Microsoft Security Essentials Alert

cosinus · 23.09.2010, 20:47

Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix

Lade dir ComboFix hier herunter auf deinen Desktop. Benenne es beim Runterladen um in cofi.exe.

Dann folgende Anleitung durchlesen und abarbeiten -> CCleaner Systembereinigung

Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.

Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.

Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.

Wichtiger Hinweis:

Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Schukk · 23.09.2010, 21:35

Während des ComboFix-Scans ist der PC abgestürzt und es kam eine von diesen Fehlermeldungen mit weißer Schrift auf blauem Hintergrund:

Es wurde ein Problem festgestellt. Windows wurde heruntergefahren. damit der Computer nicht beschädigt wird.

BAD_POOL_HEADER

...

Technische Information:

*** STOP: 0x00000019 (0x00000020, 0x81B523D0, 0x81B527E8, 0x1A830001)

cosinus · 23.09.2010, 21:52

Probiers bitte nochmal aus.

Schukk · 23.09.2010, 22:32

Ich hab es jetzt insgesamt 4 mal versucht, ohne Erfolg. Das Problem entsteht jedes Mal, während ComboFix das Logfile erstellen will, also kurz vor Schluss. Das Logfile ist aber danach auch nicht vorhanden.

cosinus · 24.09.2010, 08:27

Hast Du einen Ordner C:\Qoobox ?

Schukk · 24.09.2010, 10:49

D:\Qoobox, ja.

cosinus · 24.09.2010, 11:04

Bitte folgendes machen:

1.) GANZ WICHTIG!! Virenscanner deaktivieren, der darf da nicht rummurksen!
2.) Ordner C:\Qoobox in eine Datei zippen
3.) die erstellte ZIP-Datei hier hochladen => http://www.trojaner-board.de/54791-a...ner-board.html
4.) Wenns erfolgreich war Bescheid sagen
5.) Erst dann wieder den Virenscanner einschalten

Schukk · 24.09.2010, 11:49

So, das müsste geklappt haben

cosinus · 24.09.2010, 13:27

Da steht nur Müll drin

Bitte nun Logs mit GMER und OSAM erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus

Anschließend den bootkit_remover herunterladen. Entpacke das Tool in einen eigenen Ordner auf dem Desktop und führe in diesem Ordner die Datei remove.exe aus.

Wenn Du Windows Vista oder Windows 7 verwendest, musst Du die remover.exe über ein Rechtsklick => als Administrator ausführen

Ein schwarzes Fenster wird sich öffnen und automatisch nach bösartigen Veränderungen im MBR suchen.
Poste dann bitte, ob es Veränderungen gibt und wenn ja in welchem device. Am besten alles posten was die remover.exe ausgibt.

Schukk · 24.09.2010, 18:59

GMER ist jedes Mal schon nach einer Milisekunde abgestürzt.

OSAM:

Code:

ATTFilter

Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 19:49:45 on 24.09.2010

OS: Windows XP Professional Service Pack 2 (Build 2600)
Default Browser: Mozilla Corporation Firefox 3.6.10

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Common]
-----( %SystemRoot%\Tasks )-----
"AppleSoftwareUpdate.job" - "Apple Inc." - D:\Programme\Apple Software Update\SoftwareUpdate.exe
"GoogleUpdateTaskMachineCore.job" - "Google Inc." - D:\Programme\Google\Update\GoogleUpdate.exe
"GoogleUpdateTaskMachineUA.job" - "Google Inc." - D:\Programme\Google\Update\GoogleUpdate.exe
"WGASetup.job" - "Microsoft Corporation" - D:\WINDOWS\system32\KB905474\wgasetup.exe

[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"alsndmgr.cpl" - ? - D:\WINDOWS\system32\alsndmgr.cpl  (File signed by Microsoft | File found, but it contains no detailed information)
"javacpl.cpl" - "Sun Microsystems, Inc." - D:\WINDOWS\system32\javacpl.cpl
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"Avira AntiVir Personal - Free Antivirus " - "Avira GmbH" - D:\PROGRA~1\Avira\ANTIVI~1\avconfig.cpl
"mlcfg32.cpl" - "Microsoft Corporation" - D:\PROGRA~1\MICROS~2\Office12\MLCFG32.CPL
"QuickTime" - "Apple Inc." - D:\Programme\QuickTime\QTSystem\QuickTime.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"ASPI32" (ASPI32) - "Adaptec" - D:\WINDOWS\system32\drivers\ASPI32.sys
"avgio" (avgio) - "Avira GmbH" - D:\Programme\Avira\AntiVir Desktop\avgio.sys
"avgntflt" (avgntflt) - "Avira GmbH" - D:\WINDOWS\System32\DRIVERS\avgntflt.sys
"avipbb" (avipbb) - "Avira GmbH" - D:\WINDOWS\System32\DRIVERS\avipbb.sys
"catchme" (catchme) - ? - D:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\catchme.sys  (File not found)
"Changer" (Changer) - ? - D:\WINDOWS\system32\drivers\Changer.sys  (File not found)
"ElbyCDIO Driver" (ElbyCDIO) - "Elaborate Bytes AG" - D:\WINDOWS\System32\Drivers\ElbyCDIO.sys
"FsUsbExDisk" (FsUsbExDisk) - ? - D:\WINDOWS\system32\FsUsbExDisk.SYS  (File found, but it contains no detailed information)
"i2omgmt" (i2omgmt) - ? - D:\WINDOWS\system32\drivers\i2omgmt.sys  (File not found)
"lbrtfdc" (lbrtfdc) - ? - D:\WINDOWS\system32\drivers\lbrtfdc.sys  (File not found)
"Nsynas32" (Nsynas32) - "Syncrosoft Hard- und Software GmbH" - D:\WINDOWS\system32\drivers\Nsynas32.sys
"PCIDump" (PCIDump) - ? - D:\WINDOWS\system32\drivers\PCIDump.sys  (File not found)
"PDCOMP" (PDCOMP) - ? - D:\WINDOWS\system32\drivers\PDCOMP.sys  (File not found)
"PDFRAME" (PDFRAME) - ? - D:\WINDOWS\system32\drivers\PDFRAME.sys  (File not found)
"PDRELI" (PDRELI) - ? - D:\WINDOWS\system32\drivers\PDRELI.sys  (File not found)
"PDRFRAME" (PDRFRAME) - ? - D:\WINDOWS\system32\drivers\PDRFRAME.sys  (File not found)
"qlveyv" (qlveyv) - ? - D:\WINDOWS\System32\drivers\uduihpwh.sys  (File not found)
"Secdrv" (Secdrv) - "Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K." - D:\WINDOWS\System32\DRIVERS\secdrv.sys
"ssmdrv" (ssmdrv) - "Avira GmbH" - D:\WINDOWS\System32\DRIVERS\ssmdrv.sys
"VClone" (VClone) - "Elaborate Bytes AG" - D:\WINDOWS\System32\DRIVERS\VClone.sys
"WDICA" (WDICA) - ? - D:\WINDOWS\system32\drivers\WDICA.sys  (File not found)

