Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: misc.exe 'TR/Dropper.Gen' [trojan] gefunden

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 12.01.2011, 18:51   #1
dr.beir
 
misc.exe 'TR/Dropper.Gen' [trojan] gefunden - Standard

misc.exe 'TR/Dropper.Gen' [trojan] gefunden



Hallo,

seit 2 Tagen ist mein Laptop extrem langsam und braucht ab und zu 20 minuten bis er hochgefahren ist. Antivir hat folgendes gefunden.

In der Datei 'C:\Windows\Installer\{90A40407-6000-11D3-8CFE-0150048383C9}\misc.exe'
wurde ein Virus oder unerwünschtes Programm 'TR/Dropper.Gen' [trojan] gefunden.
Ausgeführte Aktion: Zugriff verweigern

Habe danach noch mal einen Suchlauf durchführen lassen, allerdings wurde dabei nichts gefunden.
Weiterhin ist mir aufgefallen, dass einmal die windows firewall ausgeschaltet war, nachdem ich den laptop eingeschaltet hatte.
Firefox lässt sich außerdem auch nicht mehr öffnen. Der Pc hat kurze Phasen, in denen er ganz normal arbeitet, dann aber wieder extrem lange braucht.
Bin für jede Hilfe dankbar!

Hier ein HijackThis log:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 19:35:51, on 12.01.2011
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16700)
Boot mode: Normal

Running processes:
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Lenovo\Energy Management\utility.exe
C:\Program Files\Lenovo\Energy Management\Energy Management.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\windows\system32\taskhost.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\windows\system32\Macromed\Flash\FlashUtil10l_ActiveX.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://g.msn.de/0SEDEDE/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://g.msn.de/0SEDEDE/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://lenovo.live.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://lenovo.live.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = hxxp://g.msn.de/0SEDEDE/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
O2 - BHO: Use the DivX Plus Web Player to watch web videos with less interruptions and smoother playback on supported sites - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s
O4 - HKLM\..\Run: [snp2uvc] C:\windows\vsnp2uvc.exe
O4 - HKLM\..\Run: [UpdateP2GShortCut] "C:\Program Files\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files\Lenovo\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\5.0"
O4 - HKLM\..\Run: [EnergyUtility] C:\Program Files\Lenovo\Energy Management\utility.exe
O4 - HKLM\..\Run: [Energy Management] C:\Program Files\Lenovo\Energy Management\Energy Management.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETZWERKDIENST')
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @C:\Program Files\Lenovo\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @C:\Program Files\Lenovo\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: AMD External Events Utility - AMD - C:\windows\system32\atiesrxx.exe
O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Dienst "Bonjour" (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: IGRS - Lenovo Group Limited - C:\Program Files\Lenovo\ReadyComm\common\IGRS.exe
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Lenovo ReadyComm AppSvc - Lenovo Group Limited - C:\Program Files\Lenovo\ReadyComm\AppSvc.exe
O23 - Service: Lenovo ReadyComm ConnSvc - Lenovo Group Limited - C:\Program Files\Lenovo\ReadyComm\ConnSvc.exe

--
End of file - 7298 bytes

Alt 12.01.2011, 19:43   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
misc.exe 'TR/Dropper.Gen' [trojan] gefunden - Standard

misc.exe 'TR/Dropper.Gen' [trojan] gefunden



Hallo und

Bitte routinemäßig einen Vollscan mit Malwarebytes machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!

Danach OTL:

Systemscan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles hier in den Thread.
__________________

__________________

Alt 12.01.2011, 20:15   #3
dr.beir
 
misc.exe 'TR/Dropper.Gen' [trojan] gefunden - Standard

misc.exe 'TR/Dropper.Gen' [trojan] gefunden



Habe einen quickscan mit Malwarebytes durchgeführt. es wurde allerdings nichts gefunden.

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 5507

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

12.01.2011 21:08:52
mbam-log-2011-01-12 (21-08-52).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 139625
Laufzeit: 8 Minute(n), 56 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)


Mache jetzt mit OTL weiter. Wenn gewünscht kann ich auch noch einen komplettscan mit Malwarebytes durchführen.
__________________

Alt 12.01.2011, 20:20   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
misc.exe 'TR/Dropper.Gen' [trojan] gefunden - Standard

misc.exe 'TR/Dropper.Gen' [trojan] gefunden



Zitat:
Habe einen quickscan mit Malwarebytes durchgeführt.
Warum? Ich hab doch Vollscan geschrieben!
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 12.01.2011, 20:23   #5
dr.beir
 
misc.exe 'TR/Dropper.Gen' [trojan] gefunden - Standard

misc.exe 'TR/Dropper.Gen' [trojan] gefunden



hier das erste log von OTL

OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 12.01.2011 21:17:18 - Run 1
OTL by OldTimer - Version 3.2.20.1     Folder = C:\Users\***\Desktop
 Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 69,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 81,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 252,89 Gb Total Space | 216,70 Gb Free Space | 85,69% Space Free | Partition Type: NTFS
Drive D: | 30,25 Gb Total Space | 28,50 Gb Free Space | 94,23% Space Free | Partition Type: NTFS
 
