Trojaner-Board - Alle Daten unsichtbar wegen Windows Recovery

Hey Arne,

das erste ist wie du sagtest 2 ma abgestüzrt, dann hab ich es weggelassen..

hier die log von den anderen beiden Sachen

OSAM Logfile:

Code:

Report of OSAM: Autorun Manager v5.0.11926.0

hxxp://www.online-solutions.ru/en/

Saved at 22:19:25 on 30.03.2011
 

OS: Windows XP Home Edition Service Pack 3 (Build 2600)

Default Browser: Mozilla Corporation Firefox 3.6.15
 

Scanner Settings

[x] Rootkits detection (hidden registry)

[x] Rootkits detection (hidden files)

[x] Retrieve files information

[x] Check Microsoft signatures
 

Filters

[ ] Trusted entries

[ ] Empty entries

[x] Hidden registry entries (rootkit activity)

[x] Exclusively opened files

[x] Not found files

[x] Files without detailed information

[x] Existing files

[ ] Non-startable services

[ ] Non-startable drivers

[x] Active entries

[x] Disabled entries
 
 

[Common]

-----( %SystemRoot%\Tasks )-----

"GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Programme\Google\Update\GoogleUpdate.exe

"GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Programme\Google\Update\GoogleUpdate.exe

"Automatische Problemsuche.job" - "TuneUp Software" - C:\Programme\TuneUp Utilities 2010\TuneUpSystemStatusCheck.exe
 

[Control Panel Objects]

-----( %SystemRoot%\system32 )-----

"btcpl.cpl" - "Broadcom Corporation." - C:\WINDOWS\system32\btcpl.cpl

"camcpl.cpl" - "Acer" - C:\WINDOWS\system32\camcpl.cpl

"DivXControlPanelApplet.cpl" - "DivX, Inc." - C:\WINDOWS\system32\DivXControlPanelApplet.cpl

"infocardcpl.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\infocardcpl.cpl

"javacpl.cpl" - "Sun Microsystems, Inc." - C:\WINDOWS\system32\javacpl.cpl

"nvtuicpl.cpl" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvtuicpl.cpl

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----

"Avira AntiVir Personal - Free Antivirus " - "Avira GmbH" - C:\PROGRA~1\Avira\ANTIVI~1\avconfig.cpl

"Avira AntiVir PersonalEdition Classic " - "Avira GmbH" - C:\PROGRA~1\Avira\ANTIVI~1\avconfig.cpl
 

[Drivers]

-----( HKLM\SYSTEM\CurrentControlSet\Services )-----

"A4Tech HID-compliant Mouse Driver" (Amusbprt) - "A4Tech Co.,Ltd." - C:\WINDOWS\System32\DRIVERS\Amusbprt.sys

"A4Tech Mouse Filter Driver" (Amfilter) - "A4Tech Co.,Ltd." - C:\WINDOWS\System32\DRIVERS\Amfilter.sys

"Acer EPM Power Scheme Driver" (EpmPsd) - "Acer Value Labs, USA" - C:\WINDOWS\system32\drivers\epm-psd.sys

"Acer EPM System Hardware Driver" (EpmShd) - "Acer Value Labs, USA" - C:\WINDOWS\system32\drivers\epm-shd.sys

"Acer NetMonitor Protocol" (NETMNT) - ? - C:\WINDOWS\System32\DRIVERS\NETMNT.sys  (File found, but it contains no detailed information)

"AEGIS Protocol (IEEE 802.1x) v3.4.9.0" (AegisP) - "Meetinghouse Data Communications" - C:\WINDOWS\System32\DRIVERS\AegisP.sys

"avgio" (avgio) - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\avgio.sys

"avgntflt" (avgntflt) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\avgntflt.sys

"avipbb" (avipbb) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\avipbb.sys

"Bluetooth Serial Driver" (BTSERIAL) - "Broadcom Corporation." - C:\WINDOWS\system32\drivers\btserial.sys

"Bluetooth-Audiogerät" (btaudio) - "Broadcom Corporation." - C:\WINDOWS\System32\drivers\btaudio.sys

"Bluetooth-Bus-Enumerator" (BTKRNL) - "Broadcom Corporation." - C:\WINDOWS\System32\DRIVERS\btkrnl.sys

