Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
TR/Kazy.mekml.1 - OTL Fix?

TR/Kazy.mekml.1 - OTL Fix?


Log-Analyse und Auswertung: TR/Kazy.mekml.1 - OTL Fix?

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

Antwort
Alt 28.04.2011, 22:42   #1
Rooki
 
TR/Kazy.mekml.1 - OTL Fix? - Standard

TR/Kazy.mekml.1 - OTL Fix?


Hallo Arne,

so geschafft. Hier die Logs:

1. GMER
GMER Logfile:
Code:
ATTFilter
GMER 1.0.15.15570 - hxxp://www.gmer.net
Rootkit scan 2011-04-28 23:03:00
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 WDC_WD32 rev.11.0
Running: tlgrbv1h.exe; Driver: C:\Users\Mandy\AppData\Local\Temp\fwdyipod.sys


---- Kernel code sections - GMER 1.0.15 ----

.text           C:\Windows\system32\DRIVERS\nvlddmkm.sys                                                             section is writeable [0x8EC09360, 0x35BB38, 0xE8000020]
                C:\Program Files\Acer Arcade Deluxe\Play Movie\000.fcl                                               entry point in "" section [0xA3BAC000]
.clc            C:\Program Files\Acer Arcade Deluxe\Play Movie\000.fcl                                               unknown last section [0xA3BAD000, 0x1000, 0x00000000]

---- User IAT/EAT - GMER 1.0.15 ----

IAT             C:\Windows\Explorer.EXE[3660] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown]                [73E07817] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[3660] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage]                 [73E5A86D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[3660] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI]             [73E0BB22] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[3660] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode]       [73DFF695] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[3660] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup]                 [73E075E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[3660] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC]              [73DFE7CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[3660] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM]  [73E38395] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[3660] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream]     [73E0DA60] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[3660] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight]             [73DFFFFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[3660] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth]              [73DFFF61] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[3660] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage]               [73DF71CF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[3660] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM]       [73E8CAE2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[3660] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile]          [73E2C8D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[3660] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics]             [73DFD968] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[3660] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree]                       [73DF6853] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[3660] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc]                      [73DF687E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[3660] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode]         [73E02AD1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice  \Driver\kbdclass \Device\KeyboardClass0                                                              Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice  \Driver\kbdclass \Device\KeyboardClass1                                                              Wdf01000.sys (WDF Dynamic/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg             HKLM\SYSTEM\CurrentControlSet\Services\BthPort\Parameters\Keys\001e4cd19665                          
Reg             HKLM\SYSTEM\CurrentControlSet\Services\BthPort\Parameters\Keys\001e4cd19665@f40b931ffb57             0xC2 0x52 0x8B 0xA2 ...
Reg             HKLM\SYSTEM\CurrentControlSet\Services\BthPort\Parameters\Keys\001e4cd19665@002345af7977             0x58 0x72 0x51 0xEE ...
Reg             HKLM\SYSTEM\ControlSet002\Services\BthPort\Parameters\Keys\001e4cd19665 (not active ControlSet)      
Reg             HKLM\SYSTEM\ControlSet002\Services\BthPort\Parameters\Keys\001e4cd19665@f40b931ffb57                 0xC2 0x52 0x8B 0xA2 ...
Reg             HKLM\SYSTEM\ControlSet002\Services\BthPort\Parameters\Keys\001e4cd19665@002345af7977                 0x58 0x72 0x51 0xEE ...

---- EOF - GMER 1.0.15 ----
--- --- ---

2. OSAM

OSAM Logfile:
Code:
ATTFilter
Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 23:18:21 on 28.04.2011

OS: Windows Vista Home Premium Edition Service Pack 2 (Build 6002), 32-bit
Default Browser: Microsoft Corporation Internet Explorer 8.00.6001.18702