[Explorer]
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - D:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.dll
-----( HKLM\Software\Classes\Protocols\Filter )-----
{807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - D:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
-----( HKLM\Software\Classes\Protocols\Handler )-----
{314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - D:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll
{88FED34C-F0CA-4636-A375-3CB6248B04CD} "Local Groove Web Services Protocol" - "Microsoft Corporation" - D:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )-----
{B5A7F190-DDA6-4420-B3BA-52453494E6CD} "Groove GFS Stub Execution Hook" - "Microsoft Corporation" - D:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{42071714-76d4-11d1-8b24-00a0c9068ff3} "CPL-Erweiterung für Anzeigeverschiebung" - ? - deskpan.dll  (File not found)
{44467666-9E17-11d5-8640-0050BAAABDE1} "Febooti fileTweak Property Pages" - ? -   (File not found | COM-object registry key not found)
{99FD978C-D287-4F50-827F-B2C658EDA8E7} "Groove Explorer Icon Overlay 1 (GFS Unread Stub)" - "Microsoft Corporation" - D:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
{AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} "Groove Explorer Icon Overlay 2 (GFS Stub)" - "Microsoft Corporation" - D:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
{920E6DB1-9907-4370-B3A0-BAFC03D81399} "Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)" - "Microsoft Corporation" - D:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
{16F3DD56-1AF5-4347-846D-7C10C4192619} "Groove Explorer Icon Overlay 3 (GFS Folder)" - "Microsoft Corporation" - D:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
{2916C86E-86A6-43FE-8112-43ABE6BF8DCC} "Groove Explorer Icon Overlay 4 (GFS Unread Mark)" - "Microsoft Corporation" - D:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
{2A541AE1-5BF6-4665-A8A3-CFA9672E4291} "Groove Folder Synchronization" - "Microsoft Corporation" - D:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
{72853161-30C5-4D22-B7F9-0BBC1D38A37E} "Groove GFS Browser Helper" - "Microsoft Corporation" - D:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
{6C467336-8281-4E60-8204-430CED96822D} "Groove GFS Context Menu Handler" - "Microsoft Corporation" - D:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
{B5A7F190-DDA6-4420-B3BA-52453494E6CD} "Groove GFS Stub Execution Hook" - "Microsoft Corporation" - D:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
{A449600E-1DC6-4232-B948-9BD794D62056} "Groove GFS Stub Icon Handler" - "Microsoft Corporation" - D:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
{387E725D-DC16-4D76-B310-2C93ED4752A0} "Groove XML Icon Handler" - "Microsoft Corporation" - D:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} "iTunes" - "Apple Inc." - C:\Programme\iTunes\iTunesMiniPlayer.dll
{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} "Kontextmenü für die Verschlüsselung" - ? -   (File not found | COM-object registry key not found)
{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - D:\Programme\Microsoft Office\Office12\msohevi.dll
{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - D:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\msoshext.dll
{5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C} "Microsoft Office OneNote Namespace Extension for Windows Desktop Search" - "Microsoft Corporation" - D:\PROGRA~1\MICROS~2\Office12\ONFILTER.DLL
{00020D75-0000-0000-C000-000000000046} "Microsoft Office Outlook" - "Microsoft Corporation" - D:\PROGRA~1\MICROS~2\Office12\MLSHEXT.DLL
{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - D:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\msoshext.dll
{0006F045-0000-0000-C000-000000000046} "Outlook File Icon Extension" - "Microsoft Corporation" - D:\PROGRA~1\MICROS~2\Office12\OLKFSTUB.DLL
{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira GmbH" - D:\Programme\Avira\AntiVir Desktop\shlext.dll
{764BF0E1-F219-11ce-972D-00AA00A14F56} "Shellerweiterungen für die Dateikomprimierung" - ? -   (File not found | COM-object registry key not found)
{B7056B8E-4F99-44f8-8CBD-282390FE5428} "VirtualCloneDrive Shell Extension" - "Elaborate Bytes AG" - D:\Programme\Elaborate Bytes\VirtualCloneDrive\ElbyVCDShell.dll
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} "Web Folders" - "Microsoft Corporation" - D:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Folders\MSONSEXT.DLL
{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - "Alexander Roshal" - D:\Programme\WinRAR\rarext.dll

