Antivir hat den Trojaner TR/Shakat.o.566 gefunden

Katti169 · 08.02.2011, 20:08

Hallo zusammen,

Antivir hat auf meinem Laptop (Windows Vista) gestern abend den Trojaner "TR/Shakat.o.566" gefunden diesen hab ich dann in Quarantäne verschoben. Im Anhang ein Screenshot von der Quarantäne-Verwaltung in Antivir.
Die Datei sagt mir gar nichts...
Ich habe auch noch keine Infos über den Trojaner im Netz gefunden...

Danach habe ich Antivir und SUPERAntiSpyware noch mal das System checken lassen, die haben dann nichts mehr gefunden (ausser Cookies).

Kann ich die Datei jetzt einfach löschen und der Trojaner ist weg? Ich glaube leider, dass es nicht so einfach ist...

Ich danke euch jetzt schon mal für eure Hilfe!

Liebe Grüße
Katti

Nachdem ich in dem Forum ein bisschen gestöbert habe, habe ich noch mal Malware Bytes gestartet. Hier hat 19 identifizierte Objekte gefunden.
Die habe ich dann in Quarantäne gschoben und nach dem Neustart wurde folgender Log protokolliert:

Code:

ATTFilter

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
 
Datenbank Version: 5714
 
Windows 6.0.6001 Service Pack 1
Internet Explorer 7.0.6001.18000
 
08.02.2011 22:37:11
mbam-log-2011-02-08 (22-37-11).txt
 
Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 282971
Laufzeit: 1 Stunde(n), 46 Minute(n), 56 Sekunde(n)
 
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 3
Infizierte Registrierungsschlüssel: 7
Infizierte Registrierungswerte: 4
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 5
 
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
 
Infizierte Speichermodule:
C:\Program Files\Mozilla Firefox\extensions\{B922D405-6D13-4A2B-AE89-08A030DA4402}\components\pdfforgeToolbarFF.dll (Adware.WidgiToolbar) -> Delete on reboot.
C:\Program Files\Mozilla Firefox\extensions\search@searchsettings.com\components\SearchSettingsFF.dll (PUP.Dealio) -> Delete on reboot.
C:\Program Files\pdfforge Toolbar\SearchSettingsRes409.dll (PUP.Dealio) -> Delete on reboot.
 
Infizierte Registrierungsschlüssel:
HKEY_CLASSES_ROOT\CLSID\{e312764e-7706-43f1-8dab-fcdd2b1e416d} (PUP.Dealio) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{e312764e-7706-43f1-8dab-fcdd2b1e416d} (PUP.Dealio) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e312764e-7706-43f1-8dab-fcdd2b1e416d} (PUP.Dealio) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{b922d405-6d13-4a2b-ae89-08a030da4402} (PUP.Dealio) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{b922d405-6d13-4a2b-ae89-08a030da4402} (PUP.Dealio) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{b922d405-6d13-4a2b-ae89-08a030da4402} (PUP.Dealio) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b922d405-6d13-4a2b-ae89-08a030da4402} (PUP.Dealio) -> Quarantined and deleted successfully.
 
Infizierte Registrierungswerte:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\Program Files\Mozilla Firefox\extensions\{B922D405-6D13-4A2B-AE89-08A030DA4402}\components\pdfforgeToolbarFF.dll (Adware.WidgiToolbar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\Program Files\Mozilla Firefox\extensions\search@searchsettings.com\components\SearchSettingsFF.dll (PUP.Dealio) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{e312764e-7706-43f1-8dab-fcdd2b1e416d} (PUP.Dealio) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{b922d405-6d13-4a2b-ae89-08a030da4402} (PUP.Dealio) -> Quarantined and deleted successfully.
 
Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)
 
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
 
Infizierte Dateien:
C:\Program Files\Mozilla Firefox\extensions\{B922D405-6D13-4A2B-AE89-08A030DA4402}\components\pdfforgeToolbarFF.dll (Adware.WidgiToolbar) -> Delete on reboot.
C:\Program Files\Mozilla Firefox\extensions\search@searchsettings.com\components\SearchSettingsFF.dll (PUP.Dealio) -> Delete on reboot.
C:\Program Files\pdfforge Toolbar\SearchSettingsRes409.dll (PUP.Dealio) -> Delete on reboot.
C:\Program Files\pdfforge Toolbar\pdfforgeToolbarIE.dll (PUP.Dealio) -> Quarantined and deleted successfully.
C:\Program Files\pdfforge Toolbar\WidgiHelper.exe (PUP.Dealio) -> Quarantined and deleted successfully.

Ist das gut oder schlecht?

Danke!

Und dann hab ich jetzt noch mal OTL nach folgender Anweisung ausgeführt:

# Doppelklick auf die OTL.exe
# Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
# Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
# Unter Extra Registry, wähle bitte Use SafeList
# Klicke nun auf Run Scan links oben

(das habe ich in einem anderen Thema hier gefunden)

Dabei sind folgende Logs rausgekommen:

OTL.txt
OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 08.02.2011 22:51:22 - Run 1
OTL by OldTimer - Version 3.2.20.6     Folder = C:\Users\Katrin\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 40,00% Memory free
4,00 Gb Paging File | 2,00 Gb Available in Paging File | 61,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 43,95 Gb Total Space | 5,14 Gb Free Space | 11,71% Space Free | Partition Type: NTFS
Drive D: | 97,29 Gb Total Space | 72,49 Gb Free Space | 74,51% Space Free | Partition Type: NTFS
 
Computer Name: NB-KATRIN | User Name: Katrin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Katrin\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe (Samsung Electronics Co., Ltd.)
PRC - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
PRC - C:\Program Files\Greenshot\Greenshot.exe ()
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Program Files\OpenOffice.org 3\program\soffice.bin (OpenOffice.org)
PRC - C:\Program Files\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)
PRC - C:\Windows\System32\FsUsbExService.Exe (Teruten)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\System Control Manager\MGSysCtrl.exe (Mirco-Star International  CO., LTD.)
PRC - C:\Program Files\System Control Manager\MSIService.exe ()
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Program Files\JGsoft\EditPadLite\EditPadLite.exe (Just Great Software)
PRC - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe (TOSHIBA CORPORATION.)
PRC - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe (TOSHIBA CORPORATION)
PRC - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe (TOSHIBA CORPORATION.)
PRC - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe (TOSHIBA CORPORATION.)
PRC - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe (TOSHIBA CORPORATION.)
PRC - C:\Program Files\WinZip\WZQKPICK.EXE (WinZip Computing, S.L.)
PRC - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\ItSecMng.exe ( TOSHIBA CORPORATION)
PRC - C:\Program Files\Lexmark 1200 Series\LXCZbmgr.exe (Lexmark International, Inc.)
PRC - C:\Program Files\Lexmark 1200 Series\lxczbmon.exe (Lexmark International, Inc.)
PRC - C:\Windows\System32\lxczcoms.exe ( )
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\Katrin\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18523_none_5cdd65e20837faf2\comctl32.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (WPFFontCache_v0400) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (FsUsbExService) -- C:\Windows\System32\FsUsbExService.Exe (Teruten)
SRV - (Micro Star SCM) -- C:\Program Files\System Control Manager\MSIService.exe ()
SRV - (TOSHIBA Bluetooth Service) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe (TOSHIBA CORPORATION)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SRV - (lxcz_device) -- C:\Windows\System32\lxczcoms.exe ( )
 
 
========== Driver Services (SafeList) ==========
 
DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgio) -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (FsUsbExDisk) -- C:\Windows\System32\FsUsbExDisk.Sys ()
DRV - (RTL8187Se) -- C:\Windows\System32\drivers\RTL8187Se.sys (Realtek Semiconductor Corporation                           )
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.)
DRV - (JMCR) -- C:\Windows\System32\drivers\jmcr.sys (JMicron Technology Corporation)
DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation                                            )
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (Tosrfusb) -- C:\Windows\System32\drivers\tosrfusb.sys (TOSHIBA CORPORATION)
DRV - (SNP2UVC) USB2.0 PC Camera (SNP2UVC) -- C:\Windows\System32\drivers\snp2uvc.sys ()
DRV - (nvstor32) -- C:\Windows\system32\DRIVERS\nvstor32.sys (NVIDIA Corporation)
DRV - (netr28) -- C:\Windows\System32\drivers\netr28.sys (Ralink Technology, Corp.)
DRV - (Tosrfcom) -- C:\Windows\System32\drivers\tosrfcom.sys (TOSHIBA Corporation)
DRV - (enecir) -- C:\Windows\System32\drivers\enecir.sys (ENE TECHNOLOGY INC.)
DRV - (tosrfbd) -- C:\Windows\System32\drivers\tosrfbd.sys (TOSHIBA CORPORATION)
DRV - (nvsmu) -- C:\Windows\System32\drivers\nvsmu.sys (NVIDIA Corporation)
DRV - (tosporte) -- C:\Windows\System32\drivers\tosporte.sys (TOSHIBA Corporation)
DRV - (Tosrfhid) -- C:\Windows\System32\drivers\Tosrfhid.sys (TOSHIBA Corporation.)
DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (Agere Systems)
DRV - (TosRfSnd) -- C:\Windows\System32\drivers\TosRfSnd.sys (TOSHIBA Corporation)
DRV - (MegaSR) -- C:\Windows\system32\drivers\megasr.sys (LSI Corporation, Inc.)
DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Corporation)
DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (tosrfbnp) -- C:\Windows\System32\drivers\tosrfbnp.sys (TOSHIBA Corporation)
DRV - (ReallusionVirtualAudio) -- C:\Windows\System32\drivers\RLVrtAuCbl.sys ()
DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (smserial) -- C:\Windows\System32\drivers\smserial.sys (Motorola Inc.)
DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (tosrfnds) -- C:\Windows\System32\drivers\tosrfnds.sys (TOSHIBA Corporation.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.msi.com.tw
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.msi.com.tw
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=971163"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.wer-kennt-wen.de/"
FF - prefs.js..extensions.enabledItems: {B922D405-6D13-4A2B-AE89-08A030DA4402}:1.1.1
FF - prefs.js..extensions.enabledItems: search@searchsettings.com:1.2.2
FF - prefs.js..keyword.URL: "hxxp://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=971163&p="
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.4\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009.03.03 20:11:44 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.4\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.10.11 17:59:38 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.7\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010.12.14 19:41:00 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.7\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2010.10.11 17:59:38 | 000,000,000 | ---D | M]
 