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"ISUSPM.cpl" - "Macrovision Corporation" - C:\Windows\system32\ISUSPM.cpl
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"mlcfg32.cpl" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\MLCFG32.CPL
"Nero BurnRights" - "Nero AG" - C:\Program Files\Nero\Nero 7\Nero Toolkit\NeroBurnRights.cpl
"QuickTime" - "Apple Inc." - C:\Program Files\QuickTime\QTSystem\QuickTime.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"avgio" (avgio) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\avgio.sys
"avgntflt" (avgntflt) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avgntflt.sys
"avipbb" (avipbb) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avipbb.sys
"BlackBerry-Smartphone" (RimUsb) - ? - C:\Windows\System32\Drivers\RimUsb.sys  (File not found)
"catchme" (catchme) - ? - C:\Users\Mandy\AppData\Local\Temp\catchme.sys  (File not found)
"DgiVecp" (DgiVecp) - "Samsung Electronics Co., Ltd." - C:\Windows\system32\Drivers\DgiVecp.sys
"EMP_Mirr" (EMP_Mirr) - "Windows (R) 2000 DDK provider" - C:\Windows\System32\DRIVERS\EMP_Mirr.sys
"EPSON Network Presentation Driver Service" (EMP_MAP) - ? - C:\Windows\System32\DRIVERS\EMP_Map.sys  (File found, but it contains no detailed information)
"fwdyipod" (fwdyipod) - ? - C:\Users\Mandy\AppData\Local\Temp\fwdyipod.sys  (Hidden registry entry, rootkit activity | File not found)
"HSXHWAZL" (HSXHWAZL) - ? - C:\Windows\System32\DRIVERS\HSXHWAZL.sys  (File not found)
"int15" (int15) - "Acer, Inc." - C:\Acer\Empowering Technology\eRecovery\int15.sys
"IP in IP Tunnel Driver" (IpInIp) - ? - C:\Windows\System32\DRIVERS\ipinip.sys  (File not found)
"IPX Traffic Filter Driver" (NwlnkFlt) - ? - C:\Windows\System32\DRIVERS\nwlnkflt.sys  (File not found)
"IPX Traffic Forwarder Driver" (NwlnkFwd) - ? - C:\Windows\System32\DRIVERS\nwlnkfwd.sys  (File not found)
"mdmxsdk" (mdmxsdk) - ? - C:\Windows\System32\DRIVERS\mdmxsdk.sys  (File not found)
"PPdus ASPI Shell" (Afc) - "Arcsoft, Inc." - C:\Windows\System32\drivers\Afc.sys
"PxHelp20" (PxHelp20) - "Sonic Solutions" - C:\Windows\System32\Drivers\PxHelp20.sys
"Sony Ericsson Device 0016 driver (WDM)" (s0016bus) - "MCCI Corporation" - C:\Windows\System32\DRIVERS\s0016bus.sys
"Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS)" (s0016nd5) - "MCCI Corporation" - C:\Windows\System32\DRIVERS\s0016nd5.sys
"Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM)" (s0016unic) - "MCCI Corporation" - C:\Windows\System32\DRIVERS\s0016unic.sys
"Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM)" (s0016mgmt) - "MCCI Corporation" - C:\Windows\System32\DRIVERS\s0016mgmt.sys
"Sony Ericsson Device 0016 USB WMC Modem Driver" (s0016mdm) - "MCCI Corporation" - C:\Windows\System32\DRIVERS\s0016mdm.sys
"Sony Ericsson Device 0016 USB WMC Modem Filter" (s0016mdfl) - "MCCI Corporation" - C:\Windows\System32\DRIVERS\s0016mdfl.sys
"Sony Ericsson Device 0016 USB WMC OBEX Interface" (s0016obex) - "MCCI Corporation" - C:\Windows\System32\DRIVERS\s0016obex.sys
"Sony Ericsson Device 039 Driver driver (WDM)" (SE27bus) - "MCCI" - C:\Windows\System32\DRIVERS\SE27bus.sys
"Sony Ericsson Device 039 USB Ethernet Emulation SEMC39 (NDIS)" (se27nd5) - "MCCI" - C:\Windows\System32\DRIVERS\se27nd5.sys
"Sony Ericsson Device 039 USB Ethernet Emulation SEMC39 (WDM)" (se27unic) - "MCCI" - C:\Windows\System32\DRIVERS\se27unic.sys
"Sony Ericsson Device 039 USB WMC Device Management Drivers (WDM)" (SE27mgmt) - "MCCI" - C:\Windows\System32\DRIVERS\SE27mgmt.sys
"Sony Ericsson Device 039 USB WMC Modem Driver" (SE27mdm) - "MCCI" - C:\Windows\System32\DRIVERS\SE27mdm.sys
"Sony Ericsson Device 039 USB WMC Modem Filter" (SE27mdfl) - "MCCI" - C:\Windows\System32\DRIVERS\SE27mdfl.sys
"Sony Ericsson Device 039 USB WMC OBEX Interface" (SE27obex) - "MCCI" - C:\Windows\System32\DRIVERS\SE27obex.sys
"ssmdrv" (ssmdrv) - "Avira GmbH" - C:\Windows\System32\DRIVERS\ssmdrv.sys
"SSPORT" (SSPORT) - "Samsung Electronics" - C:\Windows\system32\Drivers\SSPORT.sys
"Upper Class Filter Driver" (NTIDrvr) - "NewTech Infosystems, Inc." - C:\Windows\System32\DRIVERS\NTIDrvr.sys
"WSVD" (WSVD) - "Wasay" - C:\Windows\system32\drivers\WSVD.sys
"{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}" ({49DE1C67-83F8-4102-99E0-C16DCC7EEC796}) - "Cyberlink Corp." - C:\Program Files\Acer Arcade Deluxe\Play Movie\000.fcl

