Trojaner-Board - Firefox4 öffnet immer Popups egal auf welche Seiten ich surfe

Trojaner-Board (https://www.trojaner-board.de/)

- Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)

- - Firefox4 öffnet immer Popups egal auf welche Seiten ich surfe (https://www.trojaner-board.de/100998-firefox4-oeffnet-immer-popups-egal-welche-seiten-surfe.html)

Ich habe nun alles mit Tdsskiller gescannt und ein Objekt gedunden:

Zitat:

2011/07/04 22:32:35.0760 5268 TDSS rootkit removing tool 2.5.9.0 Jul 1 2011 18:45:21
2011/07/04 22:32:35.0775 5268 ================================================================================
2011/07/04 22:32:35.0775 5268 SystemInfo:
2011/07/04 22:32:35.0775 5268
2011/07/04 22:32:35.0775 5268 OS Version: 6.0.6001 ServicePack: 1.0
2011/07/04 22:32:35.0776 5268 Product type: Workstation
2011/07/04 22:32:35.0776 5268 ComputerName: ***
2011/07/04 22:32:35.0776 5268 UserName: ***
2011/07/04 22:32:35.0776 5268 Windows directory: C:\Windows
2011/07/04 22:32:35.0776 5268 System windows directory: C:\Windows
2011/07/04 22:32:35.0776 5268 Processor architecture: Intel x86
2011/07/04 22:32:35.0777 5268 Number of processors: 2
2011/07/04 22:32:35.0777 5268 Page size: 0x1000
2011/07/04 22:32:35.0777 5268 Boot type: Normal boot
2011/07/04 22:32:35.0777 5268 ================================================================================
2011/07/04 22:32:37.0190 5268 Initialize success
2011/07/04 22:32:40.0133 4868 ================================================================================
2011/07/04 22:32:40.0133 4868 Scan started
2011/07/04 22:32:40.0133 4868 Mode: Manual;
2011/07/04 22:32:40.0133 4868 ================================================================================
2011/07/04 22:32:41.0321 4868 Accelerometer (3b10711ad8656c097e0d16a41b29c54c) C:\Windows\system32\DRIVERS\Accelerometer.sys
2011/07/04 22:32:41.0366 4868 ACPI (fcb8c7210f0135e24c6580f7f649c73c) C:\Windows\system32\drivers\acpi.sys
2011/07/04 22:32:41.0451 4868 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
2011/07/04 22:32:41.0481 4868 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
2011/07/04 22:32:41.0495 4868 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
2011/07/04 22:32:41.0511 4868 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
2011/07/04 22:32:41.0663 4868 AFD (763e172a55177e478cb419f88fd0ba03) C:\Windows\system32\drivers\afd.sys
2011/07/04 22:32:41.0719 4868 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
2011/07/04 22:32:41.0788 4868 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
2011/07/04 22:32:41.0814 4868 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
2011/07/04 22:32:41.0882 4868 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
2011/07/04 22:32:41.0906 4868 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
2011/07/04 22:32:41.0968 4868 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
2011/07/04 22:32:41.0997 4868 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\DRIVERS\amdk8.sys
2011/07/04 22:32:42.0113 4868 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
2011/07/04 22:32:42.0145 4868 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
2011/07/04 22:32:42.0258 4868 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/07/04 22:32:42.0278 4868 atapi (0d83c87a801a3dfcd1bf73893fe7518c) C:\Windows\system32\drivers\atapi.sys
2011/07/04 22:32:42.0390 4868 AVerAF15 (69a7ce53ffa89e0116faf5369384bbe5) C:\Windows\system32\Drivers\AVerAF15.sys
2011/07/04 22:32:42.0460 4868 avgio (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Program Files\Avira\AntiVir Desktop\avgio.sys
2011/07/04 22:32:42.0529 4868 avgntflt (1e4114685de1ffa9675e09c6a1fb3f4b) C:\Windows\system32\DRIVERS\avgntflt.sys
2011/07/04 22:32:42.0549 4868 avipbb (0f78d3dae6dedd99ae54c9491c62adf2) C:\Windows\system32\DRIVERS\avipbb.sys
2011/07/04 22:32:42.0674 4868 BCM43XV (cf6a67c90951e3e763d2135dede44b85) C:\Windows\system32\DRIVERS\bcmwl6.sys
2011/07/04 22:32:42.0766 4868 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
2011/07/04 22:32:42.0800 4868 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
2011/07/04 22:32:42.0867 4868 bowser (74b442b2be1260b7588c136177ceac66) C:\Windows\system32\DRIVERS\bowser.sys
2011/07/04 22:32:42.0950 4868 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
2011/07/04 22:32:42.0988 4868 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
2011/07/04 22:32:43.0036 4868 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
2011/07/04 22:32:43.0062 4868 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
2011/07/04 22:32:43.0126 4868 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
2011/07/04 22:32:43.0150 4868 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
2011/07/04 22:32:43.0213 4868 BthEnum (da7b195275bda7f8fcf79b40e0f45dde) C:\Windows\system32\DRIVERS\BthEnum.sys
2011/07/04 22:32:43.0309 4868 BTHMODEM (5ffa6988ff9597986ff2ada736cc90c0) C:\Windows\system32\DRIVERS\bthmodem.sys
2011/07/04 22:32:43.0367 4868 BthPan (5904efa25f829bf84ea6fb045134a1d8) C:\Windows\system32\DRIVERS\bthpan.sys
2011/07/04 22:32:43.0415 4868 BTHPORT (73d53f8e90550ba81e2cf44a0873b410) C:\Windows\system32\Drivers\BTHport.sys
2011/07/04 22:32:43.0467 4868 BTHUSB (32045a4bb143bbc5bab1298c4e9e309a) C:\Windows\system32\Drivers\BTHUSB.sys
2011/07/04 22:32:43.0540 4868 btwaudio (99aeea7cefdfc6e4151a8f620d682088) C:\Windows\system32\drivers\btwaudio.sys
2011/07/04 22:32:43.0618 4868 btwavdt (195872e48a7fb01f8bc9b800f70f4054) C:\Windows\system32\drivers\btwavdt.sys
2011/07/04 22:32:43.0683 4868 btwrchid (0724e7d6c9b6a289eddda33fa8176e80) C:\Windows\system32\DRIVERS\btwrchid.sys
2011/07/04 22:32:43.0758 4868 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/07/04 22:32:43.0801 4868 cdrom (1ec25cea0de6ac4718bf89f9e1778b57) C:\Windows\system32\DRIVERS\cdrom.sys
2011/07/04 22:32:43.0860 4868 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\DRIVERS\circlass.sys
2011/07/04 22:32:43.0890 4868 CLFS (465745561c832b29f7c48b488aab3842) C:\Windows\system32\CLFS.sys
2011/07/04 22:32:43.0970 4868 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/07/04 22:32:44.0010 4868 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
2011/07/04 22:32:44.0037 4868 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
2011/07/04 22:32:44.0094 4868 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
2011/07/04 22:32:44.0125 4868 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
2011/07/04 22:32:44.0292 4868 DfsC (9e635ae5e8ad93e2b5989e2e23679f97) C:\Windows\system32\Drivers\dfsc.sys
2011/07/04 22:32:44.0383 4868 disk (64109e623abd6955c8fb110b592e68b7) C:\Windows\system32\drivers\disk.sys
2011/07/04 22:32:44.0443 4868 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
2011/07/04 22:32:44.0516 4868 DXGKrnl (85f33880b8cfb554bd3d9ccdb486845a) C:\Windows\System32\drivers\dxgkrnl.sys
2011/07/04 22:32:44.0608 4868 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
2011/07/04 22:32:44.0680 4868 Ecache (dd2cd259d83d8b72c02c5f2331ff9d68) C:\Windows\system32\drivers\ecache.sys
2011/07/04 22:32:44.0768 4868 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
2011/07/04 22:32:44.0838 4868 enecir (4cd6b056c5fd9e97c06fe74c81479517) C:\Windows\system32\DRIVERS\enecir.sys
2011/07/04 22:32:44.0951 4868 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
2011/07/04 22:32:45.0022 4868 exfat (0d858eb20589a34efb25695acaa6aa2d) C:\Windows\system32\drivers\exfat.sys
2011/07/04 22:32:45.0093 4868 fastfat (3c489390c2e2064563727752af8eab9e) C:\Windows\system32\drivers\fastfat.sys
2011/07/04 22:32:45.0148 4868 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
2011/07/04 22:32:45.0173 4868 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
2011/07/04 22:32:45.0242 4868 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
2011/07/04 22:32:45.0281 4868 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/07/04 22:32:45.0301 4868 FltMgr (05ea53afe985443011e36dab07343b46) C:\Windows\system32\drivers\fltmgr.sys
2011/07/04 22:32:45.0369 4868 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
2011/07/04 22:32:45.0396 4868 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
2011/07/04 22:32:45.0547 4868 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
2011/07/04 22:32:45.0571 4868 HDAudBus (c87b1ee051c0464491c1a7b03fa0bc99) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/07/04 22:32:46.0021 4868 HH9Help.sys (14c5a90d09e2ce3e66f2f9bb223242a0) C:\Windows\system32\drivers\HH9Help.sys
2011/07/04 22:32:46.0104 4868 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
2011/07/04 22:32:46.0140 4868 HidIr (d8df3722d5e961baa1292aa2f12827e2) C:\Windows\system32\DRIVERS\hidir.sys
2011/07/04 22:32:46.0227 4868 HidUsb (854ca287ab7faf949617a788306d967e) C:\Windows\system32\DRIVERS\hidusb.sys
2011/07/04 22:32:46.0262 4868 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
2011/07/04 22:32:46.0317 4868 hpdskflt (24f3f496c18efc234777723a67a85f81) C:\Windows\system32\DRIVERS\hpdskflt.sys