[2010.09.12 12:38:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Katrin\AppData\Roaming\mozilla\Extensions
[2010.09.12 12:38:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Katrin\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2011.02.08 20:59:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Katrin\AppData\Roaming\mozilla\Firefox\Profiles\zjexupj8.default\extensions
[2010.04.12 18:15:41 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\Katrin\AppData\Roaming\mozilla\Firefox\Profiles\zjexupj8.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2009.01.15 19:32:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Katrin\AppData\Roaming\mozilla\Firefox\Profiles\zjexupj8.default\extensions\toolbar_extras@de.yahoo.com
[2010.12.13 20:46:04 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions
[2009.08.15 17:12:47 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Program Files\mozilla firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2010.12.13 20:46:04 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files\mozilla firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2009.09.22 20:02:06 | 000,000,000 | ---D | M] (pdfforge Toolbar Plugin) -- C:\Program Files\mozilla firefox\extensions\{B922D405-6D13-4A2B-AE89-08A030DA4402}
[2009.09.22 20:02:06 | 000,000,000 | ---D | M] (Search Settings Plugin) -- C:\Program Files\mozilla firefox\extensions\search@searchsettings.com
[2009.01.15 19:31:46 | 000,000,000 | ---D | M] (Yahoo! Deutschland Toolbar und Extras) -- C:\Program Files\mozilla firefox\extensions\toolbar_extras@de.yahoo.com
[2008.03.15 14:56:14 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2008.10.13 19:34:40 | 000,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2008.02.19 15:40:48 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2006.12.03 16:59:22 | 000,000,986 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2008.07.15 15:23:13 | 000,000,810 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [ITSecMng] C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe ( TOSHIBA CORPORATION)
O4 - HKLM..\Run: [lxczbmgr.exe] C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe (Lexmark International, Inc.)
O4 - HKLM..\Run: [ Malwarebytes Anti-Malware  (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MGSysCtrl] C:\Program Files\System Control Manager\MGSysCtrl.exe (Mirco-Star International  CO., LTD.)
O4 - HKLM..\Run: [NPSStartup]  File not found
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SearchSettings]  File not found
O4 - HKLM..\Run: [WinampAgent]  File not found
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [AutoStartNPSAgent] C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKCU..\Run: [Greenshot] C:\Program Files\Greenshot\Greenshot.exe ()
O4 - HKCU..\Run: [ICQ] C:\Program Files\ICQ7.1\ICQ.exe (ICQ, LLC.)
O4 - HKCU..\Run: [MsgCenterExe]  File not found
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - Startup: C:\Users\Katrin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Program Files\ICQ7.1\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Program Files\ICQ7.1\ICQ.exe (ICQ, LLC.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Katrin\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Katrin\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.02.08 22:50:12 | 000,602,624 | ---- | C] (OldTimer Tools) -- C:\Users\Katrin\Desktop\OTL.exe
[2011.02.08 20:45:41 | 000,000,000 | ---D | C] -- C:\Users\Katrin\AppData\Roaming\Malwarebytes
[2011.02.08 20:45:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.02.08 20:45:22 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011.02.08 20:44:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.02.08 20:44:13 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011.02.08 20:44:04 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011.02.08 19:11:31 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW
[2011.02.07 20:44:10 | 000,000,000 | ---D | C] -- C:\Users\Katrin\AppData\Roaming\SUPERAntiSpyware.com
[2011.02.07 20:44:10 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2011.02.07 20:44:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2011.02.07 20:43:57 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2011.02.07 19:34:48 | 000,000,000 | ---D | C] -- C:\Users\Katrin\Desktop\PARIS
[2011.01.20 21:41:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
[2011.01.20 21:41:22 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip
[2011.01.18 19:11:49 | 000,000,000 | ---D | C] -- C:\Users\Katrin\Desktop\fotos papa netz
[2011.01.13 20:40:05 | 000,409,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbc32.dll
[2011.01.13 20:39:59 | 001,169,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sdclt.exe
[2010.09.14 19:44:44 | 001,224,704 | ---- | C] ( ) -- C:\Windows\System32\lxczserv.dll
[2010.09.14 19:44:44 | 000,991,232 | ---- | C] ( ) -- C:\Windows\System32\lxczusb1.dll
[2010.09.14 19:44:44 | 000,413,696 | ---- | C] ( ) -- C:\Windows\System32\lxczinpa.dll
[2010.09.14 19:44:44 | 000,397,312 | ---- | C] ( ) -- C:\Windows\System32\lxcziesc.dll
[2010.09.14 19:44:44 | 000,323,584 | ---- | C] ( ) -- C:\Windows\System32\LXCZhcp.dll
[2010.09.14 19:44:43 | 000,643,072 | ---- | C] ( ) -- C:\Windows\System32\lxczpmui.dll
[2010.09.14 19:44:43 | 000,585,728 | ---- | C] ( ) -- C:\Windows\System32\lxczlmpm.dll
[2010.09.14 19:44:43 | 000,163,840 | ---- | C] ( ) -- C:\Windows\System32\lxczprox.dll
[2010.09.14 19:44:43 | 000,094,208 | ---- | C] ( ) -- C:\Windows\System32\lxczpplc.dll
[2010.09.14 19:44:42 | 000,696,320 | ---- | C] ( ) -- C:\Windows\System32\lxczhbn3.dll
[2010.09.14 19:44:42 | 000,684,032 | ---- | C] ( ) -- C:\Windows\System32\lxczcomc.dll
[2010.09.14 19:44:42 | 000,421,888 | ---- | C] ( ) -- C:\Windows\System32\lxczcomm.dll
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011.02.08 22:50:23 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\Katrin\Desktop\OTL.exe
[2011.02.08 22:46:53 | 000,623,280 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.02.08 22:46:53 | 000,591,320 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.02.08 22:46:53 | 000,125,378 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.02.08 22:46:53 | 000,103,194 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.02.08 22:40:36 | 000,070,046 | ---- | M] () -- C:\ProgramData\nvModes.001
[2011.02.08 22:40:08 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.02.08 22:40:08 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.02.08 22:39:59 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.02.08 22:39:54 | 1878,093,824 | -HS- | M] () -- C:\hiberfil.sys
[2011.02.08 22:35:09 | 000,003,547 | ---- | M] () -- C:\Users\Katrin\Desktop\log malwarebytes
[2011.02.08 20:45:26 | 000,000,828 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.02.08 20:04:51 | 000,138,234 | ---- | M] () -- C:\Users\Katrin\Desktop\meldung antivir.png
[2011.02.07 20:44:00 | 000,001,810 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011.01.22 15:00:32 | 000,136,825 | ---- | M] () -- C:\Users\Katrin\Desktop\snack gutschein.pdf
[2011.01.18 19:20:11 | 000,037,888 | ---- | M] () -- C:\Users\Katrin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.02.08 22:35:09 | 000,003,547 | ---- | C] () -- C:\Users\Katrin\Desktop\log malwarebytes
[2011.02.08 20:45:26 | 000,000,828 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.02.08 20:04:50 | 000,138,234 | ---- | C] () -- C:\Users\Katrin\Desktop\meldung antivir.png
[2011.02.07 20:44:00 | 000,001,810 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011.01.22 15:00:32 | 000,136,825 | ---- | C] () -- C:\Users\Katrin\Desktop\snack gutschein.pdf
[2010.11.13 14:25:58 | 000,110,592 | ---- | C] () -- C:\Windows\System32\FsUsbExDevice.Dll
[2010.11.13 14:25:58 | 000,036,608 | ---- | C] () -- C:\Windows\System32\FsUsbExDisk.Sys
[2010.09.14 19:47:50 | 000,000,108 | ---- | C] () -- C:\Windows\Lexstat.ini
[2010.09.14 19:44:44 | 000,413,696 | ---- | C] () -- C:\Windows\System32\lxczutil.dll
[2010.09.14 19:44:44 | 000,274,432 | ---- | C] () -- C:\Windows\System32\LXCZinst.dll
[2010.03.18 20:13:22 | 000,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll
[2009.09.22 20:01:36 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll
[2009.06.18 12:32:23 | 000,000,137 | ---- | C] () -- C:\Windows\ETOSP.INI
[2009.03.03 21:25:22 | 000,024,206 | ---- | C] () -- C:\Users\Katrin\AppData\Roaming\UserTile.png
[2009.02.18 22:05:40 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009.01.24 13:22:03 | 000,000,512 | ---- | C] () -- C:\Windows\ODBC.INI
[2009.01.03 15:02:35 | 000,000,097 | ---- | C] () -- C:\Windows\WirelessFTP.INI
[2009.01.02 23:55:23 | 000,037,888 | ---- | C] () -- C:\Users\Katrin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.01.02 22:56:10 | 000,031,616 | ---- | C] () -- C:\Windows\System32\drivers\RLVrtAuCbl.sys
[2008.10.07 14:47:45 | 000,000,000 | ---- | C] () -- C:\Windows\tosOBEX.INI
[2008.10.07 12:42:06 | 001,748,352 | ---- | C] () -- C:\Windows\System32\drivers\snp2uvc.sys
[2008.10.07 12:42:06 | 000,028,672 | ---- | C] () -- C:\Windows\System32\drivers\sncduvc.sys
[2008.10.07 12:32:45 | 000,070,046 | ---- | C] () -- C:\ProgramData\nvModes.001
[2008.10.07 12:23:04 | 000,070,046 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2007.12.22 00:46:32 | 000,118,784 | ---- | C] () -- C:\Windows\System32\TosBtAcc.dll
[2007.10.25 17:26:10 | 000,005,632 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys
[2007.02.07 17:58:12 | 000,039,899 | ---- | C] () -- C:\Windows\System32\rtsicis.ini
[2007.01.22 08:49:34 | 000,344,064 | ---- | C] () -- C:\Windows\System32\lxczcoin.dll
[2006.11.02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.06.07 13:23:04 | 000,061,440 | ---- | C] () -- C:\Windows\System32\lxczcnv7.dll
[2006.03.27 11:19:14 | 000,040,960 | ---- | C] () -- C:\Windows\System32\lxczvs.dll
[2006.03.07 11:59:04 | 000,061,440 | ---- | C] () -- C:\Windows\System32\lxczcnv6.dll
[2006.01.10 17:11:06 | 000,061,440 | ---- | C] () -- C:\Windows\System32\lxczcnv5.dll
[2006.01.10 17:11:06 | 000,061,440 | ---- | C] () -- C:\Windows\System32\lxczcnv4.dll
[2005.07.23 05:30:18 | 000,065,536 | ---- | C] () -- C:\Windows\System32\TosCommAPI.dll
 
< End of report >

--- --- ---

[/CODE]

Extras.txt
OTL Logfile:

Code:

ATTFilter

OTL Extras logfile created on: 08.02.2011 22:51:22 - Run 1
OTL by OldTimer - Version 3.2.20.6     Folder = C:\Users\Katrin\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 40,00% Memory free
4,00 Gb Paging File | 2,00 Gb Available in Paging File | 61,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 43,95 Gb Total Space | 5,14 Gb Free Space | 11,71% Space Free | Partition Type: NTFS
Drive D: | 97,29 Gb Total Space | 72,49 Gb Free Space | 74,51% Space Free | Partition Type: NTFS
 