[Explorer]
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
-----( HKLM\Software\Classes\Protocols\Filter )-----
{807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
-----( HKLM\Software\Classes\Protocols\Handler )-----
{32505114-5902-49B2-880A-1F7738E5A384} "Data Page Plugable Protocal mso-offdap11 Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL
{314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
{88FED34C-F0CA-4636-A375-3CB6248B04CD} "Local Groove Web Services Protocol" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
{0A9007C0-4076-11D3-8789-0000F8105754} "Microsoft Infotech Storage Protocol for IE 4.0" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll
{91774881-D725-4E58-B298-07617B9B86A8} "Skype IE add-on Pluggable Protocol" - "Skype Technologies S.A." - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )-----
{B5A7F190-DDA6-4420-B3BA-52453494E6CD} "Groove GFS Stub Execution Hook" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{AEB6717E-7E19-11d0-97EE-00C04FD91972} "{AEB6717E-7E19-11d0-97EE-00C04FD91972}" - ? -   (File not found | COM-object registry key not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{911051fa-c21c-4246-b470-070cd8df6dc4} ".cab or .zip files" - ? -   (File not found | COM-object registry key not found)
{23170F69-40C1-278A-1000-000100020000} "7-Zip Shell Extension" - "Igor Pavlov" - C:\Program Files\7-Zip\7-zip.dll
{1b24a030-9b20-49bc-97ac-1be4426f9e59} "ActiveDirectory Folder" - ? -   (File not found | COM-object registry key not found)
{34449847-FD14-4fc8-A75A-7432F5181EFB} "ActiveDirectory Folder" - ? -   (File not found | COM-object registry key not found)
{0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48} "Contacts folder" - ? -   (File not found | COM-object registry key not found)
{2b45bd21-71f8-4c8c-a87a-7eeb25a1a3e0} "EPM-PO Shell Extensions" - ? - epm-po.dll  (File not found)
{2C2577C2-63A7-40e3-9B7F-586602617ECB} "Explorer Query Band" - ? -   (File not found | COM-object registry key not found)
{99FD978C-D287-4F50-827F-B2C658EDA8E7} "Groove Explorer Icon Overlay 1 (GFS Unread Stub)" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} "Groove Explorer Icon Overlay 2 (GFS Stub)" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{920E6DB1-9907-4370-B3A0-BAFC03D81399} "Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{16F3DD56-1AF5-4347-846D-7C10C4192619} "Groove Explorer Icon Overlay 3 (GFS Folder)" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{2916C86E-86A6-43FE-8112-43ABE6BF8DCC} "Groove Explorer Icon Overlay 4 (GFS Unread Mark)" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{2A541AE1-5BF6-4665-A8A3-CFA9672E4291} "Groove Folder Synchronization" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{72853161-30C5-4D22-B7F9-0BBC1D38A37E} "Groove GFS Browser Helper" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{6C467336-8281-4E60-8204-430CED96822D} "Groove GFS Context Menu Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{B5A7F190-DDA6-4420-B3BA-52453494E6CD} "Groove GFS Stub Execution Hook" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{A449600E-1DC6-4232-B948-9BD794D62056} "Groove GFS Stub Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{387E725D-DC16-4D76-B310-2C93ED4752A0} "Groove XML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} "IE User Assist" - ? -   (File not found | COM-object registry key not found)
{CA5FEE26-14C1-4B5A-86E9-233FC0EE2682} "IZArc DragDrop Menu" - ? - C:\PROGRA~1\IZArc\IZArcCM.dll  (File found, but it contains no detailed information)
{BC593DF5-466F-44EC-8FFD-C4DBC603B917} "IZArc Shell Context Menu" - ? - C:\PROGRA~1\IZArc\IZArcCM.dll  (File found, but it contains no detailed information)
{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\msohevi.dll
{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C} "Microsoft Office OneNote Namespace Extension for Windows Desktop Search" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\ONFILTER.DLL
{00020d75-0000-0000-c000-000000000046} "Microsoft Office Outlook" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\MLSHEXT.DLL
{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{7842554E-6BED-11D2-8CDB-B05550C10000} "Monitor Class" - "Broadcom Corporation." - C:\Windows\system32\btncopy.dll
{97F68CE3-7146-45FF-BE24-D9A7DD7CB8A2} "NeroCoverEdLiveIcons Class" - "Nero AG" - C:\Program Files\Nero\Nero 7\Nero CoverDesigner\CoverEdExtension.dll
{0006F045-0000-0000-C000-000000000046} "Outlook File Icon Extension" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\OLKFSTUB.DLL
{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} "RealOne Player Context Menu Class" - "RealNetworks, Inc." - c:\program files\real\realplayer\rpshell.dll
{C8494E42-ACDD-4739-B0FB-217361E4894F} "Sam Account Folder" - ? -   (File not found | COM-object registry key not found)
{E29F9716-5C08-4FCD-955A-119FDB5A522D} "Sam Account Folder" - ? -   (File not found | COM-object registry key not found)
{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\shlext.dll
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} "Webordner" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
{da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" - ? -   (File not found | COM-object registry key not found)
{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - ? - C:\Program Files\WinRAR\rarext.dll  (File found, but it contains no detailed information)

[Internet Explorer]
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
ITBar7Height "ITBar7Height" - ? -   (File not found | COM-object registry key not found)
<binary data> "ITBar7Layout" - ? -   (File not found | COM-object registry key not found)
<binary data> "ITBarLayout" - ? -   (File not found | COM-object registry key not found)
<binary data> "{31CF9EBE-5755-4A1D-AC25-2834D952D9B4}" - ? -   (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_13" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} "Java Plug-in 1.6.0_13" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_13" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_13.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
{02BCC737-B171-4746-94C9-0D8A0B2C0089} "Microsoft Office Template and Media Control" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\IEAWSDC.DLL / hxxp://office.microsoft.com/sites/production/ieawsdc32.cab
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C} "{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}" - ? -   (File not found | COM-object registry key not found) / hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
"@btrez.dll,-4015" - ? - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
{48E73304-E1D6-4330-914C-F5F514E3486C} "An OneNote senden" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
{FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
{898EA8C8-E7FF-479B-8935-AEC46303B9E5} "Skype add-on for Internet Explorer" - "Skype Technologies S.A." - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )-----
{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} "NCO Toolbar 2.0" - ? -   (File not found | COM-object registry key not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} "Adobe PDF Reader Link Helper" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
{72853161-30C5-4D22-B7F9-0BBC1D38A37E} "Groove GFS Browser Helper" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll
{3049C3E9-B461-4BC5-8870-4C09146192CA} "RealPlayer Download and Record Plugin for Internet Explorer" - "RealPlayer" - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} "Skype add-on for Internet Explorer" - "Skype Technologies S.A." - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
{02478D38-C3F9-4efb-9B51-7695ECA05670} "{02478D38-C3F9-4efb-9B51-7695ECA05670}" - ? -   (File not found | COM-object registry key not found)
{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} "{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}" - ? -   (File not found | COM-object registry key not found)
{6D53EC84-6AAE-4787-AEEE-F4628F01010C} "{6D53EC84-6AAE-4787-AEEE-F4628F01010C}" - ? -   (File not found | COM-object registry key not found)
{83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} "{83A2F9B1-01A2-4AA5-87D1-45B6B8505E96}" - ? -   (File not found | COM-object registry key not found)