2011/07/04 22:32:46.0388 4868 HpqKbFiltr (35956140e686d53bf676cf0c778880fc) C:\Windows\system32\DRIVERS\HpqKbFiltr.sys
2011/07/04 22:32:46.0409 4868 HpqRemHid (115c0933b3ed51dfbec4449348c8065b) C:\Windows\system32\DRIVERS\HpqRemHid.sys
2011/07/04 22:32:46.0497 4868 HSFHWAZL (46d67209550973257601a533e2ac5785) C:\Windows\system32\DRIVERS\VSTAZL3.SYS
2011/07/04 22:32:46.0567 4868 HSF_DPV (ec36f1d542ed4252390d446bf6d4dfd0) C:\Windows\system32\DRIVERS\VSTDPV3.SYS
2011/07/04 22:32:46.0654 4868 HTTP (96e241624c71211a79c84f50a8e71cab) C:\Windows\system32\drivers\HTTP.sys
2011/07/04 22:32:46.0718 4868 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
2011/07/04 22:32:46.0774 4868 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/07/04 22:32:46.0856 4868 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
2011/07/04 22:32:46.0890 4868 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
2011/07/04 22:32:46.0993 4868 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
2011/07/04 22:32:47.0014 4868 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
2011/07/04 22:32:47.0115 4868 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/07/04 22:32:47.0155 4868 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
2011/07/04 22:32:47.0178 4868 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
2011/07/04 22:32:47.0265 4868 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
2011/07/04 22:32:47.0294 4868 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
2011/07/04 22:32:47.0317 4868 iScsiPrt (f247eec28317f6c739c16de420097301) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/07/04 22:32:47.0357 4868 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
2011/07/04 22:32:47.0407 4868 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
2011/07/04 22:32:47.0490 4868 ivusb (b14577cd7495f55996b17ab2938252cb) C:\Windows\system32\DRIVERS\ivusb.sys
2011/07/04 22:32:47.0599 4868 JMCR (dedb6cc1b166928a8f3f68def1766db0) C:\Windows\system32\DRIVERS\jmcr.sys
2011/07/04 22:32:47.0624 4868 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/07/04 22:32:47.0645 4868 kbdhid (18247836959ba67e3511b62846b9c2e0) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/07/04 22:32:47.0756 4868 KSecDD (7a0cf7908b6824d6a2a1d313e5ae3dca) C:\Windows\system32\Drivers\ksecdd.sys
2011/07/04 22:32:47.0876 4868 Lavasoft Kernexplorer (6c4a3804510ad8e0f0c07b5be3d44ddb) C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys
2011/07/04 22:32:47.0988 4868 Lbd (336abe8721cbc3110f1c6426da633417) C:\Windows\system32\DRIVERS\Lbd.sys
2011/07/04 22:32:48.0029 4868 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
2011/07/04 22:32:48.0070 4868 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
2011/07/04 22:32:48.0130 4868 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
2011/07/04 22:32:48.0158 4868 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
2011/07/04 22:32:48.0180 4868 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
2011/07/04 22:32:48.0204 4868 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
2011/07/04 22:32:48.0302 4868 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
2011/07/04 22:32:48.0334 4868 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
2011/07/04 22:32:48.0359 4868 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
2011/07/04 22:32:48.0428 4868 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
2011/07/04 22:32:48.0456 4868 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
2011/07/04 22:32:48.0481 4868 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
2011/07/04 22:32:48.0553 4868 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
2011/07/04 22:32:48.0584 4868 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
2011/07/04 22:32:48.0628 4868 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
2011/07/04 22:32:48.0649 4868 MRxDAV (ae3de84536b6799d2267443cec8edbb9) C:\Windows\system32\drivers\mrxdav.sys
2011/07/04 22:32:48.0745 4868 mrxsmb (7afc42e60432fd1014f5342f2b1b1f74) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/07/04 22:32:48.0776 4868 mrxsmb10 (8a75752ae17924f65452746674b14b78) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/07/04 22:32:48.0816 4868 mrxsmb20 (f4d0f3252e651f02be64984ffa738394) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/07/04 22:32:48.0930 4868 msahci (f70590424eefbf5c27a40c67afdb8383) C:\Windows\system32\drivers\msahci.sys
2011/07/04 22:32:48.0962 4868 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
2011/07/04 22:32:48.0983 4868 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
2011/07/04 22:32:49.0071 4868 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
2011/07/04 22:32:49.0120 4868 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
2011/07/04 22:32:49.0208 4868 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/07/04 22:32:49.0234 4868 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
2011/07/04 22:32:49.0263 4868 MsRPC (b5614aecb05a9340aa0fb55bf561cc63) C:\Windows\system32\drivers\MsRPC.sys
2011/07/04 22:32:49.0344 4868 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/07/04 22:32:49.0386 4868 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
2011/07/04 22:32:49.0404 4868 Mup (6dfd1d322de55b0b7db7d21b90bec49c) C:\Windows\system32\Drivers\mup.sys
2011/07/04 22:32:49.0510 4868 NativeWifiP (3c21ce48ff529bb73dadb98770b54025) C:\Windows\system32\DRIVERS\nwifi.sys
2011/07/04 22:32:49.0578 4868 NDIS (9bdc71790fa08f0a0b5f10462b1bd0b1) C:\Windows\system32\drivers\ndis.sys
2011/07/04 22:32:49.0636 4868 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/07/04 22:32:49.0660 4868 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/07/04 22:32:49.0716 4868 NdisWan (3d14c3b3496f88890d431e8aa022a411) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/07/04 22:32:49.0751 4868 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
2011/07/04 22:32:49.0802 4868 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
2011/07/04 22:32:49.0843 4868 netbt (7c5fee5b1c5728507cd96fb4a13e7a02) C:\Windows\system32\DRIVERS\netbt.sys
2011/07/04 22:32:50.0026 4868 NETw5v32 (e559ea9138c77b5d1fda8c558764a25f) C:\Windows\system32\DRIVERS\NETw5v32.sys
2011/07/04 22:32:50.0105 4868 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
2011/07/04 22:32:50.0195 4868 NPF (b9730495e0cf674680121e34bd95a73b) C:\Windows\system32\drivers\npf.sys
2011/07/04 22:32:50.0265 4868 Npfs (ecb5003f484f9ed6c608d6d6c7886cbb) C:\Windows\system32\drivers\Npfs.sys
2011/07/04 22:32:50.0283 4868 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
2011/07/04 22:32:50.0328 4868 Ntfs (b4effe29eb4f15538fd8a9681108492d) C:\Windows\system32\drivers\Ntfs.sys
2011/07/04 22:32:50.0410 4868 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
2011/07/04 22:32:50.0432 4868 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
2011/07/04 22:32:50.0505 4868 NVENETFD (1657f3fbd9061526c14ff37e79306f98) C:\Windows\system32\DRIVERS\nvm60x32.sys
2011/07/04 22:32:50.0597 4868 NVHDA (f972dc046c374a9e02f2dfbe74ebb203) C:\Windows\system32\drivers\nvhda32v.sys
2011/07/04 22:32:50.0797 4868 nvlddmkm (6c1c07916a4fed3e26bf399f07370986) C:\Windows\system32\DRIVERS\nvlddmkm.sys
2011/07/04 22:32:50.0894 4868 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
2011/07/04 22:32:50.0913 4868 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
2011/07/04 22:32:50.0942 4868 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
2011/07/04 22:32:51.0221 4868 ohci1394 (790e27c3db53410b40ff9ef2fd10a1d9) C:\Windows\system32\DRIVERS\ohci1394.sys
2011/07/04 22:32:51.0304 4868 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
2011/07/04 22:32:51.0333 4868 partmgr (3b38467e7c3daed009dfe359e17f139f) C:\Windows\system32\drivers\partmgr.sys
2011/07/04 22:32:51.0374 4868 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
2011/07/04 22:32:51.0409 4868 pci (01b94418deb235dff777cc80076354b4) C:\Windows\system32\drivers\pci.sys
2011/07/04 22:32:51.0495 4868 pciide (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys
2011/07/04 22:32:51.0528 4868 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
2011/07/04 22:32:51.0635 4868 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
2011/07/04 22:32:51.0760 4868 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
2011/07/04 22:32:51.0784 4868 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
2011/07/04 22:32:51.0854 4868 PSched (bfef604508a0ed1eae2a73e872555ffb) C:\Windows\system32\DRIVERS\pacer.sys
2011/07/04 22:32:51.0962 4868 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
2011/07/04 22:32:51.0981 4868 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
2011/07/04 22:32:52.0077 4868 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
2011/07/04 22:32:52.0094 4868 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
2011/07/04 22:32:52.0118 4868 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/07/04 22:32:52.0142 4868 RasPppoe (3e9d9b048107b40d87b97df2e48e0744) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/07/04 22:32:52.0216 4868 RasSstp (a7d141684e9500ac928a772ed8e6b671) C:\Windows\system32\DRIVERS\rassstp.sys