Computer Name: NB-KATRIN | User Name: Katrin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.txt [@ = txtfile] -- C:\Program Files\JGsoft\EditPadLite\EditPadLite.exe (Just Great Software)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 0
"InternetSettingsDisableNotify" = 0
"AutoUpdateDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0015C17C-40D9-46DB-A64B-477C7698CFF3}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=c:\windows\system32\svchost.exe | 
"{080658B8-2634-4FE3-914D-9DD2F6C5AA41}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{165F4079-3EB7-47AF-B970-DB97DD03CDE7}" = lport=139 | protocol=6 | dir=in | app=system | 
"{16E33255-4511-4833-B441-7856FB29B787}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{1E594057-ACBA-476B-AD6D-966837AA65C5}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{217EF49C-ECEF-43A1-BC59-91DEBAB3EC2C}" = lport=138 | protocol=17 | dir=in | app=system | 
"{24F04A07-3510-4E1C-9DB4-3EF0DDC03085}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{30B9DE04-0EE0-4617-85B8-DD1CE7425F21}" = rport=139 | protocol=6 | dir=out | app=system | 
"{32B4AEDC-9FFC-4BA9-9D03-1047F2B5BD34}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{3836FA40-6471-4479-BE07-5576C96659CF}" = lport=137 | protocol=17 | dir=in | app=system | 
"{399C4791-4566-47FA-8296-B85254F1FAF5}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=c:\windows\system32\svchost.exe | 
"{42AFA43A-AB46-4197-AD8A-A8781BF55790}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{45483517-117E-476F-88AE-4130E7568EF7}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{492FCC48-7400-4E18-BF21-717BEF49A838}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe | 
"{4ADA75A8-E20C-4012-83FF-822B56D6706F}" = rport=445 | protocol=6 | dir=out | app=system | 
"{4C146043-0C55-40E4-9230-E3A78BA956FC}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{4D17B220-17F4-4FC4-A6D3-5327AD423FEB}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{5C3C2CCA-1407-4C3A-A392-1C6C7BAC7F74}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{74BFCE68-0330-4F05-863A-4E92A4DD214B}" = rport=138 | protocol=17 | dir=out | app=system | 
"{79BFC481-DBD7-4B22-B923-9B71945D1031}" = lport=445 | protocol=6 | dir=in | app=system | 
"{920CE57A-0A86-44AA-A896-012A1AD2745C}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{96465393-D552-4FD6-A9C5-B7945EF4BCF4}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{9D7572A1-B66B-4B40-A201-3CA3F6AFB033}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=c:\windows\system32\svchost.exe | 
"{A49A409E-90A0-41F3-9856-8411C0A9DA81}" = rport=2869 | protocol=6 | dir=out | app=system | 
"{A6DC8519-D3BD-4334-B338-51F17D9BBE32}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{AA66E02B-1D78-4E64-96B4-3B568D65954E}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{AFE8A460-DD21-4B9F-9C5F-5BF0A3078EB1}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=c:\windows\system32\svchost.exe | 
"{B628B289-ECA2-442D-A515-DE0C46E2CE17}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{BE3CFCD4-AD06-42A3-9E8E-61B6C478D3A3}" = rport=137 | protocol=17 | dir=out | app=system | 
"{C0076FF7-8B92-4468-8D11-1D9E3A1AB599}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{C16ADE55-3289-43DF-8F5E-2F5557D78C0A}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{C3D9B5F2-7B96-4421-B107-9D1E4B237C13}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{CBB7C140-7688-46EC-BBD5-8521F667AAA6}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=c:\windows\system32\svchost.exe | 
"{D9AD899A-43DE-482A-B63D-7B7AE27EC109}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{FA00AD1C-BF56-45E4-B238-1AC5D55B4995}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{04759288-F136-4DA9-9C7E-C46F28B5FD24}" = protocol=6 | dir=out | app=system | 
"{06FBC27B-0B86-471D-9958-84C9BB940E0B}" = protocol=6 | dir=out | app=c:\program files\windows media player\wmplayer.exe | 
"{1109360E-5BDA-4CFB-BFD7-8810B888C752}" = protocol=6 | dir=out | app=c:\program files\windows media player\wmplayer.exe | 
"{18E1CB6D-5406-4726-9BFD-B4BCB49A2B75}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{1A033A39-AD3C-457E-B0A9-C0493144ADC2}" = protocol=17 | dir=in | app=c:\program files\windows media player\wmpnetwk.exe | 
"{20B3A8C0-E3C7-43DC-9002-2B0E84A6BE73}" = protocol=17 | dir=out | app=c:\program files\windows media player\wmpnetwk.exe | 
"{289871BC-503B-43D6-B6EA-872EC34EE209}" = protocol=6 | dir=in | app=c:\program files\icq7.1\icq.exe | 
"{2944FB8B-0FF8-40DA-84D3-5A41B2F4C4DD}" = protocol=17 | dir=in | app=c:\windows\system32\lxczcoms.exe | 
"{3DBCB800-B280-47E0-847F-396409277D67}" = protocol=17 | dir=in | app=c:\program files\avira\antivir personaledition classic\avnotify.exe | 
"{3F899980-86EB-4B59-87BD-01C5E1B1DD80}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{40B9E581-271B-42CC-89AD-CE9C9A984918}" = protocol=6 | dir=in | app=c:\program files\avira\antivir personaledition classic\update.exe | 
"{449D1856-D14E-4C22-9409-840B008DC42B}" = protocol=6 | dir=in | app=c:\program files\windows media player\wmpnetwk.exe | 
"{451B6642-B292-4986-9907-6E3D08BC45CF}" = protocol=6 | dir=out | svc=upnphost | app=c:\windows\system32\svchost.exe | 
"{586B14F3-E6CD-4591-ACA4-26D5AEFAB776}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{5CCA3850-86C8-452F-A387-F69AE1755100}" = protocol=17 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsasvr.exe | 
"{5D065818-5C31-448D-B6BD-D1AD69D6545B}" = protocol=17 | dir=in | app=c:\program files\toshiba\bluetooth toshiba stack\eccenter1.exe | 
"{5E56EBF8-2BC5-4423-99E8-314679C0799A}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{632115F2-D1C3-43A3-89AC-3F1A8D495213}" = protocol=6 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsasvr.exe | 
"{64FDB81C-D43E-43B0-92BA-B01441A1F37B}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{6D25EFAD-98C6-4170-BCA0-88F3227C07D5}" = protocol=17 | dir=in | app=c:\program files\icq7.1\aolload.exe | 
"{747F1DEC-FBD1-4564-91EF-8D6D327606CE}" = protocol=17 | dir=in | app=c:\program files\icq7.1\icq.exe | 
"{780335F0-723E-42E6-B4F4-E4F3CF4B68D8}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxczpswx.exe | 
"{7B12C88F-977D-4FD4-B3B5-87ACE5C0540C}" = protocol=17 | dir=out | app=c:\program files\windows media player\wmplayer.exe | 
"{7DC73998-3D41-4B33-84EC-E563C429B146}" = protocol=6 | dir=in | app=c:\windows\system32\lxczcoms.exe | 
"{7EDB033B-9D8F-463D-A483-DBC4BFA7B8DD}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{7F6176A1-0CA0-4BC9-8E26-BB38EBEDF307}" = protocol=17 | dir=in | app=c:\program files\icq7.1\aolload.exe | 
"{822E73FE-8E53-4FE1-A5C1-D096C12B8121}" = protocol=6 | dir=out | app=c:\program files\windows media player\wmpnetwk.exe | 
"{92F2EEEC-8CF4-4E04-8986-203509B9D1FD}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxczpswx.exe | 
"{97E420B6-6C02-44D1-8DEF-A3A9F6DCA64B}" = protocol=17 | dir=in | app=c:\program files\icq7.1\icq.exe | 
"{A2073916-FA5C-4523-B40F-6F3E1FA48DCF}" = protocol=6 | dir=in | app=c:\program files\icq7.1\icq.exe | 
"{B5DF57F9-00D6-45C3-8382-488BBDD8FF34}" = protocol=6 | dir=in | app=c:\program files\avira\antivir personaledition classic\avcenter.exe | 
"{BA48AF5C-C5B8-4706-9E0D-84FA701FF978}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{C50CDF52-A70A-45D5-8FF8-07EFFFF707AB}" = protocol=17 | dir=in | app=c:\program files\windows media player\wmplayer.exe | 
"{CA11BE99-3ABD-44A5-9BF8-E2DFE0786288}" = protocol=6 | dir=in | app=c:\program files\icq7.1\aolload.exe | 
"{CA66661C-2EC9-40F5-B492-DCDF43DE28F3}" = protocol=6 | dir=in | app=c:\program files\avira\antivir personaledition classic\avnotify.exe | 
"{D377CD3B-7E13-457C-B08C-1619FE1DD65D}" = protocol=17 | dir=in | app=c:\program files\windows media player\wmplayer.exe | 
"{D4C31A13-EEBF-4A59-8FC3-2440B1E4DAA4}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe | 
"{D6F94DF4-3FDD-4BEF-97A6-B469471A425A}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe | 
"{D777E59C-F3CC-4B15-99F2-8049821472D6}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{D8FBAF93-471C-4DA6-84BF-9AB0366B5266}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 | 
"{E27B6EB3-45E3-488C-BDCA-AA229A551133}" = protocol=17 | dir=out | app=c:\program files\windows media player\wmplayer.exe | 
"{E325B64F-FFC6-4608-9267-646495B7C6AA}" = protocol=6 | dir=in | app=c:\program files\toshiba\bluetooth toshiba stack\eccenter1.exe | 
"{E589C28E-BAEA-44AF-AE2A-AC0B9EF10CD1}" = protocol=17 | dir=in | app=c:\program files\avira\antivir personaledition classic\update.exe | 
"{F3442F37-62F6-4AC1-ABB2-9928B12194A0}" = protocol=17 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsvsvr.exe | 
"{F5327B6E-BB20-468B-BCB4-3041B9EFD894}" = protocol=6 | dir=in | app=c:\program files\icq7.1\aolload.exe | 
"{F96BBD54-567C-4C05-8548-D9302784C005}" = protocol=6 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsvsvr.exe | 
"{FCF58D36-969C-4AB5-808E-121DAB18633D}" = protocol=17 | dir=in | app=c:\program files\avira\antivir personaledition classic\avcenter.exe | 
"TCP Query User{05CFB29F-9DD4-4755-8966-BBA0B051FBB2}C:\program files\itunes\itunes.exe" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe | 
"TCP Query User{D82CBB3F-2F40-491D-AD36-BD676CE578FB}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe | 
"TCP Query User{EC267F92-42AA-414B-8DAA-A08573A7675A}C:\program files\icq7.1\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq7.1\icq.exe | 
"UDP Query User{2E47B4AD-3EBC-4281-94D5-672646663C52}C:\program files\itunes\itunes.exe" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe | 
"UDP Query User{86911C66-2EC8-49C8-A5DC-3E5418464715}C:\program files\icq7.1\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq7.1\icq.exe | 
"UDP Query User{9FF73C40-24BC-41CC-9746-CC5E4F5E8A65}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{04B45310-A5FE-4425-BFCA-1A6D8920DE74}" = OpenOffice.org 3.0
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{07690F1C-04B1-4060-9691-6748ED1826B9}" = MSI Software Install
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{2070F79D-46BC-4EEA-8F02-9B4DCABAE7CB}" = iPod for Windows 2006-03-23
"{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron JMB38X Flash Media Controller
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java(TM) 6 Update 17
"{2892E1B7-E24D-4CCB-B8A7-B63D4B66F89F}" = BurnRecovery
"{399C37FB-08AF-493B-BFED-20FBD85EDF7F}" = USB 2.0 Camera
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}" = Microsoft Works
"{4EF8BE6A-899C-4196-94E7-297C5F7A203E}" = pdfforge Toolbar v1.1.1
"{542068F1-9AAE-4E1B-8ACA-094FE03728BE}" = Carambis Driver Updater
"{59C4F14F-7590-45FC-BE9F-A67AB3590709}" = iTunes
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{71BFC818-0CED-42D6-9C87-5142918957EE}" = ICQ7.1
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver
"{90280407-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional mit FrontPage
"{929408E6-D265-4174-805F-81D1D914E2A4}" = QuickTime
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A3BE3F1E-2472-4211-8735-E8239BE49D9F}" = Ulead Burn.Now 4.5
"{AC76BA86-7AD7-1033-7B44-A82000000003}" = Adobe Reader 8.2.5
"{AF7E85DC-317C-47F5-810E-B82EE093A612}" = Samsung New PC Studio USB Driver Installer
"{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}" = Skype Toolbars
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240B5}" = WinZip 11.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{D1504C77-1B19-4AF0-8DEC-946666123B55}" = CrazyTalk Cam Suite
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.0
"{ED9C5D25-55DF-48D8-9328-2AC0D75DE5D8}" = System Control Manager
"{F0E2B312-D7FD-4349-A9B6-E90B36DB1BD0}" = Paint.NET v3.5.5
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"5D38134BF8A10D640B30E6B014EECDBC5F881E3D" = Windows Driver Package - ENE (enecir) HIDClass  (04/29/2008 2.5.0.0)
"7-Zip" = 7-Zip 9.20
"AC3Filter" = AC3Filter (remove only)
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"Audacity_is1" = Audacity 1.2.6
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"CDex" = CDex extraction audio
"EditPad Lite" = Just Great Software EditPad Lite 6.4.3
"FileZilla Client" = FileZilla Client 3.3.2.1
"Greenshot_is1" = Greenshot
"InstallShield_{2070F79D-46BC-4EEA-8F02-9B4DCABAE7CB}" = iPod for Windows 2006-03-23
"InstallShield_{59C4F14F-7590-45FC-BE9F-A67AB3590709}" = iTunes
"InstallShield_{929408E6-D265-4174-805F-81D1D914E2A4}" = QuickTime
"InstallShield_{A3BE3F1E-2472-4211-8735-E8239BE49D9F}" = Ulead Burn.Now 4.5 SE
"InstallShield_{AF7E85DC-317C-47F5-810E-B82EE093A612}" = Samsung New PC Studio USB Driver Installer
"InstallShield_{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"JDiskReport 1.3.2" = JGoodies JDiskReport 1.3.2
"Lexmark 1200 Series" = Lexmark 1200 Series
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Move Networks Player - IE" = Move Networks Media Player for Internet Explorer
"Mozilla Firefox (3.0.4)" = Mozilla Firefox (3.0.4)
"Mozilla Thunderbird (3.1.7)" = Mozilla Thunderbird (3.1.7)
"NVIDIA Drivers" = NVIDIA Drivers
"Samsung Mobile phone USB driver" = Samsung Mobile phone USB driver Software
"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
"WinGimp-2.0_is1" = GIMP 2.6.8
"WinRAR archiver" = WinRAR Archivierer
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 05.12.2010 09:32:42 | Computer Name = nb-katrin | Source = WinMgmt | ID = 10
Description = 
 
