Trojaner-Board
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Mehrere IDE/SATA-Festplatten, TR/Kazy.mekml.1... (https://www.trojaner-board.de/99178-mehrere-ide-sata-festplatten-tr-kazy-mekml-1-a.html)

Blicknix 16.05.2011 21:10
Mehrere IDE/SATA-Festplatten, TR/Kazy.mekml.1...
 
Hallo Boarder,
mich hat's erwischt. Nachdem ich in den letzten Tagen hier immer wieder verfolgt habe wie anderen, denen es offenbar ähnlich geht wie mir geholfen wurde, muss ich nun auch um Eure Hilfe bitten.
Das Problem wurde an anderen Stellen im Forum bereits beschrieben (z.B. bei "Erni"). War im Netz unterwegs.. was genau passiert ist kann ich nicht mehr sagen. Mein Desktop ist praktisch schwarz, alle Dateiordner sind leer.
Ich versuche nun mal so vorzugehen wie meine Leidensgenossen und die Logfiles von Malewarebytes und OTL zu posten. Bin absolutes Greenhorn in solchen Dingen. Deshalb bitte um Nachsicht, sollte ich mich etwas dusselig anstellen! Gruß

cosinus 16.05.2011 21:41
Hallo und :hallo:

Bitte routinemäßig einen Vollscan mit malwarebytes machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!


Danach OTL-Custom:


CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT

Blicknix 16.05.2011 23:28
Hi Cosinus,
danke für die rasche Antwort.
Habe alles soweit erledigt hoffe ich. Scans sind angehängt.

Brauchst Du den zweiten OTL Log auch? Hier kommt er:OTL EXTRAS Logfile:
Code:
OTL Extras logfile created on: 17.05.2011 00:10:41 - Run 1
OTL by OldTimer - Version 3.2.22.3    Folder = C:\Users\***\Downloads
 Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 68,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 83,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 576,17 Gb Total Space | 431,57 Gb Free Space | 74,90% Space Free | Partition Type: NTFS
Drive D: | 19,99 Gb Total Space | 0,02 Gb Free Space | 0,10% Space Free | Partition Type: FAT32
 
Computer Name: PCGELLERTSTR | User Name: JC Müller | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [FinePix] -- "C:\Program Files\FinePixViewer\FinePixViewer.exe" "%1" (FUJIFILM Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{ADDBE07D-95B8-4789-9C76-187FFF9624B4}" = CorelDRAW Essential Edition 3
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{00BADC8E-0A5A-1C41-A4C2-ADE2B26B78EF}" = CCC Help German
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID-Anmelde-Assistent
"{097CDB1E-07C9-40F1-9972-F0F9F3A287E4}" = Network
"{1458BB78-1DC5-4BC0-B9A3-2B644F5A8105}" = DeviceDiscovery
"{150B6201-E9E6-4DFB-960E-CCBD53FBDDED}" = HPProductAssistant
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1E307673-A877-89FF-78DC-14EE9B90E36D}" = ATI Catalyst Install Manager
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{24ED4D80-8294-11D5-96CD-0040266301AD}" = FinePixViewer Ver.5.4
"{26A24AE4-039D-4CA4-87B4-2F83216014FF}" = Java(TM) 6 Update 14
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{292F0F52-B62D-4E71-921B-89A682402201}" = Toolbox
"{2A0EDB2D-F27C-DFDD-C17C-F2E4B05F503D}" = CCC Help French
"{321F2647-25B9-2909-E2F4-AC2770A358B9}" = Catalyst Control Center Graphics Full New
"{3429F980-7C10-BF80-84C0-06ACF39900CD}" = ccc-utility
"{345C90FB-FA10-11D5-9C2A-0080C85A0C2D}" = ABBYY FineReader OCR Engine
"{353FE16B-30FE-469A-BF55-B978F4218003}" = iTunes
"{383A2E3F-A462-1C60-7627-EFA7D3B140E7}" = CCC Help Finnish
"{398ED33A-6B97-9909-B91F-7A3ADEF08BEE}" = CCC Help Norwegian
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3A567E16-3E64-39BB-0C07-8083E81D56F0}" = CCC Help Spanish
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3EC62F67-DDFA-434C-9610-1FDF71B8F1D4}" = BPDSoftware_Ini
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{437220AC-2A97-8338-E012-74B8DF30E9DA}" = Catalyst Control Center InstallProxy
"{4AB8B41B-3AF1-46BE-99B0-0ACD3B300C0A}" = Junk Mail filter update
"{519EDA51-1048-2879-8005-5EF3F3EE4A99}" = CCC Help Japanese
"{5230AAA6-C417-47CA-8028-EF8133B984A6}" = 6000E609a
"{5235D305-3A25-35E0-C8F4-0D07325B5449}" = CCC Help Italian
"{5383EF8A-150E-4EAB-2C1D-C3135DE70368}" = Catalyst Control Center Core Implementation
"{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5A166C0B-9557-4364-A057-F946D674E6AC}" = Windows Live Mail
"{5B025634-7D5B-4B8D-BE2A-7943C1CF2D5D}" = Status
"{60FFB3E0-6D5B-4D73-AE5B-07E58B83AF0C}" = 32 Bit HP CIO Components Installer
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{6B96DADA-1A27-4A04-8CB2-CC45168D05FA}" = Windows Live Fotogalerie
"{6C1E7AA1-44E9-446D-AAB2-0DE6D9EFEAB1}" = Safari
"{71CEED82-6D60-4DB7-A351-3564A87F7C96}" = 6000E609_eDocs
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{74DC0593-6BC6-4001-AD5F-D810AFB68D86}" = HP Update
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{7791308C-85FB-43B9-93F2-7DE9CB7D5C4A}" = HP Officejet 6000 E609 Series
"{779DECD7-E072-4B56-9B6B-BEB5973EEEB5}" = MobileMe Control Panel
"{77F8A71E-3515-4832-B8B2-2F1EDBD2E0F1}" = Bing Bar
"{81821BF8-DA20-4F8C-AA87-F70A274828D4}" = Windows Live Writer
"{835686C5-8650-49EB-8CA0-4528B4035495}" = Windows Live Call
"{837B6259-6FF5-4E66-87C1-A5A15ED36FF4}" = Windows Live Messenger
"{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}" = HPDiagnosticAlert
"{849EF876-F6A3-B14F-7FBE-35264E4D84A0}" = Catalyst Control Center Graphics Previews Vista
"{853A4763-6643-4604-8D64-28BDD8925F4C}" = Apple Application Support
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169, 8168, 8101E and 8102E Ethernet Network Card Driver for Windows Vista
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C1E2925-14F8-45AA-B999-1E2A74BF5607}" = Windows Live Sync
"{8EE94FD8-5F52-4463-A340-185D16328158}" = WebReg
"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{904CCF62-818D-4675-BC76-D37EB399F917}" = Windows Mobile-Gerätecenter
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B8E1C10-3952-48D3-BC66-F223DDC3A556}" = Firefox 3.6 WEB.DE Edition
"{9FF070B4-7A62-FEB7-2673-68A58166C9D5}" = Catalyst Control Center Localization All
"{A062A15F-9CAC-4B88-98DF-87628A0BD721}" = Corel MediaOne
"{A334F1BA-0A1D-4ED6-B4F9-4066157CA15D}" = DE
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC35A885-0F8F-4857-B7DA-6E8DFB43E6B3}" = HPSSupply
"{AC76BA86-7AD7-1031-7B44-A94000000001}" = Adobe Reader 9.4.4 - Deutsch
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{ADDBE07D-95B8-4789-9C76-187FFF9624B4}" = CorelDRAW Essential Edition 3
"{B08D262E-D902-11D5-9C28-0080C85A0C2D}" = ScanWizard 5
"{B95B1BA9-F887-4B3C-8D3A-CCD4C4675120}" = Microsoft Default Manager
"{BAC80EF3-E106-4AEA-8C57-F217F9BC7358}" = Microsoft SQL Server 2005 Compact Edition [DEU]
"{BB3447F6-9553-4AA9-960E-0DB5310C5779}" = GPBaseService2
"{BC5DD87B-0143-4D14-AAE6-97109614DC6B}" = SolutionCenter
"{C2E4B5BD-32DB-4817-A060-341AB17C3F90}" = Bonjour
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"{C809442E-31F0-418C-A929-74453B741A7B}" = ProductContext
"{CACAEB5F-174D-4C7C-AC56-A33289A807CA}" = Apple Mobile Device Support
"{CBE7EB3D-FBD9-4c74-8156-082D055C0354}" = BPDSoftware
"{CD31E63D-47FD-491C-8117-CF201D0AFAB5}" = TrayApp
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{D360FA88-17C8-4F14-B67F-13AAF9607B12}" = MarketResearch
"{D8E1DFEE-622B-46BA-AEFF-AB7E541C0B21}" = Steuer-Spar-Erklärung 2010
"{DC507BF5-66C7-B876-F564-0E60CB91D0DF}" = Catalyst Control Center Graphics Full Existing
"{DCB39D37-F1EC-EC0B-AC38-F3ECC9B5F55D}" = CCC Help Swedish
"{DF5F687F-8018-4542-9F98-7084E9022917}" = Windows Live Essentials
"{DF6FE172-006A-4324-AF7F-ACFE4BA290FE}" = AAVUpdateManager
"{E1CEE7F9-90EF-19B9-75DE-8F8F2AA18131}" = Catalyst Control Center Graphics Light
"{E3D04529-6EDB-11D8-A372-0050BAE317E1}" = CyberLink PowerDVD Copy
"{E5DF3476-26A4-A39E-52E1-33FFD2D7FEED}" = CCC Help Danish
"{E67038A6-1745-BFC1-65D5-01D833D8E932}" = ccc-core-static
"{E7F088E0-6B7F-896B-4337-FC1617514152}" = CCC Help English
"{EF3D2EED-053B-9A14-B270-B62FB987EBC5}" = CCC Help Dutch
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1FCC8AD-0F88-4D77-8530-0FBB088485F1}" = WEB.DE Update
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F428D0FB-765D-40EB-BDD8-A1E7F5C597FA}" = Update Manager
"{F4BD608A-8296-43DA-A400-1E8432AB1304}" = 6000E609_Help
"{F69E83CF-B440-43F8-89E6-6EA80712109B}" = Windows Live Communications Platform
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F98A9659-65D5-856C-A163-1304D8355F72}" = Skins
"{FA0FF682-CC70-4C57-93CD-E276F3E7537E}" = BufferChm
"7-Zip" = 7-Zip 9.20
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Angebote ALDI SÜD" = Angebote ALDI SÜD Bildschirmschoner
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Firefox 3.6 WEB.DE Edition" = Firefox 3.6 WEB.DE Edition
"FujiDirekt_is1" = FujiDirekt 2.6
"Google Updater" = Google Updater
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HP Imaging Device Functions" = HP Imaging Device Functions 14.0
"HP Smart Web Printing" = HP Smart Web Printing 4.60
"HP Solution Center & Imaging Support Tools" = HP Solution Center 14.0
"HPExtendedCapabilities" = HP Customer Participation Program 14.0
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 4.0.1 (x86 de)" = Mozilla Firefox 4.0.1 (x86 de)
"RealPlayer 12.0" = RealPlayer
"Shop for HP Supplies" = Shop for HP Supplies
"WEB.DE Update" = WEB.DE Update
"WinLiveSuite_Wave3" = Windows Live Essentials
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
 