Computer Name: ****-PC | User Name: ****| Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\***\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Windows\System32\Macromed\Flash\FlashUtil10l_ActiveX.exe (Adobe Systems, Inc.)
PRC - C:\Programme\Internet Explorer\iexplore.exe (Microsoft Corporation)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Programme\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Programme\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.)
PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Lenovo\Energy Management\utility.exe (Lenovo(beijing) Limited)
PRC - C:\Windows\System32\atieclxx.exe (AMD)
PRC - C:\Windows\System32\atiesrxx.exe (AMD)
PRC - C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
PRC - C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
PRC - C:\Programme\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Programme\Lenovo\ReadyComm\common\IGRS.exe (Lenovo Group Limited)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Windows\System32\IgrsSvcs.exe (Microsoft Corporation)
PRC - C:\Windows\System32\lpksetup.exe (Microsoft Corporation)
PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation)
PRC - C:\Programme\Lenovo\Bluetooth Software\btwdins.exe (Broadcom Corporation.)
PRC - C:\Programme\Lenovo\Energy Management\Energy Management.exe (Lenovo (Beijing) Limited)
PRC - c:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation)
PRC - C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
PRC - C:\Programme\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe (Microsoft Corporation)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\***\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll (Microsoft Corporation)
MOD - C:\Windows\System32\sspicli.dll (Microsoft Corporation)
MOD - C:\Windows\System32\sechost.dll (Microsoft Corporation)
MOD - C:\Windows\System32\samcli.dll (Microsoft Corporation)
MOD - C:\Windows\System32\profapi.dll (Microsoft Corporation)
MOD - C:\Windows\System32\netutils.dll (Microsoft Corporation)
MOD - C:\Windows\System32\KernelBase.dll (Microsoft Corporation)
MOD - C:\Windows\System32\dwmapi.dll (Microsoft Corporation)
MOD - C:\Windows\System32\devobj.dll (Microsoft Corporation)
MOD - C:\Windows\System32\cryptbase.dll (Microsoft Corporation)
MOD - C:\Windows\System32\cfgmgr32.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (CVPND) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (AMD External Events Utility) -- C:\Windows\System32\atiesrxx.exe (AMD)
SRV - (IAANTMON) Intel(R) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
SRV - (Lenovo ReadyComm ConnSvc) -- C:\Program Files\Lenovo\ReadyComm\ConnSvc.exe (Lenovo Group Limited)
SRV - (Lenovo ReadyComm AppSvc) -- C:\Program Files\Lenovo\ReadyComm\AppSvc.exe (Lenovo Group Limited)
SRV - (IGRS) -- C:\Program Files\Lenovo\ReadyComm\common\IGRS.exe (Lenovo Group Limited)
SRV - (WwanSvc) -- C:\Windows\System32\wwansvc.dll (Microsoft Corporation)
SRV - (WbioSrvc) -- C:\Windows\System32\wbiosrvc.dll (Microsoft Corporation)
SRV - (Power) -- C:\Windows\System32\umpo.dll (Microsoft Corporation)
SRV - (Themes) -- C:\Windows\System32\themeservice.dll (Microsoft Corporation)
SRV - (sppuinotify) -- C:\Windows\System32\sppuinotify.dll (Microsoft Corporation)
SRV - (RpcEptMapper) -- C:\Windows\System32\RpcEpMap.dll (Microsoft Corporation)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PNRPsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation)
SRV - (p2pimsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation)
SRV - (HomeGroupProvider) -- C:\Windows\System32\provsvc.dll (Microsoft Corporation)
SRV - (PNRPAutoReg) -- C:\Windows\System32\pnrpauto.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (HomeGroupListener) -- C:\Windows\System32\ListSvc.dll (Microsoft Corporation)
SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)
SRV - (Dhcp) -- C:\Windows\System32\dhcpcore.dll (Microsoft Corporation)
SRV - (defragsvc) -- C:\Windows\System32\defragsvc.dll (Microsoft Corporation)
SRV - (BDESVC) -- C:\Windows\System32\bdesvc.dll (Microsoft Corporation)
SRV - (AxInstSV) ActiveX-Installer (AxInstSV) -- C:\Windows\System32\AxInstSv.dll (Microsoft Corporation)
SRV - (AppIDSvc) -- C:\Windows\System32\appidsvc.dll (Microsoft Corporation)
SRV - (ReadyComm.DirectRouter) -- C:\windows\System32\IgrsSvcs.exe (Microsoft Corporation)
SRV - (PS_MDP) -- C:\windows\System32\IgrsSvcs.exe (Microsoft Corporation)
SRV - (sppsvc) -- C:\Windows\System32\sppsvc.exe (Microsoft Corporation)
SRV - (btwdins) -- C:\Programme\Lenovo\Bluetooth Software\btwdins.exe (Broadcom Corporation.)