[Internet Explorer]
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
<binary data> "ITBarLayout" - ? -   (File not found | COM-object registry key not found)
-----( HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks )-----
{855F3B16-6D32-4fe6-8A56-BBB695989046} "ICQToolBar" - "ICQ" - D:\Programme\ICQ6Toolbar\ICQToolBar.dll
 "{855F3B16-6D32-4fe6-8A56-BBB695989046}" - ? -   (File not found | COM-object registry key not found)
{EF99BD32-C1FB-11D2-892F-0090271D4F88} "{EF99BD32-C1FB-11D2-892F-0090271D4F88}" - ? -   (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_18" - "Sun Microsystems, Inc." - D:\Programme\Java\jre6\bin\npjpi160_18.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} "Java Plug-in 1.6.0_18" - "Sun Microsystems, Inc." - D:\Programme\Java\jre6\bin\npjpi160_18.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_18" - "Sun Microsystems, Inc." - D:\Programme\Java\jre6\bin\npjpi160_18.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
{D27CDB6E-AE6D-11CF-96B8-444553540000} "Shockwave Flash Object" - "Adobe Systems, Inc." - D:\WINDOWS\system32\Macromed\Flash\Flash10c.ocx / hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
{48E73304-E1D6-4330-914C-F5F514E3486C} "An OneNote senden" - "Microsoft Corporation" - D:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
{25BC7718-0BFA-40EA-B381-4B2D9732D686} "ClsidExtension" - "Yahoo! Inc." - D:\Programme\Yahoo!\Search Protection\ysp.dll
"ICQ7.2" - "ICQ, LLC." - D:\Programme\ICQ7.2\ICQ.exe
{FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" - "Microsoft Corporation" - D:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )-----
{855F3B16-6D32-4FE6-8A56-BBB695989046} "ICQToolBar" - "ICQ" - D:\Programme\ICQ6Toolbar\ICQToolBar.dll
<binary data> "{EF99BD32-C1FB-11D2-892F-0090271D4F88}" - ? -   (File not found | COM-object registry key not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - D:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
{72853161-30C5-4D22-B7F9-0BBC1D38A37E} "Groove GFS Browser Helper" - "Microsoft Corporation" - D:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - D:\Programme\Java\jre6\bin\jp2ssv.dll
{E7E6F031-17CE-4C07-BC86-EABFE594F69C} "JQSIEStartDetectorImpl Class" - "Sun Microsystems, Inc." - D:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
{25BC7718-0BFA-40EA-B381-4B2D9732D686} "Yahooo Search Protection" - "Yahoo! Inc." - D:\Programme\Yahoo!\Search Protection\ysp.dll
{02478D38-C3F9-4efb-9B51-7695ECA05670} "{02478D38-C3F9-4efb-9B51-7695ECA05670}" - ? -   (File not found | COM-object registry key not found)

[Logon]
-----( %AllUsersProfile%\Startmenü\Programme\Autostart )-----
"desktop.ini" - ? - D:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\desktop.ini
-----( %UserProfile%\Startmenü\Programme\Autostart )-----
"desktop.ini" - ? - D:\Dokumente und Einstellungen\Administrator\Startmenü\Programme\Autostart\desktop.ini
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----
"AlcoholAutomount" - "Alcohol Soft Development Team" - "D:\Programme\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
"AutoStartNPSAgent" - "Samsung Electronics Co., Ltd." - C:\Programme\Samsung\Samsung PC Studio\NPSAgent.exe
"ICQ" - "ICQ, LLC." - "D:\Programme\ICQ7.2\ICQ.exe" silent loginmode=4
"Search Protection" - "Yahoo! Inc" - D:\Programme\Yahoo!\Search Protection\SearchProtection.exe
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"Adobe Reader Speed Launcher" - "Adobe Systems Incorporated" - "D:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"avgnt" - "Avira GmbH" - "D:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min
"GrooveMonitor" - "Microsoft Corporation" - "D:\Programme\Microsoft Office\Office12\GrooveMonitor.exe"
"iTunesHelper" - "Apple Inc." - "C:\Programme\iTunes\iTunesHelper.exe"
"QuickTime Task" - "Apple Inc." - "D:\Programme\QuickTime\QTTask.exe" -atboottime
"SunJavaUpdateSched" - "Sun Microsystems, Inc." - "D:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe"
"VirtualCloneDrive" - "Elaborate Bytes AG" - "D:\Programme\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
"YSearchProtection" - "Yahoo! Inc" - "D:\Programme\Yahoo!\Search Protection\SearchProtection.exe"

[Print Monitors]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----
"Send To Microsoft OneNote Monitor" - "Microsoft Corporation" - D:\WINDOWS\system32\msonpmon.dll

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"Apple Mobile Device" (Apple Mobile Device) - "Apple Inc." - D:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
"Automatische Updates" (wuauserv) - ? - C:\WINDOWS\system32\wuauserv.dll  (File not found)
"Avira AntiVir Guard" (AntiVirService) - "Avira GmbH" - D:\Programme\Avira\AntiVir Desktop\avguard.exe
"Avira AntiVir Planer" (AntiVirSchedulerService) - "Avira GmbH" - D:\Programme\Avira\AntiVir Desktop\sched.exe
"Bonjour-Dienst" (Bonjour Service) - "Apple Inc." - D:\Programme\Bonjour\mDNSResponder.exe
"FsUsbExService" (FsUsbExService) - "Teruten" - D:\WINDOWS\system32\FsUsbExService.Exe
"Google Update Service (gupdate)" (gupdate) - "Google Inc." - D:\Programme\Google\Update\GoogleUpdate.exe
"ICQ Service" (ICQ Service) - ? - D:\Programme\ICQ6Toolbar\ICQ Service.exe
"InstallDriver Table Manager" (IDriverT) - "Macrovision Corporation" - D:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
"iPod-Dienst" (iPod Service) - "Apple Inc." - D:\Programme\iPod\bin\iPodService.exe
"Java Quick Starter" (JavaQuickStarterService) - "Sun Microsystems, Inc." - D:\Programme\Java\jre6\bin\jqs.exe
"Microsoft Office Diagnostics Service" (odserv) - "Microsoft Corporation" - D:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE
"Microsoft Office Groove Audit Service" (Microsoft Office Groove Audit Service) - "Microsoft Corporation" - D:\Programme\Microsoft Office\Office12\GrooveAuditService.exe
"Office Source Engine" (ose) - "Microsoft Corporation" - D:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE
"StarWind AE Service" (StarWindServiceAE) - "Rocket Division Software" - D:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
"Yahoo! Updater" (YahooAUService) - "Yahoo! Inc." - D:\Programme\Yahoo!\SoftwareUpdate\YahooAUService.exe

[Winlogon]
-----( HKCU\Control Panel\IOProcs )-----
"MVB" - ? - mvfs32.dll  (File not found)

[Winsock Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )-----
"mdnsNSP" - "Apple Inc." - D:\Programme\Bonjour\mdnsNSP.dll