"Bluetooth-LAN-Zugangsserver" (BTWDNDIS) - "Broadcom Corporation." - C:\WINDOWS\System32\DRIVERS\btwdndis.sys

"Bluetooth-Modem" (btwmodem) - "Broadcom Corporation." - C:\WINDOWS\System32\DRIVERS\btwmodem.sys

"btwhid" (btwhid) - "Broadcom Corporation." - C:\WINDOWS\System32\DRIVERS\btwhid.sys

"catchme" (catchme) - ? - C:\cofi\catchme.sys  (File not found)

"int15.sys" (int15.sys) - ? - C:\Acer\Empowering Technology\eRecovery\int15.sys  (File found, but it contains no detailed information)

"kl1" (kl1) - ? - C:\WINDOWS\System32\DRIVERS\kl1.sys  (File not found)

"Logitech LVPrcMon Driver" (LVPrcMon) - "Logitech" - C:\WINDOWS\system32\drivers\LVPrcMon.sys

"Logitech Machine Vision Engine Loader" (lvmvdrv) - "Logitech" - C:\WINDOWS\system32\drivers\lvmvdrv.sys

"Machnm32 Driver" (Machnm32) - ? - C:\WINDOWS\system32\Machnm32.sys  (File found, but it contains no detailed information)

"OSA NdisFilter Protocol" (NdisFilt) - "OSA Technologies" - C:\WINDOWS\System32\Drivers\NdisFilt.sys

"OsaFsLoc" (OsaFsLoc) - "OSA Technologies" - C:\WINDOWS\system32\drivers\OsaFsLoc.sys

"osaio" (osaio) - "OSA Technologies, An Avocent Company" - C:\WINDOWS\system32\drivers\osaio.sys

"osanbm" (osanbm) - "Windows (R) 2000 DDK provider" - C:\WINDOWS\system32\drivers\osanbm.sys

"PCIDump" (PCIDump) - ? - C:\WINDOWS\system32\drivers\PCIDump.sys  (File not found)

"PDCOMP" (PDCOMP) - ? - C:\WINDOWS\system32\drivers\PDCOMP.sys  (File not found)

"PDFRAME" (PDFRAME) - ? - C:\WINDOWS\system32\drivers\PDFRAME.sys  (File not found)

"PDNMp50 NDIS Protocol Driver" (PDNMp50) - "Printing Communications Assoc., Inc. (PCAUSA)" - C:\WINDOWS\system32\drivers\PDNMp50.sys

"PDNSp50 NDIS Protocol Driver" (PDNSp50) - "Printing Communications Assoc., Inc. (PCAUSA)" - C:\WINDOWS\system32\drivers\PDNSp50.sys

"PDRELI" (PDRELI) - ? - C:\WINDOWS\system32\drivers\PDRELI.sys  (File not found)

"PDRFRAME" (PDRFRAME) - ? - C:\WINDOWS\system32\drivers\PDRFRAME.sys  (File not found)

"PxHelp20" (PxHelp20) - "Sonic Solutions" - C:\WINDOWS\System32\DRIVERS\PxHelp20.sys

"Remote Packet Capture Protocol v.0 (experimental)" (rpcapd) - ? - "C:\Programme\WinPcap\rpcapd.exe" -d -f "C:\Programme\WinPcap\rpcapd.ini"  (File not found)

"sptd" (sptd) - "Duplex Secure Ltd." - C:\WINDOWS\System32\Drivers\sptd.sys  (File is exclusively opened, access blocked)

"ssmdrv" (ssmdrv) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\ssmdrv.sys

"StarForce Protection Environment Driver v5" (prodrv05) - "Protection Technology Co." - C:\WINDOWS\System32\drivers\prodrv05.sys

"StarForce Protection Helper Driver v1" (prohlp01) - "Protection Technology Co." - C:\WINDOWS\System32\drivers\prohlp01.sys

"Tunebite High-Speed Dubbing" (tbhsd) - "RapidSolution Software AG" - C:\WINDOWS\System32\drivers\tbhsd.sys

"TuneUpUtilitiesDrv" (TuneUpUtilitiesDrv) - "TuneUp Software" - C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys

"Upper Class Filter Driver" (NTIDrvr) - "NewTech Infosystems, Inc." - C:\WINDOWS\System32\DRIVERS\NTIDrvr.sys

