUpdateService.exe [24.09.2010 11:27 112592]
R2 MSR Service;Virtual Disk Service Manager;c:\programme\Clarus\Samsung SecretZone\MSSvc.exe [29.05.2010 13:28 114688]
R2 sdAuxService;PC Tools Auxiliary Service;c:\programme\Spyware Doctor\pctsAuxs.exe [24.09.2010 11:26 365280]
R2 SLEE_81_DRIVER;Steganos Live Encryption Engine 8.1 [Driver];c:\windows\system32\drivers\slee81.sys [13.05.2005 09:59 69632]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [07.05.2010 12:06 32856]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [02.11.2009 20:27 19472]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?]
S2 gupdate;Google Update Service (gupdate);c:\programme\Google\Update\GoogleUpdate.exe [18.02.2010 16:10 135664]
S3 G3GRUMDM;G3G R USB Modem;c:\windows\system32\drivers\g3grumdm.sys [05.12.2006 13:50 26496]
S3 G3GRUSER;G3G R USB Serial;c:\windows\system32\drivers\g3gruser.sys [05.12.2006 13:50 23296]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [06.11.2007 22:22 34064]
S3 pctplsg;pctplsg;c:\windows\system32\drivers\pctplsg.sys [24.09.2010 11:26 70408]
S3 SNP325;USB PC Camera (SNPSTD325);c:\windows\system32\drivers\snp325.sys [10.07.2009 16:02 10394624]
S3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [24.09.2010 13:37 33552]
S3 ThreatFire;ThreatFire;c:\programme\Spyware Doctor\TFEngine\TFService.exe service --> c:\programme\Spyware Doctor\TFEngine\TFService.exe service [?]
.
Inhalt des "geplante Tasks" Ordners

2010-09-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programme\Google\Update\GoogleUpdate.exe [2010-02-18 14:10]

2010-09-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programme\Google\Update\GoogleUpdate.exe [2010-02-18 14:10]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://news.bbc.co.uk/
uInternet Connection Wizard,ShellNext = iexplore
IE: Google Sidewiki... - c:\programme\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
LSP: c:\programme\Gemeinsame Dateien\PC Tools\Lsp\PCTLsp.dll
FF - ProfilePath - c:\dokumente und einstellungen\Mathias\Anwendungsdaten\Mozilla\Firefox\Profiles\sa1kvdc8.default\
FF - prefs.js: browser.search.selectedEngine - Wikipedia (de)
FF - prefs.js: browser.startup.homepage - hxxp://www.google.at
FF - component: c:\programme\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll
FF - component: c:\programme\Mozilla Firefox\extensions\linkfilter@kaspersky.ru\components\kavlinkfilter.dll
FF - plugin: c:\programme\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\programme\Mozilla Firefox\plugins\NPAskSBr.dll
FF - plugin: c:\programme\Mozilla Firefox\plugins\npicaN.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX Richtlinien ----
c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true); 
c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); 
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -

MSConfigStartUp-Instafinder - c:\programme\Instafinder\instafinder.exe
MSConfigStartUp-lxcrmon - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2010-09-27 13:24
Windows 5.1.2600 Service Pack 3 FAT NTAPI

Scanne versteckte Prozesse... 

Scanne versteckte Autostarteinträge... 

Scanne versteckte Dateien... 

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\h–€|ÿÿÿÿ¤•€|ù•6~*]
"7040110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------

- - - - - - - > 'lsass.exe'(1528)
c:\programme\Gemeinsame Dateien\PC Tools\Lsp\PCTLsp.dll

- - - - - - - > 'explorer.exe'(1112)
c:\windows\system32\MSNChatHook.dll
c:\windows\system32\sysenv.dll
c:\windows\system32\MSVCR71.dll
c:\acer\Empowering Technology\ePower\SysHook.dll
c:\windows\system32\webcheck.dll
c:\programme\Gemeinsame Dateien\PC Tools\Lsp\PCTLsp.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\acer\Empowering Technology\admServ.exe
c:\programme\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
c:\programme\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
c:\programme\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLService.exe
c:\programme\Java\jre6\bin\jqs.exe
c:\programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe
c:\programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\programme\CyberLink\Shared Files\RichVideo.exe
c:\programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\windows\system32\SLEE81.exe
c:\programme\Acer\Acer Arcade\Kernel\TV\CLSched.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\RTHDCPL.EXE
c:\programme\Citrix\ICA Client\wfcrun32.exe
c:\programme\Skype\Phone\Skype.exe
c:\windows\system32\igfxext.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\system32\igfxsrvc.exe
c:\dokume~1\Mathias\LOKALE~1\Temp\RtkBtMnt.exe
c:\windows\system32\wscntfy.exe
c:\programme\Skype\Plugin Manager\skypePM.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2010-09-27  13:28:21 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2010-09-27 11:28

Vor Suchlauf: 17 Verzeichnis(se), 15.164.375.040 Bytes frei
Nach Suchlauf: 18 Verzeichnis(se), 15.094.415.360 Bytes frei

WindowsXP-KB310994-SP2-Home-BootDisk-DEU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

- - End Of File - - D0BAEFEF1A728465074E42D5900FFB0E

--- --- ---

cosinus · 27.09.2010, 15:05

Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus

Anschließend den bootkit_remover herunterladen. Entpacke das Tool in einen eigenen Ordner auf dem Desktop und führe in diesem Ordner die Datei remove.exe aus.

Wenn Du Windows Vista oder Windows 7 verwendest, musst Du die remover.exe über ein Rechtsklick => als Administrator ausführen

Ein schwarzes Fenster wird sich öffnen und automatisch nach bösartigen Veränderungen im MBR suchen.
Poste dann bitte, ob es Veränderungen gibt und wenn ja in welchem device. Am besten alles posten was die remover.exe ausgibt.

mojoo · 27.09.2010, 18:13

Hallo

Zuerstmal das OSAM Logfile:

OSAM Logfile:

Code:

ATTFilter

Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 18:30:58 on 27.09.2010

OS: Windows XP Home Edition Service Pack 3 (Build 2600)
Default Browser: Microsoft Corporation Internet Explorer 8.00.6001.18702

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Common]
-----( %SystemRoot%\Tasks )-----
"GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Programme\Google\Update\GoogleUpdate.exe
"GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Programme\Google\Update\GoogleUpdate.exe

[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"infocardcpl.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\infocardcpl.cpl
"JAVACPL.CPL" - "Sun Microsystems, Inc." - C:\WINDOWS\system32\JAVACPL.CPL
"PCWizard.cpl" - ? - C:\WINDOWS\system32\PCWizard.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"Acer NetMonitor Protocol" (NETMNT) - ? - C:\WINDOWS\System32\DRIVERS\NETMNT.sys  (File found, but it contains no detailed information)
"Aspi32" (Aspi32) - "Adaptec" - C:\WINDOWS\system32\drivers\Aspi32.sys
"catchme" (catchme) - ? - C:\cofix\catchme.sys  (File not found)
"Changer" (Changer) - ? - C:\WINDOWS\system32\drivers\Changer.sys  (File not found)
"Dritek Keyboard Filter Driver" (DKbFltr) - "Dritek System Inc." - C:\WINDOWS\System32\DRIVERS\DKbFltr.sys
"int15.sys" (int15.sys) - ? - C:\Acer\Empowering Technology\eRecovery\int15.sys  (File found, but it contains no detailed information)
"Kaspersky Lab Driver" (KLIF) - "Kaspersky Lab" - C:\WINDOWS\System32\DRIVERS\klif.sys
"Lbd" (Lbd) - ? - C:\WINDOWS\System32\DRIVERS\Lbd.sys  (File not found)
"lbrtfdc" (lbrtfdc) - ? - C:\WINDOWS\system32\drivers\lbrtfdc.sys  (File not found)
"NetGroup Packet Filter Driver" (NPF) - "CACE Technologies" - C:\WINDOWS\System32\drivers\npf.sys
"OSA NdisFilter Protocol" (NdisFilt) - "OSA Technologies" - C:\WINDOWS\System32\Drivers\NdisFilt.sys
"OsaFsLoc" (OsaFsLoc) - "OSA Technologies" - C:\WINDOWS\system32\drivers\OsaFsLoc.sys
"osaio" (osaio) - "OSA Technologies, An Avocent Company" - C:\WINDOWS\system32\drivers\osaio.sys
"osanbm" (osanbm) - "Windows (R) 2000 DDK provider" - C:\WINDOWS\system32\drivers\osanbm.sys
"Padus ASPI Shell" (pfc) - "Padus, Inc." - C:\WINDOWS\System32\drivers\pfc.sys
"PCIDump" (PCIDump) - ? - C:\WINDOWS\system32\drivers\PCIDump.sys  (File not found)
"pctgntdi" (pctgntdi) - "PC Tools" - C:\WINDOWS\system32\drivers\pctgntdi.sys
"PCTools KDS" (PCTCore) - "PC Tools" - C:\WINDOWS\System32\drivers\PCTCore.sys
"pctplsg" (pctplsg) - "PC Tools" - C:\WINDOWS\system32\drivers\pctplsg.sys
"PDCOMP" (PDCOMP) - ? - C:\WINDOWS\system32\drivers\PDCOMP.sys  (File not found)
"PDFRAME" (PDFRAME) - ? - C:\WINDOWS\system32\drivers\PDFRAME.sys  (File not found)
"PDRELI" (PDRELI) - ? - C:\WINDOWS\system32\drivers\PDRELI.sys  (File not found)
"PDRFRAME" (PDRFRAME) - ? - C:\WINDOWS\system32\drivers\PDRFRAME.sys  (File not found)
"PxHelp20" (PxHelp20) - "Sonic Solutions" - C:\WINDOWS\System32\DRIVERS\PxHelp20.sys
"ql1280" (ql1280) - ? - C:\WINDOWS\System32\DRIVERS\ql1280.sys  (File found, but it contains no detailed information)
"SMSC IrCC Miniport Device Driver" (SMCIRDA) - "SMSC" - C:\WINDOWS\System32\DRIVERS\smcirda.sys
"Steganos Live Encryption Engine 8.1 [Driver]" (SLEE_81_DRIVER) - ? - C:\WINDOWS\system32\drivers\SLEE81.sys  (File found, but it contains no detailed information)
"Symantec Eraser Control driver" (eeCtrl) - "Symantec Corporation" - C:\Programme\Gemeinsame Dateien\Symantec Shared\EENGINE\eeCtrl.sys
"TfFsMon" (TfFsMon) - "PC Tools" - C:\WINDOWS\System32\drivers\TfFsMon.sys
"TfNetMon" (TfNetMon) - "PC Tools" - C:\WINDOWS\system32\drivers\TfNetMon.sys
"TfSysMon" (TfSysMon) - "PC Tools" - C:\WINDOWS\System32\drivers\TfSysMon.sys
"UBHelper" (UBHelper) - ? - C:\WINDOWS\system32\drivers\UBHelper.sys  (File found, but it contains no detailed information)
"Upper Class Filter Driver" (NTIDrvr) - "NewTech Infosystems, Inc." - C:\WINDOWS\System32\DRIVERS\NTIDrvr.sys
"USB PC Camera (SNPSTD325)" (SNP325) - "Sonix Co. Ltd." - C:\WINDOWS\System32\DRIVERS\snp325.sys
"WDICA" (WDICA) - ? - C:\WINDOWS\system32\drivers\WDICA.sys  (File not found)

