Skype - Facebook Virus

cosinus · 10.10.2010, 20:56

Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus

Downloade Dir danach bitte MBRCheck (by a_d_13) und speichere die Datei auf dem Desktop.

Doppelklick auf die MBRCheck.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Das Tool braucht nur eine Sekunde.
Danach solltest du eine MBRCheck_<Datum>_<Uhrzeit>.txt auf dem Desktop finden.

Poste mir bitte den Inhalt des .txt Dokumentes

Quemada · 11.10.2010, 21:45

Leider ein bisschen spät, da ich vorher keine Zeit hatte. Ich hoffe, dass macht nichts. GMER ist mehrmals abgestürzt.

OSAM.log

Code:

ATTFilter

Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 22:39:03 on 11.10.2010

OS: Windows XP Professional Service Pack 3, v.3264 (Build 2600)
Default Browser: Google Inc. Google Chrome 0.0.0.0

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Common]
-----( %SystemRoot%\Tasks )-----
"GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Programme\Google\Update\GoogleUpdate.exe
"GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Programme\Google\Update\GoogleUpdate.exe

[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"infocardcpl.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\infocardcpl.cpl
"javacpl.cpl" - "Sun Microsystems, Inc." - C:\WINDOWS\system32\javacpl.cpl
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"QuickTime" - "Apple Computer, Inc." - C:\Programme\QuickTime\QTSystem\QuickTime.cpl
"SMAX4CP" - "Analog Devices, Inc." - C:\Programme\Analog Devices\SoundMAX\SMax4.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"adfs" (adfs) - "Adobe Systems, Inc." - C:\WINDOWS\system32\drivers\adfs.sys
"AVG Free AVI Loader Driver x86" (AvgLdx86) - "AVG Technologies CZ, s.r.o." - C:\WINDOWS\System32\Drivers\avgldx86.sys
"AVG Free Network Redirector" (AvgTdiX) - "AVG Technologies CZ, s.r.o." - C:\WINDOWS\System32\Drivers\avgtdix.sys
"AVG Free On-access Scanner Minifilter Driver x86" (AvgMfx86) - "AVG Technologies CZ, s.r.o." - C:\WINDOWS\System32\Drivers\avgmfx86.sys
"catchme" (catchme) - ? - C:\DOKUME~1\NIEHSE~1\LOKALE~1\Temp\catchme.sys  (File not found)
"Changer" (Changer) - ? - C:\WINDOWS\system32\drivers\Changer.sys  (File not found)
"dmload" (dmload) - ? - C:\WINDOWS\System32\drivers\dmload.sys  (File found, but it contains no detailed information)
"dump_wmimmc" (dump_wmimmc) - ? - C:\Program Files\gPotato.eu\Rappelz\GameGuard\dump_wmimmc.sys  (File not found)
"EagleNT" (EagleNT) - ? - C:\WINDOWS\system32\drivers\EagleNT.sys  (File not found)
"Hamachi Network Interface" (hamachi) - "LogMeIn, Inc." - C:\WINDOWS\System32\DRIVERS\hamachi.sys
"i2omgmt" (i2omgmt) - ? - C:\WINDOWS\system32\drivers\i2omgmt.sys  (File not found)
"lbrtfdc" (lbrtfdc) - ? - C:\WINDOWS\system32\drivers\lbrtfdc.sys  (File not found)
"MACNDIS5 NDIS Protocol Driver" (MACNDIS5) - "Marmiko IT-Solutions GmbH" - C:\PROGRA~1\GEMEIN~1\MARMIK~1\MACNDIS5.SYS
"Microsoft UAA Bus Driver for High Definition Audio" (HDAudBus) - "Windows (R) Server 2003 DDK provider" - C:\WINDOWS\System32\DRIVERS\HDAudBus.sys
"Microsoft UAA Function Driver for High Definition Audio Service" (HdAudAddService) - "Windows (R) Server 2003 DDK provider" - C:\WINDOWS\System32\drivers\HdAudio.sys
"MIINPazX NDIS Protocol Driver" (MIINPazX) - "Deutsche Telekom AG, Marmiko IT-Solutions GmbH" - C:\PROGRA~1\GEMEIN~1\MARMIK~1\MInfraIS\MIINPazX.SYS
"MTOnlPktAlyX NDIS Protocol Driver" (MTOnlPktAlyX) - "Deutsche Telekom AG AG, Marmiko IT-Solutions GmbH" - C:\PROGRA~1\T-Online\T-ONLI~1\BASIS-~1\Basis1\MTOnlPktAlyX.SYS
"NPPTNT2" (NPPTNT2) - "INCA Internet Co., Ltd." - C:\WINDOWS\system32\npptNT2.sys
"PCIDump" (PCIDump) - ? - C:\WINDOWS\system32\drivers\PCIDump.sys  (File not found)
"PDCOMP" (PDCOMP) - ? - C:\WINDOWS\system32\drivers\PDCOMP.sys  (File not found)
"PDFRAME" (PDFRAME) - ? - C:\WINDOWS\system32\drivers\PDFRAME.sys  (File not found)
"PDRELI" (PDRELI) - ? - C:\WINDOWS\system32\drivers\PDRELI.sys  (File not found)
"PDRFRAME" (PDRFRAME) - ? - C:\WINDOWS\system32\drivers\PDRFRAME.sys  (File not found)
"PPdus ASPI Shell" (Afc) - "Arcsoft, Inc." - C:\WINDOWS\System32\drivers\Afc.sys
"PxHelp20" (PxHelp20) - "Sonic Solutions" - C:\WINDOWS\System32\Drivers\PxHelp20.sys
"TuneUpUtilitiesDrv" (TuneUpUtilitiesDrv) - ? - C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys  (File not found)
"WDICA" (WDICA) - ? - C:\WINDOWS\system32\drivers\WDICA.sys  (File not found)