========== Last 10 Event Log Errors ==========
 
Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!
 
< End of report >
--- --- ---

cosinus 16.05.2011 23:33
Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Hinweis: Falls Du Deinen Benutzernamen unkenntlich gemacht hast, musst Du das Ausgesternte in Deinen richtigen Benutzernamen wieder verwandeln, sonst funktioniert das Script nicht!!

Code:
:OTL
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O4 - HKLM..\Run: []  File not found
[2011.05.13 15:27:39 | 000,000,120 | -H-- | M] () -- C:\Users\***\AppData\Local\Yyikodusexuy.dat
[2011.05.13 15:27:39 | 000,000,000 | -H-- | M] () -- C:\Users\***\AppData\Local\Cmamevub.bin
[2011.05.11 22:51:56 | 000,000,144 | -H-- | M] () -- C:\ProgramData\~32366328
[2011.05.11 22:51:56 | 000,000,120 | -H-- | M] () -- C:\ProgramData\~32366328r
[2011.05.11 22:51:52 | 000,000,344 | -H-- | M] () -- C:\ProgramData\32366328
[2011.05.11 22:42:55 | 000,000,000 | -H-- | M] () -- C:\Users\***\2gweorjqjutp92vjy9gake
:Commands
[purity]
[resethosts]
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Blicknix 16.05.2011 23:51
Hi
ging ohne Neustart. Hab meinen Benutzernamen eingesetzt und nun wieder ersetzt ok?
Hier das Logfile:
========== OTL ==========
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\autoexec.bat moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
File C:\Users\***\AppData\Local\Yyikodusexuy.dat not found.
File C:\Users\***\AppData\Local\Cmamevub.bin not found.
C:\ProgramData\~32366328 moved successfully.
C:\ProgramData\~32366328r moved successfully.
C:\ProgramData\32366328 moved successfully.
File C:\Users\***\2gweorjqjutp92vjy9gake not found.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.22.3 log created on 05172011_004659

cosinus 17.05.2011 08:20
Bitte nun dieses Tool von Kaspersky ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Das Tool so einstellen wie unten im Bild angegeben - also beide Haken setzen, auf Start scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.

http://www.trojaner-board.de/attachm...rnen-start.png


Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, bitte unhide ausführen:
Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop.
Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )
http://www.trojaner-board.de/images/icons/icon4.gif Vista und 7 User müssen das Tool per Rechtsklick als Administrator ausführen! http://www.trojaner-board.de/images/icons/icon4.gif

Blicknix 17.05.2011 10:08
Hey, wieder Dank!
Schläfst Du auch mal?http://www.trojaner-board.de/images/smilies/sleepy.gif
:sleepy:
Bin momentan im Job und kann den Scan erst heute Abend an meine infizierten Rechner zu Hause ausführen.
Soll ich entsprechend der Anleitung von Da GuRu vorgehen, die ich über Deinen Link gefunden habe? Oder soll ich mich auf das beschränken, was Du geschrieben hast?

Blicknix 17.05.2011 19:25
So hallo
hier im Anhang das Log des TDSSKiller-Scans.
Habe außerdem nochmal einen aktuellen Maleware-Scan gemacht. Prompt auch ein infiziertes Objekt gefunden. Der Log ebenfalls im Anhang.
Kümmere mich jetzt entsprechend eurer Anleitung um die verschwundenen Dateien. Freue mich über weitere Hinweise!

cosinus 17.05.2011 19:42
Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Lade dir ComboFix hier herunter auf deinen Desktop. Benenne es beim Runterladen um in cofi.exe.
http://saved.im/mtm0nzyzmzd5/cofi.jpg
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Blicknix 17.05.2011 19:48
wo finde ich mögliche "Hintergrundwächter"?