[Explorer]
-----( HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components )-----
{89B4C1CD-B018-4511-B0A1-5476DBF70820} "StubPath" - "Microsoft Corporation" - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Programme\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll
-----( HKLM\Software\Classes\Protocols\Filter )-----
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{807553E5-5146-11D5-A672-00B0D022E945} "text/xml" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL
-----( HKLM\Software\Classes\Protocols\Handler )-----
{32505114-5902-49B2-880A-1F7738E5A384} "Data Page Plugable Protocal mso-offdap11 Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\WEBCOM~1\11\OWC11.DLL
{3D9F03FA-7A94-11D3-BE81-0050048385D1} "Data Page Pluggable Protocol mso-offdap Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\WEBCOM~1\10\OWC10.DLL
{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL
{0A9007C0-4076-11D3-8789-0000F8105754} "Microsoft Infotech Storage Protocol for IE 4.0" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\MSITSS.DLL
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{42071714-76d4-11d1-8b24-00a0c9068ff3} "CPL-Erweiterung für Anzeigeverschiebung" - ? - deskpan.dll  (File not found)
{2b45bd21-71f8-4c8c-a87a-7eeb25a1a3e0} "EPM-PO Shell Extensions" - "Acer Labs USA" - C:\WINDOWS\system32\epm-po.dll
{1D2680C9-0E2A-469d-B787-065558BC7D43} "Fusion Cache" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{72923739-5A47-40A3-9895-25AF0DFBB9E4} "Glary Utilities Context Menu Shell Extension" - ? -   (File not found | COM-object registry key not found)
{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} "Kontextmenü für die Verschlüsselung" - ? -   (File not found | COM-object registry key not found)
{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Programme\Microsoft Office\OFFICE11\msohev.dll
{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\msoshext.dll
{00020D75-0000-0000-C000-000000000046} "Microsoft Office Outlook" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\OFFICE11\MLSHEXT.DLL
{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\msoshext.dll
{0006F045-0000-0000-C000-000000000046} "Outlook-Dateisymbolerweiterung" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\OFFICE11\OLKFSTUB.DLL
{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - ? -   (File not found | COM-object registry key not found)
{E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} "Shell Icon Handler for Application References" - "Microsoft Corporation" - C:\WINDOWS\system32\dfshim.dll
{764BF0E1-F219-11ce-972D-00AA00A14F56} "Shellerweiterungen für die Dateikomprimierung" - ? -   (File not found | COM-object registry key not found)
{e82a2d71-5b2f-43a0-97b8-81be15854de8} "ShellLink for Application References" - "Microsoft Corporation" - C:\WINDOWS\system32\dfshim.dll
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} "Webordner" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - ? - C:\Programme\WinRAR\rarext.dll  (File found, but it contains no detailed information)

[Internet Explorer]
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
<binary data> "&Windows Live Toolbar" - "Microsoft Corporation" - C:\Programme\Windows Live\Toolbar\wltcore.dll
<binary data> "Ask Toolbar" - "Ask.com" - C:\Programme\AskSBar\bar\1.bin\ASKSBAR.DLL
<binary data> "Google Toolbar" - "Google Inc." - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll
ITBar7Height "ITBar7Height" - ? -   (File not found | COM-object registry key not found)
<binary data> "ITBar7Layout" - ? -   (File not found | COM-object registry key not found)
<binary data> "ITBarLayout" - ? -   (File not found | COM-object registry key not found)
<binary data> "Lexmark Symbolleiste" - ? - C:\Programme\Lexmark Toolbar\toolband.dll  (File found, but it contains no detailed information)
<binary data> "PC Tools Browser Guard" - "Threat Expert Ltd." - C:\Programme\Spyware Doctor\BDT\PCTBrowserDefender.dll
-----( HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks )-----
{0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} "{0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2}" - "Ask.com" - C:\Programme\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{62789780-B744-11D0-986B-00609731A21D} "Autodesk MapGuide ActiveX Control" - "Autodesk Inc." - C:\WINDOWS\Downloaded Program Files\MgAxCtrl.dll / hxxp://pub.plan.at/mgaxctrlde.cab
{0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} "CKAVWebScan Object" - "Kaspersky Lab" - C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavwebscan.dll / hxxp://www.kaspersky.com/kos/german/partner/de/kavwebscan_unicode.cab
{6E5E167B-1566-4316-B27F-0DDAB3484CF7} "Image Uploader Control" - "Aurigma, Inc." - C:\WINDOWS\Downloaded Program Files\ImageUploader4.ocx / hxxp://www.studivz.net/photouploader/ImageUploader4.cab
{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA} "Java Plug-in 1.5.0_03" - "Sun Microsystems, Inc." - C:\Programme\Java\jre1.5.0_03\bin\npjpi150_03.dll / hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_03-windows-i586.cab
{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} "Java Plug-in 1.6.0_03" - "Sun Microsystems, Inc." - C:\Programme\Java\jre1.6.0_03\bin\npjpi160_03.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} "Java Plug-in 1.6.0_05" - "Sun Microsystems, Inc." - C:\Programme\Java\jre1.6.0_05\bin\npjpi160_05.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} "Java Plug-in 1.6.0_07" - "Sun Microsystems, Inc." - C:\Programme\Java\jre1.6.0_07\bin\npjpi160_07.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_11" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_11.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} "Java Plug-in 1.6.0_11" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_11.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_11" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_11.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C} "{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}" - ? -   (File not found | COM-object registry key not found) / hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
{E2883E8F-472F-4FB0-9522-AC9BF37916A7} "{E2883E8F-472F-4FB0-9522-AC9BF37916A7}" - ? -   (File not found | COM-object registry key not found) / hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
{4248FE82-7FCB-46AC-B270-339F08212110} "&Virtuelle Tastatur" - "Kaspersky Lab ZAO" - C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 2011\klwtbbho.dll
"eBay - Homepage" - ? - C:\Programme\IrfanView\Ebay\Ebay.htm
{CCF151D8-D089-449F-A5A4-D9909053F20F} "Li&nks untersuchen" - "Kaspersky Lab ZAO" - C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 2011\klwtbbho.dll
{FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Recherchieren" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )-----
<binary data> "&Windows Live Toolbar" - "Microsoft Corporation" - C:\Programme\Windows Live\Toolbar\wltcore.dll
<binary data> "Acer eDataSecurity Management" - "HiTRUST" - C:\WINDOWS\system32\eDStoolbar.dll
{F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} "Ask Toolbar" - "Ask.com" - C:\Programme\AskSBar\bar\1.bin\ASKSBAR.DLL
<binary data> "Google Toolbar" - "Google Inc." - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll
<binary data> "Lexmark Symbolleiste" - ? - C:\Programme\Lexmark Toolbar\toolband.dll  (File found, but it contains no detailed information)
{472734EA-242A-422B-ADF8-83D1E48CC825} "PC Tools Browser Guard" - "Threat Expert Ltd." - C:\Programme\Spyware Doctor\BDT\PCTBrowserDefender.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} "Adobe PDF Reader Link Helper" - "Adobe Systems Incorporated" - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
{0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} "Ask Search Assistant BHO" - "Ask.com" - C:\Programme\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
{F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} "Ask Toolbar BHO" - "Ask.com" - C:\Programme\AskSBar\bar\1.bin\ASKSBAR.DLL
{E33CF602-D945-461A-83F0-819F76A199F8} "FilterBHO Class" - "Kaspersky Lab ZAO" - C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 2011\klwtbbho.dll
{AA58ED58-01DD-4d91-8333-CF10577473F7} "Google Toolbar Helper" - "Google Inc." - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} "Google Toolbar Notifier BHO" - "Google Inc." - C:\Programme\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll
{59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} "IEVkbdBHO Class" - "Kaspersky Lab ZAO" - C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 2011\ievkbd.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jp2ssv.dll
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} "Java(tm) Plug-In SSV Helper" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\ssv.dll
{E7E6F031-17CE-4C07-BC86-EABFE594F69C} "JQSIEStartDetectorImpl Class" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
{1017A80C-6F09-4548-A84D-EDD6AC9525F0} "Lexmark Symbolleiste" - ? - C:\Programme\Lexmark Toolbar\toolband.dll  (File found, but it contains no detailed information)
{2A0F3D1B-0909-4FF4-B272-609CCE6054E7} "PC Tools Browser Guard BHO" - "Threat Expert Ltd." - C:\Programme\Spyware Doctor\BDT\PCTBrowserDefender.dll
{6EBF7485-159F-4bff-A14F-B9E3AAC4465B} "Search Helper" - "Microsoft Corporation" - C:\Programme\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} "Windows Live Toolbar Helper" - "Microsoft Corporation" - C:\Programme\Windows Live\Toolbar\wltcore.dll

[Logon]
-----( %AllUsersProfile%\Startmenü\Programme\Autostart )-----
"Adobe Gamma Loader.lnk" - "Adobe Systems, Inc." - C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe  (Shortcut exists | File exists)
"Adobe Reader Speed Launch.lnk" - "Adobe Systems Incorporated" - C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe  (Shortcut exists | File exists)
"DESKTOP.INI" - ? - C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\DESKTOP.INI
-----( %UserProfile%\Startmenü\Programme\Autostart )-----
"DESKTOP.INI" - ? - C:\Dokumente und Einstellungen\Mathias\Startmenü\Programme\Autostart\DESKTOP.INI
"Registration DIE SIEDLER - Das Erbe der Könige.LNK" - ? - C:\Dokumente und Einstellungen\Mathias\Startmenü\Programme\Autostart\Registration DIE SIEDLER - Das Erbe der Könige.LNK  (Shortcut exists | File not found)
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----
"OM2_Monitor" - "OLYMPUS IMAGING CORP." - "C:\Programme\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" -NoStart
"QuickNote" - ? - C:\Programme\AN QuickNote\QuickNote.exe
"Skype" - "Skype Technologies S.A." - "C:\Programme\Skype\\Phone\Skype.exe" /nosplash /minimized
"swg" - "Google Inc." - "C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"ADMTray.exe" - "Avocent Inc." - "C:\Acer\Empowering Technology\admtray.exe"
"AVP" - "Kaspersky Lab ZAO" - "C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe"
"ConnectionCenter" - "Citrix Systems, Inc." - "C:\Programme\Citrix\ICA Client\concentr.exe" /startup
"eDataSecurity Loader" - "HiTRUST" - C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
"ePower_DMC" - "Acer Incorporated" - C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
"eRecoveryService" - "acer Inc." - C:\Acer\Empowering Technology\eRecovery\Monitor.exe
"FixCamera" - ? - C:\WINDOWS\FixCamera.exe
"LManager" - "Dritek System Inc." - C:\PROGRA~1\LAUNCH~1\LManager.exe
"MSPY2002" - ? - C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC  (File signed by Microsoft | File found, but it contains no detailed information)
"ntiMUI" - ? - C:\Programme\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe  (File found, but it contains no detailed information)
"OM2_Monitor" - "OLYMPUS IMAGING CORP." - "C:\Programme\OLYMPUS\OLYMPUS Master 2\FirstStart.exe" /OM
"PCMService" - "CyberLink Corp." - "C:\Programme\Acer\Acer Arcade\PCMService.exe"
"QuickTime Task" - "Apple Inc." - "C:\Programme\QuickTime\qttask.exe" -atboottime
"snp325" - ? - C:\WINDOWS\vsnp325.exe
"SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Programme\Java\jre6\bin\jusched.exe"
"tsnp325" - ? - C:\WINDOWS\tsnp325.exe

[Print Monitors]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----
"doPDF   5 Monitor" - "Softland" - C:\WINDOWS\system32\dopdfmn5.dll
"Lexmark Print-2-Fax Port" - ? - C:\WINDOWS\system32\LXPRMON.DLL
"Microsoft Document Imaging Writer Monitor" - "Microsoft Corporation" - C:\WINDOWS\system32\mdimon.dll