Error - 05.12.2010 15:35:52 | Computer Name = nb-katrin | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 05.12.2010 15:35:52 | Computer Name = nb-katrin | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 05.12.2010 15:36:00 | Computer Name = nb-katrin | Source = WinMgmt | ID = 10
Description = 
 
Error - 07.12.2010 13:58:31 | Computer Name = nb-katrin | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 07.12.2010 13:58:31 | Computer Name = nb-katrin | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 07.12.2010 13:59:50 | Computer Name = nb-katrin | Source = WinMgmt | ID = 10
Description = 
 
Error - 08.12.2010 14:30:29 | Computer Name = nb-katrin | Source = WinMgmt | ID = 10
Description = 
 
Error - 08.12.2010 14:30:35 | Computer Name = nb-katrin | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 08.12.2010 14:30:35 | Computer Name = nb-katrin | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
[ System Events ]
Error - 06.02.2011 12:45:41 | Computer Name = nb-katrin | Source = netbt | ID = 4321
Description = Der Name "NB-KATRIN      :20" konnte nicht auf der Schnittstelle mit
 IP-Adresse 192.168.2.101  registriert werden. Der Computer mit IP-Adresse 169.254.212.160
 hat nicht  zugelassen, dass dieser Computer diesen Namen verwendet.
 
Error - 06.02.2011 13:17:56 | Computer Name = nb-katrin | Source = ipnathlp | ID = 31004
Description = 0 Bytes Speicher konnten durch den DNS-Proxy-Agenten nicht zugeordnet
 werden. Möglicherweise ist nicht genügend Speicher vorhanden oder ein interner 
Fehler ist im Speicher-Manager aufgetreten.
 
Error - 07.02.2011 14:12:51 | Computer Name = nb-katrin | Source = HTTP | ID = 15016
Description = 
 
Error - 07.02.2011 14:12:52 | Computer Name = nb-katrin | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10000
Description = 
 
Error - 07.02.2011 17:09:30 | Computer Name = nb-katrin | Source = HTTP | ID = 15016
Description = 
 
Error - 07.02.2011 17:09:30 | Computer Name = nb-katrin | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10000
Description = 
 
Error - 08.02.2011 13:35:21 | Computer Name = nb-katrin | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10000
Description = 
 
Error - 08.02.2011 13:35:21 | Computer Name = nb-katrin | Source = HTTP | ID = 15016
Description = 
 
Error - 08.02.2011 17:40:03 | Computer Name = nb-katrin | Source = HTTP | ID = 15016
Description = 
 
Error - 08.02.2011 17:40:04 | Computer Name = nb-katrin | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10000
Description = 
 
 
< End of report >

--- --- ---

[/CODE]

Hoffe das hilft euch einigermaßen weiter, ich habe die Quarantäne jetzt noch nicht gelöscht - weder bei Antivir noch bei Malware.

Viele Grüße und gute Nacht
Katti

Hallo zusammen,

leider hat mir noch keiner geantwortet - ist der Trojaner so unbedeutend?
Wäre nett wenn ihr mir eine Info geben würdet, ich weiß echt nicht was ich damit jetzt machen soll ohne den Laptop neu aufzusetzen....

Danke!!!!

cosinus · 10.02.2011, 19:39

Beende alle Programme, starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:

ATTFilter

:OTL
O4 - HKLM..\Run: [SearchSettings]  File not found
O4 - HKLM..\Run: [WinampAgent]  File not found
O4 - HKCU..\Run: [MsgCenterExe]  File not found
:Commands
[purity]
[resethosts]
[emptytemp]

Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Katti169 · 10.02.2011, 20:48

Hallo,

danke für die Antwort, habe ich gemacht:

Code:

ATTFilter

All processes killed
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\SearchSettings deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\WinampAgent deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\MsgCenterExe deleted successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Katrin
->Temp folder emptied: 655463610 bytes
->Temporary Internet Files folder emptied: 52759580 bytes
->Java cache emptied: 59198948 bytes
->FireFox cache emptied: 50288346 bytes
->Flash cache emptied: 1943780 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 1125 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 31434773 bytes
RecycleBin emptied: 138234 bytes
 
Total Files Cleaned = 812,00 mb
 
 
OTL by OldTimer - Version 3.2.20.6 log created on 02102011_201913

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

cosinus · 10.02.2011, 21:43

Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix

Lade dir ComboFix hier herunter auf deinen Desktop. Benenne es beim Runterladen um in cofi.exe.

Dann folgende Anleitung durchlesen und abarbeiten -> CCleaner Systembereinigung

Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.

Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.

Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.

Wichtiger Hinweis:

Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Katti169 · 10.02.2011, 22:21

wie beschrieben durchgeführt, hier der log von combofix:

Code:

ATTFilter

ComboFix 11-02-09.05 - Katrin 10.02.2011  21:59:54.1.2 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6001.1.1252.49.1031.18.1790.893 [GMT 1:00]
ausgeführt von:: c:\users\Katrin\Desktop\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.

(((((((((((((((((((((((   Dateien erstellt von 2011-01-10 bis 2011-02-10  ))))))))))))))))))))))))))))))
.

2011-02-10 21:08 . 2011-02-10 21:08	--------	d-----w-	c:\users\Default\AppData\Local\temp
2011-02-10 20:50 . 2011-02-10 20:50	--------	d-----w-	c:\program files\CCleaner
2011-02-10 19:35 . 2011-01-13 09:41	5890896	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{9434E19F-FC8E-4A91-B9EB-379AD5DEF7F0}\mpengine.dll
2011-02-10 19:19 . 2011-02-10 19:19	--------	d-----w-	C:\_OTL
2011-02-09 21:46 . 2011-02-09 23:09	--------	d-----w-	C:\PPF_Scan1
2011-02-09 21:45 . 2011-02-09 23:09	--------	d-----w-	C:\PPFScan
2011-02-09 20:51 . 2011-02-09 20:52	--------	d-----w-	c:\program files\trend micro
2011-02-09 20:51 . 2011-02-09 20:52	--------	d-----w-	C:\rsit
2011-02-08 19:45 . 2011-02-08 19:45	--------	d-----w-	c:\users\Katrin\AppData\Roaming\Malwarebytes
2011-02-08 19:45 . 2010-04-29 11:19	38224	----a-w-	c:\windows\system32\drivers\mbamswissarmy.sys
2011-02-08 19:44 . 2011-02-08 19:44	--------	d-----w-	c:\programdata\Malwarebytes
2011-02-08 19:44 . 2010-04-29 11:19	20952	----a-w-	c:\windows\system32\drivers\mbam.sys
2011-02-08 19:44 . 2011-02-08 19:45	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2011-02-07 19:44 . 2011-02-07 19:44	--------	d-----w-	c:\users\Katrin\AppData\Roaming\SUPERAntiSpyware.com
2011-02-07 19:44 . 2011-02-07 19:44	--------	d-----w-	c:\programdata\SUPERAntiSpyware.com
2011-02-07 19:43 . 2011-02-10 19:51	--------	d-----w-	c:\program files\SUPERAntiSpyware
2011-01-20 20:41 . 2011-01-20 20:41	--------	d-----w-	c:\program files\7-Zip
2011-01-13 19:40 . 2010-12-28 14:57	409600	----a-w-	c:\windows\system32\odbc32.dll
2011-01-13 19:40 . 2010-12-28 14:56	708608	----a-w-	c:\program files\Common Files\System\ado\msado15.dll
2011-01-13 19:40 . 2010-12-28 14:56	57344	----a-w-	c:\program files\Common Files\System\msadc\msadcs.dll
2011-01-13 19:40 . 2010-12-28 14:56	253952	----a-w-	c:\program files\Common Files\System\ado\msadox.dll
2011-01-13 19:40 . 2010-12-28 14:56	241664	----a-w-	c:\program files\Common Files\System\ado\msadomd.dll
2011-01-13 19:40 . 2010-12-28 14:56	180224	----a-w-	c:\program files\Common Files\System\msadc\msadco.dll
2011-01-13 19:39 . 2010-12-14 15:49	1169408	----a-w-	c:\windows\system32\sdclt.exe

.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-23 17:43 . 2010-12-23 17:43	1222408	----a-w-	c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2010-11-13 14:48 . 2007-10-25 16:26	5632	----a-w-	c:\windows\system32\drivers\StarOpen.sys
.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"AutoStartNPSAgent"="c:\program files\Samsung\Samsung New PC Studio\NPSAgent.exe" [2010-11-13 102400]
"Greenshot"="c:\program files\Greenshot\Greenshot.exe" [2010-07-12 548864]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-10-11 14940040]
"ICQ"="c:\program files\ICQ7.1\ICQ.exe" [2011-01-05 133432]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-02-10 2424560]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-07-19 13543968]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-07-19 92704]
"RtHDVCpl"="RtHDVCpl.exe" [2008-08-21 6265376]
"MGSysCtrl"="c:\program files\System Control Manager\MGSysCtrl.exe" [2008-08-27 708608]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-03-03 155648]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2006-02-23 278528]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-11-17 149280]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2010-09-24 40368]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"lxczbmgr.exe"="c:\program files\Lexmark 1200 Series\lxczbmgr.exe" [2007-04-19 74672]
" Malwarebytes Anti-Malware  (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-04-29 1090952]

c:\users\Katrin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.0.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2008-12-15 384000]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2008-4-15 2979144]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2008-2-8 394856]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer1"=wdmaud.drv

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 Micro Star SCM;Micro Star SCM;c:\program files\System Control Manager\MSIService.exe [2008-08-26 159744]
R3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys [2008-04-28 54784]
R3 netr28;Ralink 802.11n Wireless Driver for Windows Vista;c:\windows\system32\DRIVERS\netr28.sys [2008-05-19 380416]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2010-05-10 67656]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289]
S2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2009-01-08 233472]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.SYS [2009-01-08 36608]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2008-08-07 97536]
S3 ReallusionVirtualAudio;Reallusion Virtual Audio;c:\windows\system32\DRIVERS\RLVrtAuCbl.sys [2007-03-19 31616]


--- Andere Dienste/Treiber im Speicher ---

*NewlyCreated* - FSUSBEXDISK
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://start.icq.com/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: {{71BFC818-0CED-42D6-9C87-5142918957EE} - c:\program files\ICQ7.1\ICQ.exe
FF - ProfilePath - c:\users\Katrin\AppData\Roaming\Mozilla\Firefox\Profiles\zjexupj8.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.wer-kennt-wen.de/
FF - prefs.js: keyword.URL - hxxp://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=971163&p=
FF - Ext: SearchSettings Plugin: search@searchsettings.com - c:\program files\Mozilla Firefox\extensions\search@searchsettings.com
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: pdfforgeToolbar Plugin: {B922D405-6D13-4A2B-AE89-08A030DA4402} - c:\program files\Mozilla Firefox\extensions\{B922D405-6D13-4A2B-AE89-08A030DA4402}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -

HKLM-Run-ITSecMng - %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe
HKLM-Run-NPSStartup - (no file)
AddRemove-{26604C7E-A313-4D12-867F-7C6E7820BE4C} - c:\program files\InstallShield Installation Information\{26604C7E-A313-4D12-867F-7C6E7820BE4C}\setup.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2011-02-10 22:08
Windows 6.0.6001 Service Pack 1 NTFS

Scanne versteckte Prozesse... 