2011/07/04 22:32:52.0246 4868 rdbss (6e1c5d0457622f9ee35f683110e93d14) C:\Windows\system32\DRIVERS\rdbss.sys
2011/07/04 22:32:52.0267 4868 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/07/04 22:32:52.0302 4868 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
2011/07/04 22:32:52.0365 4868 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
2011/07/04 22:32:52.0402 4868 RDPWD (e1c18f4097a5abcec941dc4b2f99db7e) C:\Windows\system32\drivers\RDPWD.sys
2011/07/04 22:32:52.0442 4868 RFCOMM (34cc78c06587718c2ad6d3aa83b1f072) C:\Windows\system32\DRIVERS\rfcomm.sys
2011/07/04 22:32:52.0478 4868 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
2011/07/04 22:32:52.0571 4868 RTL8169 (7157e70a90cce49deb8885d23a073a39) C:\Windows\system32\DRIVERS\Rtlh86.sys
2011/07/04 22:32:52.0605 4868 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
2011/07/04 22:32:52.0657 4868 sdbus (126ea89bcc413ee45e3004fb0764888f) C:\Windows\system32\DRIVERS\sdbus.sys
2011/07/04 22:32:52.0719 4868 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2011/07/04 22:32:52.0752 4868 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
2011/07/04 22:32:52.0774 4868 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
2011/07/04 22:32:52.0801 4868 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
2011/07/04 22:32:52.0891 4868 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
2011/07/04 22:32:52.0913 4868 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
2011/07/04 22:32:52.0936 4868 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
2011/07/04 22:32:52.0964 4868 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
2011/07/04 22:32:53.0038 4868 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
2011/07/04 22:32:53.0065 4868 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
2011/07/04 22:32:53.0086 4868 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
2011/07/04 22:32:53.0114 4868 Smb (031e6bcd53c9b2b9ace111eafec347b6) C:\Windows\system32\DRIVERS\smb.sys
2011/07/04 22:32:53.0198 4868 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
2011/07/04 22:32:53.0259 4868 sptd (cdddec541bc3c96f91ecb48759673505) C:\Windows\System32\Drivers\sptd.sys
2011/07/04 22:32:53.0385 4868 srv (5754e8bae40943871d0ab9becbf335e8) C:\Windows\system32\DRIVERS\srv.sys
2011/07/04 22:32:53.0404 4868 srv2 (d47b09ff7d28ee44d728f57c2d1fab86) C:\Windows\system32\DRIVERS\srv2.sys
2011/07/04 22:32:53.0436 4868 srvnet (32d52290341a740881521e118106acd6) C:\Windows\system32\DRIVERS\srvnet.sys
2011/07/04 22:32:53.0498 4868 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys
2011/07/04 22:32:53.0642 4868 STHDA (e69a606872650b46de54ec15dcc93529) C:\Windows\system32\DRIVERS\stwrt.sys
2011/07/04 22:32:53.0698 4868 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
2011/07/04 22:32:53.0775 4868 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
2011/07/04 22:32:53.0808 4868 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
2011/07/04 22:32:53.0840 4868 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
2011/07/04 22:32:53.0917 4868 SynTP (bf7aa84d5af0faa0978c840e63b17dbf) C:\Windows\system32\DRIVERS\SynTP.sys
2011/07/04 22:32:54.0014 4868 Tcpip (782568ab6a43160a159b6215b70bcce9) C:\Windows\system32\drivers\tcpip.sys
2011/07/04 22:32:54.0092 4868 Tcpip6 (782568ab6a43160a159b6215b70bcce9) C:\Windows\system32\DRIVERS\tcpip.sys
2011/07/04 22:32:54.0133 4868 tcpipreg (d4a2e4a4b011f3a883af77315a5ae76b) C:\Windows\system32\drivers\tcpipreg.sys
2011/07/04 22:32:54.0161 4868 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
2011/07/04 22:32:54.0180 4868 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
2011/07/04 22:32:54.0207 4868 tdx (d09276b1fab033ce1d40dcbdf303d10f) C:\Windows\system32\DRIVERS\tdx.sys
2011/07/04 22:32:54.0279 4868 TermDD (a048056f5e1a96a9bf3071b91741a5aa) C:\Windows\system32\DRIVERS\termdd.sys
2011/07/04 22:32:54.0321 4868 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/07/04 22:32:54.0358 4868 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
2011/07/04 22:32:54.0431 4868 tunnel (119b8184e106baedc83fce5ddf3950da) C:\Windows\system32\DRIVERS\tunnel.sys
2011/07/04 22:32:54.0456 4868 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
2011/07/04 22:32:54.0485 4868 udfs (8b5088058fa1d1cd897a2113ccff6c58) C:\Windows\system32\DRIVERS\udfs.sys
2011/07/04 22:32:54.0569 4868 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
2011/07/04 22:32:54.0602 4868 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
2011/07/04 22:32:54.0627 4868 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
2011/07/04 22:32:54.0653 4868 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
2011/07/04 22:32:54.0673 4868 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
2011/07/04 22:32:54.0758 4868 USB28xxBGA (48bfa9c9145b7527aa8849c974756461) C:\Windows\system32\DRIVERS\emBDA.sys
2011/07/04 22:32:54.0811 4868 USB28xxOEM (9053737716744587b748cf7aaa424758) C:\Windows\system32\DRIVERS\emOEM.sys
2011/07/04 22:32:54.0890 4868 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/07/04 22:32:54.0928 4868 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
2011/07/04 22:32:54.0993 4868 usbehci (cebe90821810e76320155beba722fcf9) C:\Windows\system32\DRIVERS\usbehci.sys
2011/07/04 22:32:55.0029 4868 usbhub (cc6b28e4ce39951357963119ce47b143) C:\Windows\system32\DRIVERS\usbhub.sys
2011/07/04 22:32:55.0068 4868 usbohci (7bdb7b0e7d45ac0402d78b90789ef47c) C:\Windows\system32\DRIVERS\usbohci.sys
2011/07/04 22:32:55.0125 4868 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
2011/07/04 22:32:55.0215 4868 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
2011/07/04 22:32:55.0267 4868 USBSTOR (87ba6b83c5d19b69160968d07d6e2982) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/07/04 22:32:55.0300 4868 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/07/04 22:32:55.0370 4868 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
2011/07/04 22:32:55.0383 4868 Suspicious service (NoAccess): vdrv9000
2011/07/04 22:32:55.0453 4868 vdrv9000 (5075ff09e2d9633106564d5dc22c2512) C:\Windows\system32\DRIVERS\vdrv9000.sys
2011/07/04 22:32:55.0458 4868 vdrv9000 - detected LockedService.Multi.Generic (1)
2011/07/04 22:32:55.0545 4868 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/07/04 22:32:55.0574 4868 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
2011/07/04 22:32:55.0602 4868 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
2011/07/04 22:32:55.0631 4868 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
2011/07/04 22:32:55.0702 4868 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
2011/07/04 22:32:55.0737 4868 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
2011/07/04 22:32:55.0766 4868 volmgrx (98f5ffe6316bd74e9e2c97206c190196) C:\Windows\system32\drivers\volmgrx.sys
2011/07/04 22:32:55.0825 4868 volsnap (d8b4a53dd2769f226b3eb374374987c9) C:\Windows\system32\drivers\volsnap.sys
2011/07/04 22:32:55.0862 4868 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
2011/07/04 22:32:55.0900 4868 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
2011/07/04 22:32:55.0928 4868 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/07/04 22:32:55.0948 4868 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/07/04 22:32:56.0025 4868 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
2011/07/04 22:32:56.0076 4868 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
2011/07/04 22:32:56.0158 4868 winachsf (5c7bdcf5864db00323fe2d90fa26a8a2) C:\Windows\system32\DRIVERS\VSTCNXT3.SYS
2011/07/04 22:32:56.0455 4868 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
2011/07/04 22:32:56.0553 4868 WpdUsb (0cec23084b51b8288099eb710224e955) C:\Windows\system32\DRIVERS\wpdusb.sys
2011/07/04 22:32:56.0596 4868 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
2011/07/04 22:32:56.0652 4868 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/07/04 22:32:56.0751 4868 {22D78859-9CE9-4B77-BF18-AC83E81A9263} (8903c6979ea677a9af3d36e0d3709203) C:\Program Files\HP\QuickPlay\000.fcl
2011/07/04 22:32:56.0776 4868 MBR (0x1B8) (85d751f0e41b8e520aee8c07a8da777b) \Device\Harddisk0\DR0
2011/07/04 22:32:57.0169 4868 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1
2011/07/04 22:32:57.0220 4868 Boot (0x1200) (5cde7bef0bb68a698ec482fa29fe7315) \Device\Harddisk0\DR0\Partition0
2011/07/04 22:32:57.0259 4868 Boot (0x1200) (f558e20c4aad67cb94b9c9302888eb70) \Device\Harddisk0\DR0\Partition1
2011/07/04 22:32:57.0265 4868 Boot (0x1200) (5e1f3143d617d7465d3fb8de4eb7e694) \Device\Harddisk1\DR1\Partition0
2011/07/04 22:32:57.0270 4868 ================================================================================
2011/07/04 22:32:57.0270 4868 Scan finished
2011/07/04 22:32:57.0270 4868 ================================================================================
2011/07/04 22:32:57.0277 4600 Detected object count: 1
2011/07/04 22:32:57.0277 4600 Actual detected object count: 1
2011/07/04 22:33:29.0461 4600 LockedService.Multi.Generic(vdrv9000) - User select action: Skip