[Explorer]
-----( HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components )-----
{89B4C1CD-B018-4511-B0A1-5476DBF70820} "StubPath" - "Microsoft Corporation" - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
{89820200-ECBD-11cf-8B85-00AA005B4340} "Windows Desktop-Update" - ? - regsvr32.exe /s /n /i:U shell32.dll  (File found, but it contains no detailed information)
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.dll
{0D2E74C4-3C34-11d2-A27E-00C04FC30871} "{0D2E74C4-3C34-11d2-A27E-00C04FC30871}" - ? - C:\WINDOWS\system32\SHELL32.dll  (File found, but it contains no detailed information)
{24F14F01-7B1C-11d1-838f-0000F80461CF} "{24F14F01-7B1C-11d1-838f-0000F80461CF}" - ? - C:\WINDOWS\system32\SHELL32.dll  (File found, but it contains no detailed information)
{24F14F02-7B1C-11d1-838f-0000F80461CF} "{24F14F02-7B1C-11d1-838f-0000F80461CF}" - ? - C:\WINDOWS\system32\SHELL32.dll  (File found, but it contains no detailed information)
{66742402-F9B9-11D1-A202-0000F81FEDEE} "{66742402-F9B9-11D1-A202-0000F81FEDEE}" - ? - C:\WINDOWS\system32\SHELL32.dll  (File found, but it contains no detailed information)
-----( HKLM\Software\Classes\Protocols\Filter )-----
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{807553E5-5146-11D5-A672-00B0D022E945} "text/xml" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL
{733AC4CB-F1A4-11d0-B951-00A0C90312E1} "WebView MIME Filter" - ? - C:\WINDOWS\system32\SHELL32.dll  (File found, but it contains no detailed information)
-----( HKLM\Software\Classes\Protocols\Handler )-----
{F2DDE6B2-9684-4A55-86D4-E255E237B77C} "avgsecuritytoolbar" - ? - C:\Programme\AVG\AVG9\Toolbar\IEToolbar.dll
{32505114-5902-49B2-880A-1F7738E5A384} "Data Page Plugable Protocal mso-offdap11 Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\WEBCOM~1\11\OWC11.DLL
{314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll
{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL
{828030A1-22C1-4009-854F-8E305202313F} "livecall" - "Microsoft Corporation" - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
{828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
{03C514A3-1EFB-4856-9F99-10D7BE1653C0} "Windows Live Mail HTML Asynchronous Pluggable Protocol Handler" - "Microsoft Corporation" - C:\Programme\Windows Live\Mail\mailcomm.dll
{F274614C-63F8-47D5-A4D1-FBDDE494F8D1} "XPLPPFilter Class" - "AVG Technologies CZ, s.r.o." - C:\Programme\AVG\AVG9\avgpp.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )-----
{AEB6717E-7E19-11d0-97EE-00C04FD91972} "URL Exec Hook" - ? - C:\WINDOWS\system32\shell32.dll  (File found, but it contains no detailed information)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{23170F69-40C1-278A-1000-000100020000} "7-Zip Shell Extension" - "Igor Pavlov" - c:\Programme\7-Zip\7-zip.dll
{1F77B17B-F531-44DB-ACA4-76ABB5010A28} "AIMP2: ShellExt" - "AIMP DevTeam" - C:\Programme\AIMP2\System\aimp_shell.dll
{00E7B358-F65B-4dcf-83DF-CD026B94BFD4} "Automatische Diashowwiedergabe der Shell" - "Microsoft Corporation" - C:\WINDOWS\system32\shimgvw.dll
{9F97547E-460A-42C5-AE0C-81C61FFAEBC3} "AVG Find Extension" - ? -   (File not found | COM-object registry key not found)
{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} "AVG Shell Extension Class" - "AVG Technologies CZ, s.r.o." - C:\Programme\AVG\AVG9\avgse.dll
{0563DB41-F538-4B37-A92D-4659049B7766} "CLSID_WLMCMimeFilter" - "Microsoft Corporation" - C:\Programme\Windows Live\Mail\mailcomm.dll
{42071714-76d4-11d1-8b24-00a0c9068ff3} "CPL-Erweiterung für Anzeigeverschiebung" - ? -   (File not found | COM-object registry key not found)
{1CDB2949-8F65-4355-8456-263E7C208A5D} "Desktop Explorer" - "NVIDIA Corporation" - C:\Programme\NVIDIA Corporation\nView\nvshell.dll
{1E9B04FB-F9E5-4718-997B-B8DA88302A47} "Desktop Explorer Menu" - "NVIDIA Corporation" - C:\Programme\NVIDIA Corporation\nView\nvshell.dll
{A70C977A-BF00-412C-90B7-034C51DA2439} "DesktopContext Class" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvcpl.dll
{3F30C968-480A-4C6C-862D-EFC0897BB84B} "GDI+ Dateiminiaturansicht-Extrahierungsprogramm" - "Microsoft Corporation" - C:\WINDOWS\system32\shimgvw.dll
{EAB841A0-9550-11cf-8C16-00805F1408F3} "HTML-Extrahierungsprogramm" - "Microsoft Corporation" - C:\WINDOWS\system32\shimgvw.dll
{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} "Kontextmenü für die Verschlüsselung" - ? -   (File not found | COM-object registry key not found)
{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Programme\Microsoft Office\OFFICE11\msohev.dll
{ECF03A33-103D-11d2-854D-006008059367} "MyDocs Copy Hook" - "Microsoft Corporation" - C:\WINDOWS\system32\mydocs.dll
{ECF03A32-103D-11d2-854D-006008059367} "MyDocs Drop Target" - "Microsoft Corporation" - C:\WINDOWS\system32\mydocs.dll
{4a7ded0a-ad25-11d0-98a8-0800361b1103} "MyDocs menu and properties" - "Microsoft Corporation" - C:\WINDOWS\system32\mydocs.dll
{7007ACC7-3202-11D1-AAD2-00805FC1270E} "Netzwerkverbindungen" - "Microsoft Corporation" - C:\WINDOWS\system32\NETSHELL.dll
{992CFFA0-F557-101A-88EC-00DD010CCC48} "Netzwerkverbindungen" - "Microsoft Corporation" - C:\WINDOWS\system32\NETSHELL.dll
{FFB699E0-306A-11d3-8BD1-00104B6F7516} "NVIDIA CPL Extension" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvcpl.dll
{1E9B04FB-F9E5-4718-997B-B8DA88302A48} "nView Desktop Context Menu" - "NVIDIA Corporation" - C:\Programme\NVIDIA Corporation\nView\nvshell.dll
{82AA9188-44E0-40B9-B956-43A10C315B4F} "RootShellFolder Class" - "SmartSoft Ltd." - C:\Programme\FTP\sfFTPShellExtension.dll