Scanne versteckte Autostarteinträge... 

Scanne versteckte Dateien... 

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
Zeit der Fertigstellung: 2011-02-10  22:11:17
ComboFix-quarantined-files.txt  2011-02-10 21:11

Vor Suchlauf: 7.870.582.784 Bytes frei
Nach Suchlauf: 7.943.331.840 Bytes frei

- - End Of File - - 118A4FA221AEC60F29346A4192EA85DC

Ich hab den Trojaner jetzt in Antivir immernoch unter Quarantäne stehen.
Kann ich den entfernen?

Danke!

cosinus · 11.02.2011, 09:12

Zitat:

Ich hab den Trojaner jetzt in Antivir immernoch unter Quarantäne stehen.
Kann ich den entfernen?

Du weißt, was eine Quarantäne ist? Ob da die schädliche Datei drinbleibt oder nicht, das hat keine Auswirkungen. Schädlinge in der Quarantäne können nichts mehr anrichten, sie sind dort isoliert. Du solltest grundsätzlich mit der Quarantäne arbeiten, denn falls der Virenscanner durch einen Fehlalarm was wichtiges löscht, kannst Du notfalls noch über die Quarantäne an die Datei ran.

Katti169 · 12.02.2011, 11:44

Hi Arne,

danke für die Antwort.
Ich weiß zwar ungefähr was eine Quarantäne ist, aber nicht ob das Auswirkungen hat oder nicht. Aber jetzt weiß ich mehr, Danke für den Tip das ich damit arbeiten soll.

Und was ist jetzt mit meinem Log? Ist der Virus jetzt weg?

Liebe Grüße
Katti

cosinus · 12.02.2011, 11:45

Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.

Downloade Dir danach bitte MBRCheck (by a_d_13) und speichere die Datei auf dem Desktop.

Doppelklick auf die MBRCheck.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Das Tool braucht nur einige Sekunden.
Danach solltest du eine MBRCheck_<Datum>_<Uhrzeit>.txt auf dem Desktop finden.

Poste mir bitte den Inhalt des .txt Dokumentes

Katti169 · 12.02.2011, 12:49

Ok hab ich gemacht. GMER wollte nicht so recht daher hier nur der osam-log:

Code:

ATTFilter

Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 12:45:43 on 12.02.2011

OS: Windows Vista Home Premium Edition Service Pack 1 (Build 6001), 32-bit
Default Browser: Mozilla Corporation Firefox 3.0.4

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"LocalCOM.cpl" - "TOSHIBA CORPORATION" - C:\Windows\system32\LocalCOM.cpl
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"QuickTime" - "Apple Computer, Inc." - C:\Program Files\QuickTime\QTSystem\QuickTime.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"avgio" (avgio) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\avgio.sys
"avgntflt" (avgntflt) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avgntflt.sys
"avipbb" (avipbb) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avipbb.sys
"catchme" (catchme) - ? - C:\Users\Katrin\AppData\Local\Temp\catchme.sys  (File not found)
"FsUsbExDisk" (FsUsbExDisk) - ? - C:\Windows\system32\FsUsbExDisk.SYS  (File found, but it contains no detailed information)
"GEARAspiWDM" (GEARAspiWDM) - "GEAR Software Inc." - C:\Windows\System32\Drivers\GEARAspiWDM.sys
"IP in IP Tunnel Driver" (IpInIp) - ? - C:\Windows\System32\DRIVERS\ipinip.sys  (File not found)
"IPX Traffic Filter Driver" (NwlnkFlt) - ? - C:\Windows\System32\DRIVERS\nwlnkflt.sys  (File not found)
"IPX Traffic Forwarder Driver" (NwlnkFwd) - ? - C:\Windows\System32\DRIVERS\nwlnkfwd.sys  (File not found)
"Reallusion Virtual Audio" (ReallusionVirtualAudio) - ? - C:\Windows\System32\DRIVERS\RLVrtAuCbl.sys  (File signed by Microsoft | File found, but it contains no detailed information)
"SASDIFSV" (SASDIFSV) - "SUPERAdBlocker.com and SUPERAntiSpyware.com" - C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
"SASKUTIL" (SASKUTIL) - "SUPERAdBlocker.com and SUPERAntiSpyware.com" - C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
"ssmdrv" (ssmdrv) - "Avira GmbH" - C:\Windows\System32\DRIVERS\ssmdrv.sys
"Symantec Network Security Intermediate Filter Service" (SymIM) - ? - C:\Windows\System32\DRIVERS\SymIM.sys  (File not found)
"SymIMMP" (SymIMMP) - ? - C:\Windows\System32\DRIVERS\SymIM.sys  (File not found)

[Explorer]
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
-----( HKLM\Software\Classes\Protocols\Handler )-----
{3D9F03FA-7A94-11D3-BE81-0050048385D1} "Data Page Pluggable Protocol mso-offdap Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL
{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
{0A9007C0-4076-11D3-8789-0000F8105754} "Microsoft Infotech Storage Protocol for IE 4.0" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )-----
{AEB6717E-7E19-11d0-97EE-00C04FD91972} "{AEB6717E-7E19-11d0-97EE-00C04FD91972}" - ? -   (File not found | COM-object registry key not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{911051fa-c21c-4246-b470-070cd8df6dc4} ".cab or .zip files" - ? -   (File not found | COM-object registry key not found)
{23170F69-40C1-278A-1000-000100020000} "7-Zip Shell Extension" - "Igor Pavlov" - C:\Program Files\7-Zip\7-zip.dll
{1b24a030-9b20-49bc-97ac-1be4426f9e59} "ActiveDirectory Folder" - ? -   (File not found | COM-object registry key not found)
{34449847-FD14-4fc8-A75A-7432F5181EFB} "ActiveDirectory Folder" - ? -   (File not found | COM-object registry key not found)
{45C6AFA5-2C13-402f-BC5D-45CC8172EF6B} "Bluetooth Information Exchanger" - "TOSHIBA" - C:\Windows\system32\TosBtExt.dll
{0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48} "Contacts folder" - ? -   (File not found | COM-object registry key not found)
{2C2577C2-63A7-40e3-9B7F-586602617ECB} "Explorer Query Band" - ? -   (File not found | COM-object registry key not found)
{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} "iTunes" - "Apple Computer, Inc." - C:\Program Files\iTunes\iTunesMiniPlayer.dll
{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office10\msohev.dll
{00020d75-0000-0000-c000-000000000046} "Microsoft Outlook" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office10\MLSHEXT.DLL
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "OpenOffice.org Column Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{087B3AE3-E237-4467-B8DB-5A38AB959AC9} "OpenOffice.org Infotip Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{63542C48-9552-494A-84F7-73AA6A7C99C1} "OpenOffice.org Property Sheet Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{3B092F0C-7696-40E3-A80F-68D74DA84210} "OpenOffice.org Thumbnail Viewer" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{0006F045-0000-0000-C000-000000000046} "Outlook-Dateisymbolerweiterung" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office10\OLKFSTUB.DLL
{C8494E42-ACDD-4739-B0FB-217361E4894F} "Sam Account Folder" - ? -   (File not found | COM-object registry key not found)
{E29F9716-5C08-4FCD-955A-119FDB5A522D} "Sam Account Folder" - ? -   (File not found | COM-object registry key not found)
{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\shlext.dll
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} "Webordner" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
{da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" - ? -   (File not found | COM-object registry key not found)
{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - ? - C:\Program Files\WinRAR 3.61 Multi\rarext.dll  (File found, but it contains no detailed information)
{E0D79304-84BE-11CE-9641-444553540000} "WinZip" - "WinZip Computing, S.L." - C:\Program Files\WinZip\wzshlstb.dll
{E0D79305-84BE-11CE-9641-444553540000} "WinZip" - "WinZip Computing, S.L." - C:\Program Files\WinZip\wzshlstb.dll
{E0D79306-84BE-11CE-9641-444553540000} "WinZip" - "WinZip Computing, S.L." - C:\Program Files\WinZip\wzshlstb.dll
{E0D79307-84BE-11CE-9641-444553540000} "WinZip" - "WinZip Computing, S.L." - C:\Program Files\WinZip\wzshlstb.dll

[Internet Explorer]
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
<binary data> "ITBar7Layout" - ? -   (File not found | COM-object registry key not found)
<binary data> "{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}" - ? -   (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_17" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} "Java Plug-in 1.6.0_17" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_17" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_17.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
"ICQ7.1" - "ICQ, LLC." - C:\Program Files\ICQ7.1\ICQ.exe
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )-----
{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} "NCO Toolbar 2.0" - ? -   (File not found | COM-object registry key not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} "Adobe PDF Reader Link Helper" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll
{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} "{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}" - ? -   (File not found | COM-object registry key not found)

[Logon]
-----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\Users\Katrin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----
"AutoStartNPSAgent" - "Samsung Electronics Co., Ltd." - C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe
"Greenshot" - ? - C:\Program Files\Greenshot\Greenshot.exe
"ICQ" - "ICQ, LLC." - "C:\Program Files\ICQ7.1\ICQ.exe" silent loginmode=4
"Skype" - "Skype Technologies S.A." - "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
"SUPERAntiSpyware" - "SUPERAntiSpyware.com" - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
-----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )-----
"StartupPrograms" - ? - rdpclip  (File not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"Adobe ARM" - "Adobe Systems Incorporated" - "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"Adobe Reader Speed Launcher" - "Adobe Systems Incorporated" - "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"avgnt" - "Avira GmbH" - "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
"iTunesHelper" - "Apple Computer, Inc." - "C:\Program Files\iTunes\iTunesHelper.exe"
"lxczbmgr.exe" - "Lexmark International, Inc." - "C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe"
"MGSysCtrl" - "Mirco-Star International  CO., LTD." - C:\Program Files\System Control Manager\MGSysCtrl.exe
"QuickTime Task" - "Apple Computer, Inc." - "C:\Program Files\QuickTime\qttask.exe" -atboottime
"SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Program Files\Java\jre6\bin\jusched.exe"

[Print Monitors]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----
"PDFCreator" - ? - C:\Windows\system32\pdfcmnnt.dll  (File found, but it contains no detailed information)
"Send To Microsoft OneNote Monitor" - "Microsoft Corporation" - C:\Windows\system32\msonpmon.dll
"Toshiba Bluetooth Monitor" - "TOSHIBA CORPORATION." - C:\Windows\system32\tbtmon.dll