kann ich die Sache bedenkenlos löschen?

Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix

Lade dir ComboFix hier herunter auf deinen Desktop.

Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.

Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.

Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.

Wichtiger Hinweis:

Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

logfile von combofix:

Combofix Logfile:

Code:

ComboFix 11-07-03.04 - *** 04.07.2011  23:48:23.1.2 - x86

Microsoft® Windows Vista™ Home Premium   6.0.6001.1.1252.49.1031.18.3069.2012 [GMT 2:00]

ausgeführt von:: c:\users\***\Desktop\ComboFix.exe

AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}

AV: Lavasoft Ad-Watch Live! Virenschutz *Disabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}

SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}

SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\programdata\Amazon.ico

c:\programdata\QuickStores.ico

c:\programdata\vlc-1.0.1-win32.exe

c:\windows\IsUn0407.exe

c:\windows\system32\msconfig.exe

.

.

(((((((((((((((((((((((((((((((((((((((   Treiber/Dienste   )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

-------\Service_usnjsvc

.

.

(((((((((((((((((((((((   Dateien erstellt von 2011-06-04 bis 2011-07-04  ))))))))))))))))))))))))))))))

.

.

2011-07-04 22:01 . 2011-07-04 22:01        --------        d-----w-        c:\users\Default\AppData\Local\temp

2011-07-04 21:44 . 2011-07-04 21:45        --------        d-----w-        C:\32788R22FWJFW

2011-07-04 17:48 . 2011-07-04 17:48        --------        d-----w-        C:\_OTL

2011-07-04 16:08 . 2011-07-04 16:08        --------        d-----w-        c:\users\***\AppData\Roaming\Avira

2011-06-30 19:55 . 2011-06-30 19:55        --------        d-----w-        c:\program files\epson

2011-06-30 19:55 . 2005-02-24 22:00        46080        ----a-w-        c:\windows\system32\escimgd.dll

2011-06-30 19:55 . 2005-02-24 22:00        29696        ----a-w-        c:\windows\system32\escwiad.dll

2011-06-30 19:55 . 2005-02-24 22:00        22016        ----a-w-        c:\windows\system32\esccmd.dll

2011-06-30 19:54 . 2011-06-30 19:54        --------        d-----w-        C:\EPSON

2011-06-30 18:58 . 2011-06-30 18:58        --------        d-----w-        c:\program files\Canon

2011-06-28 04:21 . 2011-06-27 20:00        16432        ----a-w-        c:\windows\system32\lsdelete.exe

2011-06-27 20:00 . 2011-06-30 20:04        101720        ----a-w-        c:\windows\system32\drivers\SBREDrv.sys

2011-06-27 19:56 . 2011-06-27 19:56        --------        dc----w-        c:\windows\system32\DRVSTORE

2011-06-27 19:56 . 2011-04-29 10:12        64512        ----a-w-        c:\windows\system32\drivers\Lbd.sys

2011-06-27 19:55 . 2011-06-27 19:55        --------        d-----w-        c:\program files\Lavasoft

2011-06-27 19:55 . 2011-06-27 19:55        --------        d-----w-        c:\programdata\Lavasoft

.

.

.

((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-06-28 12:12 . 2009-10-31 16:36        66616        ----a-w-        c:\windows\system32\drivers\avgntflt.sys

2011-06-28 12:12 . 2009-10-31 16:36        138192        ----a-w-        c:\windows\system32\drivers\avipbb.sys

2011-06-07 15:55 . 2011-07-01 23:37        7074640        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{0049EFCE-9FB6-4EC0-8C39-FD648A74065E}\mpengine.dll

2011-05-24 17:14 . 2009-10-02 23:44        222080        ------w-        c:\windows\system32\MpSigStub.exe

2010-07-22 21:40 . 2010-09-12 19:17        2944904        ----a-w-        c:\program files\Common Files\AskToolbarInstaller.exe

2011-04-14 16:40 . 2011-07-03 15:19        142296        ----a-w-        c:\program files\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))

.

.

*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]

"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-14 13535776]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-14 92704]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-01-18 1033512]

"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2007-12-24 222504]

"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-03-14 202032]

"OnScreenDisplay"="c:\program files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe" [2007-11-01 554288]

"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-04-15 70912]

"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]

"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-11-20 488752]

"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 144784]

"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-03-28 281768]

"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2009-07-21 458844]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]

"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]

"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]

"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2009-09-03 767312]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

@="Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

.

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^AutoStart IR.lnk]

path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\AutoStart IR.lnk

backup=c:\windows\pss\AutoStart IR.lnk.CommonStartup

backupExtension=.CommonStartup

.

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^BTTray.lnk]

path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\BTTray.lnk

backup=c:\windows\pss\BTTray.lnk.CommonStartup

backupExtension=.CommonStartup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS5ServiceManager]

2010-02-22 03:57        406992        ----a-w-        c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTCheck]

2007-11-06 09:08        397312        ------w-        c:\program files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTRegRun]

2006-10-05 22:17        53248        ------w-        c:\windows\Ctregrun.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTSyncU.exe]

2007-07-17 09:03        868352        ------w-        c:\program files\Creative\Sync Manager Unicode\CTSyncU.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]

2009-10-30 11:57        369200        ----a-w-        c:\program files\DAEMON Tools Lite\DTLite.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPGServiceTool]

2008-05-15 13:30        688128        ----a-w-        c:\progra~1\WinTV\EPG Services\System\EPGClient.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]

2007-01-19 10:55        5674352        ----a-w-        c:\program files\MSN Messenger\msnmsgr.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QPService]

2008-04-23 21:51        468264        ----a-w-        c:\program files\HP\QuickPlay\QPService.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2009-05-26 15:18        413696        ----a-w-        c:\program files\QuickTime\QTTask.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]

2010-11-17 22:04        1242448        ----a-w-        c:\program files\Steam\steam.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VC9Player]

2007-04-12 14:33        202312        ----a-w-        c:\program files\Virtual CD v9\System\VC9Play.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

.