{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - ? -   (File not found | COM-object registry key not found)
{E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} "Shell Icon Handler for Application References" - "Microsoft Corporation" - C:\WINDOWS\system32\dfshim.dll
{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178} "Shell Image Data Factory" - "Microsoft Corporation" - C:\WINDOWS\system32\shimgvw.dll
{eb9b1153-3b57-4e68-959a-a3266bc3d7fe} "Shell Image Property Handler" - "Microsoft Corporation" - C:\WINDOWS\system32\shimgvw.dll
{e84fda7c-1d6a-45f6-b725-cb260c236066} "Shell Image Verbs" - "Microsoft Corporation" - C:\WINDOWS\system32\shimgvw.dll
{2ED7FD81-CBA6-45E5-A49A-5E84889A94E2} "ShellDragDropHandler Class" - "SmartSoft Ltd." - C:\Programme\FTP\sfShellTools.dll
{764BF0E1-F219-11ce-972D-00AA00A14F56} "Shellerweiterungen für die Dateikomprimierung" - ? -   (File not found | COM-object registry key not found)
{7568C3F3-DF7E-436A-95C2-772819DF58B4} "ShellFolderExternal Class" - "SmartSoft Ltd." - C:\Programme\FTP\sfFavoritesShellExtension.dll
{119310E6-5FB7-4eeb-BEDB-9E229E76B9B4} "ShellFolderMultiUploadDestination Class" - "SmartSoft Ltd." - C:\Programme\FTP\sfFTPShellExtension.dll
{3B164627-7060-47BB-A1BE-DF5540B02821} "ShellFolderMultiUploadSource Class" - "SmartSoft Ltd." - C:\Programme\FTP\sfFTPShellExtension.dll
{6E0A0931-B89D-45B7-8BF0-F221A6D67257} "ShellFolderRoot Class" - "SmartSoft Ltd." - C:\Programme\FTP\sfFavoritesShellExtension.dll
{EB5EE1F3-041A-4c03-9D51-2BEC6715FB00} "ShellFolderSearchRoot Class" - "SmartSoft Ltd." - C:\Programme\FTP\sfFTPShellExtension.dll
{e82a2d71-5b2f-43a0-97b8-81be15854de8} "ShellLink for Application References" - "Microsoft Corporation" - C:\WINDOWS\system32\dfshim.dll
{F87DED31-303F-4ED1-9BCE-D360FBC74E0A} "SmartFTP ContextMenu Shell Extension" - "SmartSoft Ltd." - C:\Programme\FTP\sfShellTools.dll
{EA5A76F7-8138-4B53-B0F5-ADCC730CAFBD} "SmartFTP Drop ShellIconOverlayHandler" - "SmartSoft Ltd." - C:\Programme\FTP\sfShellTools.dll
{FD504287-1372-40d2-ACA6-216A8FCC243D} "SmartFTP FavoritesShellFolder Class" - "SmartSoft Ltd." - C:\Programme\FTP\sfFavoritesShellExtension.dll
{0848278D-D88B-445b-BEDC-7DFBDB061F5F} "SmartFTP FavoritesShellFolderDesktop class" - "SmartSoft Ltd." - C:\Programme\FTP\sfFavoritesShellExtension.dll
{40FDFA48-5F4E-4627-A78E-6A49A3D4492F} "SmartFTP ShellDropHandler Class" - "SmartSoft Ltd." - C:\Programme\FTP\sfShellTools.dll
{0DF44EAA-FF21-4412-828E-260A8728E7F1} "Taskleiste und Startmenü" - ? - C:\WINDOWS\system32\shell32.dll  (File found, but it contains no detailed information)
{44440D00-FF19-4AFC-B765-9A0970567D97} "TuneUp Theme Extension" - "TuneUp Software" - C:\WINDOWS\System32\uxtuneup.dll
{DDE4BEEB-DDE6-48fd-8EB5-035C09923F83} "UnlockerShellExtension" - ? - C:\Programme\Unlocker\UnlockerCOM.dll  (File found, but it contains no detailed information)
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} "Web Folders" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Folders\MSONSEXT.DLL
{2BE99FD4-A181-4996-BFA9-58C5FFD11F6C} "Windows Live Photo Gallery Autoplay Drop Target" - "Microsoft Corporation" - C:\Programme\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F30F64-AC33-42F5-8FD1-5DC2D3FDE06C} "Windows Live Photo Gallery Editor Drop Target" - "Microsoft Corporation" - C:\Programme\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F3712A-CA79-45B4-9E4D-D7891E7F8B9D} "Windows Live Photo Gallery Editor Shim" - "Microsoft Corporation" - C:\Programme\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F30F90-3E96-453B-AFCD-D71989ECC2C7} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Programme\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F33137-EE26-412F-8D71-F84E4C2C6625} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Programme\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F374B7-B390-4884-B372-2FC349F2172B} "Windows Live Photo Gallery Viewer Drop Target" - "Microsoft Corporation" - C:\Programme\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F346CB-35A4-465B-8B8F-65A29DBAB1F6} "Windows Live Photo Gallery Viewer Shim" - "Microsoft Corporation" - C:\Programme\Windows Live\Photo Gallery\PhotoViewerShim.dll
{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - ? - C:\Programme\WinRAR\rarext.dll
{E0D79304-84BE-11CE-9641-444553540000} "WinZip" - "WinZip Computing, S.L." - C:\Programme\WinZip\wzshlstb.dll
{E0D79305-84BE-11CE-9641-444553540000} "WinZip" - "WinZip Computing, S.L." - C:\Programme\WinZip\wzshlstb.dll
{E0D79306-84BE-11CE-9641-444553540000} "WinZip" - "WinZip Computing, S.L." - C:\Programme\WinZip\wzshlstb.dll
{E0D79307-84BE-11CE-9641-444553540000} "WinZip" - "WinZip Computing, S.L." - C:\Programme\WinZip\wzshlstb.dll
{9DBD2C50-62AD-11d0-B806-00C04FD706EC} "Zusammenfassungs-Miniaturansichthandler (DOCFILES)" - "Microsoft Corporation" - C:\WINDOWS\system32\shimgvw.dll
{06A2568A-CED6-4187-BB20-400B8C02BE5A} "{06A2568A-CED6-4187-BB20-400B8C02BE5A}" - "Microsoft Corporation" - C:\Programme\Windows Live\Photo Gallery\WLXPhotoAcquireWizard.exe
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad )-----
{7849596a-48ea-486e-8937-a2a3009f31a9} "PostBootReminder object" - ? - C:\WINDOWS\system32\shell32.dll  (File found, but it contains no detailed information)
{fbeb8a05-beee-4442-804e-409d6c4515e9} "ShellFolder for CD Burning" - ? - C:\WINDOWS\system32\SHELL32.dll  (File found, but it contains no detailed information)
{35CEC8A3-2BE6-11D2-8773-92E220524153} "SysTray" - "Microsoft Corporation" - C:\WINDOWS\system32\stobject.dll