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
".NET Runtime Optimization Service v2.0.50727_X86" (clr_optimization_v2.0.50727_32) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
"AdminWorks Agent X6" (AWService) - "Avocent Inc." - C:\Acer\Empowering Technology\admServ.exe
"Anwendungsverwaltung" (AppMgmt) - ? - C:\WINDOWS\System32\appmgmts.dll  (File not found)
"Apple Mobile Device" (Apple Mobile Device) - "Apple, Inc." - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
"ASP.NET State Service" (aspnet_state) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
"Browser Defender Update Service" (Browser Defender Update Service) - "Threat Expert Ltd." - C:\Programme\Spyware Doctor\BDT\BDTUpdateService.exe
"CyberLink Background Capture Service (CBCS)" (CLCapSvc) - ? - C:\Programme\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
"CyberLink Media Library Service" (CyberLink Media Library Service) - "Cyberlink" - C:\Programme\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
"Cyberlink RichVideo Service(CRVS)" (RichVideo) - ? - C:\Programme\CyberLink\Shared Files\RichVideo.exe
"CyberLink Task Scheduler (CTS)" (CLSched) - ? - C:\Programme\Acer\Acer Arcade\Kernel\TV\CLSched.exe
"Google Software Updater" (gusvc) - "Google" - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
"Google Update Service (gupdate)" (gupdate) - "Google Inc." - C:\Programme\Google\Update\GoogleUpdate.exe
"InstallDriver Table Manager" (IDriverT) - "Macrovision Corporation" - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe
"Java Quick Starter" (JavaQuickStarterService) - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jqs.exe
"Kaspersky Anti-Virus Service" (AVP) - "Kaspersky Lab ZAO" - C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe
"LightScribeService Direct Disc Labeling Service" (LightScribeService) - "Hewlett-Packard Company" - C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe
"Machine Debug Manager" (MDM) - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE
"Office Source Engine" (ose) - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE
"PC Tools Auxiliary Service" (sdAuxService) - "PC Tools" - C:\Programme\Spyware Doctor\pctsAuxs.exe
"PC Tools Security Service" (sdCoreService) - "PC Tools" - C:\Programme\Spyware Doctor\pctsSvc.exe
"Remote Packet Capture Protocol v.0 (experimental)" (rpcapd) - "CACE Technologies" - C:\Programme\WinPcap\rpcapd.exe
"SeaPort" (SeaPort) - "Microsoft Corporation" - C:\Programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
"ServiceLayer" (ServiceLayer) - "Nokia." - C:\Programme\PC Connectivity Solution\ServiceLayer.exe
"Steganos Live Encryption Engine 8.1 [Service]" (SLEE_81_SERVICE) - ? - C:\WINDOWS\system32\SLEE81.exe  (File found, but it contains no detailed information)
"ThreatFire" (ThreatFire) - "PC Tools" - C:\Programme\Spyware Doctor\TFEngine\TFService.exe
"Virtual Disk Service Manager" (MSR Service) - ? - C:\Programme\Clarus\Samsung SecretZone\MSSvc.exe  (File found, but it contains no detailed information)
"Windows CardSpace" (idsvc) - "Microsoft Corporation" - c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
"Windows Presentation Foundation Font Cache 3.0.0.0" (FontCache3.0.0.0) - "Microsoft Corporation" - c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe

[Winlogon]
-----( HKCU\Control Panel\IOProcs )-----
"MVB" - ? - mvfs32.dll  (File not found)
-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions )-----
{c6dc5466-785a-11d2-84d0-00c04fb169f7} "Softwareinstallation" - ? - appmgmts.dll  (File not found)
-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify )-----
"klogon" - "Kaspersky Lab ZAO" - C:\WINDOWS\system32\klogon.dll
"WgaLogon" - "Microsoft Corporation" - C:\WINDOWS\system32\WgaLogon.dll

[Winsock Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries )-----
"PCTOOLS CONTENT FILTER PROVIDER" - "PC Tools Research Pty Ltd." - C:\Programme\Gemeinsame Dateien\PC Tools\Lsp\PCTLsp.dll

===[ Logfile end ]=========================================[ Logfile end ]===

--- --- ---

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru[/QUOTE]

Anschließend die GMER Ausgabe:

GMER Logfile:

Code:

ATTFilter

GMER 1.0.15.15281 - hxxp://www.gmer.net
Rootkit scan 2010-09-27 18:54:10
Windows 5.1.2600 Service Pack 3
Running: wlru3pu4.exe; Driver: C:\DOKUME~1\Mathias\LOKALE~1\Temp\kgnyraod.sys


---- System - GMER 1.0.15 ----

SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)  ZwAdjustPrivilegesToken [0xAA104558]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)  ZwClose [0xAA104E5C]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)  ZwConnectPort [0xAA105C90]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)  ZwCreateEvent [0xAA1061DA]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)  ZwCreateFile [0xAA105138]
SSDT            TfSysMon.sys (ThreatFire System Monitor/PC Tools)                                      ZwCreateKey [0xF6D63AC2]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)  ZwCreateMutant [0xAA1060C0]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)  ZwCreateNamedPipeFile [0xAA104146]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)  ZwCreatePort [0xAA105F94]
SSDT            PCTCore.sys (PC Tools KDS Core Driver/PC Tools)                                        ZwCreateProcess [0xF6D89CDC]
SSDT            PCTCore.sys (PC Tools KDS Core Driver/PC Tools)                                        ZwCreateProcessEx [0xF6D89ECE]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)  ZwCreateSection [0xAA1042EE]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)  ZwCreateSemaphore [0xAA1062FA]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)  ZwCreateThread [0xAA104AE4]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)  ZwCreateWaitablePort [0xAA10602A]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)  ZwDebugActiveProcess [0xAA1079E2]
SSDT            TfSysMon.sys (ThreatFire System Monitor/PC Tools)                                      ZwDeleteKey [0xF6D63CB6]
SSDT            TfSysMon.sys (ThreatFire System Monitor/PC Tools)                                      ZwDeleteValueKey [0xF6D63D5C]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)  ZwDeviceIoControlFile [0xAA1055BA]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)  ZwDuplicateObject [0xAA108BEE]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)  ZwEnumerateKey [0xAA103ED2]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)  ZwEnumerateValueKey [0xAA103F6A]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)  ZwFsControlFile [0xAA1053C8]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)  ZwLoadDriver [0xAA107AD4]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)  ZwLoadKey [0xAA1033A4]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)  ZwLoadKey2 [0xAA1033B6]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)  ZwMapViewOfSection [0xAA10823C]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)  ZwNotifyChangeKey [0xAA104096]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)  ZwOpenEvent [0xAA106270]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)  ZwOpenFile [0xAA104EDE]
SSDT            TfSysMon.sys (ThreatFire System Monitor/PC Tools)                                      ZwOpenKey [0xF6D639B2]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)  ZwOpenMutant [0xAA106150]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)  ZwOpenProcess [0xAA104794]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)  ZwOpenSection [0xAA107FD6]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)  ZwOpenSemaphore [0xAA106390]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)  ZwOpenThread [0xAA104686]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)  ZwQueryKey [0xAA104002]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)  ZwQueryMultipleValueKey [0xAA103C3A]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)  ZwQuerySection [0xAA108576]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)  ZwQueryValueKey [0xAA103864]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)  ZwQueueApcThread [0xAA107E68]
SSDT            PCTCore.sys (PC Tools KDS Core Driver/PC Tools)                                        ZwRenameKey [0xF6DA9D30]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)  ZwReplaceKey [0xAA102DDE]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)  ZwReplyPort [0xAA1066F4]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)  ZwReplyWaitReceivePort [0xAA1065BA]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)  ZwRequestWaitReplyPort [0xAA10777C]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)  ZwRestoreKey [0xAA103156]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)  ZwResumeThread [0xAA108A90]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)  ZwSaveKey [0xAA102D76]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)  ZwSecureConnectPort [0xAA1059D6]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)  ZwSetContextThread [0xAA104D00]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)  ZwSetInformationToken [0xAA10701C]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)  ZwSetSecurityObject [0xAA107C72]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)  ZwSetSystemInformation [0xAA1086C6]
SSDT            TfSysMon.sys (ThreatFire System Monitor/PC Tools)                                      ZwSetValueKey [0xF6D63EF8]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)  ZwSuspendProcess [0xAA1087B8]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)  ZwSuspendThread [0xAA1088F2]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)  ZwSystemDebugControl [0xAA107906]
SSDT            TfSysMon.sys (ThreatFire System Monitor/PC Tools)                                      ZwTerminateProcess [0xF6D65BD6]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)  ZwTerminateThread [0xAA104890]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)  ZwUnmapViewOfSection [0xAA10841A]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)  ZwWriteVirtualMemory [0xAA104A1A]

Code            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)  FsRtlCheckLockForReadAccess
Code            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)  IoIsOperationSynchronous
Code            D56E2867                                                                               KeFindConfigurationEntry

---- Kernel code sections - GMER 1.0.15 ----

.text           ntkrnlpa.exe!FsRtlCheckLockForReadAccess                                               804EAF84 5 Bytes  JMP AA0F6FE6 \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)
.text           ntkrnlpa.exe!IoIsOperationSynchronous                                                  804EF912 5 Bytes  JMP AA0F73C2 \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)
.text           ntkrnlpa.exe!ZwCallbackReturn + 2C9C                                                   80504538 12 Bytes  [94, 5F, 10, AA, DC, 9C, D8, ...] {XCHG ESP, EAX; POP EDI; ADC [EDX-0x9276324], CH; INTO ; SAHF ; FDIV ST, ST(6)}
.text           ntkrnlpa.exe!ZwCallbackReturn + 2D68                                                   80504604 12 Bytes  [D4, 7A, 10, AA, A4, 33, 10, ...]
.text           ntkrnlpa.exe!ZwCallbackReturn + 2EE4                                                   80504780 16 Bytes  [30, 9D, DA, F6, DE, 2D, 10, ...]
.text           ntkrnlpa.exe!ZwCallbackReturn + 2FD8                                                   80504874 12 Bytes  [B8, 87, 10, AA, F2, 88, 10, ...] {MOV EAX, 0xf2aa1087; MOV [EAX], DL; STOSB ; PUSH ES; JNS 0x1b; STOSB }

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT             \SystemRoot\system32\DRIVERS\tcpip.sys[TDI.SYS!TdiRegisterDeviceObject]                [F6F1DD50] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO)
IAT             \SystemRoot\system32\DRIVERS\netbt.sys[TDI.SYS!TdiRegisterDeviceObject]                [F6F1DD50] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO)

---- Devices - GMER 1.0.15 ----

Device                                                                                                 Fastfat.sys (Fast FAT File System Driver/Microsoft Corporation)

AttachedDevice  \Driver\Tcpip \Device\Ip                                                               pctgntdi.sys (PC Tools Generic TDI Driver/PC Tools)
AttachedDevice  \Driver\Tcpip \Device\Ip                                                               kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO)
AttachedDevice  \Driver\Kbdclass \Device\KeyboardClass0                                                SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice  \Driver\Kbdclass \Device\KeyboardClass1                                                SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice  \Driver\Tcpip \Device\Tcp                                                              kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO)
AttachedDevice  \Driver\Tcpip \Device\Tcp                                                              pctgntdi.sys (PC Tools Generic TDI Driver/PC Tools)

Device          \Driver\Cdrom \Device\CdRom0                                                           OsaFsLoc.sys (Filesystem Lock driver/OSA Technologies)

AttachedDevice  \Driver\Tcpip \Device\Udp                                                              kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO)
AttachedDevice  \Driver\Tcpip \Device\Udp                                                              pctgntdi.sys (PC Tools Generic TDI Driver/PC Tools)
AttachedDevice  \Driver\Tcpip \Device\RawIp                                                            kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO)
AttachedDevice  \Driver\Tcpip \Device\RawIp                                                            pctgntdi.sys (PC Tools Generic TDI Driver/PC Tools)

Device                                                                                                 mrxsmb.sys (Windows NT SMB Minirdr/Microsoft Corporation)

AttachedDevice                                                                                         fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice                                                                                         OsaFsLoc.sys (Filesystem Lock driver/OSA Technologies)

---- Registry - GMER 1.0.15 ----

Reg             HKCU\Software\Microsoft\Windows\CurrentVersion\@Í\x2039í\x2039T\x20acó`                1
Reg             HKCU\Software\Microsoft\Windows\CurrentVersion\@Í\x2039í\x2039\x201c\x008feQ           1
Reg             HKCU\Software\Microsoft\Windows\CurrentVersion\@\20\x90\20nÐc:y                        1
Reg             HKCU\Software\Microsoft\Windows\CurrentVersion\@\26Y\1xÐc:y                            1
Reg             HKCU\Software\Microsoft\Windows\CurrentVersion\@Òczz<h                                 0
Reg             HKCU\Software\Microsoft\Windows\CurrentVersion\@IQ\ahß\x8d\x8f\x2013                   1

---- EOF - GMER 1.0.15 ----

--- --- ---

Bei remove.exe kommt dieses schwarze Feld, dass ein unknown boot code bei einigen der physikalischen Laufwerke vorliegt.
Dann kommt die Auswahl das man den Bootsektor entweder manuel dumpen oder fixen kann. Hab nichts von beidem gemacht.

Ausgabe:
93 GB \\.\Physicaldrive0MBR Status unknown Boot code

viel mehr ist dann nicht mehr drinnen gestanden.

cosinus · 27.09.2010, 22:28

Zitat:

"PDCOMP" (PDCOMP) - ? - C:\WINDOWS\system32\drivers\PDCOMP.sys (File not found)

Bitte mit OSAM deaktivieren und löschen - neues OSAM Log posten.

Downloade Dir danach bitte MBRCheck (by a_d_13) und speichere die Datei auf dem Desktop.