"Virtueller Bluetooth-Kommunikationstreiber" (BTDriver) - "Broadcom Corporation." - C:\WINDOWS\System32\DRIVERS\btport.sys

"WAN Miniport (ATW)" (wanatw) - ? - C:\WINDOWS\System32\DRIVERS\wanatw4.sys  (File not found)

"WDICA" (WDICA) - ? - C:\WINDOWS\system32\drivers\WDICA.sys  (File not found)

"WIDCOMM USB Bluetooth Driver" (BTWUSB) - "Broadcom Corporation." - C:\WINDOWS\System32\Drivers\btwusb.sys

"WLAN-Transport" (s24trans) - "Intel Corporation" - C:\WINDOWS\System32\DRIVERS\s24trans.sys
 

[Explorer]

-----( HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components )-----

{B2C3BB6B-E005-4246-B8E5-DF0A4D073CDC} "PixiePack Codec Pack 1.0.100.0" - ? - C:\Programme\PixiePack Codec Pack\InstallerHelper.exe

{89B4C1CD-B018-4511-B0A1-5476DBF70820} "StubPath" - "Microsoft Corporation" - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install

-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----

{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - c:\Programme\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll

-----( HKLM\Software\Classes\Protocols\Filter )-----

{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll

{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll

{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll

{807553E5-5146-11D5-A672-00B0D022E945} "text/xml" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL

-----( HKLM\Software\Classes\Protocols\Handler )-----

{32505114-5902-49B2-880A-1F7738E5A384} "Data Page Plugable Protocal mso-offdap11 Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\WEBCOM~1\11\OWC11.DLL

{3D9F03FA-7A94-11D3-BE81-0050048385D1} "Data Page Pluggable Protocol mso-offdap Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\WEBCOM~1\10\OWC10.DLL

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----

{32020A01-506E-484D-A2A8-BE3CF17601C3} "AlcoholShellEx" - ? -   (File not found | COM-object registry key not found)

{6af09ec9-b429-11d4-a1fb-0090960218cb} "Bluetooth-Umgebung" - "Broadcom Corporation." - C:\WINDOWS\system32\btneighborhood.dll

{42071714-76d4-11d1-8b24-00a0c9068ff3} "CPL-Erweiterung für Anzeigeverschiebung" - ? - deskpan.dll  (File not found)

{1CDB2949-8F65-4355-8456-263E7C208A5D} "Desktop Explorer" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvshell.dll

{1E9B04FB-F9E5-4718-997B-B8DA88302A47} "Desktop Explorer Menu" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvshell.dll

{2b45bd21-71f8-4c8c-a87a-7eeb25a1a3e0} "EPM-PO Shell Extensions" - "Acer Labs USA" - C:\WINDOWS\system32\epm-po.dll

{1D2680C9-0E2A-469d-B787-065558BC7D43} "Fusion Cache" - "Microsoft Corporation" - c:\WINDOWS\system32\mscoree.dll

{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} "Kontextmenü für die Verschlüsselung" - ? -   (File not found | COM-object registry key not found)

{73B24247-042E-4EF5-ADC2-42F62E6FD654} "MCLiteShellExt Class" - ? - C:\Programme\ICQLite\ICQLiteShell.dll

{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Programme\Microsoft Office\OFFICE11\msohev.dll

{00020D75-0000-0000-C000-000000000046} "Microsoft Office Outlook" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\OFFICE11\MLSHEXT.DLL

{D9872D13-7651-4471-9EEE-F0A00218BEBB} "Multiscan" - ? -   (File not found | COM-object registry key not found)

{1E9B04FB-F9E5-4718-997B-B8DA88302A48} "nView Desktop Context Menu" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvshell.dll

{0006F045-0000-0000-C000-000000000046} "Outlook-Dateisymbolerweiterung" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\OFFICE11\OLKFSTUB.DLL

{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\shlext.dll

{E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} "Shell Icon Handler for Application References" - "Microsoft Corporation" - c:\WINDOWS\system32\dfshim.dll

{764BF0E1-F219-11ce-972D-00AA00A14F56} "Shellerweiterungen für die Dateikomprimierung" - ? -   (File not found | COM-object registry key not found)

{e82a2d71-5b2f-43a0-97b8-81be15854de8} "ShellLink for Application References" - "Microsoft Corporation" - c:\WINDOWS\system32\dfshim.dll