[Internet Explorer]
-----( HKCU\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars )-----
{C4EE31F3-4768-11D2-BE5C-00A0C9A83DA1} "File Search Explorer Band" - ? - C:\WINDOWS\system32\SHELL32.dll  (File found, but it contains no detailed information)
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
<binary data> "&Links" - ? - C:\WINDOWS\system32\SHELL32.dll  (File found, but it contains no detailed information)
<binary data> "&Windows Live Toolbar" - "Microsoft Corporation" - C:\Programme\Windows Live\Toolbar\wltcore.dll
<binary data> "AVG Security Toolbar" - ? - C:\Programme\AVG\AVG9\Toolbar\IEToolbar.dll
<binary data> "ITBar7Layout" - ? -   (File not found | COM-object registry key not found)
<binary data> "{855F3B16-6D32-4FE6-8A56-BBB695989046}" - ? -   (File not found | COM-object registry key not found)
<binary data> "{A057A204-BACC-4D26-9990-79A187E2698E}" - ? -   (File not found | COM-object registry key not found)
<binary data> "{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}" - ? -   (File not found | COM-object registry key not found)
<binary data> "{D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A}" - ? -   (File not found | COM-object registry key not found)
-----( HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks )-----
{A3BC75A2-1F87-4686-AA43-5347D756017C} "AVG Security Toolbar BHO" - ? - C:\Programme\AVG\AVG9\Toolbar\IEToolbar.dll
{855F3B16-6D32-4fe6-8A56-BBB695989046} "{855F3B16-6D32-4fe6-8A56-BBB695989046}" - ? -   (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_13" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_13.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} "Java Plug-in 1.6.0_13" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_13.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_13" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_13.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
{D0C0F75C-683A-4390-A791-1ACFD5599AB8} "Oberon Flash Game Host" - "Oberon Media, Inc." - C:\WINDOWS\Downloaded Program Files\OberonGameHost.dll / hxxp://icq.oberon-media.com/Gameshell/GameHost/1.0/OberonGameHost.cab
{166B1BCA-3F9C-11CF-8075-444553540000} "Shockwave ActiveX Control" - "Adobe Systems, Inc." - C:\WINDOWS\system32\Adobe\Director\SwDir.dll / hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
{1E54D648-B804-468d-BC78-4AFFED8E262F} "System Requirements Lab Class" - "Husdawg, LLC" - C:\WINDOWS\Downloaded Program Files\sysreqlab_nvd.dll / hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
{17492023-C23A-453E-A040-C7C580BBF700} "Windows Genuine Advantage Validation Tool" - "Microsoft Corporation" - C:\WINDOWS\system32\LegitCheckControl.DLL / hxxp://go.microsoft.com/fwlink/?linkid=39204
{31435657-9980-0010-8000-00AA00389B71} "{31435657-9980-0010-8000-00AA00389B71}" - ? -   (File not found | COM-object registry key not found) / hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C} "{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}" - ? -   (File not found | COM-object registry key not found) / hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} "{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}" - ? -   (File not found | COM-object registry key not found) / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
{DDE87865-83C5-48c4-8357-2F5B1AA84522} "HP Intelligente Auswahl" - "Hewlett-Packard Co." - C:\Programme\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
"ICQ6" - "ICQ, LLC." - C:\Programme\ICQ6.5\ICQ.exe
{5F7B1267-94A9-47F5-98DB-E99415F33AEC} "In Blog veröffentlichen" - "Microsoft Corporation" - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll
{FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Recherchieren" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )-----
<binary data> "&Windows Live Toolbar" - "Microsoft Corporation" - C:\Programme\Windows Live\Toolbar\wltcore.dll
{CCC7A320-B3CA-4199-B1A6-9F516DD69829} "AVG Security Toolbar" - ? - C:\Programme\AVG\AVG9\Toolbar\IEToolbar.dll
{af83e43c-dd2b-4787-826b-31b17dee52ed} "QT Breadcrumbs Address Bar" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{10EDB994-47F8-43F7-AE96-F2EA63E9F90F} "QuickStores-Toolbar" - ? -   (File not found | COM-object registry key not found)
<binary data> "StylerToolBar" - "StyleFantasist" - C:\Programme\Styler\TB\StylerTB.dll
<binary data> "{517BDDE4-E3A7-4570-B21E-2B52B6139FC7}" - ? -   (File not found | COM-object registry key not found)
<binary data> "{855F3B16-6D32-4fe6-8A56-BBB695989046}" - ? -   (File not found | COM-object registry key not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} "AVG Safe Search" - "AVG Technologies CZ, s.r.o." - C:\Programme\AVG\AVG9\avgssie.dll
{A3BC75A2-1F87-4686-AA43-5347D756017C} "AVG Security Toolbar BHO" - ? - C:\Programme\AVG\AVG9\Toolbar\IEToolbar.dll
{0347C33E-8762-4905-BF09-768834316C61} "HP Print Enhancer" - "Hewlett-Packard Co." - C:\Programme\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} "HP Smart BHO Class" - "Hewlett-Packard Co." - C:\Programme\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jp2ssv.dll
{E7E6F031-17CE-4C07-BC86-EABFE594F69C} "JQSIEStartDetectorImpl Class" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
{6EBF7485-159F-4bff-A14F-B9E3AAC4465B} "Search Helper" - "Microsoft Corporation" - C:\Programme\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} "Windows Live Toolbar Helper" - "Microsoft Corporation" - C:\Programme\Windows Live\Toolbar\wltcore.dll
{074C1DC5-9320-4A9A-947D-C042949C6216} "{074C1DC5-9320-4A9A-947D-C042949C6216}" - ? -   (File not found | COM-object registry key not found)
{bf00e119-21a3-4fd1-b178-3b8537e75c92} "{bf00e119-21a3-4fd1-b178-3b8537e75c92}" - ? -   (File not found | COM-object registry key not found)