SRV - (BcmSqlStartupSvc) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (WinRing0_1_2_0) -- D:\test\ECECECEC\WinRing0.sys File not found
DRV - (USBCCID) -- C:\windows\System32\DRIVERS\RtsUCcid.sys File not found
DRV - (RtsUIR) -- C:\windows\System32\DRIVERS\Rts516xIR.sys File not found
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (sptd) -- C:\windows\System32\Drivers\sptd.sys ()
DRV - (funfrm) -- C:\windows\System32\drivers\funfrm.sys ()
DRV - (RTL8167) -- C:\Windows\System32\drivers\Rt86win7.sys (Realtek                                            )
DRV - (CVPNDRVA) -- C:\Windows\System32\drivers\CVPNDRVA.sys (Cisco Systems, Inc.)
DRV - (KSecPkg) -- C:\windows\System32\Drivers\ksecpkg.sys (Microsoft Corporation)
DRV - (SynTP) -- C:\Windows\System32\drivers\SynTP.sys (Synaptics Incorporated)
DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (BCM43XX) -- C:\Windows\System32\drivers\BCMWL6.SYS (Broadcom Corporation)
DRV - (SNP2UVC) USB2.0 PC Camera (SNP2UVC) -- C:\Windows\System32\drivers\snp2uvc.sys ()
DRV - (iaStor) -- C:\windows\system32\DRIVERS\iaStor.sys (Intel Corporation)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.)
DRV - (Bridge0) -- C:\Windows\System32\drivers\wdbridge.sys (Lenovo)
DRV - (wsvd) -- C:\Windows\System32\drivers\wsvd.sys (CyberLink)
DRV - (wdmirror) -- C:\Windows\System32\drivers\WDMirror.sys (Windows (R) Codename Longhorn DDK provider)
DRV - (cmdide) -- C:\windows\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)
DRV - (adpahci) -- C:\windows\system32\DRIVERS\adpahci.sys (Adaptec, Inc.)
DRV - (adp94xx) -- C:\windows\system32\DRIVERS\adp94xx.sys (Adaptec, Inc.)
DRV - (amdsbs) -- C:\windows\system32\DRIVERS\amdsbs.sys (AMD Technologies Inc.)
DRV - (adpu320) -- C:\windows\system32\DRIVERS\adpu320.sys (Adaptec, Inc.)
DRV - (arcsas) -- C:\windows\system32\DRIVERS\arcsas.sys (Adaptec, Inc.)
DRV - (amdsata) -- C:\windows\system32\DRIVERS\amdsata.sys (Advanced Micro Devices)
DRV - (arc) -- C:\windows\system32\DRIVERS\arc.sys (Adaptec, Inc.)
DRV - (amdxata) -- C:\windows\system32\DRIVERS\amdxata.sys (Advanced Micro Devices)
DRV - (aliide) -- C:\windows\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (nvstor) -- C:\windows\system32\DRIVERS\nvstor.sys (NVIDIA Corporation)
DRV - (nvraid) -- C:\windows\system32\DRIVERS\nvraid.sys (NVIDIA Corporation)
DRV - (nfrd960) -- C:\windows\system32\DRIVERS\nfrd960.sys (IBM Corporation)
DRV - (LSI_SAS) -- C:\windows\system32\DRIVERS\lsi_sas.sys (LSI Corporation)
DRV - (iaStorV) -- C:\windows\system32\DRIVERS\iaStorV.sys (Intel Corporation)
DRV - (MegaSR) -- C:\windows\system32\DRIVERS\MegaSR.sys (LSI Corporation, Inc.)
DRV - (LSI_SCSI) -- C:\windows\system32\DRIVERS\lsi_scsi.sys (LSI Corporation)
DRV - (LSI_FC) -- C:\windows\system32\DRIVERS\lsi_fc.sys (LSI Corporation)
DRV - (LSI_SAS2) -- C:\windows\system32\DRIVERS\lsi_sas2.sys (LSI Corporation)
DRV - (iirsp) -- C:\windows\system32\DRIVERS\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (megasas) -- C:\windows\system32\DRIVERS\megasas.sys (LSI Corporation)
DRV - (hwpolicy) -- C:\windows\System32\drivers\hwpolicy.sys (Microsoft Corporation)
DRV - (elxstor) -- C:\windows\system32\DRIVERS\elxstor.sys (Emulex)
DRV - (aic78xx) -- C:\windows\system32\DRIVERS\djsvs.sys (Adaptec, Inc.)
DRV - (HpSAMD) -- C:\windows\system32\DRIVERS\HpSAMD.sys (Hewlett-Packard Company)
DRV - (FsDepends) -- C:\Windows\System32\drivers\fsdepends.sys (Microsoft Corporation)
DRV - (vsmraid) -- C:\windows\system32\DRIVERS\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (vhdmp) -- C:\windows\system32\DRIVERS\vhdmp.sys (Microsoft Corporation)
DRV - (vdrvroot) -- C:\windows\system32\DRIVERS\vdrvroot.sys (Microsoft Corporation)
DRV - (WIMMount) -- C:\Windows\System32\drivers\wimmount.sys (Microsoft Corporation)
DRV - (viaide) -- C:\windows\system32\DRIVERS\viaide.sys (VIA Technologies, Inc.)
DRV - (ql2300) -- C:\windows\system32\DRIVERS\ql2300.sys (QLogic Corporation)
DRV - (rdyboost) -- C:\windows\System32\drivers\rdyboost.sys (Microsoft Corporation)
DRV - (ql40xx) -- C:\windows\system32\DRIVERS\ql40xx.sys (QLogic Corporation)
DRV - (SiSRaid4) -- C:\windows\system32\DRIVERS\sisraid4.sys (Silicon Integrated Systems)
DRV - (pcw) -- C:\windows\System32\drivers\pcw.sys (Microsoft Corporation)
DRV - (SiSRaid2) -- C:\windows\system32\DRIVERS\SiSRaid2.sys (Silicon Integrated Systems Corp.)
DRV - (stexstor) -- C:\windows\system32\DRIVERS\stexstor.sys (Promise Technology)
DRV - (CNG) -- C:\windows\System32\Drivers\cng.sys (Microsoft Corporation)