R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-05-06 136176]

R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-05-06 136176]

R3 HH9Help.sys;HH9Help.sys;c:\windows\system32\drivers\HH9Help.sys [2006-09-20 11392]

R3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\DRIVERS\ivusb.sys [2010-03-10 24216]

R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [2011-04-29 15232]

R3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]

R4 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_030ac640\aestsrv.exe [2008-02-12 73728]

R4 EPGService;EPGService;c:\progra~1\WinTV\EPG Services\System\EPGService.exe [2008-05-30 437248]

R4 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-03-15 691696]

R4 VC9SecS;Virtual CD v9 Management Service;c:\program files\Virtual CD v9\System\VC9SecS.exe [2007-04-12 124488]

S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2011-04-29 64512]

S2 {22D78859-9CE9-4B77-BF18-AC83E81A9263};{22D78859-9CE9-4B77-BF18-AC83E81A9263};c:\program files\HP\QuickPlay\000.fcl [2008-04-23 39408]

S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2011-03-28 136360]

S2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe [2008-01-21 21504]

S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2008-03-18 19456]

S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2011-06-28 2151640]

S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2010-01-27 50704]

S2 Recovery Service for Windows;Recovery Service for Windows;c:\windows\SMINST\BLService.exe [2008-08-22 361808]

S3 AVerAF15;HP DVB-T TV Tuner;c:\windows\system32\Drivers\AVerAF15.sys [2008-03-14 280192]

S3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2008-04-03 193840]

S3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys [2008-01-24 52736]

S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2008-04-11 84240]

S3 NETw5v32;Intel(R) Wireless WiFi Link Adaptertreiber für Windows Vista 32-Bit;c:\windows\system32\DRIVERS\NETw5v32.sys [2008-04-28 3658752]

S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2008-05-14 43552]

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

bthsvcs        REG_MULTI_SZ           BthServ

.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs

ezSharedSvc

.

Inhalt des "geplante Tasks" Ordners

.

2011-07-04 c:\windows\Tasks\Ad-Aware Update (Weekly).job

- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2011-04-29 11:19]

.

2011-07-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-06 15:46]

.

2011-07-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-06 15:46]

.

2011-07-04 c:\windows\Tasks\User_Feed_Synchronization-{22E7FA87-A719-425E-B66C-D169DE398560}.job

- c:\windows\system32\msfeedssync.exe [2011-03-28 04:47]

.

.

------- Zusätzlicher Suchlauf -------

.

uStart Page = hxxp://de.ask.com?o=14772&l=dis

mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=83&bd=Pavilion&pf=cnnb

IE: Bild an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

IE: Free YouTube to Mp3 Converter - c:\users\***\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm

IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000

IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000

IE: Seite an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

IE: {{FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - c:\program files\PokerStars.NET\PokerStarsUpdate.exe

TCP: DhcpNameServer = 192.168.2.1

FF - ProfilePath - c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\xnxqxnho.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}

FF - prefs.js: browser.search.selectedEngine - Ask.com

FF - prefs.js: browser.startup.homepage - hxxp://google.de/

FF - prefs.js: keyword.URL - chrome://browser-region/locale/region.properties

.

- - - - Entfernte verwaiste Registrierungseinträge - - - -

.

HKCU-Run-ISUSPM - c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe

SafeBoot-77670133.sys

MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe

MSConfigStartUp-RGSC - c:\program files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe

MSConfigStartUp-swg - c:\program files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

AddRemove-AVerMedia A309 (MiniCard, DVB-T) - c:\program files\AVerMedia\AVerMedia A309 (MiniCard

AddRemove-Biing! 2 - c:\windows\IsUn0407.exe

AddRemove-HaaliMkx - c:\program files\Matroska Pack\haali\uninstall.exe

AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover

Rootkit scan 2011-07-05 00:09

Windows 6.0.6001 Service Pack 1 NTFS

.

Scanne versteckte Prozesse... 

.

Scanne versteckte Autostarteinträge... 

.

Scanne versteckte Dateien... 

.

Scan erfolgreich abgeschlossen

versteckte Dateien: 0

.

**************************************************************************

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{22D78859-9CE9-4B77-BF18-AC83E81A9263}]

"ImagePath"="\??\c:\program files\HP\QuickPlay\000.fcl"

.

--------------------- Gesperrte Registrierungsschluessel ---------------------

.

[HKEY_USERS\S-1-5-21-1878822649-3520458863-1312088198-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]

"??"=hex:f9,94,4a,3a,5d,48,e0,fc,4e,00,99,48,79,79,51,53,f7,22,81,c4,46,78,ff,

   22,82,49,96,bc,47,2b,89,3c,9d,ff,6a,01,1d,09,a2,08,14,e5,67,6c,c0,23,01,52,\

"??"=hex:35,fc,c6,3d,c9,02,ad,db,37,1f,61,de,0f,33,8f,50

.

[HKEY_USERS\S-1-5-21-1878822649-3520458863-1312088198-1000\Software\SecuROM\License information*]

"datasecu"=hex:d0,e9,aa,13,d2,a5,5e,ec,20,63,14,83,96,aa,7c,72,53,72,e8,da,65,

   b0,9e,db,ef,30,1e,36,86,77,9d,77,46,0e,e3,09,c7,3c,46,d6,f1,04,c8,77,12,89,\

"rkeysecu"=hex:e0,93,35,4e,78,4a,d5,5b,c5,45,7c,e2,ff,6f,b6,4e

.

--------------------- Durch laufende Prozesse gestartete DLLs ---------------------

.

- - - - - - - > 'Explorer.exe'(4296)

c:\windows\system32\btncopy.dll

.

------------------------ Weitere laufende Prozesse ------------------------

.

c:\windows\system32\nvvsvc.exe

c:\windows\System32\DriverStore\FileRepository\stwrt.inf_e2247046\STacSV.exe

c:\program files\Avira\AntiVir Desktop\avguard.exe

c:\windows\system32\PnkBstrA.exe

c:\program files\Avira\AntiVir Desktop\avshadow.exe

c:\windows\system32\wbem\unsecapp.exe

c:\windows\system32\rundll32.exe

c:\windows\ehome\ehsched.exe

c:\windows\ehome\ehRecvr.exe

c:\program files\Hewlett-Packard\HP Health Check\hphc_service.exe

c:\program files\Windows Media Player\wmpnetwk.exe

c:\windows\system32\conime.exe

c:\windows\System32\rundll32.exe

c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe

c:\windows\ehome\ehmsas.exe

c:\program files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE

c:\program files\Lavasoft\Ad-Aware\AAWTray.exe

c:\program files\Hewlett-Packard\Shared\HpqToaster.exe

.

**************************************************************************

.

Zeit der Fertigstellung: 2011-07-05  00:15:11 - PC wurde neu gestartet

ComboFix-quarantined-files.txt  2011-07-04 22:14

.

Vor Suchlauf: 7.049.240.576 Bytes frei

Nach Suchlauf: 20 Verzeichnis(se), 13.400.272.896 Bytes frei

.

- - End Of File - - 2E4D4F66019624A712CC3E8DD2E07462

--- --- ---

nachdem ich combofix ausgeführt habe funktionierte firefox4 nicht mehr "registrierungskey fehlt" oder sowas ähnliches, ich habe es dann einfach nochmal neu installiert. hoffe dass das nicht mit anderen Programmen passiert ist.

Nach CF den Rechner neustarten!! Der Rechner wird nicht immer automatisch neu gestartet!

Die Programme funktionieren wieder...lol. Leider sind die popups aber auch immer noch da:headbang:.

mfg
jake

Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.

Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM!

Downloade Dir danach bitte MBRCheck (by a_d_13) und speichere die Datei auf dem Desktop.

Doppelklick auf die MBRCheck.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Das Tool braucht nur wenige Sekunden.
Danach solltest du eine MBRCheck_<Datum>_<Uhrzeit>.txt auf dem Desktop finden.

Poste mir bitte den Inhalt des .txt Dokumentes

Hi,

sry war gestern sehr beschäftigt und kam nicht dazu die scans zu machen. Habs jetzt endlich geschaft mein System mit Osam und MBRCheck zu machen. Gmer hat leider nicht funktioniert.