Doppelklick auf die MBRCheck.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Das Tool braucht nur eine Sekunde.
Danach solltest du eine MBRCheck_<Datum>_<Uhrzeit>.txt auf dem Desktop finden.

Poste mir bitte den Inhalt des .txt Dokumentes

mojoo · 28.09.2010, 08:14

Guten Morgen Cosinus

Danke für die raschen Antworten.

OSAM Logfile:

OSAM Logfile:

Code:

ATTFilter

Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 09:11:12 on 28.09.2010

OS: Windows XP Home Edition Service Pack 3 (Build 2600)
Default Browser: Microsoft Corporation Internet Explorer 8.00.6001.18702

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Common]
-----( %SystemRoot%\Tasks )-----
"GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Programme\Google\Update\GoogleUpdate.exe
"GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Programme\Google\Update\GoogleUpdate.exe

[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"infocardcpl.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\infocardcpl.cpl
"JAVACPL.CPL" - "Sun Microsystems, Inc." - C:\WINDOWS\system32\JAVACPL.CPL
"PCWizard.cpl" - ? - C:\WINDOWS\system32\PCWizard.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"Acer NetMonitor Protocol" (NETMNT) - ? - C:\WINDOWS\System32\DRIVERS\NETMNT.sys  (File found, but it contains no detailed information)
"Aspi32" (Aspi32) - "Adaptec" - C:\WINDOWS\system32\drivers\Aspi32.sys
"catchme" (catchme) - ? - C:\cofix\catchme.sys  (File not found)
"Changer" (Changer) - ? - C:\WINDOWS\system32\drivers\Changer.sys  (File not found)
"Dritek Keyboard Filter Driver" (DKbFltr) - "Dritek System Inc." - C:\WINDOWS\System32\DRIVERS\DKbFltr.sys
"int15.sys" (int15.sys) - ? - C:\Acer\Empowering Technology\eRecovery\int15.sys  (File found, but it contains no detailed information)
"Kaspersky Lab Driver" (KLIF) - "Kaspersky Lab" - C:\WINDOWS\System32\DRIVERS\klif.sys
"Lbd" (Lbd) - ? - C:\WINDOWS\System32\DRIVERS\Lbd.sys  (File not found)
"lbrtfdc" (lbrtfdc) - ? - C:\WINDOWS\system32\drivers\lbrtfdc.sys  (File not found)
"NetGroup Packet Filter Driver" (NPF) - "CACE Technologies" - C:\WINDOWS\System32\drivers\npf.sys
"OSA NdisFilter Protocol" (NdisFilt) - "OSA Technologies" - C:\WINDOWS\System32\Drivers\NdisFilt.sys
"OsaFsLoc" (OsaFsLoc) - "OSA Technologies" - C:\WINDOWS\system32\drivers\OsaFsLoc.sys
"osaio" (osaio) - "OSA Technologies, An Avocent Company" - C:\WINDOWS\system32\drivers\osaio.sys
"osanbm" (osanbm) - "Windows (R) 2000 DDK provider" - C:\WINDOWS\system32\drivers\osanbm.sys
"Padus ASPI Shell" (pfc) - "Padus, Inc." - C:\WINDOWS\System32\drivers\pfc.sys
"PCIDump" (PCIDump) - ? - C:\WINDOWS\system32\drivers\PCIDump.sys  (File not found)
"pctgntdi" (pctgntdi) - "PC Tools" - C:\WINDOWS\system32\drivers\pctgntdi.sys
"PCTools KDS" (PCTCore) - "PC Tools" - C:\WINDOWS\System32\drivers\PCTCore.sys
"pctplsg" (pctplsg) - "PC Tools" - C:\WINDOWS\system32\drivers\pctplsg.sys
"PDFRAME" (PDFRAME) - ? - C:\WINDOWS\system32\drivers\PDFRAME.sys  (File not found)
"PDRELI" (PDRELI) - ? - C:\WINDOWS\system32\drivers\PDRELI.sys  (File not found)
"PDRFRAME" (PDRFRAME) - ? - C:\WINDOWS\system32\drivers\PDRFRAME.sys  (File not found)
"PxHelp20" (PxHelp20) - "Sonic Solutions" - C:\WINDOWS\System32\DRIVERS\PxHelp20.sys
"ql1280" (ql1280) - ? - C:\WINDOWS\System32\DRIVERS\ql1280.sys  (File found, but it contains no detailed information)
"SMSC IrCC Miniport Device Driver" (SMCIRDA) - "SMSC" - C:\WINDOWS\System32\DRIVERS\smcirda.sys
"Steganos Live Encryption Engine 8.1 [Driver]" (SLEE_81_DRIVER) - ? - C:\WINDOWS\system32\drivers\SLEE81.sys  (File found, but it contains no detailed information)
"Symantec Eraser Control driver" (eeCtrl) - "Symantec Corporation" - C:\Programme\Gemeinsame Dateien\Symantec Shared\EENGINE\eeCtrl.sys
"TfFsMon" (TfFsMon) - "PC Tools" - C:\WINDOWS\System32\drivers\TfFsMon.sys
"TfNetMon" (TfNetMon) - "PC Tools" - C:\WINDOWS\system32\drivers\TfNetMon.sys
"TfSysMon" (TfSysMon) - "PC Tools" - C:\WINDOWS\System32\drivers\TfSysMon.sys
"UBHelper" (UBHelper) - ? - C:\WINDOWS\system32\drivers\UBHelper.sys  (File found, but it contains no detailed information)
"Upper Class Filter Driver" (NTIDrvr) - "NewTech Infosystems, Inc." - C:\WINDOWS\System32\DRIVERS\NTIDrvr.sys
"USB PC Camera (SNPSTD325)" (SNP325) - "Sonix Co. Ltd." - C:\WINDOWS\System32\DRIVERS\snp325.sys
"WDICA" (WDICA) - ? - C:\WINDOWS\system32\drivers\WDICA.sys  (File not found)

[Explorer]
-----( HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components )-----
{89B4C1CD-B018-4511-B0A1-5476DBF70820} "StubPath" - "Microsoft Corporation" - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Programme\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll
-----( HKLM\Software\Classes\Protocols\Filter )-----
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{807553E5-5146-11D5-A672-00B0D022E945} "text/xml" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL
-----( HKLM\Software\Classes\Protocols\Handler )-----
{32505114-5902-49B2-880A-1F7738E5A384} "Data Page Plugable Protocal mso-offdap11 Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\WEBCOM~1\11\OWC11.DLL
{3D9F03FA-7A94-11D3-BE81-0050048385D1} "Data Page Pluggable Protocol mso-offdap Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\WEBCOM~1\10\OWC10.DLL
{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL
{0A9007C0-4076-11D3-8789-0000F8105754} "Microsoft Infotech Storage Protocol for IE 4.0" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\MSITSS.DLL
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{42071714-76d4-11d1-8b24-00a0c9068ff3} "CPL-Erweiterung für Anzeigeverschiebung" - ? - deskpan.dll  (File not found)
{2b45bd21-71f8-4c8c-a87a-7eeb25a1a3e0} "EPM-PO Shell Extensions" - "Acer Labs USA" - C:\WINDOWS\system32\epm-po.dll
{1D2680C9-0E2A-469d-B787-065558BC7D43} "Fusion Cache" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{72923739-5A47-40A3-9895-25AF0DFBB9E4} "Glary Utilities Context Menu Shell Extension" - ? -   (File not found | COM-object registry key not found)
{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} "Kontextmenü für die Verschlüsselung" - ? -   (File not found | COM-object registry key not found)
{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Programme\Microsoft Office\OFFICE11\msohev.dll
{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\msoshext.dll
{00020D75-0000-0000-C000-000000000046} "Microsoft Office Outlook" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\OFFICE11\MLSHEXT.DLL
{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\msoshext.dll
{0006F045-0000-0000-C000-000000000046} "Outlook-Dateisymbolerweiterung" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\OFFICE11\OLKFSTUB.DLL
{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - ? -   (File not found | COM-object registry key not found)
{E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} "Shell Icon Handler for Application References" - "Microsoft Corporation" - C:\WINDOWS\system32\dfshim.dll
{764BF0E1-F219-11ce-972D-00AA00A14F56} "Shellerweiterungen für die Dateikomprimierung" - ? -   (File not found | COM-object registry key not found)
{e82a2d71-5b2f-43a0-97b8-81be15854de8} "ShellLink for Application References" - "Microsoft Corporation" - C:\WINDOWS\system32\dfshim.dll
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} "Webordner" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - ? - C:\Programme\WinRAR\rarext.dll  (File found, but it contains no detailed information)

[Internet Explorer]
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
<binary data> "&Windows Live Toolbar" - "Microsoft Corporation" - C:\Programme\Windows Live\Toolbar\wltcore.dll
<binary data> "Ask Toolbar" - "Ask.com" - C:\Programme\AskSBar\bar\1.bin\ASKSBAR.DLL
<binary data> "Google Toolbar" - "Google Inc." - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll
ITBar7Height "ITBar7Height" - ? -   (File not found | COM-object registry key not found)
<binary data> "ITBar7Layout" - ? -   (File not found | COM-object registry key not found)
<binary data> "ITBarLayout" - ? -   (File not found | COM-object registry key not found)
<binary data> "Lexmark Symbolleiste" - ? - C:\Programme\Lexmark Toolbar\toolband.dll  (File found, but it contains no detailed information)
<binary data> "PC Tools Browser Guard" - "Threat Expert Ltd." - C:\Programme\Spyware Doctor\BDT\PCTBrowserDefender.dll
-----( HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks )-----
{0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} "{0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2}" - "Ask.com" - C:\Programme\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{62789780-B744-11D0-986B-00609731A21D} "Autodesk MapGuide ActiveX Control" - "Autodesk Inc." - C:\WINDOWS\Downloaded Program Files\MgAxCtrl.dll / hxxp://pub.plan.at/mgaxctrlde.cab
{0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} "CKAVWebScan Object" - "Kaspersky Lab" - C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavwebscan.dll / hxxp://www.kaspersky.com/kos/german/partner/de/kavwebscan_unicode.cab
{6E5E167B-1566-4316-B27F-0DDAB3484CF7} "Image Uploader Control" - "Aurigma, Inc." - C:\WINDOWS\Downloaded Program Files\ImageUploader4.ocx / hxxp://www.studivz.net/photouploader/ImageUploader4.cab
{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA} "Java Plug-in 1.5.0_03" - "Sun Microsystems, Inc." - C:\Programme\Java\jre1.5.0_03\bin\npjpi150_03.dll / hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_03-windows-i586.cab
{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} "Java Plug-in 1.6.0_03" - "Sun Microsystems, Inc." - C:\Programme\Java\jre1.6.0_03\bin\npjpi160_03.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} "Java Plug-in 1.6.0_05" - "Sun Microsystems, Inc." - C:\Programme\Java\jre1.6.0_05\bin\npjpi160_05.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} "Java Plug-in 1.6.0_07" - "Sun Microsystems, Inc." - C:\Programme\Java\jre1.6.0_07\bin\npjpi160_07.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_11" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_11.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} "Java Plug-in 1.6.0_11" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_11.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_11" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_11.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C} "{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}" - ? -   (File not found | COM-object registry key not found) / hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
{E2883E8F-472F-4FB0-9522-AC9BF37916A7} "{E2883E8F-472F-4FB0-9522-AC9BF37916A7}" - ? -   (File not found | COM-object registry key not found) / hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
{4248FE82-7FCB-46AC-B270-339F08212110} "&Virtuelle Tastatur" - "Kaspersky Lab ZAO" - C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 2011\klwtbbho.dll
"eBay - Homepage" - ? - C:\Programme\IrfanView\Ebay\Ebay.htm
{CCF151D8-D089-449F-A5A4-D9909053F20F} "Li&nks untersuchen" - "Kaspersky Lab ZAO" - C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 2011\klwtbbho.dll
{FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Recherchieren" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )-----
<binary data> "&Windows Live Toolbar" - "Microsoft Corporation" - C:\Programme\Windows Live\Toolbar\wltcore.dll
<binary data> "Acer eDataSecurity Management" - "HiTRUST" - C:\WINDOWS\system32\eDStoolbar.dll
{F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} "Ask Toolbar" - "Ask.com" - C:\Programme\AskSBar\bar\1.bin\ASKSBAR.DLL
<binary data> "Google Toolbar" - "Google Inc." - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll
<binary data> "Lexmark Symbolleiste" - ? - C:\Programme\Lexmark Toolbar\toolband.dll  (File found, but it contains no detailed information)
{472734EA-242A-422B-ADF8-83D1E48CC825} "PC Tools Browser Guard" - "Threat Expert Ltd." - C:\Programme\Spyware Doctor\BDT\PCTBrowserDefender.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} "Adobe PDF Reader Link Helper" - "Adobe Systems Incorporated" - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
{0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} "Ask Search Assistant BHO" - "Ask.com" - C:\Programme\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
{F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} "Ask Toolbar BHO" - "Ask.com" - C:\Programme\AskSBar\bar\1.bin\ASKSBAR.DLL
{E33CF602-D945-461A-83F0-819F76A199F8} "FilterBHO Class" - "Kaspersky Lab ZAO" - C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 2011\klwtbbho.dll
{AA58ED58-01DD-4d91-8333-CF10577473F7} "Google Toolbar Helper" - "Google Inc." - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} "Google Toolbar Notifier BHO" - "Google Inc." - C:\Programme\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll
{59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} "IEVkbdBHO Class" - "Kaspersky Lab ZAO" - C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 2011\ievkbd.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jp2ssv.dll
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} "Java(tm) Plug-In SSV Helper" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\ssv.dll
{E7E6F031-17CE-4C07-BC86-EABFE594F69C} "JQSIEStartDetectorImpl Class" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
{1017A80C-6F09-4548-A84D-EDD6AC9525F0} "Lexmark Symbolleiste" - ? - C:\Programme\Lexmark Toolbar\toolband.dll  (File found, but it contains no detailed information)
{2A0F3D1B-0909-4FF4-B272-609CCE6054E7} "PC Tools Browser Guard BHO" - "Threat Expert Ltd." - C:\Programme\Spyware Doctor\BDT\PCTBrowserDefender.dll
{6EBF7485-159F-4bff-A14F-B9E3AAC4465B} "Search Helper" - "Microsoft Corporation" - C:\Programme\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} "Windows Live Toolbar Helper" - "Microsoft Corporation" - C:\Programme\Windows Live\Toolbar\wltcore.dll