DRV - (Brserid) Brother MFC-Seriellschnittstellentreiber (WDM) -- C:\windows\System32\Drivers\Brserid.sys (Brother Industries Ltd.)
DRV - (rdpbus) -- C:\windows\system32\DRIVERS\rdpbus.sys (Microsoft Corporation)
DRV - (RDPREFMP) -- C:\Windows\System32\drivers\RDPREFMP.sys (Microsoft Corporation)
DRV - (RasAgileVpn) WAN Miniport (IKEv2) -- C:\Windows\System32\drivers\agilevpn.sys (Microsoft Corporation)
DRV - (WfpLwf) -- C:\Windows\System32\drivers\wfplwf.sys (Microsoft Corporation)
DRV - (NdisCap) -- C:\Windows\System32\drivers\ndiscap.sys (Microsoft Corporation)
DRV - (vwifimp) -- C:\Windows\System32\drivers\vwifimp.sys (Microsoft Corporation)
DRV - (vwififlt) -- C:\Windows\System32\drivers\vwififlt.sys (Microsoft Corporation)
DRV - (vwifibus) -- C:\Windows\System32\drivers\vwifibus.sys (Microsoft Corporation)
DRV - (1394ohci) -- C:\windows\system32\DRIVERS\1394ohci.sys (Microsoft Corporation)
DRV - (UmPass) -- C:\windows\system32\DRIVERS\umpass.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (mshidkmdf) -- C:\windows\System32\drivers\mshidkmdf.sys (Microsoft Corporation)
DRV - (MTConfig) -- C:\windows\system32\DRIVERS\MTConfig.sys (Microsoft Corporation)
DRV - (CompositeBus) -- C:\Windows\System32\drivers\CompositeBus.sys (Microsoft Corporation)
DRV - (AppID) -- C:\windows\system32\drivers\appid.sys (Microsoft Corporation)
DRV - (scfilter) -- C:\Windows\System32\drivers\scfilter.sys (Microsoft Corporation)
DRV - (discache) -- C:\Windows\System32\drivers\discache.sys (Microsoft Corporation)
DRV - (AcpiPmi) -- C:\windows\system32\DRIVERS\acpipmi.sys (Microsoft Corporation)
DRV - (AmdPPM) -- C:\windows\system32\DRIVERS\amdppm.sys (Microsoft Corporation)
DRV - (hcw85cir) -- C:\windows\system32\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (BrUsbMdm) Brother MFC-nur-Fax-Modem (USB) -- C:\windows\System32\Drivers\BrUsbMdm.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) Brother MFC-WDM-Treiber (USB,seriell) -- C:\windows\System32\Drivers\BrUsbSer.sys (Brother Industries Ltd.)
DRV - (BrSerWdm) Brother WDM-Treiber (seriell) -- C:\windows\System32\Drivers\BrSerWdm.sys (Brother Industries Ltd.)
DRV - (BrFiltLo) -- C:\windows\system32\DRIVERS\BrFiltLo.sys (Brother Industries, Ltd.)
DRV - (BrFiltUp) -- C:\windows\system32\DRIVERS\BrFiltUp.sys (Brother Industries, Ltd.)
DRV - (netw5v32) Intel(R) -- C:\Windows\System32\drivers\netw5v32.sys (Intel Corporation)
DRV - (k57nd60x) Broadcom NetLink (TM) -- C:\Windows\System32\drivers\k57nd60x.sys (Broadcom Corporation)
DRV - (b57nd60x) -- C:\Windows\System32\drivers\b57nd60x.sys (Broadcom Corporation)
DRV - (ebdrv) -- C:\windows\system32\DRIVERS\evbdx.sys (Broadcom Corporation)
DRV - (b06bdrv) -- C:\windows\system32\DRIVERS\bxvbdx.sys (Broadcom Corporation)
DRV - (btwaudio) -- C:\Windows\System32\drivers\btwaudio.sys (Broadcom Corporation.)
DRV - (btwavdt) -- C:\Windows\System32\drivers\btwavdt.sys (Broadcom Corporation.)
DRV - (btwrchid) -- C:\Windows\System32\drivers\btwrchid.sys (Broadcom Corporation.)
DRV - (RSUSBSTOR) -- C:\Windows\System32\drivers\RtsUStor.sys (Realtek Semiconductor Corp.)
DRV - (igfx) -- C:\Windows\System32\drivers\igdkmd32.sys (Intel Corporation)
DRV - (RTHDMIAzAudService) -- C:\Windows\System32\drivers\RtHDMIV.sys (Realtek Semiconductor Corp.)
DRV - (ACPIVPC) -- C:\Windows\System32\drivers\AcpiVpc.sys (Lenovo Corporation)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (btwl2cap) -- C:\Windows\System32\drivers\btwl2cap.sys (Broadcom Corporation.)
DRV - (DNE) -- C:\Windows\System32\drivers\dne2000.sys (Deterministic Networks, Inc.)
DRV - (WimFltr) -- C:\Windows\System32\drivers\WimFltr.sys (Microsoft Corporation)
DRV - (CVirtA) -- C:\Windows\System32\drivers\CVirtA.sys (Cisco Systems, Inc.)
DRV - (k750bus) Sony Ericsson 750 driver (WDM) -- C:\Windows\System32\drivers\k750bus.sys (MCCI)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com/ [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://lenovo.live.com/
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://g.msn.de/0SEDEDE/SAOS01?FORM=TOOLBR
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com/ [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://lenovo.live.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.selectedEngine: "Wikipedia (de)"
FF - prefs.js..browser.startup.homepage: "hxxp://sn134w.snt134.mail.live.com/default.aspx?wa=wsignin1.0"
FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:1.1.10
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.0.900
FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.0.900
FF - prefs.js..network.proxy.type: 0
 