{4838CD50-7E5D-4811-9B17-C47A85539F28} "TuneUp Disk Space Explorer Shell Extension" - "TuneUp Software" - C:\Programme\TuneUp Utilities 2010\DseShExt-x86.dll

{4858E7D9-8E12-45a3-B6A3-1CD128C9D403} "TuneUp Shredder Shell Extension" - "TuneUp Software" - C:\Programme\TuneUp Utilities 2010\SDShelEx-win32.dll

{44440D00-FF19-4AFC-B765-9A0970567D97} "TuneUp Theme Extension" - "TuneUp Software" - C:\WINDOWS\System32\uxtuneup.dll

{BDEADF00-C265-11D0-BCED-00A0C90AB50F} "Webordner" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL

{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - ? - C:\Programme\WinRAR\rarext.dll  (File found, but it contains no detailed information)
 

[Internet Explorer]

-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----

<binary data> "ITBarLayout" - ? -   (File not found | COM-object registry key not found)

<binary data> "{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7}" - ? -   (File not found | COM-object registry key not found)

<binary data> "{2318C2B1-4965-11D4-9B18-009027A5CD4F}" - ? -   (File not found | COM-object registry key not found)

-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----

{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} "Java Plug-in 1.5.0_10" - "Sun Microsystems, Inc." - C:\Programme\Java\jre1.5.0_10\bin\npjpi150_10.dll / hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab

{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_20" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_20.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} "Java Plug-in 1.6.0_20" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_20.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_20" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_20.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

{D27CDB6E-AE6D-11CF-96B8-444553540000} "Shockwave Flash Object" - "Adobe Systems, Inc." - C:\WINDOWS\system32\Macromed\Flash\Flash9f.ocx / hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----

"ICQ Lite" - ? - C:\Programme\ICQLite\ICQLite.exe  (File not found)

"ICQ6" - "ICQ, LLC." - C:\Programme\ICQ6.5\ICQ.exe

"Messenger" - ? - C:\Programme\Messenger\msmsgs.exe  (File not found)

{FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Recherchieren" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )-----

<binary data> "Acer eDataSecurity Management" - "HiTRUST" - C:\WINDOWS\system32\eDStoolbar.dll

{327C2873-E90D-4c37-AA9D-10AC9BABA46C} "Easy-WebPrint" - ? -   (File not found | COM-object registry key not found)

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----

{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} "AcroIEHlprObj Class" - "Adobe Systems Incorporated" - c:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jp2ssv.dll

{E7E6F031-17CE-4C07-BC86-EABFE594F69C} "JQSIEStartDetectorImpl Class" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

{9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live Sign-in Helper" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
 

[Logon]

-----( %AllUsersProfile%\Startmenü\Programme\Autostart )-----

"desktop.ini" - ? - C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\desktop.ini

-----( %UserProfile%\Startmenü\Programme\Autostart )-----

"desktop.ini" - ? - C:\Dokumente und Einstellungen\Motthino\Startmenü\Programme\Autostart\desktop.ini

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----

"Acer ePower Management" - "Acer Value Labs, Taiwan" - C:\Acer\Empowering Technology\ePower\Acer ePower Management.exe boot

"avgnt" - "Avira GmbH" - "C:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min

"eDataSecurity Loader" - "HiTRUST" - C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe

"ePower_DMC" - "Acer Incorporated" - C:\Acer\Empowering Technology\ePower\ePower_DMC.exe

"LaunchApp" - "Acer Inc." - Alaunch

"LogitechVideo[inspector]" - "Acer" - C:\Programme\Acer\OrbiCam\InstallHelper.exe /inspect

"LVCOMSX" - "Logitech" - C:\WINDOWS\system32\LVCOMSX.EXE

"nwiz" - "NVIDIA Corporation" - nwiz.exe /install
 

[Print Monitors]

-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----

"Bluetooth-Druckeranschluss" - "Broadcom Corporation." - C:\WINDOWS\system32\bthcrp.dll

"Microsoft Document Imaging Writer Monitor" - "Microsoft Corporation" - C:\WINDOWS\system32\mdimon.dll
 

[Services]

-----( HKLM\SYSTEM\CurrentControlSet\Services )-----

".NET Runtime Optimization Service v2.0.50727_X86" (clr_optimization_v2.0.50727_32) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