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"@C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100" (WPFFontCache_v0400) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
"Avira AntiVir Guard" (AntiVirService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
"Avira AntiVir Planer" (AntiVirSchedulerService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\sched.exe
"FsUsbExService" (FsUsbExService) - "Teruten" - C:\Windows\system32\FsUsbExService.Exe
"InstallDriver Table Manager" (IDriverT) - "Macrovision Corporation" - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
"iPodService" (iPodService) - "Apple Computer, Inc." - C:\Program Files\iPod\bin\iPodService.exe
"Micro Star SCM" (Micro Star SCM) - ? - C:\Program Files\System Control Manager\MSIService.exe  (File found, but it contains no detailed information)
"Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
"TOSHIBA Bluetooth Service" (TOSHIBA Bluetooth Service) - "TOSHIBA CORPORATION" - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe

===[ Logfile end ]=========================================[ Logfile end ]===

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru

und hier der von mbrcheck

Code:

ATTFilter

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:			
Windows Version:		Windows Vista Home Premium Edition
Windows Information:		Service Pack 1 (build 6001), 32-bit
Base Board Manufacturer:	MSI
BIOS Manufacturer:		American Megatrends Inc.
System Manufacturer:		Micro-Star International
System Product Name:		MSI NOTEBOOK VR630
Logical Drives Mask:		0x0000001c

Kernel Drivers (total 146):
  0x8203B000 \SystemRoot\system32\ntkrnlpa.exe
  0x82008000 \SystemRoot\system32\hal.dll
  0x80401000 \SystemRoot\system32\kdcom.dll
  0x80409000 \SystemRoot\system32\PSHED.dll
  0x8041A000 \SystemRoot\system32\BOOTVID.dll
  0x80422000 \SystemRoot\system32\CLFS.SYS
  0x80463000 \SystemRoot\system32\CI.dll
  0x80543000 \SystemRoot\system32\drivers\Wdf01000.sys
  0x805BF000 \SystemRoot\system32\drivers\WDFLDR.SYS
  0x80609000 \SystemRoot\system32\drivers\acpi.sys
  0x8064F000 \SystemRoot\system32\drivers\WMILIB.SYS
  0x80658000 \SystemRoot\system32\drivers\msisadrv.sys
  0x80660000 \SystemRoot\system32\drivers\pci.sys
  0x80687000 \SystemRoot\System32\drivers\partmgr.sys
  0x80696000 \SystemRoot\system32\DRIVERS\compbatt.sys
  0x80699000 \SystemRoot\system32\DRIVERS\BATTC.SYS
  0x806A3000 \SystemRoot\system32\drivers\volmgr.sys
  0x806B2000 \SystemRoot\System32\drivers\volmgrx.sys
  0x806FC000 \SystemRoot\System32\drivers\mountmgr.sys
  0x8070C000 \SystemRoot\system32\drivers\atapi.sys
  0x80714000 \SystemRoot\system32\drivers\ataport.SYS
  0x80732000 \SystemRoot\system32\DRIVERS\nvstor32.sys
  0x80757000 \SystemRoot\system32\DRIVERS\storport.sys
  0x80798000 \SystemRoot\system32\drivers\fltmgr.sys
  0x807CA000 \SystemRoot\system32\drivers\fileinfo.sys
  0x82606000 \SystemRoot\System32\Drivers\ksecdd.sys
  0x82677000 \SystemRoot\system32\drivers\ndis.sys
  0x82782000 \SystemRoot\system32\drivers\msrpc.sys
  0x827AD000 \SystemRoot\system32\drivers\NETIO.SYS
  0x87200000 \SystemRoot\System32\drivers\tcpip.sys
  0x872E9000 \SystemRoot\System32\drivers\fwpkclnt.sys
  0x87408000 \SystemRoot\System32\Drivers\Ntfs.sys
  0x87517000 \SystemRoot\system32\drivers\wd.sys
  0x8751F000 \SystemRoot\system32\drivers\volsnap.sys
  0x87558000 \SystemRoot\System32\Drivers\spldr.sys
  0x87560000 \SystemRoot\System32\Drivers\mup.sys
  0x8756F000 \SystemRoot\System32\drivers\ecache.sys
  0x87596000 \SystemRoot\system32\drivers\disk.sys
  0x875A7000 \SystemRoot\system32\drivers\CLASSPNP.SYS
  0x875C8000 \SystemRoot\system32\drivers\crcdisk.sys
  0x875E8000 \SystemRoot\system32\DRIVERS\tunnel.sys
  0x875F3000 \SystemRoot\system32\DRIVERS\tunmp.sys
  0x87329000 \SystemRoot\system32\DRIVERS\processr.sys
  0x87338000 \SystemRoot\system32\DRIVERS\i8042prt.sys
  0x8734B000 \SystemRoot\system32\DRIVERS\kbdclass.sys
  0x87356000 \SystemRoot\system32\DRIVERS\mouclass.sys
  0x875FC000 \SystemRoot\system32\DRIVERS\CmBatt.sys
  0x87361000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
  0x87400000 \SystemRoot\system32\DRIVERS\nvsmu.sys
  0x8736A000 \SystemRoot\system32\DRIVERS\usbohci.sys
  0x87374000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
  0x873B2000 \SystemRoot\system32\DRIVERS\usbehci.sys
  0x873C1000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
  0x873D3000 \SystemRoot\system32\DRIVERS\cdrom.sys
  0x873EB000 \SystemRoot\System32\Drivers\GEARAspiWDM.sys
  0x8AE0C000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
  0x8B53F000 \SystemRoot\System32\drivers\dxgkrnl.sys
  0x8B5DE000 \SystemRoot\System32\drivers\watchdog.sys
  0x8B607000 \SystemRoot\system32\DRIVERS\athr.sys
  0x8B72A000 \SystemRoot\system32\DRIVERS\ohci1394.sys
  0x8B73A000 \SystemRoot\system32\DRIVERS\1394BUS.SYS
  0x8B748000 \SystemRoot\system32\DRIVERS\jmcr.sys
  0x8B760000 \SystemRoot\system32\DRIVERS\SCSIPORT.SYS
  0x8B786000 \SystemRoot\system32\DRIVERS\Rtlh86.sys
  0x8B7A8000 \SystemRoot\System32\Drivers\tosrfcom.sys
  0x8B7B8000 \SystemRoot\system32\DRIVERS\msiscsi.sys
  0x8B7E6000 \SystemRoot\system32\DRIVERS\TDI.SYS
  0x8B7F1000 \SystemRoot\system32\DRIVERS\RLVrtAuCbl.sys
  0x805CC000 \SystemRoot\system32\DRIVERS\portcls.sys
  0x807DA000 \SystemRoot\system32\DRIVERS\drmk.sys
  0x8BA07000 \SystemRoot\system32\DRIVERS\ks.sys
  0x8BA31000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
  0x8BA48000 \SystemRoot\system32\DRIVERS\ndistapi.sys
  0x8BA53000 \SystemRoot\system32\DRIVERS\ndiswan.sys
  0x8BA76000 \SystemRoot\system32\DRIVERS\raspppoe.sys
  0x8BA85000 \SystemRoot\system32\DRIVERS\raspptp.sys
  0x8BA99000 \SystemRoot\system32\DRIVERS\rassstp.sys
  0x8BAAE000 \SystemRoot\system32\DRIVERS\termdd.sys
  0x8BABE000 \SystemRoot\system32\DRIVERS\swenum.sys
  0x8BAC0000 \SystemRoot\system32\DRIVERS\circlass.sys
  0x8BACE000 \SystemRoot\system32\DRIVERS\mssmbios.sys
  0x8BAD8000 \SystemRoot\system32\DRIVERS\umbus.sys
  0x8BAE5000 \SystemRoot\system32\DRIVERS\usbhub.sys
  0x8BB19000 \SystemRoot\system32\DRIVERS\tosporte.sys
  0x8BB24000 \SystemRoot\System32\Drivers\NDProxy.SYS
  0x8C00C000 \SystemRoot\system32\drivers\RTKVHDA.sys
  0x8C21B000 \SystemRoot\system32\DRIVERS\smserial.sys
  0x8C312000 \SystemRoot\system32\drivers\modem.sys
  0x8C31F000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
  0x8C328000 \SystemRoot\System32\Drivers\Null.SYS
  0x8C32F000 \SystemRoot\System32\Drivers\Beep.SYS
  0x8C33F000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
  0x8C346000 \SystemRoot\System32\drivers\vga.sys
  0x8C352000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
  0x8C373000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
  0x8C37B000 \SystemRoot\system32\drivers\rdpencdd.sys
  0x8C383000 \SystemRoot\System32\Drivers\Msfs.SYS
  0x8C38E000 \SystemRoot\System32\Drivers\Npfs.SYS
  0x8C39C000 \SystemRoot\System32\DRIVERS\rasacd.sys
  0x8C3A5000 \SystemRoot\system32\DRIVERS\tdx.sys
  0x8C3BB000 \SystemRoot\system32\DRIVERS\smb.sys
  0x8BB35000 \SystemRoot\system32\drivers\afd.sys
  0x8BB7D000 \SystemRoot\System32\DRIVERS\netbt.sys
  0x8C3CF000 \SystemRoot\system32\DRIVERS\pacer.sys
  0x8C3E5000 \SystemRoot\system32\DRIVERS\netbios.sys
  0x8BBAF000 \SystemRoot\system32\DRIVERS\wanarp.sys
  0x8C000000 \SystemRoot\system32\DRIVERS\ssmdrv.sys
  0x8BBD2000 \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
  0x8C006000 \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
  0x8C405000 \SystemRoot\system32\DRIVERS\rdbss.sys
  0x8C441000 \SystemRoot\system32\drivers\nsiproxy.sys
  0x8C44B000 \SystemRoot\System32\Drivers\dfsc.sys
  0x8C462000 \SystemRoot\system32\DRIVERS\avipbb.sys
  0x8C47E000 \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys
  0x8C480000 \SystemRoot\System32\Drivers\crashdmp.sys
  0x8C48D000 \SystemRoot\System32\Drivers\dump_diskdump.sys
  0x8C497000 \SystemRoot\System32\Drivers\dump_nvstor32.sys
  0x944B0000 \SystemRoot\System32\win32k.sys
  0x8C4BC000 \SystemRoot\System32\drivers\Dxapi.sys
  0x8C4C6000 \SystemRoot\system32\DRIVERS\monitor.sys
  0x946D0000 \SystemRoot\System32\TSDDD.dll
  0x8C4D5000 \SystemRoot\system32\drivers\luafv.sys
  0x8C4F0000 \SystemRoot\system32\DRIVERS\avgntflt.sys
  0x946F0000 \SystemRoot\System32\cdd.dll
  0x8C504000 \SystemRoot\system32\drivers\spsys.sys
  0x8C5B3000 \SystemRoot\system32\DRIVERS\lltdio.sys
  0x8C5C3000 \SystemRoot\system32\DRIVERS\nwifi.sys
  0x8C5ED000 \SystemRoot\system32\DRIVERS\ndisuio.sys
  0x8B5EB000 \SystemRoot\system32\DRIVERS\rspndr.sys
  0x9E00C000 \SystemRoot\system32\drivers\HTTP.sys
  0x9E079000 \SystemRoot\System32\DRIVERS\srvnet.sys
  0x9E096000 \SystemRoot\system32\DRIVERS\bowser.sys
  0x9E0AF000 \SystemRoot\System32\drivers\mpsdrv.sys
  0x9E0C4000 \SystemRoot\system32\drivers\mrxdav.sys
  0x9E0E4000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
  0x9E103000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
  0x9E13C000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
  0x9E154000 \SystemRoot\System32\DRIVERS\srv2.sys
  0x9E17C000 \SystemRoot\System32\DRIVERS\srv.sys
  0x9F20A000 \SystemRoot\system32\drivers\peauth.sys
  0x9F2E8000 \SystemRoot\System32\Drivers\secdrv.SYS
  0x9F2F2000 \SystemRoot\System32\drivers\tcpipreg.sys
  0x9F2FE000 \SystemRoot\system32\DRIVERS\ipnat.sys
  0x9F324000 \??\C:\Windows\system32\FsUsbExDisk.SYS
  0x9F32D000 \SystemRoot\system32\DRIVERS\cdfs.sys
  0x76DE0000 \Windows\System32\ntdll.dll