FF - HKLM\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2010.12.16 22:29:24 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2010.12.16 22:29:25 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.12.16 22:07:01 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.12.16 22:07:01 | 000,000,000 | ---D | M]
 
[2010.08.21 17:39:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions
[2011.01.12 20:09:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\m8mjalqu.default\extensions
[2010.08.24 23:06:05 | 000,000,000 | ---D | M] (DownThemAll!) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\m8mjalqu.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
[2010.08.21 17:38:49 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2010.12.16 22:29:24 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 &lt;video&gt;) -- C:\PROGRAM FILES\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\HTML5VIDEO
[2010.12.16 22:29:25 | 000,000,000 | ---D | M] (DivX HiQ) -- C:\PROGRAM FILES\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\WPA
[2010.10.26 09:26:39 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.10.26 09:26:40 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.10.26 09:26:40 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.10.26 09:26:40 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.10.26 09:26:40 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Windows Live Toolbar Helper) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programme\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programme\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programme\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [Energy Management] C:\Programme\Lenovo\Energy Management\Energy Management.exe (Lenovo (Beijing) Limited)
O4 - HKLM..\Run: [EnergyUtility] C:\Programme\Lenovo\Energy Management\utility.exe (Lenovo(beijing) Limited)
O4 - HKLM..\Run: [IAAnotif] C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [snp2uvc] C:\windows\vsnp2uvc.exe File not found
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [UpdateP2GShortCut] C:\Program Files\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files\Lenovo\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @C:\Program Files\Lenovo\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 192.168.0.1
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (pku2u) - C:\windows\System32\pku2u.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{257f28db-b1ba-11df-8b0b-0c6076b70643}\Shell - "" = AutoRun
O33 - MountPoints2\{257f28db-b1ba-11df-8b0b-0c6076b70643}\Shell\AutoRun\command - "" = F:\autorun.exe -- File not found
O33 - MountPoints2\{257f28db-b1ba-11df-8b0b-0c6076b70643}\Shell\start\COMMAND - "" = F:\autorun.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.01.12 21:15:49 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2011.01.11 17:23:59 | 000,000,000 | ---D | C] -- C:\Programme\Trend Micro
[2011.01.11 17:23:59 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2011.01.10 18:56:34 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Malwarebytes
[2011.01.10 18:55:01 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbamswissarmy.sys
[2011.01.10 18:55:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.01.10 18:55:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.01.10 18:54:56 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbam.sys
[2011.01.10 18:54:56 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2011.01.10 18:54:39 | 007,734,208 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Users\***\Desktop\mbam-setup-1.50.1.1100.exe
[2011.01.10 14:02:42 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Avira
[2011.01.09 12:19:22 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\CyberLink
[2011.01.07 15:28:23 | 000,000,000 | ---D | C] -- C:\Türkisch
[2011.01.07 15:23:27 | 000,000,000 | ---D | C] -- C:\Programme\audiograbber
[2011.01.07 15:23:22 | 000,000,000 | ---D | C] -- C:\windows\uninstall
[2011.01.07 09:10:38 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Canneverbe Limited
[2011.01.07 09:10:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Canneverbe Limited
[2011.01.07 09:10:27 | 000,000,000 | ---D | C] -- C:\Programme\CDBurnerXP
[2011.01.07 09:05:35 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\Neuer Ordner
[2010.12.16 22:42:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack
[2010.12.16 22:42:33 | 000,232,448 | ---- | C] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\windows\System32\mp3fhg.acm
[2010.12.16 22:42:33 | 000,151,552 | ---- | C] (fccHandler) -- C:\windows\System32\ac3acm.acm
[2010.12.16 22:42:32 | 000,237,568 | ---- | C] (www.helixcommunity.org) -- C:\windows\System32\yv12vfw.dll
[2010.12.16 22:42:27 | 000,000,000 | ---D | C] -- C:\Programme\K-Lite Codec Pack
[2010.12.16 22:29:28 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Local
[2010.12.16 22:29:10 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\DivX
[2010.12.16 22:28:56 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\PX Storage Engine
[2010.12.16 22:28:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivX Plus
[2010.12.15 21:32:11 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\tzres.dll
[2010.12.15 21:32:02 | 000,606,208 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mstime.dll
[2010.12.15 21:32:00 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msfeeds.dll
[2010.12.15 21:32:00 | 000,381,440 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\iedkcs32.dll
[2010.12.15 21:32:00 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\iepeers.dll
[2010.12.15 21:32:00 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ieui.dll
[2010.12.15 21:32:00 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msfeedsbs.dll
[2010.12.15 21:32:00 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\licmgr10.dll
[2010.12.15 21:31:59 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mshtml.tlb