===[ Logfile end ]=========================================[ Logfile end ]===

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru

der bootkit remover sagt folgendes:

Bootkit Remover
(c) 2009 eSage Lab
www.esagelab.com

Program version: 1.2.0.0
OS Version: Microsoft Windows XP Professional Service Pack 2 (build 2600)

System volume is \\.\D:
\\.\D: -> \\.\PhysicalDrive0 at offset 0x00000000`007e0000
Boot sector MD5 is: 5ddc20efcc4d1dab37c348c7db7289cf

Size Device Name MBR Status
--------------------------------------------
152 GB \\.\PhysicalDrive0 Unknown boot code

Unknown boot code has been found on some of your physical disks.
To inspect the boot code manually, dump the master boot sector:
remover.exe dump <device_name> [output_file]
To disinfect the master boot sector, use the following command:
remover.exe fix <device_name>

Done;
Press any key to quit...

cosinus · 25.09.2010, 13:59

Zitat:

"qlveyv" (qlveyv) - ? - D:\WINDOWS\System32\drivers\uduihpwh.sys (File not found)

Bitte deaktivieren und löschen, wie das geht steht in der OSAM Anleitung

Schukk · 25.09.2010, 17:59

Zitat:

Nach dem Neustart starte OSAM erneut - du wirst einen Report angezeigt bekommen über die deaktivierten Einträge. Kopiere diesen Report und poste ihn uns.

(Success) HKLM\SYSTEM\CurrentControlSet\Services\qlveyv qlveyv D:\WINDOWS\System32\drivers\uduihpwh.sys

Ist das damit gemeint?

Das neue Log kommt gleich

edit:

Code:

ATTFilter

Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 19:07:06 on 25.09.2010

OS: Windows XP Professional Service Pack 2 (Build 2600)
Default Browser: Mozilla Corporation Firefox 3.6.10

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Common]
-----( %SystemRoot%\Tasks )-----
"AppleSoftwareUpdate.job" - "Apple Inc." - D:\Programme\Apple Software Update\SoftwareUpdate.exe
"GoogleUpdateTaskMachineCore.job" - "Google Inc." - D:\Programme\Google\Update\GoogleUpdate.exe
"GoogleUpdateTaskMachineUA.job" - "Google Inc." - D:\Programme\Google\Update\GoogleUpdate.exe
"WGASetup.job" - "Microsoft Corporation" - D:\WINDOWS\system32\KB905474\wgasetup.exe

[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"alsndmgr.cpl" - ? - D:\WINDOWS\system32\alsndmgr.cpl  (File signed by Microsoft | File found, but it contains no detailed information)
"javacpl.cpl" - "Sun Microsystems, Inc." - D:\WINDOWS\system32\javacpl.cpl
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"Avira AntiVir Personal - Free Antivirus " - "Avira GmbH" - D:\PROGRA~1\Avira\ANTIVI~1\avconfig.cpl
"mlcfg32.cpl" - "Microsoft Corporation" - D:\PROGRA~1\MICROS~2\Office12\MLCFG32.CPL
"QuickTime" - "Apple Inc." - D:\Programme\QuickTime\QTSystem\QuickTime.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"ASPI32" (ASPI32) - "Adaptec" - D:\WINDOWS\system32\drivers\ASPI32.sys
"avgio" (avgio) - "Avira GmbH" - D:\Programme\Avira\AntiVir Desktop\avgio.sys
"avgntflt" (avgntflt) - "Avira GmbH" - D:\WINDOWS\System32\DRIVERS\avgntflt.sys
"avipbb" (avipbb) - "Avira GmbH" - D:\WINDOWS\System32\DRIVERS\avipbb.sys
"catchme" (catchme) - ? - D:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\catchme.sys  (File not found)
"Changer" (Changer) - ? - D:\WINDOWS\system32\drivers\Changer.sys  (File not found)
"ElbyCDIO Driver" (ElbyCDIO) - "Elaborate Bytes AG" - D:\WINDOWS\System32\Drivers\ElbyCDIO.sys
"FsUsbExDisk" (FsUsbExDisk) - ? - D:\WINDOWS\system32\FsUsbExDisk.SYS  (File found, but it contains no detailed information)
"i2omgmt" (i2omgmt) - ? - D:\WINDOWS\system32\drivers\i2omgmt.sys  (File not found)
"lbrtfdc" (lbrtfdc) - ? - D:\WINDOWS\system32\drivers\lbrtfdc.sys  (File not found)
"Nsynas32" (Nsynas32) - "Syncrosoft Hard- und Software GmbH" - D:\WINDOWS\system32\drivers\Nsynas32.sys
"PCIDump" (PCIDump) - ? - D:\WINDOWS\system32\drivers\PCIDump.sys  (File not found)
"PDCOMP" (PDCOMP) - ? - D:\WINDOWS\system32\drivers\PDCOMP.sys  (File not found)
"PDFRAME" (PDFRAME) - ? - D:\WINDOWS\system32\drivers\PDFRAME.sys  (File not found)
"PDRELI" (PDRELI) - ? - D:\WINDOWS\system32\drivers\PDRELI.sys  (File not found)
"PDRFRAME" (PDRFRAME) - ? - D:\WINDOWS\system32\drivers\PDRFRAME.sys  (File not found)
"Secdrv" (Secdrv) - "Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K." - D:\WINDOWS\System32\DRIVERS\secdrv.sys
"ssmdrv" (ssmdrv) - "Avira GmbH" - D:\WINDOWS\System32\DRIVERS\ssmdrv.sys
"VClone" (VClone) - "Elaborate Bytes AG" - D:\WINDOWS\System32\DRIVERS\VClone.sys
"WDICA" (WDICA) - ? - D:\WINDOWS\system32\drivers\WDICA.sys  (File not found)