[Logon]
-----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\Users\Mandy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
"Empowering Technology Launcher.lnk" - "Acer Inc." - C:\Acer\Empowering Technology\eAPLauncher.exe  (Shortcut exists | File exists)
"BTTray.lnk" - "Broadcom Corporation." - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe  (Shortcut exists | File exists)
-----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )-----
"StartupPrograms" - ? - rdpclip  (File not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"Adobe Reader Speed Launcher" - "Adobe Systems Incorporated" - "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"avgnt" - "Avira GmbH" - "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
"eAudio" - "CyberLink" - "C:\Acer\Empowering Technology\eAudio\eAudio.exe"
"GrooveMonitor" - "Microsoft Corporation" - "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
"TkBellExe" - "RealNetworks, Inc." - "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
"WarReg_PopUp" - "Acer Inc." - C:\Acer\WR_PopUp\WarReg_PopUp.exe

[Print Monitors]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----
"HP Standard TCP/IP Port" - "Hewlett Packard" - C:\Windows\system32\HpTcpMon.dll
"Microsoft Document Imaging Writer Monitor" - "Microsoft Corporation" - C:\Windows\system32\mdimon.dll
"PDFCreator" - ? - C:\Windows\system32\pdfcmnnt.dll  (File found, but it contains no detailed information)
"Send To Microsoft OneNote Monitor" - "Microsoft Corporation" - C:\Windows\system32\msonpmon.dll

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"@C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100" (WPFFontCache_v0400) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
"AAV UpdateService" (AAV UpdateService) - ? - C:\Program Files\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe
"ALaunch Service" (ALaunchService) - ? - C:\Acer\ALaunch\ALaunchSvc.exe
"Avira AntiVir Guard" (AntiVirService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
"Avira AntiVir Planer" (AntiVirSchedulerService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\sched.exe
"Cyberlink RichVideo Service(CRVS)" (RichVideo) - ? - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
"eLock Service" (eLockService) - "Acer Inc." - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
"eNet Service" (eNet Service) - "Acer Inc." - C:\Acer\Empowering Technology\eNet\eNet Service.exe
"ePower Service" (WMIService) - "acer" - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
"eRecovery Service" (eRecoveryService) - "Acer Inc." - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
"eSettings Service" (eSettingsService) - ? - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
"HP CUE DeviceDiscovery Service" (hpqddsvc) - "Hewlett-Packard Co." - C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
"hpqcxs08" (hpqcxs08) - "Hewlett-Packard Co." - C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
"InstallDriver Table Manager" (IDriverT) - "Macrovision Corporation" - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
"Intel(R) Matrix Storage Event Monitor" (IAANTMON) - "Intel Corporation" - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
"LightScribeService Direct Disc Labeling Service" (LightScribeService) - "Hewlett-Packard Company" - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
"Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
"Microsoft Office Diagnostics Service" (odserv) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
"Microsoft Office Groove Audit Service" (Microsoft Office Groove Audit Service) - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
"MobilityService" (MobilityService) - ? - C:\Acer\Mobility Center\MobilityService.exe
"NBService" (NBService) - "Nero AG" - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
"Net Driver HPZ12" (Net Driver HPZ12) - "Hewlett-Packard" - C:\Windows\system32\HPZinw12.dll
"NMIndexingService" (NMIndexingService) - "Nero AG" - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
"Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
"Pml Driver HPZ12" (Pml Driver HPZ12) - "Hewlett-Packard" - C:\Windows\system32\HPZipm12.dll
"Raw Socket Service" (RS_Service) - "Acer Inc." - C:\Program Files\Acer\Acer VCM\RS_Service.exe
"Symantec Core LC" (Symantec Core LC) - ? - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe

===[ Logfile end ]=========================================[ Logfile end ]===
If You have questions or want to get some help, You can visit 

hxxp://forum.online-solutions.ru

3. MBRCheck

Code:
ATTFilter
MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:			
Windows Version:		Windows Vista Home Premium Edition
Windows Information:		Service Pack 2 (build 6002), 32-bit
Base Board Manufacturer:	Acer, Inc.
BIOS Manufacturer:		Acer
System Manufacturer:		Acer, inc.
System Product Name:		Aspire 5920G
Logical Drives Mask:		0x0000002c