[2010.12.15 21:31:59 | 000,386,048 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\html.iec
[2010.12.15 21:31:59 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\jsproxy.dll
[2010.12.15 21:31:59 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msfeedssync.exe
[2010.12.15 21:31:57 | 000,496,128 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\taskschd.dll
[2010.12.15 21:31:57 | 000,351,232 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wmicmiplugin.dll
[2010.12.15 21:31:56 | 000,305,152 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\taskcomp.dll
[2010.12.15 21:31:56 | 000,179,712 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\schtasks.exe
[2010.12.15 21:31:54 | 000,101,760 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\consent.exe
[2010.12.15 21:31:53 | 000,314,368 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\webio.dll
[2010.12.15 21:31:53 | 000,294,400 | ---- | C] (Adobe Systems Incorporated) -- C:\windows\System32\atmfd.dll
[2010.12.15 21:31:53 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\windows\System32\atmlib.dll
[2010.12.15 21:31:52 | 002,327,552 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\win32k.sys
[2010.06.23 21:35:42 | 000,272,896 | ---- | C] ( ) -- C:\windows\System32\rsnp2uvc.dll
[2010.06.23 21:35:42 | 000,196,608 | ---- | C] ( ) -- C:\windows\System32\csnp2uvc.dll
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011.01.12 21:15:53 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2011.01.12 20:59:00 | 000,000,270 | ---- | M] () -- C:\windows\tasks\Auf Updates für Windows Live Toolbar prüfen.job
[2011.01.12 19:06:55 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2011.01.12 19:06:49 | 2388,029,440 | -HS- | M] () -- C:\hiberfil.sys
[2011.01.11 22:48:22 | 000,009,696 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011.01.11 22:48:17 | 000,009,696 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011.01.11 17:23:59 | 000,002,963 | ---- | M] () -- C:\Users\***\Desktop\HiJackThis.lnk
[2011.01.11 17:23:13 | 001,402,880 | ---- | M] () -- C:\Users\***\Desktop\HiJackThis.msi
[2011.01.10 18:55:39 | 000,700,874 | ---- | M] () -- C:\windows\System32\perfh007.dat
[2011.01.10 18:55:39 | 000,662,716 | ---- | M] () -- C:\windows\System32\perfh009.dat
[2011.01.10 18:55:39 | 000,147,528 | ---- | M] () -- C:\windows\System32\perfc007.dat
[2011.01.10 18:55:39 | 000,123,910 | ---- | M] () -- C:\windows\System32\perfc009.dat
[2011.01.10 18:55:01 | 000,001,067 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.01.10 18:53:18 | 007,734,208 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Users\***\Desktop\mbam-setup-1.50.1.1100.exe
[2011.01.10 18:15:30 | 000,007,605 | ---- | M] () -- C:\Users\***\AppData\Local\Resmon.ResmonCfg
[2011.01.09 12:19:16 | 000,001,076 | ---- | M] () -- C:\Users\***\Desktop\Cyberlink Power2Go.lnk
[2011.01.01 14:03:18 | 000,327,680 | ---- | M] () -- C:\Users\***\Desktop\Ausschreibung Autorenkolleg Lehrwerkstatt.doc
[2010.12.31 18:27:12 | 000,135,096 | ---- | M] (Avira GmbH) -- C:\windows\System32\drivers\avipbb.sys
[2010.12.20 18:09:00 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbamswissarmy.sys
[2010.12.20 18:08:40 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbam.sys
[2010.12.16 12:16:01 | 000,430,152 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.01.11 17:23:59 | 000,002,963 | ---- | C] () -- C:\Users\***\Desktop\HiJackThis.lnk
[2011.01.11 17:23:06 | 001,402,880 | ---- | C] () -- C:\Users\***\Desktop\HiJackThis.msi
[2011.01.10 18:55:01 | 000,001,067 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.01.10 18:15:30 | 000,007,605 | ---- | C] () -- C:\Users\***\AppData\Local\Resmon.ResmonCfg
[2011.01.10 13:08:20 | 549,129,803 | ---- | C] () -- C:\Users\***\Desktop\Das Kabinett des Dr. Parnassus.flv.flv
[2011.01.01 14:03:18 | 000,327,680 | ---- | C] () -- C:\Users\***\Desktop\Ausschreibung Autorenkolleg Lehrwerkstatt.doc
[2010.12.16 22:42:36 | 000,165,376 | ---- | C] () -- C:\windows\System32\unrar.dll
[2010.12.16 22:42:35 | 000,000,038 | ---- | C] () -- C:\windows\avisplitter.ini
[2010.12.16 22:42:32 | 000,790,528 | ---- | C] () -- C:\windows\System32\xvidcore.dll
[2010.12.16 22:42:32 | 000,134,144 | ---- | C] () -- C:\windows\System32\xvidvfw.dll
[2010.12.16 22:42:31 | 000,108,032 | ---- | C] () -- C:\windows\System32\ff_vfw.dll
[2010.08.27 09:22:18 | 000,691,696 | ---- | C] () -- C:\windows\System32\drivers\sptd.sys
[2010.08.22 06:53:01 | 000,000,088 | ---- | C] () -- C:\ProgramData\profile.xml
[2010.06.23 21:37:08 | 002,110,728 | ---- | C] () -- C:\windows\System32\Apblend.dll
[2010.06.23 21:37:08 | 001,410,312 | ---- | C] () -- C:\windows\System32\IcnOvrly.dll
[2010.06.23 21:37:08 | 001,171,456 | ---- | C] () -- C:\windows\System32\PicNotify.dll
[2010.06.23 21:37:08 | 000,660,744 | ---- | C] () -- C:\windows\System32\EncIcons.dll
[2010.06.23 21:37:08 | 000,513,288 | ---- | C] () -- C:\windows\System32\SimpleExt.dll
[2010.06.23 21:36:55 | 001,044,480 | ---- | C] () -- C:\windows\System32\3DImageRenderer.dll
[2010.06.23 21:35:52 | 000,057,344 | ---- | C] () -- C:\windows\AsfHelper.dll
[2010.06.23 21:35:52 | 000,054,800 | ---- | C] () -- C:\windows\System32\drivers\funfrm.sys
[2010.06.23 21:35:42 | 001,759,744 | ---- | C] () -- C:\windows\System32\drivers\snp2uvc.sys
[2010.06.23 21:35:42 | 000,028,544 | ---- | C] () -- C:\windows\System32\drivers\sncduvc.sys
[2010.06.23 21:35:42 | 000,015,497 | ---- | C] () -- C:\windows\snp2uvc.ini
[2010.06.23 21:35:19 | 000,016,648 | R--- | C] () -- C:\windows\System32\LogAPI.dll
[2010.03.23 12:26:48 | 000,201,512 | ---- | C] () -- C:\windows\System32\vpnapi.dll
[2009.12.03 09:27:30 | 000,080,416 | ---- | C] () -- C:\windows\System32\RtNicProp32.dll
[2009.07.14 00:51:43 | 000,073,728 | ---- | C] () -- C:\windows\System32\BthpanContextHandler.dll
[2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\windows\System32\BWContextHandler.dll