[Logon]
-----( %AllUsersProfile%\Startmenü\Programme\Autostart )-----
"Adobe Gamma Loader.lnk" - "Adobe Systems, Inc." - C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe  (Shortcut exists | File exists)
"Adobe Reader Speed Launch.lnk" - "Adobe Systems Incorporated" - C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe  (Shortcut exists | File exists)
"DESKTOP.INI" - ? - C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\DESKTOP.INI
-----( %UserProfile%\Startmenü\Programme\Autostart )-----
"DESKTOP.INI" - ? - C:\Dokumente und Einstellungen\Mathias\Startmenü\Programme\Autostart\DESKTOP.INI
"Registration DIE SIEDLER - Das Erbe der Könige.LNK" - ? - C:\Dokumente und Einstellungen\Mathias\Startmenü\Programme\Autostart\Registration DIE SIEDLER - Das Erbe der Könige.LNK  (Shortcut exists | File not found)
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----
"OM2_Monitor" - "OLYMPUS IMAGING CORP." - "C:\Programme\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" -NoStart
"QuickNote" - ? - C:\Programme\AN QuickNote\QuickNote.exe
"Skype" - "Skype Technologies S.A." - "C:\Programme\Skype\\Phone\Skype.exe" /nosplash /minimized
"swg" - "Google Inc." - "C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"ADMTray.exe" - "Avocent Inc." - "C:\Acer\Empowering Technology\admtray.exe"
"AVP" - "Kaspersky Lab ZAO" - "C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe"
"ConnectionCenter" - "Citrix Systems, Inc." - "C:\Programme\Citrix\ICA Client\concentr.exe" /startup
"eDataSecurity Loader" - "HiTRUST" - C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
"ePower_DMC" - "Acer Incorporated" - C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
"eRecoveryService" - "acer Inc." - C:\Acer\Empowering Technology\eRecovery\Monitor.exe
"FixCamera" - ? - C:\WINDOWS\FixCamera.exe
"LManager" - "Dritek System Inc." - C:\PROGRA~1\LAUNCH~1\LManager.exe
"MSPY2002" - ? - C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC  (File signed by Microsoft | File found, but it contains no detailed information)
"ntiMUI" - ? - C:\Programme\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe  (File found, but it contains no detailed information)
"OM2_Monitor" - "OLYMPUS IMAGING CORP." - "C:\Programme\OLYMPUS\OLYMPUS Master 2\FirstStart.exe" /OM
"PCMService" - "CyberLink Corp." - "C:\Programme\Acer\Acer Arcade\PCMService.exe"
"QuickTime Task" - "Apple Inc." - "C:\Programme\QuickTime\qttask.exe" -atboottime
"snp325" - ? - C:\WINDOWS\vsnp325.exe
"SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Programme\Java\jre6\bin\jusched.exe"
"tsnp325" - ? - C:\WINDOWS\tsnp325.exe

[Print Monitors]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----
"doPDF   5 Monitor" - "Softland" - C:\WINDOWS\system32\dopdfmn5.dll
"Lexmark Print-2-Fax Port" - ? - C:\WINDOWS\system32\LXPRMON.DLL
"Microsoft Document Imaging Writer Monitor" - "Microsoft Corporation" - C:\WINDOWS\system32\mdimon.dll

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
".NET Runtime Optimization Service v2.0.50727_X86" (clr_optimization_v2.0.50727_32) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
"AdminWorks Agent X6" (AWService) - "Avocent Inc." - C:\Acer\Empowering Technology\admServ.exe
"Anwendungsverwaltung" (AppMgmt) - ? - C:\WINDOWS\System32\appmgmts.dll  (File not found)
"Apple Mobile Device" (Apple Mobile Device) - "Apple, Inc." - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
"ASP.NET State Service" (aspnet_state) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
"Browser Defender Update Service" (Browser Defender Update Service) - "Threat Expert Ltd." - C:\Programme\Spyware Doctor\BDT\BDTUpdateService.exe
"CyberLink Background Capture Service (CBCS)" (CLCapSvc) - ? - C:\Programme\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
"CyberLink Media Library Service" (CyberLink Media Library Service) - "Cyberlink" - C:\Programme\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
"Cyberlink RichVideo Service(CRVS)" (RichVideo) - ? - C:\Programme\CyberLink\Shared Files\RichVideo.exe
"CyberLink Task Scheduler (CTS)" (CLSched) - ? - C:\Programme\Acer\Acer Arcade\Kernel\TV\CLSched.exe
"Google Software Updater" (gusvc) - "Google" - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
"Google Update Service (gupdate)" (gupdate) - "Google Inc." - C:\Programme\Google\Update\GoogleUpdate.exe
"InstallDriver Table Manager" (IDriverT) - "Macrovision Corporation" - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe
"Java Quick Starter" (JavaQuickStarterService) - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jqs.exe
"Kaspersky Anti-Virus Service" (AVP) - "Kaspersky Lab ZAO" - C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe
"LightScribeService Direct Disc Labeling Service" (LightScribeService) - "Hewlett-Packard Company" - C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe
"Machine Debug Manager" (MDM) - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE
"Office Source Engine" (ose) - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE
"PC Tools Auxiliary Service" (sdAuxService) - "PC Tools" - C:\Programme\Spyware Doctor\pctsAuxs.exe
"PC Tools Security Service" (sdCoreService) - "PC Tools" - C:\Programme\Spyware Doctor\pctsSvc.exe
"Remote Packet Capture Protocol v.0 (experimental)" (rpcapd) - "CACE Technologies" - C:\Programme\WinPcap\rpcapd.exe
"SeaPort" (SeaPort) - "Microsoft Corporation" - C:\Programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
"ServiceLayer" (ServiceLayer) - "Nokia." - C:\Programme\PC Connectivity Solution\ServiceLayer.exe
"Steganos Live Encryption Engine 8.1 [Service]" (SLEE_81_SERVICE) - ? - C:\WINDOWS\system32\SLEE81.exe  (File found, but it contains no detailed information)
"ThreatFire" (ThreatFire) - "PC Tools" - C:\Programme\Spyware Doctor\TFEngine\TFService.exe
"Virtual Disk Service Manager" (MSR Service) - ? - C:\Programme\Clarus\Samsung SecretZone\MSSvc.exe  (File found, but it contains no detailed information)
"Windows CardSpace" (idsvc) - "Microsoft Corporation" - c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
"Windows Presentation Foundation Font Cache 3.0.0.0" (FontCache3.0.0.0) - "Microsoft Corporation" - c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe

[Winlogon]
-----( HKCU\Control Panel\IOProcs )-----
"MVB" - ? - mvfs32.dll  (File not found)
-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions )-----
{c6dc5466-785a-11d2-84d0-00c04fb169f7} "Softwareinstallation" - ? - appmgmts.dll  (File not found)
-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify )-----
"klogon" - "Kaspersky Lab ZAO" - C:\WINDOWS\system32\klogon.dll
"WgaLogon" - "Microsoft Corporation" - C:\WINDOWS\system32\WgaLogon.dll

[Winsock Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries )-----
"PCTOOLS CONTENT FILTER PROVIDER" - "PC Tools Research Pty Ltd." - C:\Programme\Gemeinsame Dateien\PC Tools\Lsp\PCTLsp.dll

===[ Logfile end ]=========================================[ Logfile end ]===

--- --- ---

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru[/QUOTE]

MBR-Scan Log:

Zitat:

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows XP Home Edition
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x0000003c