Osam logfile:

OSAM Logfile:

Code:

Report of OSAM: Autorun Manager v5.0.11926.0

hxxp://www.online-solutions.ru/en/

Saved at 00:03:26 on 08.07.2011
 

OS: Windows Vista Home Premium Edition Service Pack 1 (Build 6001), 32-bit

Default Browser: Mozilla Corporation Firefox 4.0.1
 

Scanner Settings

[x] Rootkits detection (hidden registry)

[x] Rootkits detection (hidden files)

[x] Retrieve files information

[x] Check Microsoft signatures
 

Filters

[ ] Trusted entries

[ ] Empty entries

[x] Hidden registry entries (rootkit activity)

[x] Exclusively opened files

[x] Not found files

[x] Files without detailed information

[x] Existing files

[ ] Non-startable services

[ ] Non-startable drivers

[x] Active entries

[x] Disabled entries
 
 

[Control Panel Objects]

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----

"ProtectSmart Hard Drive Protection" - "Hewlett-Packard Corporation" - C:\Windows\system32\hpaccelerometercp.CPL

"QuickTime" - "Apple Inc." - C:\Program Files\QuickTime\QTSystem\QuickTime.cpl
 

[Drivers]

-----( HKLM\SYSTEM\CurrentControlSet\Services )-----

"avgio" (avgio) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\avgio.sys

"avgntflt" (avgntflt) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avgntflt.sys

"avipbb" (avipbb) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avipbb.sys

"catchme" (catchme) - ? - C:\ComboFix\catchme.sys  (File not found)

"HH9Help.sys" (HH9Help.sys) - "H+H Software GmbH" - C:\Windows\system32\drivers\HH9Help.sys

"IP in IP Tunnel Driver" (IpInIp) - ? - C:\Windows\System32\DRIVERS\ipinip.sys  (File not found)

"IPX Traffic Filter Driver" (NwlnkFlt) - ? - C:\Windows\System32\DRIVERS\nwlnkflt.sys  (File not found)

"IPX Traffic Forwarder Driver" (NwlnkFwd) - ? - C:\Windows\System32\DRIVERS\nwlnkfwd.sys  (File not found)

"kxldqpog" (kxldqpog) - ? - C:\Users\***\AppData\Local\Temp\kxldqpog.sys  (Hidden registry entry, rootkit activity | File not found)

"NetGroup Packet Filter Driver" (NPF) - "CACE Technologies, Inc." - C:\Windows\System32\drivers\npf.sys

"ssmdrv" (ssmdrv) - "Avira GmbH" - C:\Windows\System32\DRIVERS\ssmdrv.sys

"{22D78859-9CE9-4B77-BF18-AC83E81A9263}" ({22D78859-9CE9-4B77-BF18-AC83E81A9263}) - "Cyberlink Corp." - C:\Program Files\HP\QuickPlay\000.fcl
 

[Explorer]

-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----

{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll

-----( HKLM\Software\Classes\Protocols\Filter )-----

{807553E5-5146-11D5-A672-00B0D022E945} "text/xml" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL

-----( HKLM\Software\Classes\Protocols\Handler )-----

{32505114-5902-49B2-880A-1F7738E5A384} "Data Page Plugable Protocal mso-offdap11 Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL

{3D9F03FA-7A94-11D3-BE81-0050048385D1} "Data Page Pluggable Protocol mso-offdap Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL

{828030A1-22C1-4009-854F-8E305202313F} "livecall" - "Microsoft Corporation" - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

{0A9007C0-4076-11D3-8789-0000F8105754} "Microsoft Infotech Storage Protocol for IE 4.0" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll

{828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----

{911051fa-c21c-4246-b470-070cd8df6dc4} ".cab or .zip files" - ? -   (File not found | COM-object registry key not found)

{1b24a030-9b20-49bc-97ac-1be4426f9e59} "ActiveDirectory Folder" - ? -   (File not found | COM-object registry key not found)

{34449847-FD14-4fc8-A75A-7432F5181EFB} "ActiveDirectory Folder" - ? -   (File not found | COM-object registry key not found)

{0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48} "Contacts folder" - ? -   (File not found | COM-object registry key not found)

{2C2577C2-63A7-40e3-9B7F-586602617ECB} "Explorer Query Band" - ? -   (File not found | COM-object registry key not found)

{705977C7-86CB-4743-BFAF-6908BD19B7B0} "HashCheck Shell Extension" - "code.kliu.org" - C:\Windows\system32\ShellExt\HashCheck.dll

{FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} "IE User Assist" - ? -   (File not found | COM-object registry key not found)

{FC9FB64A-1EB2-4CCF-AF5E-1A497A9B5C2D} "Meine freigegebenen Ordner" - "Microsoft Corporation" - C:\Program Files\MSN Messenger\fsshext.8.1.0178.00.dll

{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\OFFICE11\msohev.dll

{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll

{00020d75-0000-0000-c000-000000000046} "Microsoft Office Outlook" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\OFFICE11\MLSHEXT.DLL

{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll

{7842554E-6BED-11D2-8CDB-B05550C10000} "Monitor Class" - "Broadcom Corporation." - C:\Windows\system32\btncopy.dll

{0006F045-0000-0000-C000-000000000046} "Outlook-Dateisymbolerweiterung" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\OFFICE11\OLKFSTUB.DLL

{C8494E42-ACDD-4739-B0FB-217361E4894F} "Sam Account Folder" - ? -   (File not found | COM-object registry key not found)

{E29F9716-5C08-4FCD-955A-119FDB5A522D} "Sam Account Folder" - ? -   (File not found | COM-object registry key not found)

{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\shlext.dll

{7F67036B-66F1-411A-AD85-759FB9C5B0DB} "ShellViewRTF" - "XSS" - C:\Windows\System32\ShellvRTF.dll

{BDEADF00-C265-11D0-BCED-00A0C90AB50F} "Webordner" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL

{da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" - ? -   (File not found | COM-object registry key not found)

{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - ? - C:\Program Files\WinRAR\rarext.dll  (File found, but it contains no detailed information)
 

[Internet Explorer]

-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----

ITBar7Height "ITBar7Height" - ? -   (File not found | COM-object registry key not found)

<binary data> "ITBar7Layout" - ? -   (File not found | COM-object registry key not found)

-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----

{C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} "EPUImageControl Class" - "eBay, Inc." - C:\Windows\Downloaded Program Files\EPUWALcontrol.dll / hxxp://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-27-0.cab

{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_05" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre1.6.0_05\bin\npjpi160_05.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab

{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} "Java Plug-in 1.6.0_05" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab

{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_05" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre1.6.0_05\bin\npjpi160_05.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab

{8FFBE65D-2C9C-4669-84BD-5829DC0B603C} "{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}" - ? -   (File not found | COM-object registry key not found) / hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab

-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----

"@btrez.dll,-4015" - ? - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC} "ClsidExtension" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

"PokerStars.net" - "PokerStars" - C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe

{FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Recherchieren" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----

{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} "SSVHelper Class" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
 

[Logon]

-----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )-----

"StartupPrograms" - ? - rdpclip  (File not found)

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----

"Adobe ARM" - "Adobe Systems Incorporated" - "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

"Adobe Reader Speed Launcher" - "Adobe Systems Incorporated" - "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

"AdobeAAMUpdater-1.0" - "Adobe Systems Incorporated" - "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"

"avgnt" - "Avira GmbH" - "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min

"CanonSolutionMenu" - "CANON INC." - C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon

"HP Health Check Scheduler" - "Hewlett-Packard" - c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe

"HP Software Update" - "Hewlett-Packard" - C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe

"hpWirelessAssistant" - "Hewlett-Packard Development Company, L.P." - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

"OnScreenDisplay" - " Hewlett-Packard Development Company, L.P." - C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe

"QlbCtrl.exe" - " Hewlett-Packard Development Company, L.P." - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start

"SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"

"SwitchBoard" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

"UCam_Menu" - "CyberLink Corp." - "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" update "Software\CyberLink\YouCam\2.0"
 

[Print Monitors]

-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----

"Microsoft Document Imaging Writer Monitor" - "Microsoft Corporation" - C:\Windows\system32\mdimon.dll

"PDF995 Monitor" - ? - C:\Windows\system32\pdf995mon.dll  (File found, but it contains no detailed information)
 

[Services]

-----( HKLM\SYSTEM\CurrentControlSet\Services )-----

"Avira AntiVir Guard" (AntiVirService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\avguard.exe

"Avira AntiVir Planer" (AntiVirSchedulerService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\sched.exe

"Com4QLBEx" (Com4QLBEx) - "Hewlett-Packard Development Company, L.P." - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe

"Easybits Shared Services for Windows" (ezSharedSvc) - "EasyBits Sofware AS" - C:\Windows\System32\ezsvc7.dll

"Google Update Service (gupdate)" (gupdate) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe

"Google Update-Dienst (gupdatem)" (gupdatem) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe

"HP Health Check Service" (HP Health Check Service) - "Hewlett-Packard" - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe

"hpqwmiex" (hpqwmiex) - "Hewlett-Packard Development Company, L.P." - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe

"InstallDriver Table Manager" (IDriverT) - "Macrovision Corporation" - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

"Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE

"PnkBstrA" (PnkBstrA) - ? - C:\Windows\system32\PnkBstrA.exe  (File found, but it contains no detailed information)

"Recovery Service for Windows" (Recovery Service for Windows) - ? - C:\Windows\SMINST\BLService.exe

"Remote Packet Capture Protocol v.0 (experimental)" (rpcapd) - "CACE Technologies, Inc." - C:\Program Files\WinPcap\rpcapd.exe

"SwitchBoard" (SwitchBoard) - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
 

===[ Logfile end ]=========================================[ Logfile end ]===

--- --- ---
If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru
[/QUOTE]

MBRCheck logfile:

Zitat:

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows Vista Home Premium Edition
Windows Information: Service Pack 1 (build 6001), 32-bit
Base Board Manufacturer: Hewlett-Packard
BIOS Manufacturer: Hewlett-Packard
System Manufacturer: Hewlett-Packard
System Product Name: HP Pavilion dv7 Notebook PC
Logical Drives Mask: 0x0000003c

Kernel Drivers (total 213):
0x8281E000 \SystemRoot\system32\ntkrnlpa.exe
0x82BD7000 \SystemRoot\system32\hal.dll
0x80404000 \SystemRoot\system32\kdcom.dll
0x8040C000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x8046C000 \SystemRoot\system32\PSHED.dll
0x8047D000 \SystemRoot\system32\BOOTVID.dll
0x80485000 \SystemRoot\system32\CLFS.SYS
0x804C6000 \SystemRoot\system32\CI.dll
0x80600000 \SystemRoot\system32\drivers\Wdf01000.sys
0x8067C000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x80689000 \SystemRoot\system32\drivers\acpi.sys
0x806CF000 \SystemRoot\system32\drivers\WMILIB.SYS
0x806D8000 \SystemRoot\system32\drivers\msisadrv.sys
0x806E0000 \SystemRoot\system32\drivers\pci.sys
0x80707000 \SystemRoot\system32\drivers\isapnp.sys
0x80716000 \SystemRoot\system32\drivers\mpio.sys
0x80732000 \SystemRoot\System32\drivers\partmgr.sys
0x80741000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x80744000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x8074E000 \SystemRoot\system32\drivers\volmgr.sys
0x8075D000 \SystemRoot\System32\drivers\volmgrx.sys
0x807A7000 \SystemRoot\system32\drivers\intelide.sys
0x807AE000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x807BC000 \SystemRoot\system32\drivers\pciide.sys
0x807C3000 \SystemRoot\system32\drivers\aliide.sys
0x807CA000 \SystemRoot\system32\drivers\amdide.sys
0x807D1000 \SystemRoot\system32\drivers\cmdide.sys
0x807D9000 \SystemRoot\System32\drivers\mountmgr.sys
0x805A6000 \SystemRoot\system32\drivers\msdsm.sys
0x805C0000 \SystemRoot\system32\drivers\nvraid.sys
0x805DB000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x807E9000 \SystemRoot\system32\drivers\viaide.sys
0x82E03000 \SystemRoot\system32\drivers\iastorv.sys
0x82EA4000 \SystemRoot\system32\drivers\atapi.sys
0x82EAC000 \SystemRoot\system32\drivers\ataport.SYS
0x82ECA000 \SystemRoot\system32\drivers\lsi_scsi.sys
0x82EE4000 \SystemRoot\system32\drivers\storport.sys
0x82F25000 \SystemRoot\system32\drivers\nvstor.sys
0x82F32000 \SystemRoot\system32\drivers\msahci.sys
0x82F3C000 \SystemRoot\system32\drivers\hpcisss.sys
0x82F47000 \SystemRoot\system32\drivers\adp94xx.sys
0x82FB1000 \SystemRoot\system32\drivers\adpahci.sys
0x8B00D000 \SystemRoot\system32\drivers\adpu160m.sys
0x8B028000 \SystemRoot\system32\drivers\SCSIPORT.SYS
0x8B04E000 \SystemRoot\system32\drivers\adpu320.sys
0x8B074000 \SystemRoot\system32\drivers\djsvs.sys
0x8B088000 \SystemRoot\system32\drivers\arc.sys
0x8B09E000 \SystemRoot\system32\drivers\arcsas.sys
0x8B0B4000 \SystemRoot\system32\drivers\elxstor.sys
0x8B148000 \SystemRoot\system32\drivers\i2omp.sys
0x8B152000 \SystemRoot\system32\drivers\iirsp.sys
0x8B162000 \SystemRoot\system32\drivers\iteatapi.sys
0x8B16E000 \SystemRoot\system32\drivers\iteraid.sys
0x8B17A000 \SystemRoot\system32\drivers\lsi_fc.sys
0x8B194000 \SystemRoot\system32\drivers\lsi_sas.sys
0x8B1AC000 \SystemRoot\system32\drivers\megasas.sys
0x8B20E000 \SystemRoot\system32\drivers\megasr.sys
0x8B2C5000 \SystemRoot\system32\drivers\mraid35x.sys
0x8B2D0000 \SystemRoot\system32\drivers\nfrd960.sys
0x8B40B000 \SystemRoot\system32\drivers\ql2300.sys
0x8B543000 \SystemRoot\system32\drivers\ql40xx.sys
0x8B598000 \SystemRoot\system32\drivers\sisraid2.sys
0x8B5A5000 \SystemRoot\system32\drivers\sisraid4.sys
0x8B5BA000 \SystemRoot\system32\drivers\symc8xx.sys
0x8B5C6000 \SystemRoot\system32\drivers\sym_hi.sys
0x8B5D1000 \SystemRoot\system32\drivers\sym_u3.sys
0x8B2DE000 \SystemRoot\system32\drivers\uliahci.sys
0x8B5DC000 \SystemRoot\system32\drivers\ulsata.sys
0x8B31A000 \SystemRoot\system32\drivers\ulsata2.sys
0x8B346000 \SystemRoot\system32\drivers\vsmraid.sys
0x8B367000 \SystemRoot\system32\drivers\fltmgr.sys
0x8B399000 \SystemRoot\system32\drivers\fileinfo.sys
0x8B3A9000 \SystemRoot\system32\DRIVERS\Lbd.sys
0x8B601000 \SystemRoot\System32\Drivers\ksecdd.sys
0x8B672000 \SystemRoot\system32\drivers\ndis.sys
0x8B77D000 \SystemRoot\system32\drivers\msrpc.sys
0x8B7A8000 \SystemRoot\system32\drivers\NETIO.SYS
0x8B80F000 \SystemRoot\System32\drivers\tcpip.sys
0x8B8F8000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x8BA02000 \SystemRoot\System32\Drivers\Ntfs.sys
0x8BB11000 \SystemRoot\system32\drivers\wd.sys
0x8BB19000 \SystemRoot\system32\drivers\volsnap.sys
0x8BB52000 \SystemRoot\System32\Drivers\spldr.sys
0x8BB5A000 \SystemRoot\system32\drivers\sbp2port.sys
0x8BB6F000 \SystemRoot\System32\Drivers\mup.sys
0x8BB7E000 \SystemRoot\System32\drivers\ecache.sys
0x8BBA5000 \SystemRoot\system32\DRIVERS\hpdskflt.sys
0x8BBAE000 \SystemRoot\system32\drivers\disk.sys
0x8BBBF000 \SystemRoot\system32\drivers\crcdisk.sys
0x8BBEA000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x8BBF5000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x8B913000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x8B922000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x8F60C000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
0x8FD26000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x8FDC5000 \SystemRoot\System32\drivers\watchdog.sys
0x8FDD2000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x8B926000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x8FDDD000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x8FDEC000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x8FE00000 \SystemRoot\system32\DRIVERS\NETw5v32.sys
0x90187000 \SystemRoot\system32\DRIVERS\Rtlh86.sys
0x901A8000 \SystemRoot\system32\DRIVERS\ohci1394.sys
0x901B8000 \SystemRoot\system32\DRIVERS\1394BUS.SYS
0x901C6000 \SystemRoot\system32\DRIVERS\jmcr.sys
0x901DB000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x901EE000 \SystemRoot\system32\DRIVERS\HpqKbFiltr.sys
0x901F3000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x8B964000 \SystemRoot\system32\DRIVERS\SynTP.sys
0x901FE000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x8F600000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x8B993000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x8B9AB000 \SystemRoot\system32\DRIVERS\Accelerometer.sys
0x8B9B6000 \SystemRoot\system32\DRIVERS\enecir.sys
0x8B9CE000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x8FDFE000 \SystemRoot\system32\DRIVERS\HpqRemHid.sys
0x8B9D7000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x8B9E7000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x8B3B8000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x8B9EE000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x8B7E2000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x8B800000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x8B1B6000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x8B3E6000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x8B1D9000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x90609000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x9061E000 \SystemRoot\system32\DRIVERS\termdd.sys
0x9062E000 \SystemRoot\system32\DRIVERS\swenum.sys
0x90630000 \SystemRoot\system32\DRIVERS\ks.sys
0x9065A000 \SystemRoot\system32\DRIVERS\circlass.sys
0x90668000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x90672000 \SystemRoot\system32\DRIVERS\umbus.sys
0x9067F000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x906B3000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x906BC000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x906CD000 \SystemRoot\system32\DRIVERS\stwrt.sys
0x90735000 \SystemRoot\system32\DRIVERS\portcls.sys
0x90762000 \SystemRoot\system32\DRIVERS\drmk.sys
0x90787000 \SystemRoot\system32\drivers\nvhda32v.sys
0x90795000 \SystemRoot\system32\DRIVERS\hidir.sys
0x907A0000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x907A8000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x907B1000 \SystemRoot\System32\Drivers\Null.SYS
0x907B8000 \SystemRoot\System32\Drivers\Beep.SYS
0x907BF000 \SystemRoot\System32\drivers\vga.sys
0x907CB000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x907EC000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x907F4000 \SystemRoot\system32\drivers\rdpencdd.sys
0x8B400000 \SystemRoot\System32\Drivers\Msfs.SYS
0x8B200000 \SystemRoot\System32\Drivers\Npfs.SYS
0x90600000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x92609000 \SystemRoot\system32\DRIVERS\tdx.sys
0x9261F000 \SystemRoot\system32\DRIVERS\smb.sys
0x92633000 \SystemRoot\system32\drivers\afd.sys
0x9267B000 \SystemRoot\System32\DRIVERS\netbt.sys
0x926AD000 \SystemRoot\system32\DRIVERS\pacer.sys
0x926C3000 \SystemRoot\system32\DRIVERS\netbios.sys
0x926D1000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x926E4000 \SystemRoot\system32\DRIVERS\ssmdrv.sys
0x926EA000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x92726000 \SystemRoot\system32\drivers\nsiproxy.sys
0x92730000 \SystemRoot\System32\Drivers\dfsc.sys
0x92747000 \SystemRoot\system32\DRIVERS\avipbb.sys
0x927B4000 \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys
0x93602000 \SystemRoot\System32\Drivers\AVerAF15.sys
0x93647000 \SystemRoot\System32\Drivers\BdaSup.SYS
0x93734000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x9374B000 \SystemRoot\System32\Drivers\usbvideo.sys
0x9376C000 \SystemRoot\System32\Drivers\crashdmp.sys
0x93779000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x93784000 \SystemRoot\System32\Drivers\dump_msahci.sys
0x9378E000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x9AEF0000 \SystemRoot\System32\win32k.sys
0x93797000 \SystemRoot\System32\drivers\Dxapi.sys
0x937A1000 \SystemRoot\system32\DRIVERS\monitor.sys
0x9B110000 \SystemRoot\System32\TSDDD.dll
0x9B130000 \SystemRoot\System32\cdd.dll
0x9B140000 \SystemRoot\System32\ATMFD.DLL
0x937B0000 \SystemRoot\system32\drivers\luafv.sys
0x937CB000 \SystemRoot\system32\DRIVERS\avgntflt.sys
0x9FC06000 \SystemRoot\system32\drivers\spsys.sys
0x9FCB5000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x9FCC5000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x9FCEF000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x9FCF9000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x9FD0C000 \SystemRoot\system32\drivers\HTTP.sys
0x9FD79000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x9FD96000 \SystemRoot\system32\DRIVERS\bowser.sys
0x9FDAF000 \SystemRoot\System32\drivers\mpsdrv.sys
0x9FDC4000 \SystemRoot\system32\drivers\mrxdav.sys
0x8BBC8000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xA1E07000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0xA1E40000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0xA1E58000 \SystemRoot\System32\DRIVERS\srv2.sys
0xA1E80000 \SystemRoot\System32\DRIVERS\srv.sys
0xA1EE6000 \SystemRoot\system32\drivers\npf.sys
0xA1EF5000 \SystemRoot\system32\drivers\peauth.sys
0xA1FD3000 \SystemRoot\System32\Drivers\secdrv.SYS
0xA1FDD000 \SystemRoot\System32\drivers\tcpipreg.sys
0x937E2000 \??\C:\Program Files\HP\QuickPlay\000.fcl
0xA4404000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xA442A000 \SystemRoot\system32\DRIVERS\cdfs.sys
0xA4440000 \SystemRoot\system32\drivers\MSPQM.sys
0xA445A000 \??\C:\Users\***\AppData\Local\Temp\kxldqpog.sys
0xA4473000 \SystemRoot\System32\Drivers\BTHUSB.sys
0xA447F000 \SystemRoot\System32\Drivers\bthport.sys
0xA44B9000 \SystemRoot\system32\DRIVERS\rfcomm.sys
0xA44CA000 \SystemRoot\system32\DRIVERS\BthEnum.sys
0xA44D4000 \SystemRoot\system32\DRIVERS\bthpan.sys
0xA44EE000 \SystemRoot\system32\drivers\btwavdt.sys
0xA4555000 \SystemRoot\system32\drivers\btwaudio.sys
0xA45D5000 \SystemRoot\system32\DRIVERS\btwrchid.sys
0x76ED0000 \Windows\System32\ntdll.dll