Kernel Drivers (total 166):
  0x8263E000 \SystemRoot\system32\ntkrnlpa.exe
  0x8260B000 \SystemRoot\system32\hal.dll
  0x80600000 \SystemRoot\system32\kdcom.dll
  0x80607000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
  0x80677000 \SystemRoot\system32\PSHED.dll
  0x80688000 \SystemRoot\system32\BOOTVID.dll
  0x80690000 \SystemRoot\system32\CLFS.SYS
  0x806D1000 \SystemRoot\system32\CI.dll
  0x8A601000 \SystemRoot\system32\drivers\Wdf01000.sys
  0x8A67D000 \SystemRoot\system32\drivers\WDFLDR.SYS
  0x8A68A000 \SystemRoot\system32\drivers\acpi.sys
  0x8A6D0000 \SystemRoot\system32\drivers\WMILIB.SYS
  0x8A6D9000 \SystemRoot\system32\drivers\msisadrv.sys
  0x8A6E1000 \SystemRoot\system32\drivers\pci.sys
  0x8A708000 \SystemRoot\System32\drivers\partmgr.sys
  0x8A717000 \SystemRoot\system32\DRIVERS\compbatt.sys
  0x8A71A000 \SystemRoot\system32\DRIVERS\BATTC.SYS
  0x8A724000 \SystemRoot\system32\drivers\volmgr.sys
  0x8A733000 \SystemRoot\System32\drivers\volmgrx.sys
  0x8A77D000 \SystemRoot\system32\drivers\intelide.sys
  0x8A784000 \SystemRoot\system32\drivers\PCIIDEX.SYS
  0x8A792000 \SystemRoot\System32\drivers\mountmgr.sys
  0x8A800000 \SystemRoot\system32\DRIVERS\iaStor.sys
  0x8A8C8000 \SystemRoot\system32\drivers\atapi.sys
  0x8A8D0000 \SystemRoot\system32\drivers\ataport.SYS
  0x8A8EE000 \SystemRoot\system32\drivers\msahci.sys
  0x8A8F8000 \SystemRoot\system32\drivers\fltmgr.sys
  0x8A92A000 \SystemRoot\system32\drivers\fileinfo.sys
  0x8A93A000 \SystemRoot\system32\Drivers\PxHelp20.sys
  0x8A944000 \SystemRoot\System32\Drivers\ksecdd.sys
  0x8AA0B000 \SystemRoot\system32\drivers\ndis.sys
  0x8AB16000 \SystemRoot\system32\drivers\msrpc.sys
  0x8AB41000 \SystemRoot\system32\drivers\NETIO.SYS
  0x8AC03000 \SystemRoot\System32\drivers\tcpip.sys
  0x8ACED000 \SystemRoot\System32\drivers\fwpkclnt.sys
  0x8AE0B000 \SystemRoot\System32\Drivers\Ntfs.sys
  0x8AF1B000 \SystemRoot\system32\drivers\volsnap.sys
  0x8AF54000 \SystemRoot\System32\Drivers\spldr.sys
  0x8AF5C000 \SystemRoot\System32\Drivers\mup.sys
  0x8AF6B000 \SystemRoot\System32\drivers\ecache.sys
  0x8AF92000 \SystemRoot\system32\drivers\disk.sys
  0x8AFA3000 \SystemRoot\system32\drivers\CLASSPNP.SYS
  0x8AFC4000 \SystemRoot\system32\drivers\crcdisk.sys
  0x8AFDA000 \SystemRoot\system32\DRIVERS\tunnel.sys
  0x8AFE5000 \SystemRoot\system32\DRIVERS\tunmp.sys
  0x8AFEE000 \SystemRoot\system32\DRIVERS\intelppm.sys
  0x8EC09000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
  0x8F350000 \SystemRoot\System32\drivers\dxgkrnl.sys
  0x8F3F0000 \SystemRoot\System32\drivers\watchdog.sys
  0x8AE00000 \SystemRoot\system32\DRIVERS\usbuhci.sys
  0x8AB7C000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
  0x8ADD0000 \SystemRoot\system32\DRIVERS\usbehci.sys
  0x8F402000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
  0x8F606000 \SystemRoot\system32\DRIVERS\NETw4v32.sys
  0x8F864000 \SystemRoot\system32\DRIVERS\ohci1394.sys
  0x8F874000 \SystemRoot\system32\DRIVERS\1394BUS.SYS
  0x8F882000 \SystemRoot\system32\DRIVERS\sdbus.sys
  0x8F89C000 \SystemRoot\system32\DRIVERS\rimmptsk.sys
  0x8F8AD000 \SystemRoot\system32\DRIVERS\rimsptsk.sys
  0x8F8C1000 \SystemRoot\system32\DRIVERS\rixdptsk.sys
  0x8F913000 \SystemRoot\system32\DRIVERS\winbondcir.sys
  0x8F928000 \SystemRoot\system32\DRIVERS\i8042prt.sys
  0x8F93B000 \SystemRoot\system32\DRIVERS\DKbFltr.sys
  0x8F945000 \SystemRoot\system32\DRIVERS\kbdclass.sys
  0x8F950000 \SystemRoot\system32\DRIVERS\SynTP.sys
  0x8F97E000 \SystemRoot\system32\DRIVERS\USBD.SYS
  0x8F980000 \SystemRoot\system32\DRIVERS\mouclass.sys
  0x8F98B000 \SystemRoot\system32\drivers\Afc.sys
  0x8F993000 \SystemRoot\system32\DRIVERS\cdrom.sys
  0x8F9AB000 \SystemRoot\system32\DRIVERS\NTIDrvr.sys
  0x8F9AD000 \SystemRoot\system32\DRIVERS\CmBatt.sys
  0x8F9B1000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
  0x8F9BA000 \SystemRoot\system32\DRIVERS\msiscsi.sys
  0x8F48F000 \SystemRoot\system32\DRIVERS\storport.sys
  0x8F9E9000 \SystemRoot\system32\DRIVERS\TDI.SYS
  0x8F9F4000 \SystemRoot\System32\Drivers\RootMdm.sys
  0x8F4D0000 \SystemRoot\system32\drivers\modem.sys
  0x8F4DD000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
  0x8F4F4000 \SystemRoot\system32\DRIVERS\ndistapi.sys
  0x8F4FF000 \SystemRoot\system32\DRIVERS\ndiswan.sys
  0x8F522000 \SystemRoot\system32\DRIVERS\raspppoe.sys
  0x8F531000 \SystemRoot\system32\DRIVERS\raspptp.sys
  0x8F545000 \SystemRoot\system32\DRIVERS\rassstp.sys