Blicknix 17.05.2011 20:43
Hello again,

alles erledigt, hier das Ergebnis von combofix:

Combofix Logfile:
Code:
ComboFix 11-05-17.01 - JC Müller 17.05.2011  21:29:06.1.4 - x86
Microsoft Windows 7 Home Premium  6.1.7600.0.1252.49.1031.18.3326.2344 [GMT 2:00]
ausgeführt von:: c:\users\JC Müller\Desktop\cofi.exe
AV: AntiVir Desktop *Disabled/Outdated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Outdated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\JC Müller\AppData\Local\{A332B183-6F98-4974-A461-71D205E2F11A}
c:\users\JC Müller\AppData\Local\{A332B183-6F98-4974-A461-71D205E2F11A}\chrome.manifest
c:\users\JC Müller\AppData\Local\{A332B183-6F98-4974-A461-71D205E2F11A}\chrome\content\_cfg.js
c:\users\JC Müller\AppData\Local\{A332B183-6F98-4974-A461-71D205E2F11A}\chrome\content\overlay.xul
c:\users\JC Müller\AppData\Local\{A332B183-6F98-4974-A461-71D205E2F11A}\install.rdf
c:\users\JC Müller\AppData\Roaming\Adobe\plugs
c:\users\JC Müller\AppData\Roaming\Adobe\shed
c:\users\JC Müller\AppData\Roaming\Adobe\shed\thr1.chm
.
.
(((((((((((((((((((((((  Dateien erstellt von 2011-04-17 bis 2011-05-17  ))))))))))))))))))))))))))))))
.
.
2011-05-17 19:33 . 2011-05-17 19:33        --------        d-----w-        c:\users\JC Müller\AppData\Local\temp
2011-05-17 19:33 . 2011-05-17 19:33        --------        d-----w-        c:\users\Default\AppData\Local\temp
2011-05-17 19:33 . 2011-05-17 19:33        --------        d-----w-        c:\users\Claudia\AppData\Local\temp
2011-05-17 17:23 . 2011-04-11 07:04        7071056        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{C62613FD-DEEF-4D72-9377-AD5CC5319954}\mpengine.dll
2011-05-16 22:46 . 2011-05-16 22:46        --------        d-----w-        C:\_OTL
2011-05-16 19:38 . 2011-05-16 19:38        --------        d-----w-        c:\program files\7-Zip
2011-05-13 14:00 . 2011-05-13 14:00        --------        d-----w-        c:\users\JC Müller\AppData\Roaming\Malwarebytes
2011-05-13 14:00 . 2010-12-20 16:09        38224        ----a-w-        c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-13 14:00 . 2011-05-13 14:00        --------        d-----w-        c:\programdata\Malwarebytes
2011-05-13 14:00 . 2011-05-13 14:00        --------        d-----w-        c:\program files\Malwarebytes' Anti-Malware
2011-05-13 14:00 . 2010-12-20 16:08        20952        ----a-w-        c:\windows\system32\drivers\mbam.sys
2011-05-13 13:35 . 2011-05-16 21:47        142296        ----a-w-        c:\program files\Mozilla Firefox\components\browsercomps.dll
2011-05-13 13:35 . 2011-05-16 21:47        781272        ----a-w-        c:\program files\Mozilla Firefox\mozsqlite3.dll
2011-05-13 13:35 . 2011-05-16 21:47        89048        ----a-w-        c:\program files\Mozilla Firefox\libEGL.dll
2011-05-13 13:35 . 2011-05-16 21:47        465880        ----a-w-        c:\program files\Mozilla Firefox\libGLESv2.dll
2011-05-13 13:35 . 2011-05-16 21:47        1974616        ----a-w-        c:\program files\Mozilla Firefox\D3DCompiler_42.dll
2011-05-13 13:35 . 2011-05-16 21:47        1892184        ----a-w-        c:\program files\Mozilla Firefox\d3dx9_42.dll
2011-05-13 13:35 . 2011-05-16 21:47        1874904        ----a-w-        c:\program files\Mozilla Firefox\mozjs.dll
2011-05-13 13:35 . 2011-05-16 21:47        15832        ----a-w-        c:\program files\Mozilla Firefox\mozalloc.dll
2011-05-12 18:52 . 2011-05-12 18:52        --------        d-----w-        c:\users\JC Müller\AppData\Local\ElevatedDiagnostics
2011-05-12 18:51 . 2011-05-12 18:51        --------        d-----w-        c:\users\Claudia\AppData\Local\Diagnostics
2011-05-11 20:58 . 2011-05-11 20:58        --------        d-----w-        c:\users\JC Müller\AppData\Roaming\Avira
2011-05-11 20:44 . 2011-05-13 13:27        0        ----a-w-        c:\users\JC Müller\AppData\Local\Cmamevub.bin
2011-05-11 16:16 . 2011-03-25 03:06        258560        ----a-w-        c:\windows\system32\drivers\usbhub.sys
2011-05-11 16:16 . 2011-03-25 03:06        284160        ----a-w-        c:\windows\system32\drivers\usbport.sys
2011-05-11 16:16 . 2011-03-25 03:06        75776        ----a-w-        c:\windows\system32\drivers\usbccgp.sys
2011-05-11 16:16 . 2011-03-25 03:06        43008        ----a-w-        c:\windows\system32\drivers\usbehci.sys
2011-05-11 16:16 . 2011-03-25 03:06        20480        ----a-w-        c:\windows\system32\drivers\usbohci.sys
2011-05-11 16:16 . 2011-03-25 03:06        24064        ----a-w-        c:\windows\system32\drivers\usbuhci.sys
2011-05-11 16:16 . 2011-03-25 03:06        5888        ----a-w-        c:\windows\system32\drivers\usbd.sys
2011-05-11 16:16 . 2011-04-09 06:13        3957632        ----a-w-        c:\windows\system32\ntkrnlpa.exe
2011-05-11 16:16 . 2011-04-09 06:13        3901824        ----a-w-        c:\windows\system32\ntoskrnl.exe
2011-04-21 19:20 . 2011-04-21 19:20        --------        d-----w-        c:\program files\iTunes
2011-04-21 19:20 . 2011-04-21 19:20        --------        d-----w-        c:\program files\iPod
2011-04-21 19:18 . 2011-04-21 19:18        --------        d-----w-        c:\program files\Bonjour
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-13 13:27 . 2011-05-11 20:44        0        ----a-w-        c:\users\JC Müller\AppData\Local\Cmamevub.bin
2011-05-13 13:27 . 2011-05-11 20:44        0        ----a-w-        c:\users\JC Müller\AppData\Local\Cmamevub.bin
2011-04-06 14:20 . 2011-04-06 14:20        91424        ----a-w-        c:\windows\system32\dnssd.dll
2011-04-06 14:20 . 2011-04-06 14:20        75040        ----a-w-        c:\windows\system32\jdns_sd.dll
2011-04-06 14:20 . 2011-04-06 14:20        197920        ----a-w-        c:\windows\system32\dnssdX.dll
2011-04-06 14:20 . 2011-04-06 14:20        107808        ----a-w-        c:\windows\system32\dns-sd.exe
2011-03-27 12:53 . 2009-09-17 19:18        137656        ----a-w-        c:\windows\system32\drivers\avipbb.sys
2011-03-11 05:40 . 2011-04-16 17:13        1137664        ----a-w-        c:\windows\system32\mfc42.dll
2011-03-11 05:40 . 2011-04-16 17:13        1164288        ----a-w-        c:\windows\system32\mfc42u.dll
2011-03-08 05:38 . 2011-04-16 17:13        740864        ----a-w-        c:\windows\system32\inetcomm.dll
2011-03-03 05:29 . 2011-04-16 17:14        132608        ----a-w-        c:\windows\system32\dnsrslvr.dll
2011-03-03 05:27 . 2011-04-16 17:14        28672        ----a-w-        c:\windows\system32\dnscacheugc.exe
2011-03-03 03:31 . 2011-04-16 17:13        2331136        ----a-w-        c:\windows\system32\win32k.sys
2011-02-24 05:32 . 2011-04-16 17:13        288256        ----a-w-        c:\windows\system32\XpsGdiConverter.dll
2011-02-24 05:32 . 2011-04-16 17:14        981504        ----a-w-        c:\windows\system32\wininet.dll
2011-02-24 05:30 . 2011-04-16 17:13        44544        ----a-w-        c:\windows\system32\licmgr10.dll
2011-02-24 04:23 . 2011-04-16 17:13        386048        ----a-w-        c:\windows\system32\html.iec
2011-02-24 03:50 . 2011-04-16 17:13        1638912        ----a-w-        c:\windows\system32\mshtml.tlb
2011-02-23 05:06 . 2011-04-16 17:14        311296        ----a-w-        c:\windows\system32\drivers\srv.sys
2011-02-23 05:05 . 2011-04-16 17:14        309760        ----a-w-        c:\windows\system32\drivers\srv2.sys
2011-02-23 05:05 . 2011-04-16 17:14        113664        ----a-w-        c:\windows\system32\drivers\srvnet.sys
2011-02-23 05:05 . 2011-04-16 17:13        221696        ----a-w-        c:\windows\system32\drivers\mrxsmb10.sys
2011-02-23 05:05 . 2011-04-16 17:13        95744        ----a-w-        c:\windows\system32\drivers\mrxsmb20.sys
2011-02-23 05:05 . 2011-04-16 17:13        123392        ----a-w-        c:\windows\system32\drivers\mrxsmb.sys
2011-02-23 05:05 . 2011-04-16 17:13        69632        ----a-w-        c:\windows\system32\drivers\bowser.sys
2011-02-19 05:32 . 2011-04-16 17:14        34304        ----a-w-        c:\windows\system32\atmlib.dll
2011-02-19 03:37 . 2011-04-16 17:14        294912        ----a-w-        c:\windows\system32\atmfd.dll
2011-02-18 14:36 . 2011-02-18 14:36        41984        ----a-w-        c:\windows\system32\drivers\usbaapl.sys
2011-02-18 14:36 . 2011-02-18 14:36        4184352        ----a-w-        c:\windows\system32\usbaaplrc.dll
2011-02-18 05:36 . 2011-04-16 17:14        428032        ----a-w-        c:\windows\system32\vbscript.dll
2011-05-16 21:47 . 2011-05-13 13:35        142296        ----a-w-        c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2009-07-14 144384]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2008-12-02 6695456]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-11-07 281768]
"CLMLServer"="c:\program files\HomeCinema\Power2Go\CLMLSvc.exe" [2008-07-18 104936]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072]
"WEB.DE Update"="c:\program files\WEB.DE\LiveUpdate\m2LUTray.exe" [2009-10-30 2276744]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
"TkBellExe"="c:\program files\Real\RealPlayer\update\realsched.exe" [2010-12-13 274608]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2009-11-18 54576]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-11-11 288088]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-04-14 421160]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-12-20 963976]
.
c:\users\JC Mller\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages        REG_MULTI_SZ          kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\setup\disabledrunkeys]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-01-06 135664]
R3 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [2011-02-28 183560]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-01-06 135664]
S1 SSHDRV76;SSHDRV76;c:\windows\system32\drivers\SSHDRV76.sys [2010-02-14 53760]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 AAV UpdateService;AAV UpdateService;c:\program files\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe [2008-10-24 128296]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-08-18 176128]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2011-04-30 136360]
S3 netr28u;RT2870-USB-Drahtlos-LAN-Kartentreiber für Vista;c:\windows\system32\DRIVERS\netr28u.sys [2009-07-13 657408]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile        REG_MULTI_SZ          wcescomm rapimgr
LocalServiceRestricted        REG_MULTI_SZ          WcesComm RapiMgr
HPZ12        REG_MULTI_SZ          Pml Driver HPZ12 Net Driver HPZ12
HPService        REG_MULTI_SZ          HPSLPSVC
hpdevmgmt        REG_MULTI_SZ          hpqcxs08 hpqddsvc
.
Inhalt des "geplante Tasks" Ordners
.
2011-05-17 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-09-02 20:32]
.
2011-05-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-06 19:40]
.
2011-05-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-06 19:40]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = www.web.de
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://go.web.de/suchbox/webdesuche?su=%s
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: {{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4
FF - ProfilePath - c:\users\JC Müller\AppData\Roaming\Mozilla\Firefox\Profiles\uih78sgk.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.web.de
FF - prefs.js: keyword.URL - hxxp://wa.ui-portal.de/webde/webde/s?produkte.browser.link.searchlink&s_brand=webde&t_link=searchlink&ns_type=clickin&ns_url=hxxp://suche.web.de/search/web/?origin=searchplugin&su=
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
AddRemove-_{ADDBE07D-95B8-4789-9C76-187FFF9624B4} - c:\program files\Corel\CorelDRAW Essential Edition 3\Programs\MSILauncher {ADDBE07D-95B8-4789-9C76-187FFF9624B4}
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2011-05-17  21:34:32
ComboFix-quarantined-files.txt  2011-05-17 19:34
.
Vor Suchlauf: 15 Verzeichnis(se), 465.149.419.520 Bytes frei
Nach Suchlauf: 19 Verzeichnis(se), 465.309.143.040 Bytes frei
.
- - End Of File - - 8B204BB628443747B3F7C48FD4A48294
--- --- ---