"AdminWorks Agent X6" (AWService) - "Avocent Inc." - C:\Acer\Empowering Technology\admServ.exe

"Anwendungsverwaltung" (AppMgmt) - ? - C:\WINDOWS\System32\appmgmts.dll  (File not found)

"ASP.NET-Zustandsdienst" (aspnet_state) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe

"Avira AntiVir Guard" (AntiVirService) - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\avguard.exe

"Avira AntiVir Planer" (AntiVirSchedulerService) - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\sched.exe

"Bluetooth Service" (btwdins) - "Broadcom Corporation." - c:\Programme\WIDCOMM\Bluetooth Software\bin\btwdins.exe

"Cyberlink RichVideo Service(CRVS)" (RichVideo) - ? - "C:\Programme\CyberLink\Shared Files\RichVideo.exe"  (File not found)

"Google Update Service (gupdate1c991d113be18ec)" (gupdate1c991d113be18ec) - "Google Inc." - C:\Programme\Google\Update\GoogleUpdate.exe

"InstallDriver Table Manager" (IDriverT) - "Macrovision Corporation" - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe

"Intel(R) PROSet/Wireless Event Log" (EvtEng) - "Intel Corporation" - C:\Programme\Intel\Wireless\Bin\EvtEng.exe

"Intel(R) PROSet/Wireless Registry Service" (RegSrvc) - "Intel Corporation" - C:\Programme\Intel\Wireless\Bin\RegSrvc.exe

"Intel(R) PROSet/Wireless Service" (S24EventMonitor) - "Intel Corporation " - C:\Programme\Intel\Wireless\Bin\S24EvMon.exe

"Java Quick Starter" (JavaQuickStarterService) - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jqs.exe

"LightScribeService Direct Disc Labeling Service" (LightScribeService) - "Hewlett-Packard Company" - C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe

"Logitech Process Monitor" (LVPrcSrv) - "Logitech" - c:\programme\gemeinsame dateien\logitech\lvmvfm\LVPrcSrv.exe

"Office Source Engine" (ose) - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE

"TomTomHOMEService" (TomTomHOMEService) - "TomTom" - C:\Programme\TomTom HOME 2\TomTomHOMEService.exe

"TuneUp Designerweiterung" (UxTuneUp) - "TuneUp Software" - C:\WINDOWS\System32\uxtuneup.dll

"TuneUp Drive Defrag-Dienst" (TuneUp.Defrag) - "TuneUp Software" - C:\Programme\TuneUp Utilities 2010\TuneUpDefragService.exe

"TuneUp Utilities Service" (TuneUp.UtilitiesSvc) - "TuneUp Software" - C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe

"Windows CardSpace" (idsvc) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe

"Windows Presentation Foundation Font Cache 3.0.0.0" (FontCache3.0.0.0) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
 

[Winlogon]

-----( HKCU\Control Panel\IOProcs )-----

"MVB" - ? - mvfs32.dll  (File not found)

-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions )-----

{c6dc5466-785a-11d2-84d0-00c04fb169f7} "Softwareinstallation" - ? - appmgmts.dll  (File not found)

-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify )-----

"WgaLogon" - "Microsoft Corporation" - C:\WINDOWS\system32\WgaLogon.dll
 

===[ Logfile end ]=========================================[ Logfile end ]===

--- --- ---

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows XP Home Edition
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x0000001c