  0x8F55A000 \SystemRoot\system32\DRIVERS\RimSerial.sys
  0x8F561000 \SystemRoot\system32\DRIVERS\termdd.sys
  0x8F600000 \SystemRoot\system32\DRIVERS\seehcri.sys
  0x8F9FC000 \SystemRoot\system32\DRIVERS\swenum.sys
  0x8F571000 \SystemRoot\system32\DRIVERS\ks.sys
  0x8F59B000 \SystemRoot\system32\DRIVERS\circlass.sys
  0x8F5A9000 \SystemRoot\system32\DRIVERS\mssmbios.sys
  0x8F5B3000 \SystemRoot\system32\DRIVERS\umbus.sys
  0x8F5C0000 \SystemRoot\system32\DRIVERS\usbhub.sys
  0x8ADDF000 \SystemRoot\System32\Drivers\NDProxy.SYS
  0x8FC08000 \SystemRoot\system32\drivers\RTKVHDA.sys
  0x8ABBA000 \SystemRoot\system32\drivers\portcls.sys
  0x8A9B5000 \SystemRoot\system32\drivers\drmk.sys
  0x8A7A2000 \SystemRoot\system32\DRIVERS\VSTAZL3.SYS
  0x8FE01000 \SystemRoot\system32\DRIVERS\VSTDPV3.SYS
  0x8FF05000 \SystemRoot\system32\DRIVERS\VSTCNXT3.SYS
  0x8FFB8000 \SystemRoot\system32\DRIVERS\hidir.sys
  0x8FFC3000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
  0x8FFD3000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
  0x8FFDA000 \SystemRoot\system32\DRIVERS\kbdhid.sys
  0x90000000 \SystemRoot\system32\DRIVERS\snp2uvc.sys
  0x901A7000 \SystemRoot\system32\DRIVERS\STREAM.SYS
  0x901B4000 \SystemRoot\system32\DRIVERS\sncduvc.SYS
  0x901BB000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
  0x901C4000 \SystemRoot\System32\Drivers\Null.SYS
  0x901CB000 \SystemRoot\System32\Drivers\Beep.SYS
  0x901D2000 \SystemRoot\System32\drivers\vga.sys
  0x901DE000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
  0x8FFE3000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
  0x8FFEB000 \SystemRoot\system32\drivers\rdpencdd.sys
  0x8FFF3000 \SystemRoot\System32\Drivers\Msfs.SYS
  0x8FDE3000 \SystemRoot\System32\Drivers\Npfs.SYS
  0x8FDF1000 \SystemRoot\System32\DRIVERS\rasacd.sys
  0x8ABE7000 \SystemRoot\system32\DRIVERS\tdx.sys
  0x8A9DA000 \SystemRoot\system32\DRIVERS\smb.sys
  0x807B1000 \SystemRoot\system32\drivers\afd.sys
  0x9260A000 \SystemRoot\System32\DRIVERS\netbt.sys
  0x9263C000 \SystemRoot\system32\DRIVERS\pacer.sys
  0x92652000 \SystemRoot\system32\DRIVERS\netbios.sys
  0x92660000 \SystemRoot\system32\DRIVERS\wanarp.sys
  0x92673000 \SystemRoot\system32\DRIVERS\ssmdrv.sys
  0x92679000 \SystemRoot\system32\DRIVERS\rdbss.sys
  0x926B5000 \SystemRoot\system32\drivers\nsiproxy.sys
  0x926C1000 \SystemRoot\System32\Drivers\dfsc.sys
  0x926D8000 \SystemRoot\system32\DRIVERS\avipbb.sys
  0x926FE000 \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys
  0x92700000 \SystemRoot\system32\DRIVERS\usbccgp.sys
  0x92717000 \SystemRoot\system32\DRIVERS\hidusb.sys
  0x92720000 \SystemRoot\system32\DRIVERS\mouhid.sys
  0x92728000 \SystemRoot\System32\Drivers\crashdmp.sys
  0x92735000 \SystemRoot\System32\Drivers\dump_iaStor.sys
  0x9BA50000 \SystemRoot\System32\win32k.sys
  0x92600000 \SystemRoot\System32\drivers\Dxapi.sys
  0x8ADF0000 \SystemRoot\system32\DRIVERS\monitor.sys
  0x9BC70000 \SystemRoot\System32\TSDDD.dll
  0x9BC90000 \SystemRoot\System32\cdd.dll
  0x8AD08000 \SystemRoot\system32\drivers\luafv.sys
  0x8AD23000 \SystemRoot\system32\DRIVERS\avgntflt.sys
  0xA1E04000 \SystemRoot\system32\drivers\spsys.sys
  0xA1EB4000 \SystemRoot\system32\DRIVERS\lltdio.sys
  0xA1EC4000 \SystemRoot\system32\DRIVERS\nwifi.sys
  0xA1EEE000 \SystemRoot\system32\DRIVERS\ndisuio.sys
  0xA1EF8000 \SystemRoot\system32\DRIVERS\rspndr.sys
  0xA1F0B000 \SystemRoot\system32\drivers\HTTP.sys
  0xA1F78000 \SystemRoot\System32\DRIVERS\srvnet.sys
  0xA1F95000 \SystemRoot\system32\DRIVERS\bowser.sys
  0xA1FAE000 \SystemRoot\System32\drivers\mpsdrv.sys
  0xA1FC3000 \SystemRoot\system32\drivers\mrxdav.sys
  0x8AD38000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
  0x8AD57000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
  0xA1FE4000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
  0x8AD90000 \SystemRoot\System32\DRIVERS\srv2.sys
  0xA3A03000 \SystemRoot\System32\DRIVERS\srv.sys
  0xA3A79000 \SystemRoot\system32\DRIVERS\cdfs.sys
  0xA3A8F000 \??\C:\Acer\Empowering Technology\eRecovery\int15.sys
  0xA3A96000 \SystemRoot\system32\drivers\peauth.sys
  0xA3B74000 \SystemRoot\System32\Drivers\secdrv.SYS
  0xA3B7E000 \??\C:\Windows\system32\Drivers\SSPORT.sys
  0xA3B85000 \SystemRoot\System32\drivers\tcpipreg.sys
  0xA3B91000 \??\C:\Program Files\Acer Arcade Deluxe\Play Movie\000.fcl
  0xA3BAE000 \SystemRoot\system32\DRIVERS\asyncmac.sys
  0xA3BB7000 \??\C:\Users\Mandy\AppData\Local\Temp\fwdyipod.sys
  0x77220000 \Windows\System32\ntdll.dll