[Known DLLs]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\KnownDLLs )-----
"shell32" - ? - C:\WINDOWS\system32\shell32.dll  (File found, but it contains no detailed information)

[Logon]
-----( %AllUsersProfile%\Startmenü\Programme\Autostart )-----
"desktop.ini" - ? - C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\desktop.ini
-----( %UserProfile%\Startmenü\Programme\Autostart )-----
"desktop.ini" - ? - C:\Dokumente und Einstellungen\***\Startmenü\Programme\Autostart\desktop.ini
"Internet_001.lnk" - ? - C:\Dokumente und Einstellungen\***\Startmenü\Programme\Autostart\Internet_001.lnk  (Shortcut exists | File not found)
"Skype (2).lnk" - ? - C:\Dokumente und Einstellungen\***\Startmenü\Programme\Autostart\Skype (2).lnk  (Shortcut exists | File not found)
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----
"msnmsgr" - "Microsoft Corporation" - "C:\Programme\Windows Live\Messenger\msnmsgr.exe" /background
"Skype" - "Skype Technologies S.A." - "C:\Programme\Skype\\Phone\Skype.exe" /nosplash /minimized
-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon )-----
"Shell" - "Microsoft Corporation" - C:\WINDOWS\Explorer.exe
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"AVG9_TRAY" - "AVG Technologies CZ, s.r.o." - C:\PROGRA~1\AVG\AVG9\avgtray.exe
"High Definition Audio Property Page Shortcut" - "Windows (R) Server 2003 DDK provider" - HDAShCut.exe
"NvCplDaemon" - "NVIDIA Corporation" - RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
"NvMediaCenter" - "NVIDIA Corporation" - RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

[Network Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Control\NetworkProvider\Order )-----
"Adobe Drive CS4 Network" - "Adobe Systems Incorporated" - C:\Programme\Gemeinsame Dateien\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll

[Print Monitors]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----
"Microsoft Document Imaging Writer Monitor" - "Microsoft Corporation" - C:\WINDOWS\system32\mdimon.dll

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
".NET Runtime Optimization Service v2.0.50727_X86" (clr_optimization_v2.0.50727_32) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
"Akamai NetSession Interface" (Akamai) - ? - c:\programme\gemeinsame dateien\akamai\netsession_win_062a651.dll  (File found, but it contains no detailed information)
"ASP.NET State Service" (aspnet_state) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
"AVG Free WatchDog" (avg9wd) - "AVG Technologies CZ, s.r.o." - C:\Programme\AVG\AVG9\avgwdsvc.exe
"AVG Security Toolbar Service" (AVG Security Toolbar Service) - ? - C:\Programme\AVG\AVG9\Toolbar\ToolbarBroker.exe
"FLEXnet Licensing Service" (FLEXnet Licensing Service) - "Acresso Software Inc." - C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
"ForceWare Intelligent Application Manager (IAM)" (ForceWare Intelligent Application Manager (IAM)) - ? - C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
"ForceWare IP service" (nSvcIp) - "NVIDIA Corporation" - C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
"ForceWare user log service" (nSvcLog) - "NVIDIA" - C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
"Forceware Web Interface" (ForcewareWebInterface) - "Apache Software Foundation" - C:\Programme\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
"HID Input Service" (HidServ) - ? -  C:\WINDOWS\System32\hidserv.dll  (File not found)
"HP CUE DeviceDiscovery Service" (hpqddsvc) - "Hewlett-Packard Co." - C:\Programme\HP\Digital Imaging\bin\hpqddsvc.dll
"hpqcxs08" (hpqcxs08) - "Hewlett-Packard Co." - C:\Programme\HP\Digital Imaging\bin\hpqcxs08.dll
"InstallDriver Table Manager" (IDriverT) - "Macrovision Corporation" - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
"Java Quick Starter" (JavaQuickStarterService) - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jqs.exe
"mysql" (mysql) - ? - "C:\Dokumente und Einstellungen\***\Desktop\dslan_v1.13\dslan_v1.13\mysql\bin\mysqld-nt" "--defaults-file=C:\Dokumente und Einstellungen\***\Desktop\dslan_v1.13\dslan_v1.13\mysql\bin\my.cnf" mysql  (File not found)
"Net Driver HPZ12" (Net Driver HPZ12) - "Hewlett-Packard" - C:\WINDOWS\system32\HPZinw12.dll
"Netzmanager Infrastruktur Informationssystem Dienst" (Netzmanager Service) - ? - C:\Programme\Netzmanager\NMInfraIS2\Netzmanager_Service.exe   (File not found)
"nProtect GameGuard Service" (npggsvc) - "INCA Internet Co., Ltd." - C:\WINDOWS\system32\GameMon.des
"NVIDIA Display Driver Service" (NVSvc) - "NVIDIA Corporation" - C:\WINDOWS\system32\nvsvc32.exe
"Office Source Engine" (ose) - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE
"Pml Driver HPZ12" (Pml Driver HPZ12) - "Hewlett-Packard" - C:\WINDOWS\system32\HPZipm12.dll
"SeaPort" (SeaPort) - "Microsoft Corporation" - C:\Programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
"Shaiya Agent Server" (PSM_AgentServer) - ? - C:\ShaiyaServer\SERVER\PSM_Server\PSMServer_Agent.exe  (File found, but it contains no detailed information)
"Shaiya DBAgent Server" (ps_dbAgent) - ? - C:\ShaiyaServer\SERVER\PSM_Client\Bin\ps_dbAgent.exe  (File found, but it contains no detailed information)
"Shaiya Game Log Server" (ps_gameLog) - ? - C:\ShaiyaServer\SERVER\PSM_Client\Bin\ps_gameLog.exe  (File found, but it contains no detailed information)
"Shaiya Game Server" (ps_game) - ? - C:\ShaiyaServer\SERVER\PSM_Client\Bin\ps_game.exe  (File found, but it contains no detailed information)
"Shaiya Login Server" (ps_login) - ? - C:\ShaiyaServer\SERVER\PSM_Client\Bin\ps_login.exe  (File found, but it contains no detailed information)
"Shaiya Session Server" (ps_session) - ? - C:\ShaiyaServer\SERVER\PSM_Client\Bin\ps_session.exe  (File found, but it contains no detailed information)
"Shaiya User Log Server" (ps_userLog) - ? - C:\ShaiyaServer\SERVER\PSM_Client\Bin\ps_userLog.exe  (File found, but it contains no detailed information)
"shaiya_server" (shaiya_server) - ? - C:\ShaiyaServer\SERVER\PSM_Server\PSMServer_Agent.exe  (File found, but it contains no detailed information)
"shaiya_serverf" (shaiya_serverf) - ? - C:\ShaiyaServer\SERVER\PSM_Client\PSM_Agent.exe  (File found, but it contains no detailed information)
"SQL Server (AUTH)" (MSSQL$AUTH) - ? - "c:\Dokumente und Einstellungen\***\Desktop\rappelz_p\sql\MSSQL10.RAPPELZ_AUTH\MSSQL\Binn\sqlservr.exe" -sAUTH  (File not found)
"SQL Server (MSSQLSERVER)" (MSSQLSERVER) - "Microsoft Corporation" - c:\Programme\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
"SQL Server (SQLEXPRESS)" (MSSQL$SQLEXPRESS) - "Microsoft Corporation" - c:\Programme\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
"SQL Server VSS Writer" (SQLWriter) - "Microsoft Corporation" - c:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe
"STI Simulator" (STI Simulator) - ? - C:\WINDOWS\System32\PAStiSvc.exe  (File signed by Microsoft | File found, but it contains no detailed information)
"T-Online WLAN Adapter Steuerungsdienst" (MZCCntrl) - "Deutsche Telekom AG, Marmiko IT-Solutions GmbH" - C:\Programme\Gemeinsame Dateien\Marmiko Shared\MZCCntrl.exe
"TuneUp Designerweiterung" (UxTuneUp) - "TuneUp Software" - C:\WINDOWS\System32\uxtuneup.dll
"TuneUp Drive Defrag-Dienst" (TuneUp.Defrag) - ? - C:\Programme\TuneUp Utilities 2010\TuneUpDefragService.exe  (File not found)
"TuneUp Utilities Service" (TuneUp.UtilitiesSvc) - "TuneUp Software" - C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
"wampapache" (wampapache) - "Apache Software Foundation" - c:\wamp\bin\apache\apache2.2.11\bin\httpd.exe
"wampmysqld" (wampmysqld) - ? - c:\wamp\bin\mysql\mysql5.1.36\bin\mysqld.exe  (File found, but it contains no detailed information)
"Windows CardSpace" (idsvc) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
"Windows Presentation Foundation Font Cache 3.0.0.0" (FontCache3.0.0.0) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe

[Winlogon]
-----( HKCU\Control Panel\IOProcs )-----
"MVB" - ? - mvfs32.dll  (File not found)
-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon )-----
"UIHost" - ? - C:\WINDOWS\system32\logonui.exe  (File found, but it contains no detailed information)
-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify )-----
"avgrsstarter" - "AVG Technologies CZ, s.r.o." - C:\WINDOWS\system32\avgrsstx.dll

[Winsock Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries )-----
"NVIDIA App Filter" - "NVIDIA" - C:\WINDOWS\system32\nvappfilter.dll

===[ Logfile end ]=========================================[ Logfile end ]===

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru

MBRCheck log

Code:

ATTFilter

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:			
Windows Version:		Windows XP Professional
Windows Information:		Service Pack 3, v.3264 (build 2600)
Logical Drives Mask:		0x000008f4

Kernel Drivers (total 135):
  0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
  0x806E5000 \WINDOWS\system32\hal.dll
  0xB85A8000 \WINDOWS\system32\KDCOM.DLL
  0xB84B8000 \WINDOWS\system32\BOOTVID.dll
  0xB7F78000 ACPI.sys
  0xB85AA000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
  0xB7F67000 pci.sys
  0xB80A8000 isapnp.sys
  0xB80B8000 ohci1394.sys
  0xB80C8000 \WINDOWS\system32\DRIVERS\1394BUS.SYS
  0xB8670000 pciide.sys
  0xB8328000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
  0xB80D8000 MountMgr.sys
  0xB7F48000 ftdisk.sys
  0xB85AC000 dmload.sys
  0xB7F22000 dmio.sys
  0xB8330000 PartMgr.sys
  0xB80E8000 VolSnap.sys
  0xB7F0A000 atapi.sys
  0xB7EF1000 nvata.sys
  0xB80F8000 disk.sys
  0xB8108000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
  0xB7ED1000 fltmgr.sys
  0xB7EBF000 sr.sys
  0xB8118000 PxHelp20.sys
  0xB7EA8000 KSecDD.sys
  0xB7E95000 WudfPf.sys
  0xB7E08000 Ntfs.sys
  0xB7DDB000 NDIS.sys
  0xB7DC1000 Mup.sys
  0xB8158000 \SystemRoot\system32\DRIVERS\nic1394.sys
  0xB81E8000 \SystemRoot\system32\DRIVERS\AmdK8.sys
  0xB55D8000 \SystemRoot\system32\DRIVERS\nv4_mini.sys
  0xB55C4000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
  0xB81F8000 \SystemRoot\system32\DRIVERS\serial.sys
  0xB859C000 \SystemRoot\system32\DRIVERS\serenum.sys
  0xB55B0000 \SystemRoot\system32\DRIVERS\parport.sys
  0xB8208000 \SystemRoot\system32\DRIVERS\i8042prt.sys
  0xB84A8000 \SystemRoot\system32\DRIVERS\kbdclass.sys
  0xB85A0000 \SystemRoot\system32\DRIVERS\gameenum.sys
  0xB84B0000 \SystemRoot\system32\DRIVERS\usbohci.sys
  0xB558C000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
  0xB8340000 \SystemRoot\system32\DRIVERS\usbehci.sys
  0xB8218000 \SystemRoot\system32\DRIVERS\imapi.sys
  0xB8358000 \SystemRoot\system32\drivers\Afc.sys
  0xB8228000 \SystemRoot\system32\DRIVERS\cdrom.sys
  0xB8238000 \SystemRoot\system32\DRIVERS\redbook.sys
  0xB5569000 \SystemRoot\system32\DRIVERS\ks.sys
  0xB54FC000 \SystemRoot\system32\DRIVERS\fpcibase.sys
  0xB54D7000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
  0xB7D99000 \SystemRoot\system32\DRIVERS\nvnetbus.sys
  0xB548C000 \SystemRoot\system32\DRIVERS\NVNRM.SYS
  0xB5455000 \SystemRoot\system32\DRIVERS\NVSNPU.SYS
  0xB8636000 \SystemRoot\system32\DRIVERS\ASACPI.sys
  0xB8258000 \SystemRoot\system32\DRIVERS\avmwan.sys
  0xB86F3000 \SystemRoot\system32\DRIVERS\audstub.sys
  0xB8268000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
  0xB7D95000 \SystemRoot\system32\DRIVERS\ndistapi.sys
  0xB543E000 \SystemRoot\system32\DRIVERS\ndiswan.sys
  0xB8278000 \SystemRoot\system32\DRIVERS\raspppoe.sys
  0xB8288000 \SystemRoot\system32\DRIVERS\raspptp.sys
  0xB8360000 \SystemRoot\system32\DRIVERS\TDI.SYS
  0xB542D000 \SystemRoot\system32\DRIVERS\psched.sys
  0xB8298000 \SystemRoot\system32\DRIVERS\msgpc.sys
  0xB8368000 \SystemRoot\system32\DRIVERS\ptilink.sys
  0xB8370000 \SystemRoot\system32\DRIVERS\raspti.sys
  0xB53FD000 \SystemRoot\system32\DRIVERS\rdpdr.sys
  0xB82A8000 \SystemRoot\system32\DRIVERS\termdd.sys
  0xB8378000 \SystemRoot\system32\DRIVERS\mouclass.sys
  0xB8638000 \SystemRoot\system32\DRIVERS\swenum.sys
  0xB53A4000 \SystemRoot\system32\DRIVERS\update.sys
  0xB7D79000 \SystemRoot\system32\DRIVERS\mssmbios.sys
  0xB82D8000 \SystemRoot\system32\DRIVERS\NVENETFD.sys
  0xB82C8000 \SystemRoot\System32\Drivers\NDProxy.SYS
  0xB194A000 \SystemRoot\system32\DRIVERS\usbhub.sys
  0xB85AE000 \SystemRoot\system32\DRIVERS\USBD.SYS
  0xB13F0000 \SystemRoot\system32\drivers\ADIHdAud.sys
  0xB13CC000 \SystemRoot\system32\drivers\portcls.sys
  0xB18FA000 \SystemRoot\system32\drivers\drmk.sys
  0xB1366000 \SystemRoot\system32\drivers\AEAudio.sys
  0xB1306000 \SystemRoot\system32\drivers\Senfilt.sys
  0xB85D6000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
  0xB86FA000 \SystemRoot\System32\Drivers\Null.SYS
  0xB85D8000 \SystemRoot\System32\Drivers\Beep.SYS
  0xB19DD000 \SystemRoot\System32\drivers\vga.sys
  0xB85DA000 \SystemRoot\System32\Drivers\mnmdd.SYS
  0xB85DC000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
  0xB19D5000 \SystemRoot\System32\Drivers\Msfs.SYS
  0xB19CD000 \SystemRoot\System32\Drivers\Npfs.SYS
  0xB198A000 \SystemRoot\system32\DRIVERS\rasacd.sys
  0xAFD51000 \SystemRoot\system32\DRIVERS\ipsec.sys
  0xAFCF8000 \SystemRoot\system32\DRIVERS\tcpip.sys
  0xAFCBE000 \SystemRoot\System32\Drivers\avgtdix.sys
  0xAF7DE000 \SystemRoot\system32\DRIVERS\ipnat.sys
  0xB0DA1000 \SystemRoot\system32\DRIVERS\wanarp.sys
  0xB02D3000 \SystemRoot\system32\DRIVERS\hidusb.sys
  0xB0DB1000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
  0xB19ED000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
  0xAFF3D000 \SystemRoot\system32\DRIVERS\arp1394.sys
  0xB22D9000 \SystemRoot\system32\DRIVERS\usbccgp.sys
  0xB22D1000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
  0xB20B7000 \SystemRoot\system32\DRIVERS\mouhid.sys
  0xB20B3000 \SystemRoot\system32\DRIVERS\usbscan.sys
  0xB22C9000 \SystemRoot\system32\DRIVERS\usbprint.sys
  0xB22B9000 \SystemRoot\system32\DRIVERS\HPZius12.sys
  0xAB91F000 \SystemRoot\system32\DRIVERS\netbt.sys
  0xB8598000 \SystemRoot\System32\drivers\ws2ifsl.sys
  0xAB8FD000 \SystemRoot\System32\drivers\afd.sys
  0xAC035000 \SystemRoot\system32\DRIVERS\netbios.sys
  0xAB8D2000 \SystemRoot\system32\DRIVERS\rdbss.sys
  0xAB862000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
  0xAC015000 \SystemRoot\System32\Drivers\Fips.SYS
  0xB1A05000 \SystemRoot\System32\Drivers\avgmfx86.sys
  0xAB82E000 \SystemRoot\System32\Drivers\avgldx86.sys
  0xB82F8000 \SystemRoot\system32\DRIVERS\HPZid412.sys
  0xAC46A000 \SystemRoot\system32\DRIVERS\HPZipr12.sys
  0xAFF2D000 \SystemRoot\System32\Drivers\Cdfs.SYS
  0xAB815000 \SystemRoot\System32\Drivers\dump_nvata.sys
  0xABB60000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
  0xBF800000 \SystemRoot\System32\win32k.sys
  0xAFE0C000 \SystemRoot\System32\drivers\Dxapi.sys
  0xB03EB000 \SystemRoot\System32\watchdog.sys
  0xBD000000 \SystemRoot\System32\drivers\dxg.sys
  0xABAE1000 \SystemRoot\System32\drivers\dxgthk.sys
  0xBD012000 \SystemRoot\System32\nv4_disp.dll
  0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
  0xB8544000 \SystemRoot\system32\DRIVERS\ndisuio.sys
  0xA9EA6000 \SystemRoot\system32\drivers\wdmaud.sys
  0xB8248000 \SystemRoot\system32\drivers\sysaudio.sys
  0xAFCAC000 \SystemRoot\System32\Drivers\ParVdm.SYS
  0xA9BD6000 \SystemRoot\System32\Drivers\adfs.SYS
  0xA99D8000 \SystemRoot\system32\DRIVERS\srv.sys
  0xA83A5000 \SystemRoot\System32\Drivers\HTTP.sys
  0xA819A000 \SystemRoot\system32\drivers\kmixer.sys
  0x7C910000 \WINDOWS\system32\ntdll.dll

Processes (total 62):
       0 System Idle Process
       4 System
     708 C:\WINDOWS\system32\smss.exe
     756 csrss.exe
     784 C:\WINDOWS\system32\winlogon.exe
     828 C:\WINDOWS\system32\services.exe
     840 C:\WINDOWS\system32\lsass.exe
    1004 C:\WINDOWS\system32\nvsvc32.exe
    1048 C:\WINDOWS\system32\svchost.exe
    1096 svchost.exe
    1220 C:\WINDOWS\system32\svchost.exe
    1256 C:\WINDOWS\system32\svchost.exe
    1320 svchost.exe
    1444 C:\Programme\AVG\AVG9\avgchsvx.exe
    1452 C:\Programme\AVG\AVG9\avgrsx.exe
    1512 svchost.exe
    1568 C:\Programme\AVG\AVG9\avgcsrvx.exe
    1860 C:\WINDOWS\system32\LEXBCES.EXE
    1888 C:\WINDOWS\system32\spoolsv.exe
    1948 C:\WINDOWS\system32\LEXPPS.EXE
     260 C:\Programme\Google\Update\GoogleUpdate.exe
     376 C:\WINDOWS\explorer.exe
    1136 C:\PROGRA~1\AVG\AVG9\avgtray.exe
    1160 C:\WINDOWS\system32\rundll32.exe
    1392 C:\Programme\Skype\Phone\Skype.exe
    1480 C:\Programme\Windows Live\Messenger\msnmsgr.exe
    1524 C:\WINDOWS\system32\ctfmon.exe
    1924 msdtc.exe
     516 C:\WINDOWS\system32\svchost.exe
     540 C:\Programme\AVG\AVG9\avgwdsvc.exe
     420 C:\Programme\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe
     572 C:\WINDOWS\system32\svchost.exe
     592 C:\Programme\AVG\AVG9\avgnsx.exe
    1312 C:\Programme\Java\jre6\bin\jqs.exe
    2212 C:\Programme\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe
    2728 sqlservr.exe
    3000 sqlservr.exe
    3320 C:\Programme\Gemeinsame Dateien\Marmiko Shared\MZCCntrl.exe
    3464 C:\WINDOWS\system32\svchost.exe
    3564 C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
    3680 C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
    3776 C:\WINDOWS\system32\svchost.exe
    3804 C:\ShaiyaServer\SERVER\PSM_Server\PSMServer_Agent.exe
    3912 C:\Programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    1188 C:\ShaiyaServer\SERVER\PSM_Client\PSM_Agent.exe
    2336 C:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe
    2384 C:\WINDOWS\system32\PAStiSvc.exe
    2444 C:\WINDOWS\system32\svchost.exe
    2500 C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
     496 C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
    3500 C:\Programme\Skype\Plugin Manager\skypePM.exe
    3952 C:\Programme\Windows Live\Contacts\wlcomm.exe
    4016 C:\WINDOWS\system32\wscntfy.exe
    1912 C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
    4212 alg.exe
    1484 C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\Application\chrome.exe
    5316 C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\Application\chrome.exe
    4844 C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\Application\chrome.exe
    4264 C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\Application\chrome.exe
    4552 C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\Application\chrome.exe
    4192 wmiprvse.exe
    5228 C:\Dokumente und Einstellungen\***\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00  (NTFS)