Processes (total 70):
0 System Idle Process
4 System
444 C:\Windows\System32\smss.exe
592 csrss.exe
644 C:\Windows\System32\wininit.exe
656 csrss.exe
688 C:\Windows\System32\services.exe
700 C:\Windows\System32\lsass.exe
708 C:\Windows\System32\lsm.exe
860 C:\Windows\System32\svchost.exe
912 C:\Windows\System32\nvvsvc.exe
940 C:\Windows\System32\svchost.exe
980 C:\Windows\System32\svchost.exe
1028 C:\Windows\System32\svchost.exe
1056 C:\Windows\System32\svchost.exe
1072 C:\Windows\System32\svchost.exe
1108 C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_e2247046\stacsv.exe
1184 C:\Windows\System32\audiodg.exe
1208 C:\Windows\System32\svchost.exe
1224 C:\Windows\System32\SLsvc.exe
1268 C:\Windows\System32\svchost.exe
1336 C:\Windows\System32\hpservice.exe
1380 C:\Windows\System32\winlogon.exe
1464 C:\Windows\System32\svchost.exe
1692 C:\Windows\System32\spoolsv.exe
1720 C:\Program Files\Avira\AntiVir Desktop\sched.exe
1732 C:\Windows\System32\svchost.exe
2000 C:\Program Files\Avira\AntiVir Desktop\avguard.exe
2028 C:\Windows\System32\svchost.exe
464 C:\Windows\System32\PnkBstrA.exe
560 C:\Windows\System32\svchost.exe
776 C:\Windows\SMINST\BLService.exe
1420 C:\Windows\System32\svchost.exe
1868 C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
360 C:\Windows\System32\svchost.exe
124 C:\Windows\System32\SearchIndexer.exe
2568 C:\Windows\System32\taskeng.exe
2704 C:\Windows\System32\alg.exe
2840 WmiPrvSE.exe
3112 C:\Windows\System32\rundll32.exe
3608 C:\Windows\System32\taskeng.exe
3624 C:\Windows\System32\dwm.exe
3688 C:\Windows\explorer.exe
4000 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
4040 C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
4076 C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
2224 C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
308 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
1964 C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
3016 C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
3240 C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
3660 C:\Program Files\IDT\WDM\sttray.exe
3744 C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
3728 C:\Windows\ehome\ehtray.exe
3908 C:\Program Files\Windows Media Player\wmpnscfg.exe
3248 C:\Program Files\Windows Media Player\wmpnetwk.exe
3772 C:\Windows\ehome\ehmsas.exe
3408 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
2936 C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
4068 C:\Windows\ehome\ehsched.exe
156 C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
4144 C:\Windows\ehome\ehrecvr.exe
4564 C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe
4816 C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
340 C:\Windows\System32\wuauclt.exe
5656 C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
5632 C:\Windows\System32\VSSVC.exe
1064 C:\Windows\System32\svchost.exe
5072 C:\Windows\System32\conime.exe
6104 C:\Users\***\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)
\\.\D: --> \\.\PhysicalDrive1 at offset 0x00000000`00007e00 (NTFS)
\\.\E: --> \\.\PhysicalDrive0 at offset 0x00000048`4e200000 (NTFS)

PhysicalDrive0 Model Number: TOSHIBAMK3252GSX, Rev: LV011C
PhysicalDrive1 Model Number: TOSHIBAMK3252GSX, Rev: LV011C

Size Device Name MBR Status
--------------------------------------------
298 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: 08F21ADD893776C287CC68A3558F8D095B50ED3C
298 GB \\.\PhysicalDrive1 Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A

Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Done!

Hier sind noch ein paar Funde die Osam gemacht/hervorgehoben hat:

- NetGroup Packet Filter Driver CACE Technologies, Inc. C:\Windows\System32\drivers\npf.sys

- Remote Packet Capture Protocol v.0 (experimental) CACE Technologies, Inc. C:\Program Files\WinPcap\rpcapd.exe

Könnte dass das Problem sein?

Danke!!!

GMER ging nicht?
Das OSAM Log ist ok, aber deinen MBR müssen wir wohl fixen.