Processes (total 84):
       0 System Idle Process
       4 System
     484 C:\Windows\System32\smss.exe
     616 csrss.exe
     668 C:\Windows\System32\wininit.exe
     680 csrss.exe
     712 C:\Windows\System32\services.exe
     724 C:\Windows\System32\lsass.exe
     732 C:\Windows\System32\lsm.exe
     888 C:\Windows\System32\svchost.exe
     896 C:\Windows\System32\winlogon.exe
     988 C:\Windows\System32\svchost.exe
    1040 C:\Windows\System32\svchost.exe
    1124 C:\Windows\System32\svchost.exe
    1156 C:\Windows\System32\svchost.exe
    1168 C:\Windows\System32\svchost.exe
    1260 C:\Windows\System32\audiodg.exe
    1280 C:\Windows\System32\svchost.exe
    1300 C:\Windows\System32\SLsvc.exe
    1340 C:\Windows\System32\svchost.exe
    1444 C:\Windows\System32\svchost.exe
    1760 C:\Windows\System32\spoolsv.exe
    1784 C:\Program Files\Avira\AntiVir Desktop\sched.exe
    1796 C:\Windows\System32\svchost.exe
     340 C:\Program Files\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe
     576 C:\Acer\ALaunch\ALaunchSvc.exe
     728 C:\Program Files\Avira\AntiVir Desktop\avguard.exe
     660 C:\Windows\System32\svchost.exe
    1380 C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
     308 C:\Acer\Empowering Technology\eNet\eNet Service.exe
    2064 C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
    2108 C:\Windows\System32\svchost.exe
    2132 C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
    2180 C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    2232 C:\Acer\Mobility Center\MobilityService.exe
    2272 C:\Windows\System32\svchost.exe
    2328 C:\Windows\System32\svchost.exe
    2344 C:\Windows\System32\svchost.exe
    2360 C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    2392 C:\Program Files\Acer\Acer VCM\RS_Service.exe
    2436 C:\Windows\System32\svchost.exe
    2512 C:\Windows\System32\svchost.exe
    2540 C:\Windows\System32\SearchIndexer.exe
    2652 C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
    2716 C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
    2776 C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
    3064 WmiPrvSE.exe
    3244 WmiPrvSE.exe
    3256 unsecapp.exe
    3452 C:\Windows\System32\taskeng.exe
    3592 C:\Windows\System32\dwm.exe
    3600 C:\Windows\System32\taskeng.exe
    3868 C:\Windows\RtHDVCpl.exe
    3892 C:\Acer\Empowering Technology\eAudio\eAudio.exe
    3924 C:\Windows\System32\rundll32.exe
    3956 C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
    3972 C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
    4056 C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    4064 C:\Windows\System32\rundll32.exe
    4072 C:\Windows\ehome\ehtray.exe
    2324 C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
    3400 C:\Windows\ehome\ehmsas.exe
    3276 C:\Acer\Empowering Technology\eNet\eNMTray.exe
    3316 C:\Users\Mandy\AppData\Local\temp\RtkBtMnt.exe
    4040 C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
    2496 C:\Acer\Empowering Technology\Acer.Empowering.Framework.Supervisor.exe
     868 C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
    4732 C:\Program Files\Windows Media Player\wmpnscfg.exe
    5752 C:\Program Files\Windows Media Player\wmpnetwk.exe
    5904 C:\Windows\System32\svchost.exe
    5448 C:\Windows\System32\wuauclt.exe
     552 C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
    3440 C:\Windows\explorer.exe
    3308 C:\Program Files\Internet Explorer\iexplore.exe
    4208 C:\Program Files\Internet Explorer\iexplore.exe
    6080 C:\Windows\System32\Macromed\Flash\FlashUtil10n_ActiveX.exe
    2456 C:\Program Files\Internet Explorer\iexplore.exe
    2372 C:\Windows\System32\SearchProtocolHost.exe
    1632 C:\Windows\System32\SearchFilterHost.exe
     520 taskeng.exe
    3224 dllhost.exe
    4384 dllhost.exe
    4792 C:\Users\Mandy\Desktop\MBRCheck.exe
    4532 C:\Windows\System32\conime.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000002`af600000  (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000026`a2300000  (NTFS)