< End of report >
         
--- --- ---


und das zweite...
OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 12.01.2011 21:17:18 - Run 1
OTL by OldTimer - Version 3.2.20.1     Folder = C:\Users\***\Desktop
 Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 69,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 81,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 252,89 Gb Total Space | 216,70 Gb Free Space | 85,69% Space Free | Partition Type: NTFS
Drive D: | 30,25 Gb Total Space | 28,50 Gb Free Space | 94,23% Space Free | Partition Type: NTFS
 
Computer Name: ***-PC | User Name: ***| Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{07D66D6A-8676-2B16-85FB-6517CC3E9CC5}" = CCC Help Finnish
"{0A92F3A5-DEAA-98E6-4581-15F8431A941C}" = CCC Help Portuguese
"{10DDCDDD-9A59-4496-9371-C17F1668D433}" = Windows Live Toolbar
"{17542DBF-E17C-4562-BC4D-FA3EF3076C45}" = Lenovo ReadyComm 5
"{1926A591-1891-259A-53C6-0F6841D6A8F0}" = CCC Help Norwegian
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
"{2BA8757F-CBAC-0588-D416-8C96D501051E}" = CCC Help Greek
"{2CE5A2E7-3437-4CE7-BCF4-85ED6EEFF9E4}" = iTunes
"{307465AB-87CB-A60D-C971-0BB80BB45A97}" = CCC Help Italian
"{333498C2-E34E-98D3-D137-B2781ECEE601}" = CCC Help Spanish
"{399C37FB-08AF-493B-BFED-20FBD85EDF7F}" = Lenovo EasyCamera
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3F07DEBB-DDFA-71A5-4833-FD7B4570099A}" = ccc-core-static
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{40C0BC34-24EA-0A97-43C7-1695DEF28E40}" = CCC Help Swedish
"{4320CF02-6353-A394-FD2A-5DC2E2C3128F}" = CCC Help Polish
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{46CF24EC-6881-A61E-E302-39D82F8A6F43}" = Catalyst Control Center Graphics Full Existing
"{46F4D124-20E5-4D12-BE52-EC177A7A4B42}" = Lenovo OneKey Recovery
"{4C7C80E5-69FF-11EC-AC82-EC5B3CC5458F}" = Catalyst Control Center Core Implementation
"{4cb9f93c-9edc-4be9-ae61-af128ddbecfa}" = Business Contact Manager für Outlook 2007 SP2
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{56B4002F-671C-49F4-984C-C760FE3806B5}" = Microsoft SQL Server VSS Writer
"{578A8F75-2327-827C-4553-62CA9519D6D8}" = CCC Help Chinese Traditional
"{5885739F-97FF-4907-AC74-065515FFAFF0}" = Catalyst Control Center - Branding
"{5CAD98B7-0140-5544-ABBC-98DEF246E900}" = Catalyst Control Center Graphics Full New
"{5CD3BA1D-5C03-838E-797F-E930300411A0}" = Catalyst Control Center InstallProxy
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{5F9980AB-71E8-FB4C-3110-3BE92FFBFE8A}" = Catalyst Control Center Localization All
"{68356BCF-54A3-6F27-9BDB-9837322C28D2}" = CCC Help Thai
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{76C66170-C538-4E77-B54D-48E136B5B533}" = Lenovo ReadyComm 5.0 Service
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77F01698-1630-E8FB-05BE-4EA750D06025}" = CCC Help Korean
"{7AC75CED-C6C0-50CA-AF60-D6058C9864D3}" = CCC Help French
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{81A35B8F-5C47-0BC1-C9E6-3E0F5226737F}" = CCC Help German
"{87725CEF-1BC6-47C5-B2CD-96DD6D392EE3}" = Dolby Control Center
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8136 8168 8169 Ethernet Driver
"{8991E763-21F5-4DEA-A938-5D9D77DCB488}" = Broadcom 802.11 Wireless Driver
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0015-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}_PROHYBRIDR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}_PROHYBRIDR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}_PROHYBRIDR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}_PROHYBRIDR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0407-0000-0000000FF1CE}_PROHYBRIDR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00B2-0409-0000-0000000FF1CE}" = Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{90A40407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{9575CD22-8556-2578-4D9C-FFB345C77235}" = CCC Help Czech
"{967B172C-034E-AD05-81BF-0F5CC76592F0}" = ccc-utility
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{987FC279-722B-2597-5B59-F95FB2EBE9B4}" = CCC Help Russian
"{9E4D173C-3C21-3D80-10BF-239A2A53B0E8}" = CCC Help Chinese Standard
"{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = Lenovo Bluetooth with Enhanced Data Rate Software
"{9FE8E737-5B3C-97C3-2C54-AD85D689B36D}" = CCC Help Japanese
"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components
"{AC76BA86-7AD7-1031-7B44-A94000000001}" = Adobe Reader 9.4.1 - Deutsch
"{AE1E24C2-E720-42D5-B8E1-48F71A97B4DB}" = Energy Management
"{B0BF7057-6869-4E4B-920C-EA2A58DA07F0}" = Cisco Systems VPN Client 5.0.07.0290
"{B349FD26-7842-12DD-F55B-B241ED7FDB3A}" = CCC Help Danish
"{BD68F46D-8A82-4664-8E68-F87C55BDEFD4}" = Microsoft SQL Server Native Client
"{C027DFC2-445D-6F52-F803-D1CD04D6EFE3}" = Catalyst Control Center Graphics Light
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{CBD764FB-342D-0C97-7729-28E961EB13F0}" = CCC Help Hungarian
"{CCA1EEA3-555E-4D05-AC46-4B49C6C5D887}" = Apple Mobile Device Support
"{D001278B-867A-5FD6-BF2E-DA170DB1E9FC}" = ATI Catalyst Install Manager
"{D9A9EABC-3ADE-C519-A34C-DBB397BFEE7D}" = CCC Help Turkish
"{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support
"{DF27DC6E-8455-1C78-A63A-B851D776BBD8}" = Catalyst Control Center Graphics Previews Vista
"{DF914FFA-9EAF-AC5A-D67E-1D90B4B7C767}" = CCC Help Dutch
"{E23C5EDE-188E-35F5-198B-34000BC15392}" = CCC Help English
"{E4C850CE-C78B-4E21-57C5-C297829ADD9B}" = PX Profile Update
"{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime
"{F0E2B312-D7FD-4349-A9B6-E90B36DB1BD0}" = Paint.NET v3.5.5
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{FF1C31AE-0CDC-40CE-AB85-406F8B70D643}" = Bonjour
"7-Zip" = 7-Zip 4.65
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.9
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Business Contact Manager" = Business Contact Manager für Outlook 2007 SP2
"DivX Setup.divx.com" = DivX-Setup
"EasyCapture4.0" = EasyCapture
"ENTERPRISE" = Microsoft Office Enterprise 2007
"InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}" = Lenovo OneKey Recovery
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 6.6.0
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13)
"PROHYBRIDR" = 2007 Microsoft Office system
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"VLC media player" = VLC media player 1.1.3
"Windows Live Toolbar" = Windows Live Toolbar
"WinGimp-2.0_is1" = GIMP 2.6.11
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 03.12.2010 06:08:11 | Computer Name = ***-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 5210
 
Error - 03.12.2010 06:08:12 | Computer Name = ***-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 03.12.2010 06:08:12 | Computer Name = ***-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 6224
 
Error - 03.12.2010 06:08:12 | Computer Name = ***-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 6224
 
Error - 03.12.2010 06:08:13 | Computer Name = ***-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 03.12.2010 06:08:13 | Computer Name = ***-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 7223
 
Error - 03.12.2010 06:08:13 | Computer Name = ***-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 7223
 
Error - 03.12.2010 06:08:14 | Computer Name = ***-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 03.12.2010 06:08:14 | Computer Name = ***-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 8221
 
Error - 03.12.2010 06:08:14 | Computer Name = ***-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 8221
 
 
========== Last 10 Event Log Errors ==========
 
Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!
 
< End of report >
         
--- --- ---


...muss wohl blind gewesen sein. mache jetzt einen vollscan, sorry!


Geändert von dr.beir (12.01.2011 um 20:47 Uhr)

Alt 12.01.2011, 21:11   #6
dr.beir
 
misc.exe 'TR/Dropper.Gen' [trojan] gefunden - Standard

misc.exe 'TR/Dropper.Gen' [trojan] gefunden



ok, hier nun der vollscan von malwarebytes.