Kernel Drivers (total 203):
0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
0x806E6000 \WINDOWS\system32\hal.dll
0xF7AD2000 \WINDOWS\system32\KDCOM.DLL
0xF79E2000 \WINDOWS\system32\BOOTVID.dll
0xF73FE000 sptd.sys
0xF7AD4000 \WINDOWS\System32\Drivers\WMILIB.SYS
0xF73E6000 \WINDOWS\System32\Drivers\SPTD3389.SYS
0xF73B7000 ACPI.sys
0xF73A6000 pci.sys
0xF75D2000 isapnp.sys
0xF75E2000 ohci1394.sys
0xF75F2000 \WINDOWS\system32\DRIVERS\1394BUS.SYS
0xF79E6000 compbatt.sys
0xF79EA000 \WINDOWS\system32\DRIVERS\BATTC.SYS
0xF7B9A000 pciide.sys
0xF7852000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xF7AD6000 aliide.sys
0xF7AD8000 intelide.sys
0xF7ADA000 toside.sys
0xF7ADC000 viaide.sys
0xF7ADE000 cmdide.sys
0xF7388000 pcmcia.sys
0xF7602000 MountMgr.sys
0xF7369000 ftdisk.sys
0xF79EE000 ACPIEC.sys
0xF7B9B000 \WINDOWS\system32\DRIVERS\OPRGHDLR.SYS
0xF785A000 PartMgr.sys
0xF7612000 VolSnap.sys
0xF79F2000 cpqarray.sys
0xF7351000 \WINDOWS\system32\DRIVERS\SCSIPORT.SYS
0xF7339000 atapi.sys
0xF79F6000 aha154x.sys
0xF7862000 sparrow.sys
0xF79FA000 symc810.sys
0xF7622000 aic78xx.sys
0xF79FE000 dac960nt.sys
0xF7632000 ql10wnt.sys
0xF7A02000 amsint.sys
0xF786A000 asc.sys
0xF7A06000 asc3550.sys
0xF7872000 mraid35x.sys
0xF787A000 i2omp.sys
0xF7A0A000 ini910u.sys
0xF7642000 ql1240.sys
0xF7652000 aic78u2.sys
0xF7882000 symc8xx.sys
0xF788A000 sym_hi.sys
0xF7892000 sym_u3.sys
0xF789A000 ABP480N5.SYS
0xF78A2000 asc3350p.sys
0xF7AE0000 cd20xrnt.sys
0xF7662000 ultra.sys
0xF7320000 adpu160m.sys
0xF78AA000 dpti2o.sys
0xF7672000 ql1080.sys
0xF7682000 ql1280.sys
0xF7692000 ql12160.sys
0xF78B2000 perc2.sys
0xF7AE2000 perc2hib.sys
0xF78BA000 hpn.sys
0xF7A0E000 cbidf2k.sys
0xF72F4000 dac2w2k.sys
0xF76A2000 disk.sys
0xF76B2000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xF72D4000 fltmgr.sys
0xF72C2000 sr.sys
0xF76C2000 PxHelp20.sys
0xF72AB000 KSecDD.sys
0xF721E000 Ntfs.sys
0xF71F1000 NDIS.sys
0xF76D2000 sisagp.sys
0xF76E2000 viaagp.sys
0xF71DD000 prohlp01.sys
0xF71C3000 Mup.sys
0xF76F2000 agp440.sys
0xF7702000 alim1541.sys
0xF7712000 amdagp.sys
0xF7722000 agpCPQ.sys
0xF7752000 \SystemRoot\system32\DRIVERS\intelppm.sys
0xF7ACA000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0xF6CF8000 \SystemRoot\system32\DRIVERS\nv4_mini.sys
0xF6CE4000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xF6C94000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0xF6C6B000 \SystemRoot\system32\DRIVERS\b57xp32.sys
0xF6B0D000 \SystemRoot\system32\DRIVERS\w39n51.sys
0xF793A000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0xF6AE9000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xF7942000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xF7762000 \SystemRoot\system32\DRIVERS\nic1394.sys
0xF7772000 \SystemRoot\system32\DRIVERS\EMS7SK.sys
0xF6AD5000 \SystemRoot\system32\DRIVERS\sdbus.sys
0xF6AC2000 \SystemRoot\system32\DRIVERS\ESM7SK.sys
0xF7782000 \SystemRoot\system32\DRIVERS\ESD7SK.sys
0xF70E7000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0xF7792000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0xF796A000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xF6A92000 \SystemRoot\system32\DRIVERS\SynTP.sys
0xF7AF0000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xF797A000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xF77A2000 \SystemRoot\system32\DRIVERS\smcirda.sys
0xF70E3000 \SystemRoot\system32\DRIVERS\irenum.sys
0xF77B2000 \SystemRoot\system32\DRIVERS\imapi.sys
0xF77C2000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xF77D2000 \SystemRoot\system32\DRIVERS\redbook.sys
0xF69CF000 \SystemRoot\system32\DRIVERS\ks.sys
0xF7AF2000 \SystemRoot\system32\DRIVERS\NTIDrvr.sys
0xF6903000 \SystemRoot\system32\DRIVERS\btkrnl.sys
0xF799A000 \SystemRoot\system32\drivers\tbhsd.sys
0xF68DF000 \SystemRoot\system32\drivers\portcls.sys
0xF77F2000 \SystemRoot\system32\drivers\drmk.sys
0xF7C4B000 \SystemRoot\system32\DRIVERS\audstub.sys
0xF79B2000 \SystemRoot\system32\DRIVERS\rasirda.sys
0xF79C2000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xF7133000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xF70B2000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xF68C8000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xF7123000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xF7742000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xF68B7000 \SystemRoot\system32\DRIVERS\psched.sys