PhysicalDrive0 Model Number: WDCWD3200BEVT-22ZCT0, Rev: 11.01A11

      Size  Device Name          MBR Status
  --------------------------------------------
    298 GB  \\.\PhysicalDrive0   Unknown MBR code
            SHA1: 31171527C24A94682C92F34EB1E387CDC8AD21FC


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit: 

Done!
So, ich hoffe, das passt soweit. Für heute ist erst einmal Schluß. Vielen lieben Dank schon mal bis hier hin.

Eine Gute Nacht wünscht Mandy

Antwort

Themen zu TR/Kazy.mekml.1 - OTL Fix?
'tr/atraps.gen2', antivir, brauche, dateien, desktop, durchgeführt, erfolgreich, festplatte, fix, folge, folgende, forum, gelöscht, heute, icons, installiert, malwarebytes, meldung, meldungen, otl fix, otl scan, partitionen, platte, scan, tr/atraps.gen, trojaner, verschwunden, zusätzlich


« Leerer Desktop nach Entfernung von Windows Recovery durch Malewarebytes | Trojaner TR/Kazy.mekml.1 und auch bei mir... »


Ähnliche Themen: TR/Kazy.mekml.1 - OTL Fix?


  1. TR/Kazy.mekml.1 ; 'TR/FakeSysdef.A.621 ; 'TR/Kazy.22847'..
    Log-Analyse und Auswertung - 15.05.2011 (33)
  2. TR/Kazy.mekml.1 - was tun?
    Plagegeister aller Art und deren Bekämpfung - 12.05.2011 (5)
  3. TR/Kazy.mekml.1
    Log-Analyse und Auswertung - 06.05.2011 (1)
  4. Tr/kazy.mekml.1
    Log-Analyse und Auswertung - 03.05.2011 (13)
  5. TR/Kazy.mekml.1
    Plagegeister aller Art und deren Bekämpfung - 02.05.2011 (2)
  6. TR/Kazy.mekml.1
    Plagegeister aller Art und deren Bekämpfung - 01.05.2011 (37)
  7. TR/Kazy.mekml.1 ... SOS
    Plagegeister aller Art und deren Bekämpfung - 30.04.2011 (34)
  8. TR/kazy.mekml.1
    Plagegeister aller Art und deren Bekämpfung - 29.04.2011 (10)
  9. TR/kazy.mekml.1
    Mülltonne - 26.04.2011 (0)
  10. TR/Kazy.mekml.1
    Log-Analyse und Auswertung - 26.04.2011 (1)
  11. Osterei: TR/Kazy.mekml.1 und TR/Kazy.20364
    Log-Analyse und Auswertung - 25.04.2011 (1)
  12. tr/kazy.mekml.1
    Plagegeister aller Art und deren Bekämpfung - 23.04.2011 (9)
  13. kazy.mekml.1
    Log-Analyse und Auswertung - 23.04.2011 (3)
  14. TR/Kazy.mekml.1
    Plagegeister aller Art und deren Bekämpfung - 22.04.2011 (6)
  15. TR/Kazy.mekml.1
    Plagegeister aller Art und deren Bekämpfung - 22.04.2011 (11)
  16. TR/kazy.mekml.1
    Log-Analyse und Auswertung - 20.04.2011 (16)
  17. TR/Kazy.mekml.1
    Plagegeister aller Art und deren Bekämpfung - 18.04.2011 (4)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema TR/Kazy.mekml.1 - OTL Fix? - Hallo Arne, so geschafft. Hier die Logs: 1. GMER GMER Logfile: Code: Alles auswählen Aufklappen ATTFilter GMER 1.0.15.15570 - hxxp://www.gmer.net Rootkit scan 2011-04-28 23:03:00 Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 - TR/Kazy.mekml.1 - OTL Fix?...
Archiv
Du betrachtest: TR/Kazy.mekml.1 - OTL Fix? auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131