Gruß JC

cosinus 18.05.2011 09:32
Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.


Downloade Dir danach bitte MBRCheck (by a_d_13) und speichere die Datei auf dem Desktop.
  • Doppelklick auf die MBRCheck.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Das Tool braucht nur wenige Sekunden.
  • Danach solltest du eine MBRCheck_<Datum>_<Uhrzeit>.txt auf dem Desktop finden.
Poste mir bitte den Inhalt des .txt Dokumentes

Blicknix 18.05.2011 20:15
Guten Abend,
hier das GMER Log. Hat beim zweiten Anlauf geklappt wie mir scheint.
Weiteres in wenigen Minuten.

GMER Logfile:
Code:
GMER 1.0.15.15627 - hxxp://www.gmer.net
Rootkit scan 2011-05-18 21:08:01
Windows 6.1.7600  Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD6400AACS-00G8B1 rev.05.04C05
Running: 9s730658.exe; Driver: C:\Users\JCMLLE~1\AppData\Local\Temp\kxddrfoc.sys


---- System - GMER 1.0.15 ----

SSDT            91468483                                                                                                                                            ZwLoadDriver
SSDT            91468488                                                                                                                                            ZwSetSystemInformation
SSDT            91468447                                                                                                                                            ZwTerminateProcess
SSDT            91468442                                                                                                                                            ZwWriteVirtualMemory