0xF6A82000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xF78CA000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xF78F2000 \SystemRoot\system32\DRIVERS\raspti.sys
0xF6A72000 \SystemRoot\system32\DRIVERS\termdd.sys
0xF7AF8000 \SystemRoot\system32\DRIVERS\swenum.sys
0xF6859000 \SystemRoot\system32\DRIVERS\update.sys
0xF70A2000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xF680B000 \SystemRoot\system32\drivers\btaudio.sys
0xF6A42000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xF43A1000 \SystemRoot\system32\drivers\RtkHDAud.sys
0xF436B000 \SystemRoot\system32\DRIVERS\HSFHWAZL.sys
0xF4277000 \SystemRoot\system32\DRIVERS\HSF_DPV.sys
0xF41C6000 \SystemRoot\system32\DRIVERS\HSF_CNXT.sys
0xF7912000 \SystemRoot\System32\Drivers\Modem.SYS
0xF6A12000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xF6CD0000 \SystemRoot\System32\Drivers\i2omgmt.SYS
0xF7B02000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xF7CB3000 \SystemRoot\System32\Drivers\Null.SYS
0xF7B06000 \SystemRoot\System32\Drivers\Beep.SYS
0xF7962000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xF7972000 \SystemRoot\system32\DRIVERS\Amfilter.sys
0xF7982000 \SystemRoot\System32\drivers\vga.sys
0xF7B0C000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xF7B10000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xF7992000 \SystemRoot\System32\Drivers\Msfs.SYS
0xF79AA000 \SystemRoot\System32\Drivers\Npfs.SYS
0xF6CC4000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xF407B000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xF4022000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xF3FFA000 \SystemRoot\system32\DRIVERS\netbt.sys
0xF3FD4000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xF70DB000 \SystemRoot\System32\drivers\ws2ifsl.sys
0xF3FB2000 \SystemRoot\System32\drivers\afd.sys
0xF79D2000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0xF7802000 \SystemRoot\system32\DRIVERS\netbios.sys
0xF78EA000 \SystemRoot\system32\DRIVERS\ssmdrv.sys
0xF3F87000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xF3F4B000 \SystemRoot\System32\drivers\prodrv05.sys
0xF6803000 \??\C:\WINDOWS\system32\drivers\OsaFsLoc.sys
0xF3EDB000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xF7812000 \SystemRoot\System32\Drivers\Fips.SYS
0xF3EBF000 \SystemRoot\system32\DRIVERS\avipbb.sys
0xF7832000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xF7842000 \SystemRoot\system32\DRIVERS\arp1394.sys
0xF7B16000 \??\C:\Programme\Avira\AntiVir Desktop\avgio.sys
0xF3C75000 \??\C:\WINDOWS\system32\drivers\lvmvdrv.sys
0xF71A3000 \SystemRoot\system32\drivers\lvusbsta.sys
0xF3B69000 \SystemRoot\system32\DRIVERS\lv321av.sys
0xF7193000 \SystemRoot\system32\DRIVERS\STREAM.SYS
0xF411A000 \SystemRoot\system32\DRIVERS\hidusb.sys
0xF7183000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0xF4116000 \SystemRoot\system32\DRIVERS\mouhid.sys
0xF7173000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xF3A89000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xF7B26000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xF70C6000 \SystemRoot\System32\drivers\Dxapi.sys
0xF40D6000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xF7C75000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF012000 \SystemRoot\System32\nv4_disp.dll
0xBA4D4000 \SystemRoot\system32\DRIVERS\avgntflt.sys
0xBF3E0000 \SystemRoot\System32\ATMFD.DLL
0xF79BA000 \SystemRoot\system32\DRIVERS\AegisP.sys
0xBA3A6000 \SystemRoot\system32\DRIVERS\irda.sys
0xBA4E8000 \SystemRoot\system32\DRIVERS\s24trans.sys
0xBA47C000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xB9849000 \SystemRoot\system32\drivers\wdmaud.sys
0xB99C6000 \SystemRoot\system32\drivers\sysaudio.sys
0xF79CA000 \??\C:\WINDOWS\system32\drivers\btserial.sys
0xF7C30000 \??\C:\WINDOWS\system32\drivers\epm-psd.sys
0xB962D000 \??\C:\WINDOWS\system32\drivers\epm-shd.sys
0xB95F4000 \??\C:\Acer\Empowering Technology\eRecovery\int15.sys
0xB94AC000 \SystemRoot\system32\DRIVERS\srv.sys
0xF7D0B000 \??\C:\WINDOWS\system32\Machnm32.sys
0xB960D000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
0xF7B76000 \??\C:\WINDOWS\system32\drivers\osaio.sys
0xF7BB8000 \??\C:\WINDOWS\system32\drivers\osanbm.sys
0xB8F38000 \SystemRoot\System32\Drivers\Fastfat.SYS
0xF40BE000 \??\C:\WINDOWS\system32\drivers\LVPrcMon.sys
0xB8D67000 \SystemRoot\System32\Drivers\HTTP.sys
0xF7C92000 \??\C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys
0xB7B48000 \SystemRoot\system32\drivers\kmixer.sys
0x7C910000 \WINDOWS\system32\ntdll.dll