[Explorer]
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - D:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.dll
-----( HKLM\Software\Classes\Protocols\Filter )-----
{807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - D:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
-----( HKLM\Software\Classes\Protocols\Handler )-----
{314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - D:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll
{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - D:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL
{88FED34C-F0CA-4636-A375-3CB6248B04CD} "Local Groove Web Services Protocol" - "Microsoft Corporation" - D:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
{91774881-D725-4E58-B298-07617B9B86A8} "Skype IE add-on Pluggable Protocol" - "Skype Technologies S.A." - D:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )-----
{B5A7F190-DDA6-4420-B3BA-52453494E6CD} "Groove GFS Stub Execution Hook" - "Microsoft Corporation" - D:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{42071714-76d4-11d1-8b24-00a0c9068ff3} "CPL-Erweiterung für Anzeigeverschiebung" - ? - deskpan.dll  (File not found)
{44467666-9E17-11d5-8640-0050BAAABDE1} "Febooti fileTweak Property Pages" - ? -   (File not found | COM-object registry key not found)
{99FD978C-D287-4F50-827F-B2C658EDA8E7} "Groove Explorer Icon Overlay 1 (GFS Unread Stub)" - "Microsoft Corporation" - D:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
{AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} "Groove Explorer Icon Overlay 2 (GFS Stub)" - "Microsoft Corporation" - D:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
{920E6DB1-9907-4370-B3A0-BAFC03D81399} "Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)" - "Microsoft Corporation" - D:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
{16F3DD56-1AF5-4347-846D-7C10C4192619} "Groove Explorer Icon Overlay 3 (GFS Folder)" - "Microsoft Corporation" - D:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
{2916C86E-86A6-43FE-8112-43ABE6BF8DCC} "Groove Explorer Icon Overlay 4 (GFS Unread Mark)" - "Microsoft Corporation" - D:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
{2A541AE1-5BF6-4665-A8A3-CFA9672E4291} "Groove Folder Synchronization" - "Microsoft Corporation" - D:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
{72853161-30C5-4D22-B7F9-0BBC1D38A37E} "Groove GFS Browser Helper" - "Microsoft Corporation" - D:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
{6C467336-8281-4E60-8204-430CED96822D} "Groove GFS Context Menu Handler" - "Microsoft Corporation" - D:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
{B5A7F190-DDA6-4420-B3BA-52453494E6CD} "Groove GFS Stub Execution Hook" - "Microsoft Corporation" - D:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
{A449600E-1DC6-4232-B948-9BD794D62056} "Groove GFS Stub Icon Handler" - "Microsoft Corporation" - D:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
{387E725D-DC16-4D76-B310-2C93ED4752A0} "Groove XML Icon Handler" - "Microsoft Corporation" - D:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} "iTunes" - "Apple Inc." - C:\Programme\iTunes\iTunesMiniPlayer.dll
{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} "Kontextmenü für die Verschlüsselung" - ? -   (File not found | COM-object registry key not found)
{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - D:\Programme\Microsoft Office\Office12\msohevi.dll
{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - D:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\msoshext.dll
{5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C} "Microsoft Office OneNote Namespace Extension for Windows Desktop Search" - "Microsoft Corporation" - D:\PROGRA~1\MICROS~2\Office12\ONFILTER.DLL
{00020D75-0000-0000-C000-000000000046} "Microsoft Office Outlook" - "Microsoft Corporation" - D:\PROGRA~1\MICROS~2\Office12\MLSHEXT.DLL
{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - D:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\msoshext.dll
{0006F045-0000-0000-C000-000000000046} "Outlook File Icon Extension" - "Microsoft Corporation" - D:\PROGRA~1\MICROS~2\Office12\OLKFSTUB.DLL
{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira GmbH" - D:\Programme\Avira\AntiVir Desktop\shlext.dll
{764BF0E1-F219-11ce-972D-00AA00A14F56} "Shellerweiterungen für die Dateikomprimierung" - ? -   (File not found | COM-object registry key not found)
{B7056B8E-4F99-44f8-8CBD-282390FE5428} "VirtualCloneDrive Shell Extension" - "Elaborate Bytes AG" - D:\Programme\Elaborate Bytes\VirtualCloneDrive\ElbyVCDShell.dll
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} "Web Folders" - "Microsoft Corporation" - D:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Folders\MSONSEXT.DLL
{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - "Alexander Roshal" - D:\Programme\WinRAR\rarext.dll

[Internet Explorer]
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
<binary data> "ITBarLayout" - ? -   (File not found | COM-object registry key not found)
-----( HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks )-----
{855F3B16-6D32-4fe6-8A56-BBB695989046} "ICQToolBar" - "ICQ" - D:\Programme\ICQ6Toolbar\ICQToolBar.dll
 "{855F3B16-6D32-4fe6-8A56-BBB695989046}" - ? -   (File not found | COM-object registry key not found)
{EF99BD32-C1FB-11D2-892F-0090271D4F88} "{EF99BD32-C1FB-11D2-892F-0090271D4F88}" - ? -   (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_18" - "Sun Microsystems, Inc." - D:\Programme\Java\jre6\bin\npjpi160_18.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} "Java Plug-in 1.6.0_18" - "Sun Microsystems, Inc." - D:\Programme\Java\jre6\bin\npjpi160_18.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_18" - "Sun Microsystems, Inc." - D:\Programme\Java\jre6\bin\npjpi160_18.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
{D27CDB6E-AE6D-11CF-96B8-444553540000} "Shockwave Flash Object" - "Adobe Systems, Inc." - D:\WINDOWS\system32\Macromed\Flash\Flash10c.ocx / hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
{48E73304-E1D6-4330-914C-F5F514E3486C} "An OneNote senden" - "Microsoft Corporation" - D:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
{25BC7718-0BFA-40EA-B381-4B2D9732D686} "ClsidExtension" - "Yahoo! Inc." - D:\Programme\Yahoo!\Search Protection\ysp.dll
"ICQ7.2" - "ICQ, LLC." - D:\Programme\ICQ7.2\ICQ.exe
{FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" - "Microsoft Corporation" - D:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
{898EA8C8-E7FF-479B-8935-AEC46303B9E5} "Skype add-on for Internet Explorer" - "Skype Technologies S.A." - D:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )-----
{855F3B16-6D32-4FE6-8A56-BBB695989046} "ICQToolBar" - "ICQ" - D:\Programme\ICQ6Toolbar\ICQToolBar.dll
<binary data> "{EF99BD32-C1FB-11D2-892F-0090271D4F88}" - ? -   (File not found | COM-object registry key not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - D:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
{72853161-30C5-4D22-B7F9-0BBC1D38A37E} "Groove GFS Browser Helper" - "Microsoft Corporation" - D:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - D:\Programme\Java\jre6\bin\jp2ssv.dll
{E7E6F031-17CE-4C07-BC86-EABFE594F69C} "JQSIEStartDetectorImpl Class" - "Sun Microsystems, Inc." - D:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} "Skype add-on for Internet Explorer" - "Skype Technologies S.A." - D:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
{25BC7718-0BFA-40EA-B381-4B2D9732D686} "Yahooo Search Protection" - "Yahoo! Inc." - D:\Programme\Yahoo!\Search Protection\ysp.dll
{02478D38-C3F9-4efb-9B51-7695ECA05670} "{02478D38-C3F9-4efb-9B51-7695ECA05670}" - ? -   (File not found | COM-object registry key not found)