PhysicalDrive0 Model Number: SAMSUNGHD250HJ, Rev: FH100-05

      Size  Device Name          MBR Status
  --------------------------------------------
    232 GB  \\.\PhysicalDrive0   Windows XP MBR code detected
            SHA1: ADFE55CD0C6ED2E00B22375835E4C2736CE9AD11


Done!

cosinus · 12.10.2010, 11:06

Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!

Quemada · 14.10.2010, 10:36

So..

Malwarebytes:

Code:

ATTFilter

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4799

Windows 5.1.2600 Service Pack 3, v.3264
Internet Explorer 7.0.5730.13

13.10.2010 02:52:34
mbam-log-2010-10-13 (02-52-34).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Durchsuchte Objekte: 631004
Laufzeit: 3 Stunde(n), 23 Minute(n), 49 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

SUPERAntiSpyware

Code:

ATTFilter

SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com

Generated 10/14/2010 at 02:30 AM

Application Version : 4.44.1000

Core Rules Database Version : 5678
Trace Rules Database Version: 3490

Scan type       : Complete Scan
Total Scan Time : 04:19:15

Memory items scanned      : 557
Memory threats detected   : 0
Registry items scanned    : 9381
Registry threats detected : 9
File items scanned        : 472955
File threats detected     : 55

Adware.MyWebSearch
	HKU\.DEFAULT\Software\Microsoft\Internet Explorer\URLSearchHooks#{00A6FAF6-072E-44cf-8957-5838F569A31D}
	HKCR\CLSID\{00A6FAF6-072E-44CF-8957-5838F569A31D}
	HKU\S-1-5-18\Software\Microsoft\Internet Explorer\URLSearchHooks#{00A6FAF6-072E-44cf-8957-5838F569A31D}

Rootkit.Agent/Gen-TDSS
	HKLM\System\ControlSet001\Services\dmload
	C:\WINDOWS\SYSTEM32\DRIVERS\DMLOAD.SYS
	HKLM\System\ControlSet001\Enum\Root\LEGACY_dmload
	HKLM\System\ControlSet003\Services\dmload
	HKLM\System\ControlSet003\Enum\Root\LEGACY_dmload
	HKLM\System\CurrentControlSet\Services\dmload
	HKLM\System\CurrentControlSet\Enum\Root\LEGACY_dmload

Adware.Tracking Cookie
	C:\Dokumente und Einstellungen\***\Cookies\system@avgtechnologies.112.2o7[1].txt
	C:\Dokumente und Einstellungen\***\Cookies\***@ad.yieldmanager[2].txt
	C:\Dokumente und Einstellungen\***\Cookies\***@content.yieldmanager[3].txt
	C:\Dokumente und Einstellungen\***\Cookies\***@content.yieldmanager[2].txt
	C:\Dokumente und Einstellungen\***\Cookies\***@atdmt[2].txt
	C:\Dokumente und Einstellungen\***\Cookies\***@doubleclick[1].txt

Trojan.Dropper/Multi-MBAD
	C:\WINDOWS\SYSTEM32\CNMS400.EXE
	C:\DOKUMENTE UND EINSTELLUNGEN\ALL USERS\STARTMENü\PROGRAMME\S400\DEINSTALLIEREN.LNK
	C:\PROGRAMME\VSE7\ALL PROGRAMS\S400\DEINSTALLIEREN.LNK

Rootkit.Agent/Gen-DNSHack
	C:\DOKUMENTE UND EINSTELLUNGEN\***\DESKTOP\NOCH MEHR O.O\DATEIEN\PICKUPSCRIPT.EXE

Application.Agent/Gen-TempZ
	C:\DOKUMENTE UND EINSTELLUNGEN\***\DESKTOP\NOCH MEHR O.O\SHAIYAHACK.EXE

Trojan.Agent/Gen-Cryptor[Egun]
	C:\EASYSERV\EASYSERV.EXE
	C:\SYSTEM VOLUME INFORMATION\_RESTORE{72F6202F-DE44-4082-A723-CB85D1C63D54}\RP87\A0166106.EXE

Trojan.Agent/Gen-FakeAlert[OShot]
	C:\PROGRAMME\TRANSPORT TYCOON\TTDXC\COMPONENTS.EXE