Processes (total 48):
0 System Idle Process
4 System
852 C:\WINDOWS\system32\smss.exe
568 csrss.exe
640 C:\WINDOWS\system32\winlogon.exe
1048 C:\WINDOWS\system32\services.exe
1068 C:\WINDOWS\system32\lsass.exe
1516 C:\WINDOWS\system32\svchost.exe
1648 svchost.exe
1776 C:\WINDOWS\system32\svchost.exe
1888 C:\Programme\Intel\Wireless\Bin\EvtEng.exe
1984 C:\Programme\Intel\Wireless\Bin\S24EvMon.exe
548 svchost.exe
644 svchost.exe
1252 C:\WINDOWS\system32\spoolsv.exe
1344 C:\Programme\Gemeinsame Dateien\Logitech\LVMVFM\LVPrcSrv.exe
1352 C:\Programme\Avira\AntiVir Desktop\sched.exe
340 C:\Programme\Avira\AntiVir Desktop\avguard.exe
524 C:\Acer\Empowering Technology\admServ.exe
1616 C:\WINDOWS\explorer.exe
1952 svchost.exe
2028 C:\Programme\WIDCOMM\Bluetooth Software\bin\btwdins.exe
768 C:\Programme\Java\jre6\bin\jqs.exe
1436 C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe
744 C:\WINDOWS\system32\nvsvc32.exe
656 C:\Programme\Intel\Wireless\Bin\RegSrvc.exe
988 C:\WINDOWS\system32\svchost.exe
1080 C:\Programme\TomTom HOME 2\TomTomHOMEService.exe
924 C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
2204 C:\Programme\Synaptics\SynTP\SynTPEnh.exe
2272 C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
2332 C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
2396 C:\WINDOWS\system32\LVCOMSX.EXE
2464 C:\WINDOWS\system32\rundll32.exe
2448 C:\Acer\Empowering Technology\eRecovery\Monitor.exe
2568 C:\Programme\Avira\AntiVir Desktop\avgnt.exe
2372 wmiprvse.exe
2980 C:\WINDOWS\system32\wbem\unsecapp.exe
3120 wmiprvse.exe
3360 C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
2352 C:\WINDOWS\system32\wbem\wmiapsrv.exe
324 alg.exe
3688 C:\Programme\Alice\Signup\AliceCnn.exe
3968 C:\WINDOWS\system32\svchost.exe
940 C:\Programme\Mozilla Firefox\firefox.exe
3400 C:\WINDOWS\system32\igfxsrvc.exe
3668 C:\WINDOWS\system32\wscntfy.exe
2592 C:\Dokumente und Einstellungen\Motthino\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000001`384c7a00 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000013`2e00be00 (NTFS)

PhysicalDrive0 Model Number: HitachiHTS541616J9SA00, Rev: SB4OC70P

Size Device Name MBR Status
--------------------------------------------
149 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: 6A37CCD118436B688B51F6BD4C2B47A895EBDF7F

Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Done!