[Logon]
-----( %AllUsersProfile%\Startmenü\Programme\Autostart )-----
"desktop.ini" - ? - D:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\desktop.ini
-----( %UserProfile%\Startmenü\Programme\Autostart )-----
"desktop.ini" - ? - D:\Dokumente und Einstellungen\Administrator\Startmenü\Programme\Autostart\desktop.ini
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----
"AlcoholAutomount" - "Alcohol Soft Development Team" - "D:\Programme\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
"AutoStartNPSAgent" - "Samsung Electronics Co., Ltd." - C:\Programme\Samsung\Samsung PC Studio\NPSAgent.exe
"ICQ" - "ICQ, LLC." - "D:\Programme\ICQ7.2\ICQ.exe" silent loginmode=4
"Search Protection" - "Yahoo! Inc" - D:\Programme\Yahoo!\Search Protection\SearchProtection.exe
"Skype" - "Skype Technologies S.A." - "D:\Programme\Skype\Phone\Skype.exe" /nosplash /minimized
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"Adobe Reader Speed Launcher" - "Adobe Systems Incorporated" - "D:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"avgnt" - "Avira GmbH" - "D:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min
"GrooveMonitor" - "Microsoft Corporation" - "D:\Programme\Microsoft Office\Office12\GrooveMonitor.exe"
"iTunesHelper" - "Apple Inc." - "C:\Programme\iTunes\iTunesHelper.exe"
"QuickTime Task" - "Apple Inc." - "D:\Programme\QuickTime\QTTask.exe" -atboottime
"SunJavaUpdateSched" - "Sun Microsystems, Inc." - "D:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe"
"VirtualCloneDrive" - "Elaborate Bytes AG" - "D:\Programme\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
"YSearchProtection" - "Yahoo! Inc" - "D:\Programme\Yahoo!\Search Protection\SearchProtection.exe"

[Print Monitors]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----
"Send To Microsoft OneNote Monitor" - "Microsoft Corporation" - D:\WINDOWS\system32\msonpmon.dll

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"Apple Mobile Device" (Apple Mobile Device) - "Apple Inc." - D:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
"Automatische Updates" (wuauserv) - ? - C:\WINDOWS\system32\wuauserv.dll  (File not found)
"Avira AntiVir Guard" (AntiVirService) - "Avira GmbH" - D:\Programme\Avira\AntiVir Desktop\avguard.exe
"Avira AntiVir Planer" (AntiVirSchedulerService) - "Avira GmbH" - D:\Programme\Avira\AntiVir Desktop\sched.exe
"Bonjour-Dienst" (Bonjour Service) - "Apple Inc." - D:\Programme\Bonjour\mDNSResponder.exe
"FsUsbExService" (FsUsbExService) - "Teruten" - D:\WINDOWS\system32\FsUsbExService.Exe
"Google Update Service (gupdate)" (gupdate) - "Google Inc." - D:\Programme\Google\Update\GoogleUpdate.exe
"ICQ Service" (ICQ Service) - ? - D:\Programme\ICQ6Toolbar\ICQ Service.exe
"InstallDriver Table Manager" (IDriverT) - "Macrovision Corporation" - D:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
"iPod-Dienst" (iPod Service) - "Apple Inc." - D:\Programme\iPod\bin\iPodService.exe
"Java Quick Starter" (JavaQuickStarterService) - "Sun Microsystems, Inc." - D:\Programme\Java\jre6\bin\jqs.exe
"Microsoft Office Diagnostics Service" (odserv) - "Microsoft Corporation" - D:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE
"Microsoft Office Groove Audit Service" (Microsoft Office Groove Audit Service) - "Microsoft Corporation" - D:\Programme\Microsoft Office\Office12\GrooveAuditService.exe
"Office Source Engine" (ose) - "Microsoft Corporation" - D:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE
"StarWind AE Service" (StarWindServiceAE) - "Rocket Division Software" - D:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
"Yahoo! Updater" (YahooAUService) - "Yahoo! Inc." - D:\Programme\Yahoo!\SoftwareUpdate\YahooAUService.exe

[Winlogon]
-----( HKCU\Control Panel\IOProcs )-----
"MVB" - ? - mvfs32.dll  (File not found)

[Winsock Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )-----
"mdnsNSP" - "Apple Inc." - D:\Programme\Bonjour\mdnsNSP.dll

===[ Logfile end ]=========================================[ Logfile end ]===

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru

cosinus · 25.09.2010, 19:58

Jup ist ok so

Downloade Dir bitte MBRCheck (by a_d_13) und speichere die Datei auf dem Desktop.

Doppelklick auf die MBRCheck.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Das Tool braucht nur eine Sekunde.
Danach solltest du eine MBRCheck_<Datum>_<Uhrzeit>.txt auf dem Desktop finden.