---- Kernel code sections - GMER 1.0.15 ----

.text          ntkrnlpa.exe!ZwSaveKeyEx + 13BD                                                                                                                    83461569 1 Byte  [06]
.text          ntkrnlpa.exe!KiDispatchInterrupt + 5A2                                                                                                              83486092 19 Bytes  [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text          ntkrnlpa.exe!RtlSidHashLookup + 45C                                                                                                                8348DA6C 4 Bytes  [83, 84, 46, 91]
.text          ntkrnlpa.exe!RtlSidHashLookup + 768                                                                                                                8348DD78 4 Bytes  [88, 84, 46, 91]
.text          ntkrnlpa.exe!RtlSidHashLookup + 7B8                                                                                                                8348DDC8 4 Bytes  [47, 84, 46, 91] {INC EDI; TEST [ESI-0x6f], AL}
.text          ntkrnlpa.exe!RtlSidHashLookup + 82C                                                                                                                8348DE3C 4 Bytes  [42, 84, 46, 91] {INC EDX; TEST [ESI-0x6f], AL}
.text          C:\Windows\system32\drivers\SSHDRV76.sys                                                                                                            section is writeable [0x841BD000, 0x16204, 0xE8000020]
.pklstb        C:\Windows\system32\drivers\SSHDRV76.sys                                                                                                            entry point in ".pklstb" section [0x841DB000]
.relo2          C:\Windows\system32\drivers\SSHDRV76.sys                                                                                                            unknown last section [0x841EB000, 0x86, 0x42000040]
.text          C:\Windows\system32\DRIVERS\atikmdag.sys                                                                                                            section is writeable [0x91E02000, 0x2D5378, 0xE8000020]

---- User code sections - GMER 1.0.15 ----

.text          C:\Program Files\Real\RealPlayer\Update\realsched.exe[3988] kernel32.dll!SetUnhandledExceptionFilter                                                76BC3162 5 Bytes  [33, C0, C2, 04, 00] {XOR EAX, EAX; RET 0x4}

---- User IAT/EAT - GMER 1.0.15 ----

IAT            C:\Program Files\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe[1728] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress]  [75DE5E25] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT            C:\Program Files\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe[1728] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress]  [75DE5E25] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT            C:\Program Files\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe[1728] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress]    [75DE5E25] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT            C:\Program Files\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe[1728] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress]    [75DE5E25] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT            C:\Program Files\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe[1728] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!GetProcAddress]  [75DE5E25] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT            C:\Program Files\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe[1728] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress]  [75DE5E25] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[2856] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc]                                                                    [74542494] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[2856] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup]                                                                [74525624] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[2856] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown]                                                              [745256E2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[2856] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree]                                                                      [7454250F] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[2856] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics]                                                            [74538573] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[2856] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage]                                                              [74534D27] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[2856] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth]                                                            [745350CE] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[2856] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight]                                                            [745351A3] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[2856] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromHBITMAP]                                                  [745366D0] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[2856] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC]                                                            [745382CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[2856] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode]                                                        [74538819] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[2856] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode]                                                      [7453907A] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[2856] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI]                                                            [7453E21D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[2856] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage]                                                                [74534C59] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice  \Driver\volmgr \Device\HarddiskVolume1                                                                                                              fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume2                                                                                                              fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume3                                                                                                              fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume4                                                                                                              fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume5                                                                                                              fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

Device          \Driver\ACPI_HAL \Device\0000004a                                                                                                                  halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

AttachedDevice  \FileSystem\fastfat \Fat                                                                                                                            fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----
--- --- ---

Blicknix 18.05.2011 20:37
und hier das osam-log und der MBRCheck:

OSAM Logfile:
Code:
Report of OSAM: Autorun Manager v5.0.11926.0
Online Solutions. Complex Protection for Information Systems
Saved at 21:32:57 on 18.05.2011

OS: Windows 7 Home Premium Edition (Build 7600), 32-bit
Default Browser: Mozilla Corporation Firefox 4.0.1

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Common]
-----( %SystemRoot%\Tasks )-----
"Google Software Updater.job" - "Google" - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
"GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe

[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"ISUSPM.cpl" - "Macrovision Corporation" - C:\Windows\system32\ISUSPM.cpl
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"QuickTime" - "Apple Inc." - C:\Program Files\QuickTime\QTSystem\QuickTime.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"avgio" (avgio) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\avgio.sys
"avgntflt" (avgntflt) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avgntflt.sys
"avipbb" (avipbb) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avipbb.sys
"catchme" (catchme) - ? - C:\Users\JCMLLE~1\AppData\Local\Temp\catchme.sys  (File not found)
"kxddrfoc" (kxddrfoc) - ? - C:\Users\JCMLLE~1\AppData\Local\Temp\kxddrfoc.sys  (Hidden registry entry, rootkit activity | File not found)
"SSHDRV76" (SSHDRV76) - ? - C:\Windows\system32\drivers\SSHDRV76.sys
"ssmdrv" (ssmdrv) - "Avira GmbH" - C:\Windows\System32\DRIVERS\ssmdrv.sys

[Explorer]
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
-----( HKLM\Software\Classes\Protocols\Filter )-----
{807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
-----( HKLM\Software\Classes\Protocols\Handler )-----
{314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
{828030A1-22C1-4009-854F-8E305202313F} "livecall" - "Microsoft Corporation" - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL
{0A9007C0-4076-11D3-8789-0000F8105754} "Microsoft Infotech Storage Protocol for IE 4.0" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll
{828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL
{03C514A3-1EFB-4856-9F99-10D7BE1653C0} "Windows Live Mail HTML Asynchronous Pluggable Protocol Handler" - "Microsoft Corporation" - C:\Program Files\Windows Live\Mail\mailcomm.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{911051fa-c21c-4246-b470-070cd8df6dc4} ".cab or .zip files" - ? -  (File not found | COM-object registry key not found)
{23170F69-40C1-278A-1000-000100020000} "7-Zip Shell Extension" - "Igor Pavlov" - C:\Program Files\7-Zip\7-zip.dll
{1b24a030-9b20-49bc-97ac-1be4426f9e59} "ActiveDirectory Folder" - ? -  (File not found | COM-object registry key not found)
{34449847-FD14-4fc8-A75A-7432F5181EFB} "ActiveDirectory Folder" - ? -  (File not found | COM-object registry key not found)
{0563DB41-F538-4B37-A92D-4659049B7766} "CLSID_WLMCMimeFilter" - "Microsoft Corporation" - C:\Program Files\Windows Live\Mail\mailcomm.dll
{0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48} "Contacts folder" - ? -  (File not found | COM-object registry key not found)
 "CorelDRAW Shell Extension Component" - ? -  (File not found | COM-object registry key not found)
{2C2577C2-63A7-40e3-9B7F-586602617ECB} "Explorer Query Band" - ? -  (File not found | COM-object registry key not found)
{FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} "IE User Assist" - ? -  (File not found | COM-object registry key not found)
{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} "iTunes" - "Apple Inc." - C:\Program Files\iTunes\iTunesMiniPlayer.dll
{00020d75-0000-0000-c000-000000000046} "lnkfile" - ? -  (File not found | COM-object registry key not found)
{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\msohevi.dll
{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C} "Microsoft Office OneNote Namespace Extension for Windows Desktop Search" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\ONFILTER.DLL
{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} "RealOne Player Context Menu Class" - "RealNetworks, Inc." - c:\program files\real\realplayer\rpshell.dll
{C8494E42-ACDD-4739-B0FB-217361E4894F} "Sam Account Folder" - ? -  (File not found | COM-object registry key not found)
{E29F9716-5C08-4FCD-955A-119FDB5A522D} "Sam Account Folder" - ? -  (File not found | COM-object registry key not found)
{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\shlext.dll
{5E2121EE-0300-11D4-8D3B-444553540000} "SimpleShlExt Class" - "Advanced Micro Devices, Inc." - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\atiacmxx.dll
{2BE99FD4-A181-4996-BFA9-58C5FFD11F6C} "Windows Live Photo Gallery Autoplay Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F30F64-AC33-42F5-8FD1-5DC2D3FDE06C} "Windows Live Photo Gallery Editor Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F3712A-CA79-45B4-9E4D-D7891E7F8B9D} "Windows Live Photo Gallery Editor Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F30F90-3E96-453B-AFCD-D71989ECC2C7} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F33137-EE26-412F-8D71-F84E4C2C6625} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F374B7-B390-4884-B372-2FC349F2172B} "Windows Live Photo Gallery Viewer Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F346CB-35A4-465B-8B8F-65A29DBAB1F6} "Windows Live Photo Gallery Viewer Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
{da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" - ? -  (File not found | COM-object registry key not found)
{E0D79304-84BE-11CE-9641-444553540000} "WinZip" - "WinZip Computing, S.L." - C:\Program Files\WinZip\wzshlstb.dll
{E0D79305-84BE-11CE-9641-444553540000} "WinZip" - "WinZip Computing, S.L." - C:\Program Files\WinZip\wzshlstb.dll
{E0D79306-84BE-11CE-9641-444553540000} "WinZip" - "WinZip Computing, S.L." - C:\Program Files\WinZip\wzshlstb.dll
{E0D79307-84BE-11CE-9641-444553540000} "WinZip" - "WinZip Computing, S.L." - C:\Program Files\WinZip\wzshlstb.dll
{06A2568A-CED6-4187-BB20-400B8C02BE5A} "{06A2568A-CED6-4187-BB20-400B8C02BE5A}" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoAcquireWizard.exe