Trojan.Agent/Gen-Nullo[Short]
	C:\SYSTEM VOLUME INFORMATION\_RESTORE{72F6202F-DE44-4082-A723-CB85D1C63D54}\RP133\A0232802.DLL
	C:\SYSTEM VOLUME INFORMATION\_RESTORE{72F6202F-DE44-4082-A723-CB85D1C63D54}\RP133\A0232803.DLL
	C:\SYSTEM VOLUME INFORMATION\_RESTORE{72F6202F-DE44-4082-A723-CB85D1C63D54}\RP133\A0232804.DLL
	C:\SYSTEM VOLUME INFORMATION\_RESTORE{72F6202F-DE44-4082-A723-CB85D1C63D54}\RP133\A0232805.DLL
	C:\SYSTEM VOLUME INFORMATION\_RESTORE{72F6202F-DE44-4082-A723-CB85D1C63D54}\RP133\A0232806.DLL
	C:\SYSTEM VOLUME INFORMATION\_RESTORE{72F6202F-DE44-4082-A723-CB85D1C63D54}\RP133\A0232807.DLL
	C:\SYSTEM VOLUME INFORMATION\_RESTORE{72F6202F-DE44-4082-A723-CB85D1C63D54}\RP133\A0232808.DLL
	C:\SYSTEM VOLUME INFORMATION\_RESTORE{72F6202F-DE44-4082-A723-CB85D1C63D54}\RP133\A0232809.DLL
	C:\SYSTEM VOLUME INFORMATION\_RESTORE{72F6202F-DE44-4082-A723-CB85D1C63D54}\RP133\A0232810.DLL
	C:\SYSTEM VOLUME INFORMATION\_RESTORE{72F6202F-DE44-4082-A723-CB85D1C63D54}\RP133\A0232811.DLL
	C:\SYSTEM VOLUME INFORMATION\_RESTORE{72F6202F-DE44-4082-A723-CB85D1C63D54}\RP133\A0232812.DLL
	C:\SYSTEM VOLUME INFORMATION\_RESTORE{72F6202F-DE44-4082-A723-CB85D1C63D54}\RP133\A0232813.DLL
	C:\SYSTEM VOLUME INFORMATION\_RESTORE{72F6202F-DE44-4082-A723-CB85D1C63D54}\RP133\A0232814.DLL
	C:\SYSTEM VOLUME INFORMATION\_RESTORE{72F6202F-DE44-4082-A723-CB85D1C63D54}\RP133\A0232815.DLL
	C:\SYSTEM VOLUME INFORMATION\_RESTORE{72F6202F-DE44-4082-A723-CB85D1C63D54}\RP133\A0232816.DLL
	C:\SYSTEM VOLUME INFORMATION\_RESTORE{72F6202F-DE44-4082-A723-CB85D1C63D54}\RP133\A0232817.SCR
	C:\SYSTEM VOLUME INFORMATION\_RESTORE{72F6202F-DE44-4082-A723-CB85D1C63D54}\RP133\A0232818.EXE
	C:\SYSTEM VOLUME INFORMATION\_RESTORE{72F6202F-DE44-4082-A723-CB85D1C63D54}\RP133\A0232819.EXE
	C:\SYSTEM VOLUME INFORMATION\_RESTORE{72F6202F-DE44-4082-A723-CB85D1C63D54}\RP133\A0232820.DLL
	C:\SYSTEM VOLUME INFORMATION\_RESTORE{72F6202F-DE44-4082-A723-CB85D1C63D54}\RP133\A0232821.DLL
	C:\SYSTEM VOLUME INFORMATION\_RESTORE{72F6202F-DE44-4082-A723-CB85D1C63D54}\RP133\A0232822.SCR
	C:\SYSTEM VOLUME INFORMATION\_RESTORE{72F6202F-DE44-4082-A723-CB85D1C63D54}\RP133\A0232823.DLL
	C:\SYSTEM VOLUME INFORMATION\_RESTORE{72F6202F-DE44-4082-A723-CB85D1C63D54}\RP133\A0232824.EXE
	C:\SYSTEM VOLUME INFORMATION\_RESTORE{72F6202F-DE44-4082-A723-CB85D1C63D54}\RP133\A0232825.DLL
	C:\SYSTEM VOLUME INFORMATION\_RESTORE{72F6202F-DE44-4082-A723-CB85D1C63D54}\RP133\A0232827.EXE
	C:\SYSTEM VOLUME INFORMATION\_RESTORE{72F6202F-DE44-4082-A723-CB85D1C63D54}\RP133\A0232828.DLL
	C:\SYSTEM VOLUME INFORMATION\_RESTORE{72F6202F-DE44-4082-A723-CB85D1C63D54}\RP133\A0232829.EXE
	C:\SYSTEM VOLUME INFORMATION\_RESTORE{72F6202F-DE44-4082-A723-CB85D1C63D54}\RP133\A0232830.EXE
	C:\SYSTEM VOLUME INFORMATION\_RESTORE{72F6202F-DE44-4082-A723-CB85D1C63D54}\RP133\A0232832.DLL
	C:\SYSTEM VOLUME INFORMATION\_RESTORE{72F6202F-DE44-4082-A723-CB85D1C63D54}\RP133\A0232833.EXE
	C:\SYSTEM VOLUME INFORMATION\_RESTORE{72F6202F-DE44-4082-A723-CB85D1C63D54}\RP133\A0232834.EXE
	C:\SYSTEM VOLUME INFORMATION\_RESTORE{72F6202F-DE44-4082-A723-CB85D1C63D54}\RP133\A0232835.EXE
	C:\SYSTEM VOLUME INFORMATION\_RESTORE{72F6202F-DE44-4082-A723-CB85D1C63D54}\RP133\A0232836.DLL
	C:\SYSTEM VOLUME INFORMATION\_RESTORE{72F6202F-DE44-4082-A723-CB85D1C63D54}\RP133\A0232844.DLL
	C:\SYSTEM VOLUME INFORMATION\_RESTORE{72F6202F-DE44-4082-A723-CB85D1C63D54}\RP133\A0233749.EXE
	C:\SYSTEM VOLUME INFORMATION\_RESTORE{72F6202F-DE44-4082-A723-CB85D1C63D54}\RP133\A0233750.DLL
	C:\SYSTEM VOLUME INFORMATION\_RESTORE{72F6202F-DE44-4082-A723-CB85D1C63D54}\RP133\A0233751.EXE
	C:\SYSTEM VOLUME INFORMATION\_RESTORE{72F6202F-DE44-4082-A723-CB85D1C63D54}\RP133\A0233752.DLL
	C:\SYSTEM VOLUME INFORMATION\_RESTORE{72F6202F-DE44-4082-A723-CB85D1C63D54}\RP133\A0233753.DLL
	C:\SYSTEM VOLUME INFORMATION\_RESTORE{72F6202F-DE44-4082-A723-CB85D1C63D54}\RP135\A0236840.EXE

cosinus · 15.10.2010, 11:26

Zitat:

Datenbank Version: 4799

Du solltest doch Malwarebytes aktualisieren vorher!

Quemada · 15.10.2010, 11:58

Hatte ich. Ich habe den Scan allerdings auch schon am 12. gestartet. Da war das wohl noch die aktuellste Version.

cosinus · 15.10.2010, 13:57

Dann mach es bitte nochmal, also updaten und noch einen Vollscan. Ich will den Zustand so aktuell wie möglich und nicht den von vor drei Tagen

(obwohl ich glaube, dass am 12.10. auch aktuellere Sigs da waren)

Quemada · 15.10.2010, 22:25

So, jetzt aber.. ^^

Code:

ATTFilter

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4833

Windows 5.1.2600 Service Pack 3, v.3264
Internet Explorer 7.0.5730.13

15.10.2010 23:24:34
mbam-log-2010-10-15 (23-24-34).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Durchsuchte Objekte: 608188
Laufzeit: 4 Stunde(n), 7 Minute(n), 30 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

cosinus · 15.10.2010, 23:19

Sieht ok aus.
Noch Probleme oder weitere Funde in der Zwischenzeit?

Quemada · 16.10.2010, 06:42

Nein, keine Probleme mehr.
Vielen lieben dank, Arne.

cosinus · 16.10.2010, 13:43

Dann wären wir durch!

Bitte abschließend die Updates prüfen, unten mein Leitfaden dazu.
Für noch mehr Sicherheit solltest Du nach der beseitigten Infektion auch möglichst alle Passwörter ändern.

Microsoftupdate

Windows XP: Besuch mit dem IE die MS-Updateseite und lass Dir alle wichtigen Updates installieren.

Windows Vista/7: Anleitung Windows-Update

PDF-Reader aktualisieren
Dein Adobe Reader ist nicht aktuell, was ein großes Sicherheitsrisiko darstellt. Du solltest daher besser die alte Version über Systemsteuerung => Software deinstallieren, indem Du dort auf "Adobe Reader x.0" klickst und das Programm entfernst.

Ich empfehle einen alternativen PDF-Reader wie SumatraPDF oder Foxit PDF Reader, beide sind sehr viel schlanker und flotter als der AdobeReader.

Bitte überprüf bei der Gelegenheit auch die Aktualität des Flashplayers, hier der direkte Downloadlink => http://filepony.de/?q=Flash+Player

Java-Update
Veraltete Java-Installationen sind ein Sicherheitsrisiko, daher solltest Du die alten Versionen löschen (falls vorhanden, am besten mit JavaRa) und auf die neuste aktualisieren. Beende dazu alle Programme (v.a. die Browser), klick danach auf Start, Systemsteuerung, Software und deinstalliere darüber alle aufgelisteten Java-Versionen. Lad Dir danach von hier das aktuelle Java SE Runtime Environment (JRE) herunter und installiere es.

12.10.2010, 11:06	#18
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Skype - Facebook Virus Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs. Denk dran beide Tools zu updaten vor dem Scan!! __________________ __________________

15.10.2010, 13:57	#22
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Skype - Facebook Virus Dann mach es bitte nochmal, also updaten und noch einen Vollscan. Ich will den Zustand so aktuell wie möglich und nicht den von vor drei Tagen (obwohl ich glaube, dass am 12.10. auch aktuellere Sigs da waren) __________________ Logfiles bitte immer in CODE-Tags posten

15.10.2010, 23:19	#24
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Skype - Facebook Virus Sieht ok aus. Noch Probleme oder weitere Funde in der Zwischenzeit? __________________ Logfiles bitte immer in CODE-Tags posten

Skype - Facebook Virus

Plagegeister aller Art und deren Bekämpfung: Skype - Facebook Virus