Kernel Drivers (total 148):
0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
0x806E5000 \WINDOWS\system32\hal.dll
0xF79FE000 \WINDOWS\system32\KDCOM.DLL
0xF790E000 \WINDOWS\system32\BOOTVID.dll
0xF6EDB000 kl1.sys
0xF6EBB000 fltmgr.sys
0xF6E8C000 ACPI.sys
0xF7A00000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xF6E7B000 pci.sys
0xF74FE000 isapnp.sys
0xF7912000 compbatt.sys
0xF7916000 \WINDOWS\system32\DRIVERS\BATTC.SYS
0xF7AC6000 pciide.sys
0xF777E000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xF6E5D000 pcmcia.sys
0xF752E000 MountMgr.sys
0xF6E3E000 ftdisk.sys
0xF791A000 ACPIEC.sys
0xF7AC7000 \WINDOWS\system32\DRIVERS\OPRGHDLR.SYS
0xF7786000 PartMgr.sys
0xF753E000 VolSnap.sys
0xF6E26000 \WINDOWS\system32\DRIVERS\SCSIPORT.SYS
0xF6E0E000 atapi.sys
0xF75CE000 disk.sys
0xF75DE000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xF6DB7000 sr.sys
0xF6D80000 PCTCore.sys
0xF75EE000 PxHelp20.sys
0xF6D6F000 TfFsMon.sys
0xF6D5E000 TfSysMon.sys
0xF6D3A000 Fastfat.sys
0xF6D23000 KSecDD.sys
0xF6D10000 WudfPf.sys
0xF6CE3000 NDIS.sys
0xF6CC9000 Mup.sys
0xF766E000 \SystemRoot\system32\DRIVERS\intelppm.sys
0xF79D6000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0xF6A5D000 \SystemRoot\system32\DRIVERS\ialmnt5.sys
0xF6913000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xF68EB000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0xF783E000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0xF68C7000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xF7846000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xF767E000 \SystemRoot\system32\DRIVERS\bcm4sbxp.sys
0xF685F000 \SystemRoot\system32\DRIVERS\bcmwl5.sys
0xF768E000 \SystemRoot\system32\DRIVERS\EMS7SK.sys
0xF684B000 \SystemRoot\system32\DRIVERS\sdbus.sys
0xF6838000 \SystemRoot\system32\DRIVERS\ESM7SK.sys
0xF769E000 \SystemRoot\system32\DRIVERS\ESD7SK.sys
0xF79DA000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0xF76AE000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0xF784E000 \SystemRoot\system32\DRIVERS\DKbFltr.sys
0xF7856000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xF6809000 \SystemRoot\system32\DRIVERS\SynTP.sys
0xF7A16000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xF76BE000 \SystemRoot\system32\DRIVERS\klmouflt.sys
0xF785E000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xF76CE000 \SystemRoot\system32\DRIVERS\imapi.sys
0xF79DE000 \SystemRoot\system32\drivers\pfc.sys
0xF79E2000 \SystemRoot\System32\Drivers\UBHelper.SYS
0xF76DE000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xF76EE000 \SystemRoot\system32\DRIVERS\redbook.sys
0xF67E6000 \SystemRoot\system32\DRIVERS\ks.sys
0xF7A18000 \SystemRoot\system32\DRIVERS\NTIDrvr.sys
0xF76FE000 \SystemRoot\system32\DRIVERS\klim5.sys
0xF6992000 \SystemRoot\system32\DRIVERS\audstub.sys
0xF7866000 \SystemRoot\system32\DRIVERS\rasirda.sys
0xF786E000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xF770E000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xF79EE000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xF67CF000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xF771E000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xF772E000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xF67BE000 \SystemRoot\system32\DRIVERS\psched.sys
0xF773E000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xF7876000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xF787E000 \SystemRoot\system32\DRIVERS\raspti.sys
0xF774E000 \SystemRoot\system32\DRIVERS\termdd.sys
0xF7A1A000 \SystemRoot\system32\DRIVERS\swenum.sys
0xF6738000 \SystemRoot\system32\DRIVERS\update.sys
0xF6C05000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xF775E000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xAA37E000 \SystemRoot\system32\drivers\RtkHDAud.sys
0xAA35A000 \SystemRoot\system32\drivers\portcls.sys
0xF6CB9000 \SystemRoot\system32\drivers\drmk.sys
0xAA324000 \SystemRoot\system32\DRIVERS\HSFHWAZL.sys
0xAA230000 \SystemRoot\system32\DRIVERS\HSF_DPV.sys
0xAA17F000 \SystemRoot\system32\DRIVERS\HSF_CNXT.sys
0xF7886000 \SystemRoot\System32\Drivers\Modem.SYS
0xF6CA9000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xF6BCD000 \SystemRoot\System32\Drivers\i2omgmt.SYS
0xAA0D8000 \SystemRoot\system32\DRIVERS\klif.sys
0xF7A26000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xF6954000 \SystemRoot\System32\Drivers\Null.SYS
0xF7A28000 \SystemRoot\System32\Drivers\Beep.SYS
0xF78A6000 \SystemRoot\System32\drivers\vga.sys
0xF7A2A000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xF7A2C000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xF78AE000 \SystemRoot\System32\Drivers\Msfs.SYS
0xF78B6000 \SystemRoot\System32\Drivers\Npfs.SYS
0xF6BC9000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xF78BE000 \SystemRoot\system32\DRIVERS\kl2.sys
0xAA07D000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xAA024000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xA9FED000 \??\C:\WINDOWS\system32\drivers\pctgntdi.sys
0xA9FC7000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xA9F9F000 \SystemRoot\system32\DRIVERS\netbt.sys
0xF793E000 \SystemRoot\System32\drivers\ws2ifsl.sys
0xA9F7D000 \SystemRoot\System32\drivers\afd.sys
0xF6C99000 \SystemRoot\system32\DRIVERS\netbios.sys
0xA9F52000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xF67AA000 \??\C:\WINDOWS\system32\drivers\OsaFsLoc.sys
0xA9EBA000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xF6C89000 \SystemRoot\System32\Drivers\Fips.SYS
0xA9E59000 \??\C:\Programme\Gemeinsame Dateien\Symantec Shared\EENGINE\eeCtrl.sys
0xA9E45000 \SystemRoot\system32\DRIVERS\ctxusbm.sys
0xA945B000 \SystemRoot\system32\DRIVERS\snp325.sys
0xF6C69000 \SystemRoot\system32\DRIVERS\STREAM.SYS
0xF6C59000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xF78C6000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0xF6C49000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xBF800000 \SystemRoot\System32\win32k.sys
0xAA167000 \SystemRoot\System32\drivers\Dxapi.sys
0xF78CE000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xF6A0A000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF020000 \SystemRoot\System32\ialmdnt5.dll
0xBF012000 \SystemRoot\System32\ialmrnt5.dll
0xBF042000 \SystemRoot\System32\ialmdev5.DLL
0xBF077000 \SystemRoot\System32\ialmdd5.DLL
0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
0xA9125000 \SystemRoot\system32\DRIVERS\irda.sys
0xA925F000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xA8EC8000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0xA8FED000 \SystemRoot\System32\Drivers\Aspi32.SYS
0xA8E63000 \SystemRoot\system32\drivers\wdmaud.sys
0xA91A3000 \SystemRoot\system32\drivers\sysaudio.sys
0xA8984000 \SystemRoot\system32\DRIVERS\srv.sys
0xA8970000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
0xF7A02000 \??\C:\WINDOWS\system32\drivers\osaio.sys
0xF7B58000 \??\C:\WINDOWS\system32\drivers\osanbm.sys
0xA87B8000 \??\C:\WINDOWS\system32\drivers\SLEE81.sys
0xA84F8000 \??\C:\Programme\Clarus\Samsung SecretZone\mvd20.sys
0xA8560000 \??\C:\Programme\Clarus\Samsung SecretZone\mdf15.sys
0xA8417000 \SystemRoot\System32\Drivers\HTTP.sys
0xF7A62000 \SystemRoot\System32\Drivers\NdisFilt.sys
0xA7EDB000 \??\C:\Acer\Empowering Technology\eRecovery\int15.sys
0x7C910000 \WINDOWS\System32\ntdll.dll

Processes (total 64):
0 System Idle Process
4 System
904 C:\WINDOWS\System32\SMSS.EXE
1460 CSRSS.EXE
1484 C:\WINDOWS\System32\WINLOGON.EXE
1528 C:\WINDOWS\System32\SERVICES.EXE
1540 C:\WINDOWS\System32\LSASS.EXE
1704 C:\WINDOWS\System32\SVCHOST.EXE
1824 SVCHOST.EXE
1864 C:\WINDOWS\System32\SVCHOST.EXE
1972 C:\WINDOWS\System32\SVCHOST.EXE
364 SVCHOST.EXE
388 SVCHOST.EXE
396 C:\WINDOWS\EXPLORER.EXE
956 C:\WINDOWS\System32\SPOOLSV.EXE
1064 SVCHOST.EXE
1104 C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\BIN\AppleMobileDeviceService.exe
1120 C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 2011\AVP.EXE
1140 C:\Acer\Empowering Technology\admServ.exe
1748 C:\Programme\Spyware Doctor\BDT\BDTUpdateService.exe
260 C:\Programme\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
348 C:\Programme\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
496 C:\Programme\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLService.exe
648 C:\Programme\Java\JRE6\BIN\JQS.EXE
1408 C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe
2192 C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE
2340 C:\Programme\Clarus\Samsung SecretZone\MSSvc.exe
2388 C:\Programme\CyberLink\Shared Files\RichVideo.exe
2480 C:\Programme\Spyware Doctor\pctsAuxs.exe
2552 C:\Programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
2620 C:\WINDOWS\System32\SLEE81.exe
2644 C:\WINDOWS\System32\SVCHOST.EXE
2680 C:\Programme\Acer\Acer Arcade\Kernel\TV\CLSched.exe
3208 C:\WINDOWS\System32\WBEM\wmiapsrv.exe
3292 wmiprvse.exe
3464 wmiprvse.exe
3496 alg.exe
3720 C:\Programme\Synaptics\SynTP\SynTPEnh.exe
2080 C:\Programme\Acer\Acer Arcade\PCMService.exe
2124 C:\WINDOWS\System32\hkcmd.exe
2136 C:\WINDOWS\System32\igfxpers.exe
2168 C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
1008 C:\Acer\Empowering Technology\admtray.exe
2472 C:\WINDOWS\RTHDCPL.EXE
3336 C:\WINDOWS\System32\SVCHOST.EXE
3880 C:\Programme\Launch Manager\LManager.exe
3932 C:\Acer\Empowering Technology\eRecovery\Monitor.exe
4028 C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
4072 C:\Programme\Java\JRE6\BIN\jusched.exe
1184 C:\WINDOWS\tsnp325.exe
1364 C:\WINDOWS\System32\igfxext.exe
2004 C:\WINDOWS\FixCamera.exe
2000 C:\WINDOWS\vsnp325.exe
2032 C:\WINDOWS\System32\igfxsrvc.exe
852 C:\Programme\Citrix\ICA Client\concentr.exe
2288 C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 2011\AVP.EXE
2308 C:\Programme\AN QuickNote\QuickNote.exe
2524 C:\Programme\Citrix\ICA Client\wfcrun32.exe
2608 C:\Programme\Skype\Phone\Skype.exe
1200 C:\WINDOWS\System32\WBEM\unsecapp.exe
1164 C:\WINDOWS\System32\ctfmon.exe
2960 C:\Dokumente und Einstellungen\Mathias\Lokale Einstellungen\Temp\RtkBtMnt.exe
3020 C:\Programme\Skype\Plugin Manager\skypePM.exe
2840 C:\Dokumente und Einstellungen\Mathias\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000001`384c7a00 (FAT32)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x0000000c`31843e00 (FAT32)
\\.\F: --> \\.\PhysicalDrive1 at offset 0x00000000`0000fc00 (FAT32)

PhysicalDrive0 Model Number: HTS541010G9AT00, Rev: MBZOA60A
PhysicalDrive1 Model Number: SamsungS2 Portable, Rev:

Size Device Name MBR Status
--------------------------------------------
93 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: 6A37CCD118436B688B51F6BD4C2B47A895EBDF7F
465 GB \\.\PhysicalDrive1 RE: Unknown MBR code
SHA1: 639AC5CDF8A5CF3245975932C6A4215450A7B98F

Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Done!

cosinus · 28.09.2010, 12:33

Hast Du noch andere Betriebssysteme (=> Linux) als Dual-Boot installiert?

Starte bitte MBRCheck.exe erneut.
Diesmal tippe in das Fenster folgendes ein und bestätige jede Eingabe mit Enter
bei

Enter 'Y' and hit ENTER for more options, or 'N' to exit: y
Enter your choice: 2
Enter the physical disk number to fix (0-99, -1 to cancel): 0
Please select the MBR code to write to this drive: 1 (für XP)
Gib nun Yes ein und bestätige mit ENTER.
Starte den Rechner neu auf.

Nach dem Neustart starte bitte MBRCheck.exe erneut.
Nun findest Du 2 MBRCheck_<Datum>_<Uhrzeit>.txt auf dem Desktop.
Poste mir den Inhalt von beiden .txt Dokumenten

mojoo · 28.09.2010, 17:54

Hi,

Nein, hab nie ein anderes Betriebssystem installiert gehabt. Nur Suse Linux hab ich mal über eine eigene CD ausprobiert. Hab das aber nie auf dem Rechner fix installiert.