Processes (total 69):
       0 System Idle Process
       4 SYSTEM
     436 C:\Windows\System32\smss.exe
     568 csrss.exe
     620 C:\Windows\System32\wininit.exe
     632 csrss.exe
     664 C:\Windows\System32\services.exe
     680 C:\Windows\System32\lsass.exe
     688 C:\Windows\System32\lsm.exe
     832 C:\Windows\System32\svchost.exe
     896 C:\Windows\System32\nvvsvc.exe
     924 C:\Windows\System32\svchost.exe
     960 C:\Windows\System32\svchost.exe
    1008 C:\Windows\System32\svchost.exe
    1048 C:\Windows\System32\svchost.exe
    1068 C:\Windows\System32\svchost.exe
    1136 C:\Windows\System32\audiodg.exe
    1164 C:\Windows\System32\SLsvc.exe
    1212 C:\Windows\System32\svchost.exe
    1312 C:\Windows\System32\winlogon.exe
    1380 C:\Windows\System32\svchost.exe
    1592 C:\Windows\System32\rundll32.exe
    1688 C:\Windows\System32\spoolsv.exe
    1716 C:\Program Files\Avira\AntiVir Desktop\sched.exe
    1784 C:\Windows\System32\svchost.exe
     524 C:\Program Files\Avira\AntiVir Desktop\avguard.exe
     712 C:\Windows\System32\FsUsbExService.Exe
     612 C:\Windows\System32\lxczcoms.exe
    1492 C:\Program Files\System Control Manager\MSIService.exe
    2064 C:\Windows\System32\svchost.exe
    2096 C:\Windows\System32\svchost.exe
    2148 C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
    2204 C:\Windows\System32\svchost.exe
    2248 C:\Windows\System32\SearchIndexer.exe
    2644 C:\Windows\System32\dwm.exe
    2652 C:\Windows\System32\taskeng.exe
    2712 C:\Windows\explorer.exe
    2820 C:\Windows\System32\rundll32.exe
    2828 C:\Windows\System32\taskeng.exe
    2860 C:\Windows\RtHDVCpl.exe
    2992 C:\Program Files\System Control Manager\MGSysCtrl.exe
    3020 C:\Program Files\QuickTime\qttask.exe
    3060 C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
    3068 C:\Program Files\iTunes\iTunesHelper.exe
    3076 C:\Program Files\Java\jre6\bin\jusched.exe
    3108 C:\Program Files\Lexmark 1200 Series\LXCZbmgr.exe
    3116 C:\Program Files\Windows Sidebar\sidebar.exe
    3124 C:\Windows\ehome\ehtray.exe
    3132 C:\Program Files\Windows Media Player\wmpnscfg.exe
    3144 C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe
    3152 C:\Program Files\Greenshot\Greenshot.exe
    3176 C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
    3284 C:\Program Files\Lexmark 1200 Series\LXCZbmon.exe
    3476 C:\Windows\ehome\ehmsas.exe
    3644 C:\Windows\System32\wbem\unsecapp.exe
    3760 C:\Windows\System32\alg.exe
    3836 C:\Program Files\iPod\bin\iPodService.exe
    3908 WmiPrvSE.exe
    3964 C:\Program Files\Windows Media Player\wmpnetwk.exe
     156 C:\Program Files\Mozilla Firefox\firefox.exe
     172 C:\Windows\System32\wuauclt.exe
    4092 C:\Users\Katrin\Desktop\osam.exe
    2792 C:\Windows\System32\SearchProtocolHost.exe
    1744 C:\Windows\System32\SearchFilterHost.exe
    2324 C:\Program Files\JGsoft\EditPadLite\EditPadLite.exe
     800 dllhost.exe
    4012 dllhost.exe
    2936 C:\Users\Katrin\Desktop\MBRCheck.exe
    1640 C:\Windows\System32\conime.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000001`f4100000  (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x0000000c`f0900000  (NTFS)

PhysicalDrive0 Model Number: WDC WD1600BEVT-00ZCT, Rev: 11.0

      Size  Device Name          MBR Status
  --------------------------------------------
    149 GB  \\.\PhysicalDrive0   MBR Code Faked!
            SHA1: 91E25181E49FE5A76BC410CE496DE282FF911EDA


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit: 

Done!

Hier habe ich zum Schluss N eingegegeben...

cosinus · 12.02.2011, 13:16

Zitat:

149 GB \\.\PhysicalDrive0 MBR Code Faked!
SHA1: 91E25181E49FE5A76BC410CE496DE282FF911EDA

Hast Du noch andere Betriebssysteme außer Vista installiert?

Wenn nicht: Schau mal hier => Vista Notfall/Recovery-CD 32-Bit - Dr. Windows

Lad das iso runter, brenn es zB mit ImgBurn per Imagebrennfunktion auf eine CD und starte damit den Rechner (von dieser CD booten).

Falls Du eine normale Vista-Installations-DVD hast, brauchst Du das o.g. Image nicht sondern kannst einfach von der Vista-DVD booten.

Klick auf Computerreparaturoptionen, weiter, Eingabeaufforderung - die Konsole öffnet sich. Da bitte bootrec.exe /fixboot eintippen (mit enter bestätigen), dann bootrec.exe /fixmbr eintippen (mit enter bestätigen) - Rechner neustarten, CD vorher rausnehmen.

Katti169 · 12.02.2011, 14:19

Nein ich habe nur Vista installiert sonst nichts.
Habe in der Vergangenheit auch in der Vergangenheit kein zusätzliches installiert...

Habe die Reperatur wie von dir beschrieben durchgeführt.

cosinus · 12.02.2011, 15:27

Ok - dann bitte ein neues Log mit MBRCHECK erstellen und posten.

Katti169 · 13.02.2011, 19:58

Ok danke - hier der Log. Leider sagt er immernoch "MBR Code faked"....

Code:

ATTFilter

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:			
Windows Version:		Windows Vista Home Premium Edition
Windows Information:		Service Pack 1 (build 6001), 32-bit
Base Board Manufacturer:	MSI
BIOS Manufacturer:		American Megatrends Inc.
System Manufacturer:		Micro-Star International
System Product Name:		MSI NOTEBOOK VR630
Logical Drives Mask:		0x0000001c