Poste mir bitte den Inhalt des .txt Dokumentes

Schukk · 25.09.2010, 20:04

Das waren aber mindestens 5 Sekunden;-)

Code:

ATTFilter

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:            
Windows Version:        Windows XP Professional
Windows Information:        Service Pack 2 (build 2600)
Logical Drives Mask:        0x0000017d

Kernel Drivers (total 124):
  0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
  0x806CF000 \WINDOWS\system32\hal.dll
  0xF8B65000 \WINDOWS\system32\KDCOM.DLL
  0xF8A75000 \WINDOWS\system32\BOOTVID.dll
  0xF8535000 ACPI.sys
  0xF8B67000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
  0xF8524000 pci.sys
  0xF8665000 ohci1394.sys
  0xF8675000 \WINDOWS\system32\DRIVERS\1394BUS.SYS
  0xF8685000 isapnp.sys
  0xF8C2D000 pciide.sys
  0xF88E5000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
  0xF8695000 MountMgr.sys
  0xF8505000 ftdisk.sys
  0xF8B69000 dmload.sys
  0xF84DF000 dmio.sys
  0xF88ED000 PartMgr.sys
  0xF86A5000 VolSnap.sys
  0xF84C7000 atapi.sys
  0xF86B5000 disk.sys
  0xF86C5000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
  0xF84A8000 fltMgr.sys
  0xF8496000 sr.sys
  0xF847F000 KSecDD.sys
  0xF83F2000 Ntfs.sys
  0xF83C5000 NDIS.sys
  0xF83AA000 Mup.sys
  0xF86D5000 gagp30kx.sys
  0xF8715000 \SystemRoot\system32\DRIVERS\nic1394.sys
  0xF8865000 \SystemRoot\system32\DRIVERS\processr.sys
  0xF8150000 \SystemRoot\system32\DRIVERS\nv4_mini.sys
  0xF813C000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
  0xF8875000 \SystemRoot\system32\DRIVERS\cdrom.sys
  0xF8885000 \SystemRoot\system32\DRIVERS\redbook.sys
  0xF8119000 \SystemRoot\system32\DRIVERS\ks.sys
  0xF896D000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
  0xF8895000 \SystemRoot\system32\DRIVERS\imapi.sys
  0xF7D41000 \SystemRoot\system32\drivers\ALCXWDM.SYS
  0xF7D1D000 \SystemRoot\system32\drivers\portcls.sys
  0xF88A5000 \SystemRoot\system32\drivers\drmk.sys
  0xF8975000 \SystemRoot\system32\DRIVERS\usbohci.sys
  0xF7CFA000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
  0xF897D000 \SystemRoot\system32\DRIVERS\usbehci.sys
  0xF8985000 \SystemRoot\system32\DRIVERS\sisnic.sys
  0xF898D000 \SystemRoot\system32\DRIVERS\fdc.sys
  0xF7CE9000 \SystemRoot\system32\DRIVERS\serial.sys
  0xF8B25000 \SystemRoot\system32\DRIVERS\serenum.sys
  0xF7CD5000 \SystemRoot\system32\DRIVERS\parport.sys
  0xF88B5000 \SystemRoot\system32\DRIVERS\i8042prt.sys
  0xF8995000 \SystemRoot\system32\DRIVERS\kbdclass.sys
  0xF8C51000 \SystemRoot\system32\DRIVERS\audstub.sys
  0xF88C5000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
  0xF8B29000 \SystemRoot\system32\DRIVERS\ndistapi.sys
  0xF7CBE000 \SystemRoot\system32\DRIVERS\ndiswan.sys
  0xF88D5000 \SystemRoot\system32\DRIVERS\raspppoe.sys
  0xF8705000 \SystemRoot\system32\DRIVERS\raspptp.sys
  0xF899D000 \SystemRoot\system32\DRIVERS\TDI.SYS
  0xF7CAD000 \SystemRoot\system32\DRIVERS\psched.sys
  0xF8725000 \SystemRoot\system32\DRIVERS\msgpc.sys
  0xF89AD000 \SystemRoot\system32\DRIVERS\ptilink.sys
  0xF89B5000 \SystemRoot\system32\DRIVERS\raspti.sys
  0xF7BDC000 \SystemRoot\system32\DRIVERS\rdpdr.sys
  0xF8735000 \SystemRoot\system32\DRIVERS\termdd.sys
  0xF89BD000 \SystemRoot\system32\DRIVERS\mouclass.sys
  0xF8745000 \SystemRoot\system32\DRIVERS\VClone.sys
  0xF7B9C000 \SystemRoot\system32\DRIVERS\SCSIPORT.SYS
  0xF8B8B000 \SystemRoot\system32\DRIVERS\swenum.sys
  0xF7B68000 \SystemRoot\system32\DRIVERS\update.sys
  0xF8B49000 \SystemRoot\system32\DRIVERS\mssmbios.sys
  0xF8755000 \SystemRoot\System32\Drivers\NDProxy.SYS
  0xF8765000 \SystemRoot\system32\DRIVERS\usbhub.sys
  0xF8B91000 \SystemRoot\system32\DRIVERS\USBD.SYS
  0xF89CD000 \SystemRoot\system32\DRIVERS\flpydisk.sys
  0xF8B93000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
  0xF8DAC000 \SystemRoot\System32\Drivers\Null.SYS
  0xF8B95000 \SystemRoot\System32\Drivers\Beep.SYS
  0xF89DD000 \SystemRoot\System32\drivers\vga.sys
  0xF8B97000 \SystemRoot\System32\Drivers\mnmdd.SYS
  0xF8B99000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
  0xF89E5000 \SystemRoot\System32\Drivers\Msfs.SYS
  0xF89ED000 \SystemRoot\System32\Drivers\Npfs.SYS
  0xF7BCC000 \SystemRoot\system32\DRIVERS\rasacd.sys
  0xF69BD000 \SystemRoot\system32\DRIVERS\ipsec.sys
  0xF6965000 \SystemRoot\system32\DRIVERS\tcpip.sys
  0xF693D000 \SystemRoot\system32\DRIVERS\netbt.sys
  0xF691B000 \SystemRoot\System32\drivers\afd.sys
  0xF8785000 \SystemRoot\system32\DRIVERS\netbios.sys
  0xF89F5000 \SystemRoot\system32\DRIVERS\ssmdrv.sys
  0xF68EF000 \SystemRoot\system32\DRIVERS\rdbss.sys
  0xF6880000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
  0xF8795000 \SystemRoot\System32\Drivers\Fips.SYS
  0xF685F000 \SystemRoot\system32\DRIVERS\ipnat.sys
  0xF87A5000 \SystemRoot\system32\DRIVERS\wanarp.sys
  0xF87B5000 \SystemRoot\system32\DRIVERS\arp1394.sys
  0xF8A05000 \SystemRoot\System32\Drivers\ElbyCDIO.sys
  0xF6843000 \SystemRoot\system32\DRIVERS\avipbb.sys
  0xF8B9D000 \??\D:\Programme\Avira\AntiVir Desktop\avgio.sys
  0xF7B60000 \SystemRoot\System32\Drivers\ASPI32.SYS
  0xF7B48000 \SystemRoot\system32\DRIVERS\hidusb.sys
  0xF87D5000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
  0xF8A0D000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
  0xF7B44000 \SystemRoot\system32\DRIVERS\mouhid.sys
  0xF676A000 \SystemRoot\System32\Drivers\Udfs.SYS
  0xF87E5000 \SystemRoot\System32\Drivers\Cdfs.SYS
  0xF6752000 \SystemRoot\System32\Drivers\dump_atapi.sys
  0xF8BA1000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
  0xBF800000 \SystemRoot\System32\win32k.sys
  0xF7B2C000 \SystemRoot\System32\drivers\Dxapi.sys
  0xF8A15000 \SystemRoot\System32\watchdog.sys
  0xBF000000 \SystemRoot\System32\drivers\dxg.sys
  0xF8D21000 \SystemRoot\System32\drivers\dxgthk.sys
  0xBF012000 \SystemRoot\System32\nv4_disp.dll
  0xF5540000 \SystemRoot\system32\DRIVERS\avgntflt.sys
  0xF5558000 \SystemRoot\system32\DRIVERS\ndisuio.sys
  0xF4ABB000 \SystemRoot\system32\DRIVERS\mrxdav.sys
  0xF53EC000 \SystemRoot\System32\Drivers\Nsynas32.SYS
  0xF8BE7000 \SystemRoot\System32\Drivers\ParVdm.SYS
  0xF4924000 \SystemRoot\system32\DRIVERS\srv.sys
  0xF48FC000 \SystemRoot\system32\DRIVERS\secdrv.sys
  0xF472C000 \??\D:\WINDOWS\system32\FsUsbExDisk.SYS
  0xF3DC7000 \SystemRoot\system32\drivers\wdmaud.sys
  0xF484C000 \SystemRoot\system32\drivers\sysaudio.sys
  0xF3C71000 \SystemRoot\System32\Drivers\HTTP.sys
  0x7C910000 \WINDOWS\system32\ntdll.dll