Log 1:

Zitat:

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows XP Home Edition
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x0000003c

Kernel Drivers (total 149):
0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
0x806E5000 \WINDOWS\system32\hal.dll
0xF79FE000 \WINDOWS\system32\KDCOM.DLL
0xF790E000 \WINDOWS\system32\BOOTVID.dll
0xF6EDB000 kl1.sys
0xF6EBB000 fltmgr.sys
0xF6E8C000 ACPI.sys
0xF7A00000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xF6E7B000 pci.sys
0xF74FE000 isapnp.sys
0xF7912000 compbatt.sys
0xF7916000 \WINDOWS\system32\DRIVERS\BATTC.SYS
0xF7AC6000 pciide.sys
0xF777E000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xF6E5D000 pcmcia.sys
0xF752E000 MountMgr.sys
0xF6E3E000 ftdisk.sys
0xF791A000 ACPIEC.sys
0xF7AC7000 \WINDOWS\system32\DRIVERS\OPRGHDLR.SYS
0xF7786000 PartMgr.sys
0xF753E000 VolSnap.sys
0xF6E26000 \WINDOWS\system32\DRIVERS\SCSIPORT.SYS
0xF6E0E000 atapi.sys
0xF75CE000 disk.sys
0xF75DE000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xF6DB7000 sr.sys
0xF6D80000 PCTCore.sys
0xF75EE000 PxHelp20.sys
0xF6D6F000 TfFsMon.sys
0xF6D5E000 TfSysMon.sys
0xF6D3A000 Fastfat.sys
0xF6D23000 KSecDD.sys
0xF6D10000 WudfPf.sys
0xF6CE3000 NDIS.sys
0xF6CC9000 Mup.sys
0xF766E000 \SystemRoot\system32\DRIVERS\intelppm.sys
0xF79D6000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0xF698B000 \SystemRoot\system32\DRIVERS\ialmnt5.sys
0xF6977000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xF694F000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0xF783E000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0xF692B000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xF7846000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xF767E000 \SystemRoot\system32\DRIVERS\bcm4sbxp.sys
0xF68C3000 \SystemRoot\system32\DRIVERS\bcmwl5.sys
0xF768E000 \SystemRoot\system32\DRIVERS\EMS7SK.sys
0xF68AF000 \SystemRoot\system32\DRIVERS\sdbus.sys
0xF689C000 \SystemRoot\system32\DRIVERS\ESM7SK.sys
0xF769E000 \SystemRoot\system32\DRIVERS\ESD7SK.sys
0xF79DA000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0xF76AE000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0xF784E000 \SystemRoot\system32\DRIVERS\DKbFltr.sys
0xF7856000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xF686D000 \SystemRoot\system32\DRIVERS\SynTP.sys
0xF7A16000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xF76BE000 \SystemRoot\system32\DRIVERS\klmouflt.sys
0xF785E000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xF76CE000 \SystemRoot\system32\DRIVERS\imapi.sys
0xF79DE000 \SystemRoot\system32\drivers\pfc.sys
0xF79E2000 \SystemRoot\System32\Drivers\UBHelper.SYS
0xF76DE000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xF76EE000 \SystemRoot\system32\DRIVERS\redbook.sys
0xF684A000 \SystemRoot\system32\DRIVERS\ks.sys
0xF7A18000 \SystemRoot\system32\DRIVERS\NTIDrvr.sys
0xF76FE000 \SystemRoot\system32\DRIVERS\klim5.sys
0xF6B34000 \SystemRoot\system32\DRIVERS\audstub.sys
0xF7866000 \SystemRoot\system32\DRIVERS\rasirda.sys
0xF786E000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xF770E000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xF79EE000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xF6833000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xF771E000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xF772E000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xF6822000 \SystemRoot\system32\DRIVERS\psched.sys
0xF773E000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xF7876000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xF787E000 \SystemRoot\system32\DRIVERS\raspti.sys
0xF774E000 \SystemRoot\system32\DRIVERS\termdd.sys
0xF7A1A000 \SystemRoot\system32\DRIVERS\swenum.sys
0xF679C000 \SystemRoot\system32\DRIVERS\update.sys
0xF6C05000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xF775E000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xAA37E000 \SystemRoot\system32\drivers\RtkHDAud.sys
0xAA35A000 \SystemRoot\system32\drivers\portcls.sys
0xF6CB9000 \SystemRoot\system32\drivers\drmk.sys
0xAA324000 \SystemRoot\system32\DRIVERS\HSFHWAZL.sys
0xAA230000 \SystemRoot\system32\DRIVERS\HSF_DPV.sys
0xAA17F000 \SystemRoot\system32\DRIVERS\HSF_CNXT.sys
0xF7886000 \SystemRoot\System32\Drivers\Modem.SYS
0xF6CA9000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xF6BD1000 \SystemRoot\System32\Drivers\i2omgmt.SYS
0xAA0D8000 \SystemRoot\system32\DRIVERS\klif.sys
0xF7A26000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xF6AF6000 \SystemRoot\System32\Drivers\Null.SYS
0xF7A28000 \SystemRoot\System32\Drivers\Beep.SYS
0xF78A6000 \SystemRoot\System32\drivers\vga.sys
0xF7A2A000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xF7A2C000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xF78AE000 \SystemRoot\System32\Drivers\Msfs.SYS
0xF78B6000 \SystemRoot\System32\Drivers\Npfs.SYS
0xF6BCD000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xF78BE000 \SystemRoot\system32\DRIVERS\kl2.sys
0xAA07D000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xAA024000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xA9FED000 \??\C:\WINDOWS\system32\drivers\pctgntdi.sys
0xA9FC7000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xA9F9F000 \SystemRoot\system32\DRIVERS\netbt.sys
0xF793E000 \SystemRoot\System32\drivers\ws2ifsl.sys
0xA9F7D000 \SystemRoot\System32\drivers\afd.sys
0xF6C99000 \SystemRoot\system32\DRIVERS\netbios.sys
0xA9F52000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xF680E000 \??\C:\WINDOWS\system32\drivers\OsaFsLoc.sys
0xA9EBA000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xF6C89000 \SystemRoot\System32\Drivers\Fips.SYS
0xA9E59000 \??\C:\Programme\Gemeinsame Dateien\Symantec Shared\EENGINE\eeCtrl.sys
0xA9E45000 \SystemRoot\system32\DRIVERS\ctxusbm.sys
0xF78C6000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0xF6C69000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xF6C59000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xA945B000 \SystemRoot\system32\DRIVERS\snp325.sys
0xF6C49000 \SystemRoot\system32\DRIVERS\STREAM.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xAA167000 \SystemRoot\System32\drivers\Dxapi.sys
0xF78CE000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xF7BCA000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF020000 \SystemRoot\System32\ialmdnt5.dll
0xBF012000 \SystemRoot\System32\ialmrnt5.dll
0xBF042000 \SystemRoot\System32\ialmdev5.DLL
0xBF077000 \SystemRoot\System32\ialmdd5.DLL
0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
0xA9125000 \SystemRoot\system32\DRIVERS\irda.sys
0xA925F000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xA8F68000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0xA8E8B000 \SystemRoot\system32\drivers\wdmaud.sys
0xF763E000 \SystemRoot\system32\drivers\sysaudio.sys
0xA8FFD000 \SystemRoot\System32\Drivers\Aspi32.SYS
0xA8934000 \SystemRoot\system32\DRIVERS\srv.sys
0xA899B000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
0xF7A90000 \??\C:\WINDOWS\system32\drivers\osaio.sys
0xF7B0C000 \??\C:\WINDOWS\system32\drivers\osanbm.sys
0xA87B8000 \??\C:\WINDOWS\system32\drivers\SLEE81.sys
0xA82C7000 \SystemRoot\System32\Drivers\HTTP.sys
0xA81E7000 \??\C:\Programme\Clarus\Samsung SecretZone\mvd20.sys
0xF7ABE000 \SystemRoot\System32\Drivers\NdisFilt.sys
0xA909D000 \??\C:\Programme\Clarus\Samsung SecretZone\mdf15.sys
0xA802C000 \SystemRoot\system32\drivers\kmixer.sys
0xA7EDB000 \??\C:\Acer\Empowering Technology\eRecovery\int15.sys
0x7C910000 \WINDOWS\System32\ntdll.dll

Processes (total 70):
0 System Idle Process
4 System
904 C:\WINDOWS\System32\SMSS.EXE
1460 CSRSS.EXE
1484 C:\WINDOWS\System32\WINLOGON.EXE
1528 C:\WINDOWS\System32\SERVICES.EXE
1540 C:\WINDOWS\System32\LSASS.EXE
1704 C:\WINDOWS\System32\SVCHOST.EXE
1824 SVCHOST.EXE
1864 C:\WINDOWS\System32\SVCHOST.EXE
1972 C:\WINDOWS\System32\SVCHOST.EXE
356 SVCHOST.EXE
380 SVCHOST.EXE
728 C:\WINDOWS\EXPLORER.EXE
792 C:\WINDOWS\System32\SPOOLSV.EXE
1052 SVCHOST.EXE
1092 C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\BIN\AppleMobileDeviceService.exe
1140 C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 2011\AVP.EXE
1332 C:\Acer\Empowering Technology\admServ.exe
204 C:\Programme\Spyware Doctor\BDT\BDTUpdateService.exe
672 C:\Programme\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
708 C:\Programme\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
148 C:\Programme\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLService.exe
1212 C:\Programme\Synaptics\SynTP\SynTPEnh.exe
2040 C:\Programme\Java\JRE6\BIN\JQS.EXE
2088 C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe
2220 C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE
2432 C:\Programme\Clarus\Samsung SecretZone\MSSvc.exe
2480 C:\Programme\CyberLink\Shared Files\RichVideo.exe
2628 C:\Programme\Spyware Doctor\pctsAuxs.exe
2712 C:\Programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
2788 C:\Programme\Acer\Acer Arcade\PCMService.exe
2832 C:\WINDOWS\System32\SLEE81.exe
2908 C:\WINDOWS\System32\SVCHOST.EXE
2916 C:\WINDOWS\System32\hkcmd.exe
3052 C:\Programme\Acer\Acer Arcade\Kernel\TV\CLSched.exe
3060 C:\WINDOWS\System32\igfxpers.exe
3176 C:\WINDOWS\System32\wuauclt.exe
3204 C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
3392 C:\Acer\Empowering Technology\admtray.exe
3848 C:\WINDOWS\RTHDCPL.EXE
3904 C:\Programme\Launch Manager\LManager.exe
3980 C:\Acer\Empowering Technology\eRecovery\Monitor.exe
4092 C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
652 wmiprvse.exe
1544 C:\Programme\Java\JRE6\BIN\jusched.exe
2172 C:\WINDOWS\System32\WBEM\wmiapsrv.exe
2300 C:\WINDOWS\System32\igfxext.exe
704 C:\WINDOWS\System32\igfxsrvc.exe
2492 wmiprvse.exe
2544 C:\WINDOWS\TSNP325.EXE
1436 alg.exe
2260 C:\WINDOWS\FixCamera.exe
3148 C:\WINDOWS\System32\WBEM\unsecapp.exe
3704 C:\WINDOWS\VSNP325.EXE
4016 C:\WINDOWS\System32\SVCHOST.EXE
280 C:\Programme\Citrix\ICA Client\concentr.exe
2284 C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 2011\AVP.EXE
2484 C:\Programme\Citrix\ICA Client\wfcrun32.exe
2232 C:\Dokumente und Einstellungen\Mathias\Lokale Einstellungen\TEMP\RtkBtMnt.exe
988 C:\Programme\AN QuickNote\QuickNote.exe
3828 C:\Programme\Skype\Phone\Skype.exe
1592 C:\WINDOWS\System32\ctfmon.exe
3816 C:\Programme\Skype\Plugin Manager\skypePM.exe
2996 C:\Programme\Mozilla Thunderbird\thunderbird.exe
3708 C:\Programme\Internet Explorer\iexplore.exe
336 C:\Programme\Internet Explorer\iexplore.exe
3948 C:\Programme\Windows Live\Toolbar\wltuser.exe
3680 C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 2011\klwtblfs.exe
1772 C:\Dokumente und Einstellungen\Mathias\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000001`384c7a00 (FAT32)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x0000000c`31843e00 (FAT32)
\\.\F: --> \\.\PhysicalDrive1 at offset 0x00000000`0000fc00 (FAT32)

PhysicalDrive0 Model Number: HTS541010G9AT00, Rev: MBZOA60A
PhysicalDrive1 Model Number: SamsungS2 Portable, Rev:

Size Device Name MBR Status
--------------------------------------------
93 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: 6A37CCD118436B688B51F6BD4C2B47A895EBDF7F
465 GB \\.\PhysicalDrive1 RE: Unknown MBR code
SHA1: 639AC5CDF8A5CF3245975932C6A4215450A7B98F

Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:
Options:
[1] Dump the MBR of a physical disk to file.
[2] Restore the MBR of a physical disk with a standard boot code.
[3] Exit.

Enter your choice: Enter the physical disk number to fix (0-99, -1 to cancel): 0Available MBR codes:
[ 0] Default (Windows XP)
[ 1] Windows XP
[ 2] Windows Server 2003
[ 3] Windows Vista
[ 4] Windows 2008
[ 5] Windows 7
[-1] Cancel

Please select the MBR code to write to this drive: 1
Do you want to fix the MBR code? Type 'YES' and hit ENTER to continue: y

Done!