[Internet Explorer]
-----( HKCU\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars )-----
{555D4D79-4BD2-4094-A395-CFC534424A05} "HP Smart Web Printing" - "Hewlett-Packard Co." - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
-----( HKCU\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
"eBay - Der weltweite Online-Marktplatz" - ? - eBay - eine der größten deutschen Shopping-Websites  (HTTP value)
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
<binary data> "Google Toolbar" - "Google Inc." - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
ITBar7Height "ITBar7Height" - ? -  (File not found | COM-object registry key not found)
<binary data> "ITBar7Layout" - ? -  (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_14" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} "Java Plug-in 1.6.0_14" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_14" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_14.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
{233C1507-6A77-46A4-9443-F871F945D258} "Shockwave ActiveX Control" - "Adobe Systems, Inc." - C:\Windows\system32\Adobe\Director\SwDir.dll / hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
{17492023-C23A-453E-A040-C7C580BBF700} "Windows Genuine Advantage Validation Tool" - "Microsoft Corporation" - C:\Windows\system32\LegitCheckControl.DLL / hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C} "{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}" - ? -  (File not found | COM-object registry key not found) / hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
{2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} "@C:\Windows\WindowsMobile\INetRepl.dll,-222" - "Microsoft Corporation" - C:\Windows\WindowsMobile\INetRepl.dll
{48E73304-E1D6-4330-914C-F5F514E3486C} "An OneNote senden" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
{2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} "ClsidExtension" - "Microsoft Corporation" - C:\Windows\WindowsMobile\INetRepl.dll
"eBay - Der weltweite Online-Marktplatz" - ? - eBay - eine der größten deutschen Shopping-Websites  (HTTP value)
{DDE87865-83C5-48c4-8357-2F5B1AA84522} "HP Smart Web Printing ein- oder ausblenden" - "Hewlett-Packard Co." - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
{5F7B1267-94A9-47F5-98DB-E99415F33AEC} "In Blog veröffentlichen" - "Microsoft Corporation" - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
{FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )-----
{8dcb7100-df86-4384-8842-8fa844297b3f} "Bing Bar" - "Microsoft Corporation." - C:\Program Files\Microsoft\BingBar\BingExt.dll
<binary data> "Google Toolbar" - "Google Inc." - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
{d2ce3e00-f94a-4740-988e-03dc2f38c34f} "Bing Bar Helper" - "Microsoft Corporation." - C:\Program Files\Microsoft\BingBar\BingExt.dll
{AA58ED58-01DD-4d91-8333-CF10577473F7} "Google Toolbar Helper" - "Google Inc." - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} "Google Toolbar Notifier BHO" - "Google Inc." - C:\Program Files\Google\GoogleToolbarNotifier\5.6.6209.1142\swg.dll
{0347C33E-8762-4905-BF09-768834316C61} "HP Print Enhancer" - "Hewlett-Packard Co." - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} "HP Smart BHO Class" - "Hewlett-Packard Co." - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll
{3049C3E9-B461-4BC5-8870-4C09146192CA} "RealPlayer Download and Record Plugin for Internet Explorer" - "RealPlayer" - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
{9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live ID-Anmelde-Hilfsprogramm" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
{5C255C8A-E604-49b4-9D64-90988571CECB} "{5C255C8A-E604-49b4-9D64-90988571CECB}" - ? -  (File not found | COM-object registry key not found)

[LSA Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Lsa )-----
"Security Packages" - "Microsoft Corporation" - C:\Windows\system32\livessp.dll

[Logon]
-----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE  (Shortcut exists | File exists)
"desktop.ini" - ? - C:\Users\JC Müller\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )-----
"StartupPrograms" - ? - rdpclip  (File not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"Adobe ARM" - "Adobe Systems Incorporated" - "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"Adobe Reader Speed Launcher" - "Adobe Systems Incorporated" - "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"AppleSyncNotifier" - "Apple Inc." - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
"avgnt" - "Avira GmbH" - "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
"CLMLServer" - "CyberLink" - "C:\Program Files\HomeCinema\Power2Go\CLMLSvc.exe"
"HP Software Update" - "Hewlett-Packard" - C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
"iTunesHelper" - "Apple Inc." - "C:\Program Files\iTunes\iTunesHelper.exe"
"Malwarebytes' Anti-Malware (reboot)" - "Malwarebytes Corporation" - "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
"Microsoft Default Manager" - "Microsoft Corporation" - "C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
"QuickTime Task" - "Apple Inc." - "C:\Program Files\QuickTime\QTTask.exe" -atboottime
"TkBellExe" - "RealNetworks, Inc." - "C:\Program Files\Real\RealPlayer\update\realsched.exe"  -osboot
"WEB.DE Update" - "mquadr.at software engineering und consulting GmbH" - C:\Program Files\WEB.DE\LiveUpdate\m2LUTray.exe

[Print Monitors]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----
"BJ Language Monitor3_2" - "CANON INC." - C:\Windows\system32\CNBLM3_2.DLL
"Microsoft Document Imaging Writer Monitor" - "Microsoft Corporation" - C:\Windows\system32\mdimon.dll
"Send To Microsoft OneNote Monitor" - "Microsoft Corporation" - C:\Windows\system32\msonpmon.dll