Kernel Drivers (total 150):
  0x82041000 \SystemRoot\system32\ntkrnlpa.exe
  0x8200E000 \SystemRoot\system32\hal.dll
  0x80407000 \SystemRoot\system32\kdcom.dll
  0x8040F000 \SystemRoot\system32\PSHED.dll
  0x80420000 \SystemRoot\system32\BOOTVID.dll
  0x80428000 \SystemRoot\system32\CLFS.SYS
  0x80469000 \SystemRoot\system32\CI.dll
  0x80549000 \SystemRoot\system32\drivers\Wdf01000.sys
  0x805C5000 \SystemRoot\system32\drivers\WDFLDR.SYS
  0x8060E000 \SystemRoot\system32\drivers\acpi.sys
  0x80654000 \SystemRoot\system32\drivers\WMILIB.SYS
  0x8065D000 \SystemRoot\system32\drivers\msisadrv.sys
  0x80665000 \SystemRoot\system32\drivers\pci.sys
  0x8068C000 \SystemRoot\System32\drivers\partmgr.sys
  0x8069B000 \SystemRoot\system32\DRIVERS\compbatt.sys
  0x8069E000 \SystemRoot\system32\DRIVERS\BATTC.SYS
  0x806A8000 \SystemRoot\system32\drivers\volmgr.sys
  0x806B7000 \SystemRoot\System32\drivers\volmgrx.sys
  0x80701000 \SystemRoot\System32\drivers\mountmgr.sys
  0x80711000 \SystemRoot\system32\drivers\atapi.sys
  0x80719000 \SystemRoot\system32\drivers\ataport.SYS
  0x80737000 \SystemRoot\system32\DRIVERS\nvstor32.sys
  0x8075C000 \SystemRoot\system32\DRIVERS\storport.sys
  0x8079D000 \SystemRoot\system32\drivers\fltmgr.sys
  0x807CF000 \SystemRoot\system32\drivers\fileinfo.sys
  0x82602000 \SystemRoot\System32\Drivers\ksecdd.sys
  0x82673000 \SystemRoot\system32\drivers\ndis.sys
  0x8277E000 \SystemRoot\system32\drivers\msrpc.sys
  0x827A9000 \SystemRoot\system32\drivers\NETIO.SYS
  0x8720F000 \SystemRoot\System32\drivers\tcpip.sys
  0x872F8000 \SystemRoot\System32\drivers\fwpkclnt.sys
  0x8740A000 \SystemRoot\System32\Drivers\Ntfs.sys
  0x87519000 \SystemRoot\system32\drivers\wd.sys
  0x87521000 \SystemRoot\system32\drivers\volsnap.sys
  0x8755A000 \SystemRoot\System32\Drivers\spldr.sys
  0x87562000 \SystemRoot\System32\Drivers\mup.sys
  0x87571000 \SystemRoot\System32\drivers\ecache.sys
  0x87598000 \SystemRoot\system32\drivers\disk.sys
  0x875A9000 \SystemRoot\system32\drivers\CLASSPNP.SYS
  0x875CA000 \SystemRoot\system32\drivers\crcdisk.sys
  0x875EA000 \SystemRoot\system32\DRIVERS\tunnel.sys
  0x875F5000 \SystemRoot\system32\DRIVERS\tunmp.sys
  0x87338000 \SystemRoot\system32\DRIVERS\processr.sys
  0x87347000 \SystemRoot\system32\DRIVERS\i8042prt.sys
  0x8735A000 \SystemRoot\system32\DRIVERS\kbdclass.sys
  0x87365000 \SystemRoot\system32\DRIVERS\mouclass.sys
  0x87400000 \SystemRoot\system32\DRIVERS\CmBatt.sys
  0x87370000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
  0x87379000 \SystemRoot\system32\DRIVERS\nvsmu.sys
  0x87381000 \SystemRoot\system32\DRIVERS\usbohci.sys
  0x8738B000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
  0x873C9000 \SystemRoot\system32\DRIVERS\usbehci.sys
  0x873D8000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
  0x827E3000 \SystemRoot\system32\DRIVERS\cdrom.sys
  0x873EA000 \SystemRoot\System32\Drivers\GEARAspiWDM.sys
  0x8AA0E000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
  0x8B141000 \SystemRoot\System32\drivers\dxgkrnl.sys
  0x8B1E0000 \SystemRoot\System32\drivers\watchdog.sys
  0x8B406000 \SystemRoot\system32\DRIVERS\athr.sys
  0x8B529000 \SystemRoot\system32\DRIVERS\ohci1394.sys
  0x8B539000 \SystemRoot\system32\DRIVERS\1394BUS.SYS
  0x8B547000 \SystemRoot\system32\DRIVERS\jmcr.sys
  0x8B55F000 \SystemRoot\system32\DRIVERS\SCSIPORT.SYS
  0x8B585000 \SystemRoot\system32\DRIVERS\Rtlh86.sys
  0x8B5A7000 \SystemRoot\System32\Drivers\tosrfcom.sys
  0x8B5B7000 \SystemRoot\system32\DRIVERS\msiscsi.sys
  0x8B5E5000 \SystemRoot\system32\DRIVERS\TDI.SYS
  0x8B5F0000 \SystemRoot\system32\DRIVERS\RLVrtAuCbl.sys
  0x805D2000 \SystemRoot\system32\DRIVERS\portcls.sys
  0x8B800000 \SystemRoot\system32\DRIVERS\drmk.sys
  0x8B825000 \SystemRoot\system32\DRIVERS\ks.sys
  0x8B84F000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
  0x8B866000 \SystemRoot\system32\DRIVERS\ndistapi.sys
  0x8B871000 \SystemRoot\system32\DRIVERS\ndiswan.sys
  0x8B894000 \SystemRoot\system32\DRIVERS\raspppoe.sys
  0x8B8A3000 \SystemRoot\system32\DRIVERS\raspptp.sys
  0x8B8B7000 \SystemRoot\system32\DRIVERS\rassstp.sys
  0x8B8CC000 \SystemRoot\system32\DRIVERS\termdd.sys
  0x8B8DC000 \SystemRoot\system32\DRIVERS\swenum.sys
  0x8B8DE000 \SystemRoot\system32\DRIVERS\circlass.sys
  0x8B8EC000 \SystemRoot\system32\DRIVERS\mssmbios.sys
  0x8B8F6000 \SystemRoot\system32\DRIVERS\umbus.sys
  0x8B903000 \SystemRoot\system32\DRIVERS\usbhub.sys
  0x8B937000 \SystemRoot\system32\DRIVERS\tosporte.sys
  0x8B942000 \SystemRoot\System32\Drivers\NDProxy.SYS
  0x8BC0C000 \SystemRoot\system32\drivers\RTKVHDA.sys
  0x8BE1B000 \SystemRoot\system32\DRIVERS\smserial.sys
  0x8BF12000 \SystemRoot\system32\drivers\modem.sys
  0x8BF1F000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
  0x8BF28000 \SystemRoot\System32\Drivers\Null.SYS
  0x8BF2F000 \SystemRoot\System32\Drivers\Beep.SYS
  0x8BF3F000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
  0x8BF46000 \SystemRoot\System32\drivers\vga.sys
  0x8BF52000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
  0x8BF73000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
  0x8BF7B000 \SystemRoot\system32\drivers\rdpencdd.sys
  0x8BF83000 \SystemRoot\System32\Drivers\Msfs.SYS
  0x8BF8E000 \SystemRoot\System32\Drivers\Npfs.SYS
  0x8BF9C000 \SystemRoot\System32\DRIVERS\rasacd.sys
  0x8BFA5000 \SystemRoot\system32\DRIVERS\tdx.sys
  0x8BFBB000 \SystemRoot\system32\DRIVERS\smb.sys
  0x8B953000 \SystemRoot\system32\drivers\afd.sys
  0x8BFCF000 \SystemRoot\system32\DRIVERS\hidusb.sys
  0x8BFD8000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
  0x8BFE8000 \SystemRoot\system32\DRIVERS\USBD.SYS
  0x8B99B000 \SystemRoot\System32\DRIVERS\netbt.sys
  0x8BFEA000 \SystemRoot\system32\DRIVERS\mouhid.sys
  0x8B9CD000 \SystemRoot\system32\DRIVERS\pacer.sys
  0x8BFF2000 \SystemRoot\system32\DRIVERS\netbios.sys
  0x8B9E3000 \SystemRoot\system32\DRIVERS\wanarp.sys
  0x8BC00000 \SystemRoot\system32\DRIVERS\ssmdrv.sys
  0x8C20B000 \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
  0x8C22D000 \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
  0x8C233000 \SystemRoot\system32\DRIVERS\rdbss.sys
  0x8C26F000 \SystemRoot\system32\drivers\nsiproxy.sys
  0x8C279000 \SystemRoot\System32\Drivers\dfsc.sys
  0x8C290000 \SystemRoot\system32\DRIVERS\avipbb.sys
  0x8C2AC000 \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys
  0x8C2AE000 \SystemRoot\System32\Drivers\crashdmp.sys
  0x8C2BB000 \SystemRoot\System32\Drivers\dump_diskdump.sys
  0x8C2C5000 \SystemRoot\System32\Drivers\dump_nvstor32.sys
  0x94030000 \SystemRoot\System32\win32k.sys
  0x8C2EA000 \SystemRoot\System32\drivers\Dxapi.sys
  0x8C2F4000 \SystemRoot\system32\DRIVERS\monitor.sys
  0x94250000 \SystemRoot\System32\TSDDD.dll
  0x8C303000 \SystemRoot\system32\drivers\luafv.sys
  0x8C31E000 \SystemRoot\system32\DRIVERS\avgntflt.sys
  0x94270000 \SystemRoot\System32\cdd.dll
  0x8C332000 \SystemRoot\system32\drivers\spsys.sys
  0x8C3E1000 \SystemRoot\system32\DRIVERS\lltdio.sys
  0x9D605000 \SystemRoot\system32\DRIVERS\nwifi.sys
  0x9D62F000 \SystemRoot\system32\DRIVERS\ndisuio.sys
  0x9D639000 \SystemRoot\system32\DRIVERS\rspndr.sys
  0x9D64C000 \SystemRoot\system32\drivers\HTTP.sys
  0x9D6B9000 \SystemRoot\System32\DRIVERS\srvnet.sys
  0x9D6D6000 \SystemRoot\system32\DRIVERS\bowser.sys
  0x9D6EF000 \SystemRoot\System32\drivers\mpsdrv.sys
  0x9D704000 \SystemRoot\system32\drivers\mrxdav.sys
  0x9D724000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
  0x9D743000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
  0x9D77C000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
  0x9D794000 \SystemRoot\System32\DRIVERS\srv2.sys
  0x9E80B000 \SystemRoot\System32\DRIVERS\srv.sys
  0x9E859000 \SystemRoot\system32\drivers\peauth.sys
  0x9E937000 \SystemRoot\System32\Drivers\secdrv.SYS
  0x9E941000 \SystemRoot\System32\drivers\tcpipreg.sys
  0x9E94D000 \SystemRoot\system32\DRIVERS\ipnat.sys
  0x9E973000 \??\C:\Windows\system32\FsUsbExDisk.SYS
  0x9E97C000 \SystemRoot\system32\DRIVERS\cdfs.sys
  0x77A80000 \Windows\System32\ntdll.dll

Processes (total 73):
       0 System Idle Process
       4 SYSTEM
     416 C:\Windows\System32\smss.exe
     484 csrss.exe
     536 C:\Windows\System32\wininit.exe
     544 csrss.exe
     580 C:\Windows\System32\services.exe
     596 C:\Windows\System32\lsass.exe
     604 C:\Windows\System32\lsm.exe
     752 C:\Windows\System32\svchost.exe
     816 C:\Windows\System32\nvvsvc.exe
     840 C:\Windows\System32\svchost.exe
     880 C:\Windows\System32\svchost.exe
     928 C:\Windows\System32\svchost.exe
     960 C:\Windows\System32\svchost.exe
     992 C:\Windows\System32\svchost.exe
    1052 C:\Windows\System32\audiodg.exe
    1092 C:\Windows\System32\SLsvc.exe
    1136 C:\Windows\System32\svchost.exe
    1228 C:\Windows\System32\winlogon.exe
    1296 C:\Windows\System32\svchost.exe
    1496 C:\Windows\System32\rundll32.exe
    1688 C:\Windows\System32\spoolsv.exe
    1736 C:\Program Files\Avira\AntiVir Desktop\sched.exe
    1756 C:\Windows\System32\svchost.exe
     260 C:\Program Files\Avira\AntiVir Desktop\avguard.exe
     432 C:\Windows\System32\FsUsbExService.Exe
     828 C:\Windows\System32\lxczcoms.exe
    1128 C:\Program Files\System Control Manager\MSIService.exe
    1536 C:\Windows\System32\svchost.exe
    1616 C:\Windows\System32\svchost.exe
    1956 C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
    1084 C:\Windows\System32\svchost.exe
    2052 C:\Windows\System32\SearchIndexer.exe
    2648 C:\Windows\System32\taskeng.exe
    2684 C:\Windows\System32\dwm.exe
    2784 C:\Windows\explorer.exe
    2828 C:\Windows\System32\alg.exe
    2956 C:\Windows\System32\taskeng.exe
    3096 C:\Windows\System32\rundll32.exe
    3152 C:\Windows\RtHDVCpl.exe
    3240 C:\Program Files\System Control Manager\MGSysCtrl.exe
    3296 C:\Program Files\QuickTime\qttask.exe
    3316 C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
    3340 C:\Program Files\iTunes\iTunesHelper.exe
    3352 C:\Program Files\Java\jre6\bin\jusched.exe
    3360 C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
    3400 C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    3408 C:\Program Files\iPod\bin\iPodService.exe
    3416 C:\Program Files\Lexmark 1200 Series\LXCZbmgr.exe
    3432 C:\Program Files\Windows Sidebar\sidebar.exe
    3472 C:\Windows\ehome\ehtray.exe
    3484 C:\Program Files\Windows Media Player\wmpnscfg.exe
    3528 C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe
    3544 C:\Program Files\Greenshot\Greenshot.exe
    3552 C:\Program Files\Lexmark 1200 Series\LXCZbmon.exe
    3624 C:\Program Files\Windows Media Player\wmpnetwk.exe
    3740 C:\Windows\ehome\ehmsas.exe
    3820 C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
    3840 C:\Windows\System32\wbem\unsecapp.exe
    3940 WmiPrvSE.exe
    2996 C:\Program Files\Mozilla Firefox\firefox.exe
    2204 C:\Windows\System32\SearchProtocolHost.exe
    1436 C:\Windows\System32\SearchFilterHost.exe
    3000 C:\Windows\System32\conime.exe
    1188 WmiPrvSE.exe
    3604 C:\Windows\servicing\TrustedInstaller.exe
     188 C:\Windows\System32\wuauclt.exe
    3048 C:\Program Files\JGsoft\EditPadLite\EditPadLite.exe
     748 C:\Windows\System32\wbem\WMIADAP.exe
    1948 dllhost.exe
    3688 dllhost.exe
    2424 C:\Users\Katrin\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000001`f4100000  (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x0000000c`f0900000  (NTFS)

PhysicalDrive0 Model Number: WDC WD1600BEVT-00ZCT, Rev: 11.0

      Size  Device Name          MBR Status
  --------------------------------------------
    149 GB  \\.\PhysicalDrive0   MBR Code Faked!
            SHA1: 91E25181E49FE5A76BC410CE496DE282FF911EDA


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit: 

Done!

cosinus · 13.02.2011, 20:58

Sicher, dass es ein neues Log ist? Du hast MBRCheck neu ausgeführt?
Die Befehle korrekt ausgeführt vorher in der Konsole?

Katti169 · 13.02.2011, 21:01

Ja das ist ein neues Log, habe das heute abend zwei mal gemacht....

Ich bin mir eigentlich auch sicher, das ich in der Console alles richtig eingegeben habe:

zuerst bootrec.exe /fixboot und danach bootrec.exe /fixmbr

Macht es Sinn, das noch mal durchzuführen?

12.02.2011, 15:27	#12
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Antivir hat den Trojaner TR/Shakat.o.566 gefunden Ok - dann bitte ein neues Log mit MBRCHECK erstellen und posten. __________________ Logfiles bitte immer in CODE-Tags posten

13.02.2011, 20:58	#14
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Antivir hat den Trojaner TR/Shakat.o.566 gefunden Sicher, dass es ein neues Log ist? Du hast MBRCheck neu ausgeführt? Die Befehle korrekt ausgeführt vorher in der Konsole? __________________ Logfiles bitte immer in CODE-Tags posten

Antivir hat den Trojaner TR/Shakat.o.566 gefunden

Plagegeister aller Art und deren Bekämpfung: Antivir hat den Trojaner TR/Shakat.o.566 gefunden