Log 2:

Zitat:

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows XP Home Edition
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x0000003c

Kernel Drivers (total 150):
0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
0x806E5000 \WINDOWS\system32\hal.dll
0xF79FE000 \WINDOWS\system32\KDCOM.DLL
0xF790E000 \WINDOWS\system32\BOOTVID.dll
0xF6EDB000 kl1.sys
0xF6EBB000 fltmgr.sys
0xF6E8C000 ACPI.sys
0xF7A00000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xF6E7B000 pci.sys
0xF74FE000 isapnp.sys
0xF7912000 compbatt.sys
0xF7916000 \WINDOWS\system32\DRIVERS\BATTC.SYS
0xF7AC6000 pciide.sys
0xF777E000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xF6E5D000 pcmcia.sys
0xF752E000 MountMgr.sys
0xF6E3E000 ftdisk.sys
0xF791A000 ACPIEC.sys
0xF7AC7000 \WINDOWS\system32\DRIVERS\OPRGHDLR.SYS
0xF7786000 PartMgr.sys
0xF753E000 VolSnap.sys
0xF6E26000 \WINDOWS\system32\DRIVERS\SCSIPORT.SYS
0xF6E0E000 atapi.sys
0xF75CE000 disk.sys
0xF75DE000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xF6DB7000 sr.sys
0xF6D80000 PCTCore.sys
0xF75EE000 PxHelp20.sys
0xF6D6F000 TfFsMon.sys
0xF6D5E000 TfSysMon.sys
0xF6D3A000 Fastfat.sys
0xF6D23000 KSecDD.sys
0xF6D10000 WudfPf.sys
0xF6CE3000 NDIS.sys
0xF6CC9000 Mup.sys
0xF766E000 \SystemRoot\system32\DRIVERS\intelppm.sys
0xF79D6000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0xF698B000 \SystemRoot\system32\DRIVERS\ialmnt5.sys
0xF6977000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xF694F000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0xF783E000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0xF692B000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xF7846000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xF767E000 \SystemRoot\system32\DRIVERS\bcm4sbxp.sys
0xF68C3000 \SystemRoot\system32\DRIVERS\bcmwl5.sys
0xF768E000 \SystemRoot\system32\DRIVERS\EMS7SK.sys
0xF68AF000 \SystemRoot\system32\DRIVERS\sdbus.sys
0xF689C000 \SystemRoot\system32\DRIVERS\ESM7SK.sys
0xF769E000 \SystemRoot\system32\DRIVERS\ESD7SK.sys
0xF79DA000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0xF76AE000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0xF784E000 \SystemRoot\system32\DRIVERS\DKbFltr.sys
0xF7856000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xF686D000 \SystemRoot\system32\DRIVERS\SynTP.sys
0xF7A16000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xF76BE000 \SystemRoot\system32\DRIVERS\klmouflt.sys
0xF785E000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xF76CE000 \SystemRoot\system32\DRIVERS\imapi.sys
0xF79DE000 \SystemRoot\system32\drivers\pfc.sys
0xF79E2000 \SystemRoot\System32\Drivers\UBHelper.SYS
0xF76DE000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xF76EE000 \SystemRoot\system32\DRIVERS\redbook.sys
0xF684A000 \SystemRoot\system32\DRIVERS\ks.sys
0xF7A18000 \SystemRoot\system32\DRIVERS\NTIDrvr.sys
0xF76FE000 \SystemRoot\system32\DRIVERS\klim5.sys
0xF6B35000 \SystemRoot\system32\DRIVERS\audstub.sys
0xF7866000 \SystemRoot\system32\DRIVERS\rasirda.sys
0xF786E000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xF770E000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xF79EE000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xF6833000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xF771E000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xF772E000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xF6822000 \SystemRoot\system32\DRIVERS\psched.sys
0xF773E000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xF7876000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xF787E000 \SystemRoot\system32\DRIVERS\raspti.sys
0xF774E000 \SystemRoot\system32\DRIVERS\termdd.sys
0xF7A1A000 \SystemRoot\system32\DRIVERS\swenum.sys
0xF679C000 \SystemRoot\system32\DRIVERS\update.sys
0xF6C05000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xF775E000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xAA37E000 \SystemRoot\system32\drivers\RtkHDAud.sys
0xAA35A000 \SystemRoot\system32\drivers\portcls.sys
0xF6CB9000 \SystemRoot\system32\drivers\drmk.sys
0xAA324000 \SystemRoot\system32\DRIVERS\HSFHWAZL.sys
0xAA230000 \SystemRoot\system32\DRIVERS\HSF_DPV.sys
0xAA17F000 \SystemRoot\system32\DRIVERS\HSF_CNXT.sys
0xF7886000 \SystemRoot\System32\Drivers\Modem.SYS
0xF6CA9000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xF6BD1000 \SystemRoot\System32\Drivers\i2omgmt.SYS
0xAA0D8000 \SystemRoot\system32\DRIVERS\klif.sys
0xF7A26000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xF6AF8000 \SystemRoot\System32\Drivers\Null.SYS
0xF7A28000 \SystemRoot\System32\Drivers\Beep.SYS
0xF78A6000 \SystemRoot\System32\drivers\vga.sys
0xF7A2A000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xF7A2C000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xF78AE000 \SystemRoot\System32\Drivers\Msfs.SYS
0xF78B6000 \SystemRoot\System32\Drivers\Npfs.SYS
0xF6BCD000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xF78BE000 \SystemRoot\system32\DRIVERS\kl2.sys
0xAA07D000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xAA024000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xA9FED000 \??\C:\WINDOWS\system32\drivers\pctgntdi.sys
0xA9FC7000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xA9F9F000 \SystemRoot\system32\DRIVERS\netbt.sys
0xF793E000 \SystemRoot\System32\drivers\ws2ifsl.sys
0xA9F7D000 \SystemRoot\System32\drivers\afd.sys
0xF6C99000 \SystemRoot\system32\DRIVERS\netbios.sys
0xA9F52000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xF680E000 \??\C:\WINDOWS\system32\drivers\OsaFsLoc.sys
0xA9EBA000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xF6C89000 \SystemRoot\System32\Drivers\Fips.SYS
0xA9E59000 \??\C:\Programme\Gemeinsame Dateien\Symantec Shared\EENGINE\eeCtrl.sys
0xA9E45000 \SystemRoot\system32\DRIVERS\ctxusbm.sys
0xF78C6000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0xF6C69000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xF6C59000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xA945B000 \SystemRoot\system32\DRIVERS\snp325.sys
0xF6C49000 \SystemRoot\system32\DRIVERS\STREAM.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xAA167000 \SystemRoot\System32\drivers\Dxapi.sys
0xF78CE000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xF7BA2000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF020000 \SystemRoot\System32\ialmdnt5.dll
0xBF012000 \SystemRoot\System32\ialmrnt5.dll
0xBF042000 \SystemRoot\System32\ialmdev5.DLL
0xBF077000 \SystemRoot\System32\ialmdd5.DLL
0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
0xA9125000 \SystemRoot\system32\DRIVERS\irda.sys
0xA9257000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xA8EC8000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0xA8FE5000 \SystemRoot\System32\Drivers\Aspi32.SYS
0xA8E63000 \SystemRoot\system32\drivers\wdmaud.sys
0xA90C5000 \SystemRoot\system32\drivers\sysaudio.sys
0xA8A9C000 \SystemRoot\system32\DRIVERS\srv.sys
0xA8C17000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
0xF7A98000 \??\C:\WINDOWS\system32\drivers\osaio.sys
0xF6B40000 \??\C:\WINDOWS\system32\drivers\osanbm.sys
0xA88A8000 \??\C:\WINDOWS\system32\drivers\SLEE81.sys
0xA84F8000 \??\C:\Programme\Clarus\Samsung SecretZone\mvd20.sys
0xA85C0000 \??\C:\Programme\Clarus\Samsung SecretZone\mdf15.sys
0xA83EF000 \SystemRoot\System32\Drivers\HTTP.sys
0xF7A7C000 \SystemRoot\System32\Drivers\NdisFilt.sys
0xA7EDB000 \??\C:\Acer\Empowering Technology\eRecovery\int15.sys
0xA7DE8000 \SystemRoot\system32\drivers\kmixer.sys
0xF7A64000 \SystemRoot\system32\drivers\splitter.sys
0x7C910000 \WINDOWS\System32\ntdll.dll

Processes (total 67):
0 System Idle Process
4 System
904 C:\WINDOWS\System32\SMSS.EXE
1460 CSRSS.EXE
1484 C:\WINDOWS\System32\WINLOGON.EXE
1528 C:\WINDOWS\System32\SERVICES.EXE
1540 C:\WINDOWS\System32\LSASS.EXE
1692 C:\WINDOWS\System32\SVCHOST.EXE
1824 SVCHOST.EXE
1864 C:\WINDOWS\System32\SVCHOST.EXE
1976 C:\WINDOWS\System32\SVCHOST.EXE
332 SVCHOST.EXE
392 SVCHOST.EXE
400 C:\WINDOWS\EXPLORER.EXE
960 C:\WINDOWS\System32\SPOOLSV.EXE
1064 SVCHOST.EXE
1104 C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\BIN\AppleMobileDeviceService.exe
1120 C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 2011\AVP.EXE
1140 C:\Acer\Empowering Technology\admServ.exe
1700 C:\Programme\Spyware Doctor\BDT\BDTUpdateService.exe
272 C:\Programme\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
284 C:\Programme\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
324 C:\Programme\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLService.exe
360 C:\Programme\Java\JRE6\BIN\JQS.EXE
588 C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe
616 C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE
648 C:\Programme\Clarus\Samsung SecretZone\MSSvc.exe
744 C:\Programme\CyberLink\Shared Files\RichVideo.exe
1196 C:\Programme\Spyware Doctor\pctsAuxs.exe
1464 C:\Programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
2012 C:\WINDOWS\System32\SLEE81.exe
2036 C:\WINDOWS\System32\SVCHOST.EXE
2156 C:\Programme\Acer\Acer Arcade\Kernel\TV\CLSched.exe
2628 C:\WINDOWS\System32\wuauclt.exe
3128 C:\WINDOWS\System32\WBEM\wmiapsrv.exe
3436 wmiprvse.exe
3488 C:\WINDOWS\System32\wscntfy.exe
3508 alg.exe
3568 wmiprvse.exe
508 C:\Programme\Synaptics\SynTP\SynTPEnh.exe
2604 C:\Programme\Acer\Acer Arcade\PCMService.exe
2620 C:\WINDOWS\System32\hkcmd.exe
980 C:\WINDOWS\System32\igfxpers.exe
2776 C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
192 C:\Acer\Empowering Technology\admtray.exe
1788 C:\WINDOWS\RTHDCPL.EXE
3680 C:\WINDOWS\System32\SVCHOST.EXE
520 C:\Programme\Launch Manager\LManager.exe
572 C:\Acer\Empowering Technology\eRecovery\Monitor.exe
1076 C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
2224 C:\Programme\Java\JRE6\BIN\jusched.exe
2240 C:\WINDOWS\System32\igfxext.exe
2576 C:\WINDOWS\System32\igfxsrvc.exe
2596 C:\WINDOWS\tsnp325.exe
2968 C:\WINDOWS\FixCamera.exe
3032 C:\WINDOWS\vsnp325.exe
3168 C:\WINDOWS\System32\WBEM\unsecapp.exe
1112 C:\Programme\Citrix\ICA Client\concentr.exe
3304 C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 2011\AVP.EXE
3356 C:\Programme\AN QuickNote\QuickNote.exe
2452 C:\Programme\Citrix\ICA Client\wfcrun32.exe
3044 C:\Programme\Skype\Phone\Skype.exe
3548 C:\Dokumente und Einstellungen\Mathias\Lokale Einstellungen\Temp\RtkBtMnt.exe
768 C:\WINDOWS\System32\ctfmon.exe
3716 C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe
3984 C:\Programme\Skype\Plugin Manager\skypePM.exe
3988 C:\Dokumente und Einstellungen\Mathias\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000001`384c7a00 (FAT32)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x0000000c`31843e00 (FAT32)
\\.\F: --> \\.\PhysicalDrive1 at offset 0x00000000`0000fc00 (FAT32)

PhysicalDrive0 Model Number: HTS541010G9AT00, Rev: MBZOA60A
PhysicalDrive1 Model Number: SamsungS2 Portable, Rev:

Size Device Name MBR Status
--------------------------------------------
93 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: 6A37CCD118436B688B51F6BD4C2B47A895EBDF7F
465 GB \\.\PhysicalDrive1 RE: Unknown MBR code
SHA1: 639AC5CDF8A5CF3245975932C6A4215450A7B98F

Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Done!

26.09.2010, 18:20	#4
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Probleme mit mehreren Trojanern Hast Du noch das Log von AntiVir? __________________ Logfiles bitte immer in CODE-Tags posten

Probleme mit mehreren Trojanern

Plagegeister aller Art und deren Bekämpfung: Probleme mit mehreren Trojanern