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"AAV UpdateService" (AAV UpdateService) - ? - C:\Program Files\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe
"Apple Mobile Device" (Apple Mobile Device) - "Apple Inc." - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
"Avira AntiVir Guard" (AntiVirService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
"Avira AntiVir MailGuard" (AntiVirMailService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\avmailc.exe
"Avira AntiVir Planer" (AntiVirSchedulerService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\sched.exe
"Avira AntiVir WebGuard" (AntiVirWebService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
"Bing Bar Update Service" (BBSvc) - "Microsoft Corporation." - C:\Program Files\Microsoft\BingBar\BBSvc.EXE
"Dienst "Bonjour"" (Bonjour Service) - "Apple Inc." - C:\Program Files\Bonjour\mDNSResponder.exe
"Google Software Updater" (gusvc) - "Google" - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
"Google Update Service (gupdate)" (gupdate) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"Google Update-Dienst (gupdatem)" (gupdatem) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"HP CUE DeviceDiscovery Service" (hpqddsvc) - "Hewlett-Packard Co." - C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
"HP Network Devices Support" (HPSLPSVC) - "Hewlett-Packard Co." - C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL
"hpqcxs08" (hpqcxs08) - "Hewlett-Packard Co." - C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
"iPod-Dienst" (iPod Service) - "Apple Inc." - C:\Program Files\iPod\bin\iPodService.exe
"Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
"Microsoft Office Diagnostics Service" (odserv) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
"Net Driver HPZ12" (Net Driver HPZ12) - "Hewlett-Packard" - C:\Windows\system32\HPZinw12.dll
"Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
"Pml Driver HPZ12" (Pml Driver HPZ12) - "Hewlett-Packard" - C:\Windows\system32\HPZipm12.dll
"ProtexisLicensing" (ProtexisLicensing) - ? - C:\Windows\system32\PSIService.exe
"SeaPort" (SeaPort) - "Microsoft Corporation" - C:\Program Files\Microsoft\BingBar\SeaPort.EXE
"Windows Live ID Sign-in Assistant" (wlidsvc) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

[Winsock Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )-----
"mdnsNSP" - "Apple Inc." - C:\Program Files\Bonjour\mdnsNSP.dll
"WindowsLive Local NSP" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL
"WindowsLive NSP" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL
-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries )-----
"AVSDA" - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\avsda.dll

===[ Logfile end ]=========================================[ Logfile end ]===
--- --- ---
If You have questions or want to get some help, You can visit Online Solutions :: Index

Hier der MBRCheck:

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows 7 Home Premium Edition
Windows Information: (build 7600), 32-bit
Base Board Manufacturer: MEDIONPC
BIOS Manufacturer: American Megatrends Inc.
System Manufacturer: MEDIONPC
System Product Name: MS-7501
Logical Drives Mask: 0x000000fc

Kernel Drivers (total 155):
0x8341E000 \SystemRoot\system32\ntkrnlpa.exe
0x8382E000 \SystemRoot\system32\halmacpi.dll
0x80BB7000 \SystemRoot\system32\kdcom.dll
0x83A39000 \SystemRoot\system32\mcupdate_AuthenticAMD.dll
0x83A44000 \SystemRoot\system32\PSHED.dll
0x83A55000 \SystemRoot\system32\BOOTVID.dll
0x83A5D000 \SystemRoot\system32\CLFS.SYS
0x83A9F000 \SystemRoot\system32\CI.dll
0x83B4A000 \SystemRoot\system32\drivers\Wdf01000.sys
0x83BBB000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x84013000 \SystemRoot\system32\DRIVERS\ACPI.sys
0x8405B000 \SystemRoot\system32\DRIVERS\WMILIB.SYS
0x84064000 \SystemRoot\system32\DRIVERS\msisadrv.sys
0x8406C000 \SystemRoot\system32\DRIVERS\pci.sys
0x84096000 \SystemRoot\system32\DRIVERS\vdrvroot.sys
0x840A1000 \SystemRoot\System32\drivers\partmgr.sys
0x840B2000 \SystemRoot\system32\DRIVERS\volmgr.sys
0x840C2000 \SystemRoot\System32\drivers\volmgrx.sys
0x8410D000 \SystemRoot\system32\DRIVERS\amdide.sys
0x84114000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
0x84122000 \SystemRoot\System32\drivers\mountmgr.sys
0x84138000 \SystemRoot\system32\DRIVERS\atapi.sys
0x84141000 \SystemRoot\system32\DRIVERS\ataport.SYS
0x84164000 \SystemRoot\system32\DRIVERS\msahci.sys
0x8416E000 \SystemRoot\system32\drivers\amdxata.sys
0x84177000 \SystemRoot\system32\drivers\fltmgr.sys
0x841AB000 \SystemRoot\system32\drivers\fileinfo.sys
0x8420C000 \SystemRoot\System32\Drivers\Ntfs.sys
0x8433B000 \SystemRoot\System32\Drivers\msrpc.sys
0x84366000 \SystemRoot\System32\Drivers\ksecdd.sys
0x84379000 \SystemRoot\System32\Drivers\cng.sys
0x843D6000 \SystemRoot\System32\drivers\pcw.sys
0x843E4000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x8C401000 \SystemRoot\system32\drivers\ndis.sys
0x8C4B8000 \SystemRoot\system32\drivers\NETIO.SYS
0x8C4F6000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x8C616000 \SystemRoot\System32\drivers\tcpip.sys
0x8C75F000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x8C790000 \SystemRoot\system32\DRIVERS\volsnap.sys
0x8C7CF000 \SystemRoot\System32\Drivers\spldr.sys
0x8C51B000 \SystemRoot\System32\drivers\rdyboost.sys
0x8C7D7000 \SystemRoot\System32\Drivers\mup.sys
0x8C7E7000 \SystemRoot\System32\drivers\hwpolicy.sys
0x8C548000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x8C7EF000 \SystemRoot\system32\DRIVERS\disk.sys
0x8C57A000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
0x8C600000 \SystemRoot\system32\DRIVERS\AtiPcie.sys
0x8C5C5000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x841BC000 \??\C:\Windows\system32\drivers\SSHDRV76.sys
0x8C5E4000 \SystemRoot\System32\Drivers\Null.SYS
0x8C5EB000 \SystemRoot\System32\Drivers\Beep.SYS
0x8C5F2000 \SystemRoot\System32\drivers\vga.sys
0x83BC9000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x843ED000 \SystemRoot\System32\drivers\watchdog.sys
0x84200000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x841EC000 \SystemRoot\system32\drivers\rdpencdd.sys
0x841F4000 \SystemRoot\system32\drivers\rdprefmp.sys
0x84000000 \SystemRoot\System32\Drivers\Msfs.SYS
0x83BEA000 \SystemRoot\System32\Drivers\Npfs.SYS
0x83A00000 \SystemRoot\system32\DRIVERS\tdx.sys
0x83A17000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x90E2B000 \SystemRoot\system32\drivers\afd.sys
0x90E85000 \SystemRoot\System32\DRIVERS\netbt.sys
0x90EB7000 \SystemRoot\system32\drivers\ws2ifsl.sys
0x90EC0000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x90EC7000 \SystemRoot\system32\DRIVERS\pacer.sys
0x90EE6000 \SystemRoot\system32\DRIVERS\vwififlt.sys
0x90EF7000 \SystemRoot\system32\DRIVERS\netbios.sys
0x90F05000 \SystemRoot\system32\DRIVERS\serial.sys
0x90F1F000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x90F32000 \SystemRoot\system32\DRIVERS\termdd.sys
0x90F42000 \SystemRoot\system32\DRIVERS\ssmdrv.sys
0x90F48000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x90F89000 \SystemRoot\system32\drivers\nsiproxy.sys
0x90F93000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x90F9D000 \SystemRoot\System32\drivers\discache.sys
0x90FA9000 \SystemRoot\System32\Drivers\dfsc.sys
0x90FC1000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x90FCF000 \SystemRoot\system32\DRIVERS\avipbb.sys
0x90FF5000 \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys
0x90E00000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x83A22000 \SystemRoot\system32\DRIVERS\amdppm.sys
0x91E01000 \SystemRoot\system32\DRIVERS\atikmdag.sys
0x92316000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x91A3C000 \SystemRoot\System32\drivers\dxgmms1.sys
0x91A75000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x91A94000 \SystemRoot\system32\DRIVERS\Rtlh86.sys
0x91AB5000 \SystemRoot\system32\DRIVERS\1394ohci.sys
0x91AE1000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0x91AE7000 \SystemRoot\system32\DRIVERS\usbohci.sys
0x91AF1000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x91B3C000 \SystemRoot\System32\Drivers\fastfat.SYS
0x91B66000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x91B75000 \SystemRoot\system32\DRIVERS\serenum.sys
0x91B7F000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x91B97000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x91BA4000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
0x91BB1000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x91BC3000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x91BDB000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x91A00000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x91A22000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x91BE6000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x923CD000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x923E4000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x91BFD000 \SystemRoot\system32\DRIVERS\swenum.sys
0x97A22000 \SystemRoot\system32\DRIVERS\ks.sys
0x97A56000 \SystemRoot\system32\DRIVERS\umbus.sys
0x97A64000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x97AA8000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x97AB9000 \SystemRoot\system32\drivers\RtHDMIV.sys
0x97ADE000 \SystemRoot\system32\drivers\portcls.sys
0x97B0D000 \SystemRoot\system32\drivers\drmk.sys
0x9803E000 \SystemRoot\system32\drivers\RTKVHDA.sys
0x98261000 \SystemRoot\System32\Drivers\crashdmp.sys
0x9826E000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x98279000 \SystemRoot\System32\Drivers\dump_msahci.sys
0x98283000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x98294000 \SystemRoot\system32\drivers\USBSTOR.SYS
0x982AB000 \SystemRoot\system32\drivers\USBD.SYS
0x820B0000 \SystemRoot\System32\win32k.sys
0x982AD000 \SystemRoot\System32\drivers\Dxapi.sys
0x982B7000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x982C2000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x982D5000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x982DC000 \SystemRoot\system32\DRIVERS\netr28u.sys
0x98385000 \SystemRoot\system32\DRIVERS\vwifibus.sys
0x9838F000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x9839A000 \SystemRoot\system32\DRIVERS\monitor.sys
0x82310000 \SystemRoot\System32\TSDDD.dll
0x82340000 \SystemRoot\System32\cdd.dll
0x983A5000 \SystemRoot\system32\drivers\luafv.sys
0x983C0000 \SystemRoot\system32\DRIVERS\avgntflt.sys
0x983D5000 \SystemRoot\system32\drivers\WudfPf.sys
0x983EF000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x97B26000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x98000000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x98010000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x97B6C000 \SystemRoot\system32\drivers\HTTP.sys
0x98023000 \SystemRoot\system32\DRIVERS\bowser.sys
0x97A00000 \SystemRoot\System32\drivers\mpsdrv.sys
0x8C59F000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x9EE0B000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x9EE46000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x9EE79000 \SystemRoot\system32\drivers\peauth.sys
0x9EF10000 \SystemRoot\System32\Drivers\secdrv.SYS
0x9EF1A000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x9EF3B000 \SystemRoot\System32\drivers\tcpipreg.sys
0x9EF48000 \SystemRoot\System32\DRIVERS\srv2.sys
0x9EF97000 \SystemRoot\System32\DRIVERS\srv.sys
0xA5492000 \??\C:\Users\JCMLLE~1\AppData\Local\Temp\kxddrfoc.sys
0x77D40000 \Windows\System32\ntdll.dll
0x48060000 \Windows\System32\smss.exe
0x77F80000 \Windows\System32\apisetschema.dll
0x00B50000 \Windows\System32\autochk.exe