Processes (total 37):
       0 System Idle Process
       4 SYSTEM
     544 D:\WINDOWS\system32\smss.exe
     608 csrss.exe
     632 D:\WINDOWS\system32\winlogon.exe
     676 D:\WINDOWS\system32\services.exe
     688 D:\WINDOWS\system32\lsass.exe
     848 D:\WINDOWS\system32\svchost.exe
     896 svchost.exe
     964 D:\WINDOWS\system32\svchost.exe
    1016 svchost.exe
    1140 svchost.exe
    1272 D:\WINDOWS\system32\spoolsv.exe
    1312 D:\Programme\Avira\AntiVir Desktop\sched.exe
    1380 svchost.exe
    1448 D:\Programme\Avira\AntiVir Desktop\avguard.exe
    1460 D:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    1472 D:\Programme\Bonjour\mDNSResponder.exe
    1520 D:\WINDOWS\system32\FsUsbExService.Exe
    1600 D:\Programme\ICQ6Toolbar\ICQ Service.exe
    1716 D:\Programme\Java\jre6\bin\jqs.exe
    1868 D:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
    1916 D:\Programme\Yahoo!\SoftwareUpdate\YahooAUService.exe
     596 alg.exe
     272 D:\WINDOWS\explorer.exe
    1812 D:\WINDOWS\soundman.exe
    1656 D:\Programme\Yahoo!\Search Protection\SearchProtection.exe
    1828 D:\Programme\Avira\AntiVir Desktop\avgnt.exe
    1956 D:\Programme\Microsoft Office\Office12\GrooveMonitor.exe
    2080 D:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe
    2092 C:\Programme\iTunes\iTunesHelper.exe
    2104 D:\Programme\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
    2212 C:\Programme\Samsung\Samsung PC Studio\NPSAgent.exe
    2272 D:\WINDOWS\system32\ctfmon.exe
    2624 D:\Programme\iPod\bin\iPodService.exe
     428 D:\Programme\Mozilla Firefox\firefox.exe
    3552 D:\Dokumente und Einstellungen\Administrator\Eigene Dateien\Downloads\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000004`e22cec00  (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000000`007e0000  (NTFS)
\\.\E: --> \\.\PhysicalDrive0 at offset 0x00000018`6a631a00

PhysicalDrive0 Model Number: Maxtor6Y160P0, Rev: YAR41VW0

      Size  Device Name          MBR Status
  --------------------------------------------
    152 GB  \\.\PhysicalDrive0   Windows XP MBR code detected
            SHA1: ADFE55CD0C6ED2E00B22375835E4C2736CE9AD11


Done!

cosinus · 25.09.2010, 20:15

Zitat:

Das waren aber mindestens 5 Sekunden;-)

Dann ist Dein Rechner zu langsam. Kauf nen neuen

Zitat:

Size Device Name MBR Status
--------------------------------------------
152 GB \\.\PhysicalDrive0 Windows XP MBR code detected
SHA1: ADFE55CD0C6ED2E00B22375835E4C2736CE9AD11

Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!

23.09.2010, 21:52	#18
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Microsoft Security Essentials Alert Probiers bitte nochmal aus. __________________ __________________

24.09.2010, 08:27	#20
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Microsoft Security Essentials Alert Hast Du einen Ordner C:\Qoobox ? __________________ Logfiles bitte immer in CODE-Tags posten

Microsoft Security Essentials Alert

Plagegeister aller Art und deren Bekämpfung: Microsoft Security Essentials Alert