Processes (total 73):
0 System Idle Process
4 System
284 C:\Windows\System32\smss.exe
420 csrss.exe
500 C:\Windows\System32\wininit.exe
512 csrss.exe
552 C:\Windows\System32\services.exe
588 C:\Windows\System32\lsass.exe
596 C:\Windows\System32\lsm.exe
620 C:\Windows\System32\winlogon.exe
744 C:\Windows\System32\svchost.exe
860 C:\Windows\System32\svchost.exe
928 C:\Windows\System32\atiesrxx.exe
992 C:\Windows\System32\svchost.exe
1024 C:\Windows\System32\svchost.exe
1056 C:\Windows\System32\svchost.exe
1212 C:\Windows\System32\svchost.exe
1300 C:\Windows\System32\svchost.exe
1556 C:\Windows\System32\spoolsv.exe
1592 C:\Program Files\Avira\AntiVir Desktop\sched.exe
1612 C:\Windows\System32\svchost.exe
1728 C:\Program Files\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe
1752 C:\Program Files\Avira\AntiVir Desktop\avguard.exe
1780 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
1792 C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
1800 C:\Windows\System32\conhost.exe
1828 C:\Windows\System32\atieclxx.exe
1856 C:\Program Files\Bonjour\mDNSResponder.exe
1900 C:\Windows\System32\svchost.exe
1928 C:\Windows\System32\svchost.exe
1956 C:\Windows\System32\svchost.exe
312 C:\Windows\System32\svchost.exe
428 C:\Windows\System32\PSIService.exe
424 C:\Program Files\Microsoft\BingBar\SeaPort.EXE
760 C:\Windows\System32\svchost.exe
1344 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
2396 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
2624 C:\Windows\System32\taskhost.exe
2640 C:\Windows\System32\dwm.exe
2856 C:\Windows\explorer.exe
3116 C:\Program Files\Avira\AntiVir Desktop\avmailc.exe
3136 C:\Program Files\Avira\AntiVir Desktop\avwebgrd.exe
3316 C:\Windows\System32\SearchIndexer.exe
3416 C:\Windows\System32\svchost.exe
3716 C:\Windows\System32\svchost.exe
2552 C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
2824 C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
2836 C:\Program Files\HomeCinema\Power2Go\CLMLSvc.exe
2796 C:\Windows\WindowsMobile\wmdc.exe
3324 C:\Program Files\Web.de\LiveUpdate\m2LUTray.exe
2940 C:\Windows\System32\svchost.exe
3988 C:\Program Files\Real\RealPlayer\Update\realsched.exe
4000 C:\Program Files\QuickTime\QTTask.exe
2276 C:\Program Files\HP\HP Software Update\hpwuschd2.exe
3384 C:\Program Files\iTunes\iTunesHelper.exe
3956 C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
1092 C:\Program Files\iPod\bin\iPodService.exe
4180 C:\Program Files\Windows Media Player\wmpnetwk.exe
4472 C:\Windows\System32\svchost.exe
5612 dllhost.exe
2416 C:\Windows\System32\svchost.exe
1272 C:\Windows\System32\svchost.exe
1868 C:\Users\JC Müller\Desktop\9s730658.exe
4348 C:\Program Files\Mozilla Firefox\firefox.exe
5336 C:\Program Files\7-Zip\7zFM.exe
1452 C:\Users\JC Müller\AppData\Local\temp\osam_autorun_manager_5_0_portable-3\osam.exe
3684 C:\Windows\System32\notepad.exe
1080 C:\Windows\System32\SearchProtocolHost.exe
3464 C:\Windows\System32\SearchFilterHost.exe
3792 C:\Windows\System32\audiodg.exe
5748 C:\Users\JC Müller\Desktop\MBRCheck.exe
3428 C:\Windows\System32\conhost.exe
1888 C:\Windows\System32\dllhost.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00100000 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000090`0ac89c00 (FAT32)

PhysicalDrive0 Model Number: WDCWD6400AACS-00G8B1, Rev: 05.04C05

Size Device Name MBR Status
--------------------------------------------
596 GB \\.\PhysicalDrive0 Windows 7 MBR code detected
SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79


Done!


Mann ist das spannend!?!
Gruß JC

cosinus 18.05.2011 20:45
Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SASW und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!


Alle Zeitangaben in WEZ +1. Es ist jetzt 09:29 Uhr.
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131