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 5507

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

12.01.2011 22:10:05
mbam-log-2011-01-12 (22-10-05).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 220392
Laufzeit: 43 Minute(n), 35 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

Alt 12.01.2011, 21:49   #7
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
misc.exe 'TR/Dropper.Gen' [trojan] gefunden - Standard

misc.exe 'TR/Dropper.Gen' [trojan] gefunden



Beende alle Programme, starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:
ATTFilter
:OTL
O33 - MountPoints2\{257f28db-b1ba-11df-8b0b-0c6076b70643}\Shell - "" = AutoRun
O33 - MountPoints2\{257f28db-b1ba-11df-8b0b-0c6076b70643}\Shell\AutoRun\command - "" = F:\autorun.exe -- File not found
O33 - MountPoints2\{257f28db-b1ba-11df-8b0b-0c6076b70643}\Shell\start\COMMAND - "" = F:\autorun.exe -- File not found
:Commands
[purity]
[resethosts]
[emptytemp]
         
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 12.01.2011, 22:39   #8
dr.beir
 
misc.exe 'TR/Dropper.Gen' [trojan] gefunden - Standard

misc.exe 'TR/Dropper.Gen' [trojan] gefunden



ok, habe alles so gemacht. der rechner wurde neu gestartet (was wieder ca 15 min gedauert hat) und folgendes log danach angezeigt:

Zitat:
All processes killed
========== OTL ==========
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{257f28db-b1ba-11df-8b0b-0c6076b70643}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{257f28db-b1ba-11df-8b0b-0c6076b70643}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{257f28db-b1ba-11df-8b0b-0c6076b70643}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{257f28db-b1ba-11df-8b0b-0c6076b70643}\ not found.
File F:\autorun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{257f28db-b1ba-11df-8b0b-0c6076b70643}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{257f28db-b1ba-11df-8b0b-0c6076b70643}\ not found.
File F:\autorun.exe not found.
========== COMMANDS ==========
C:\windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public

User: ***
->Temp folder emptied: 704896 bytes
->Temporary Internet Files folder emptied: 89466402 bytes
->FireFox cache emptied: 55361244 bytes
->Flash cache emptied: 23003 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 1644875 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 466384 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 141,00 mb


OTL by OldTimer - Version 3.2.20.1 log created on 01122011_230219

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

schon mal vielen Dank für die Hilfe cosinus. weitere maßnahmen kann ich morgen durchführen. gehe jetzt ins bett. Gute Nacht!

Geändert von dr.beir (12.01.2011 um 22:48 Uhr)

Alt 13.01.2011, 09:24   #9
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
misc.exe 'TR/Dropper.Gen' [trojan] gefunden - Standard

misc.exe 'TR/Dropper.Gen' [trojan] gefunden



Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Lade dir ComboFix hier herunter auf deinen Desktop. Benenne es beim Runterladen um in cofi.exe.
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 13.01.2011, 14:49   #10
dr.beir
 
misc.exe 'TR/Dropper.Gen' [trojan] gefunden - Standard

misc.exe 'TR/Dropper.Gen' [trojan] gefunden



Hallo cosinus,

habe CCleaner ausgeführt und danach comboFix gestartet. Habe antivir beendet, so dass im taskmanager kein eintrag mehr vorhanden war, allerdings hat combofix trozdem gewarnt antivir sei noch aktiv. Ist aber trozdem ohne probleme durchgelaufen. hier das log

Combofix Logfile:
Code:
ATTFilter
ComboFix 11-01-12.04 - *** 13.01.2011  15:37:31.1.2 - x86
Microsoft Windows 7 Home Premium   6.1.7600.0.1252.49.1031.18.3037.2154 [GMT 1:00]
ausgeführt von:: c:\users\***\Desktop\cofi.exe
AV: AntiVir Desktop *Enabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Enabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\***\AppData\Roaming\Local
c:\users\***\AppData\Roaming\Local\Temp\DDM\Settings\0.ddi
c:\users\***\AppData\Roaming\Local\Temp\DDM\Settings\1.ddi
c:\users\***\AppData\Roaming\Local\Temp\DDM\Settings\2.ddi
c:\users\***\AppData\Roaming\Local\Temp\DDM\Settings\3.ddi
c:\users\***\AppData\Roaming\Local\Temp\DDM\Settings\4.ddi
c:\users\***\AppData\Roaming\Local\Temp\DDM\Settings\5.ddi
c:\users\***\AppData\Roaming\Local\Temp\DDM\Settings\6.ddi
c:\users\***\AppData\Roaming\Local\Temp\DDM\Settings\7.ddi
c:\users\***\AppData\Roaming\Local\Temp\DDM\Settings\8.ddi
c:\users\***\AppData\Roaming\Local\Temp\DDM\Settings\FILE4B5A0D8819F2C.plong.ddr
c:\users\***\AppData\Roaming\Local\Temp\DDM\Settings\settings.ddi
c:\users\***\AppData\Roaming\Local\Temp\DDM\Settings\Tatsaechlich.Liebe.German.2003.mp3.XViD.avi.ddr
c:\users\***\AppData\Roaming\Local\Temp\DDM\Settings\Tatsaechlich.Liebe_cd1.avi.ddr
c:\users\***\AppData\Roaming\Local\Temp\DDM\Settings\Tatsaechlich.Liebe_cd2.avi.ddr
c:\users\***\AppData\Roaming\Local\Temp\DDM\Settings\TatsaechlichLiebe1.avi(2).ddr
c:\users\***\AppData\Roaming\Local\Temp\DDM\Settings\TatsaechlichLiebe1.avi(3).ddr
c:\users\***\AppData\Roaming\Local\Temp\DDM\Settings\TatsaechlichLiebe1.avi.ddr
c:\users\***\AppData\Roaming\Local\Temp\DDM\Settings\TatsaechlichLiebe2.avi(2).ddr
c:\users\***\AppData\Roaming\Local\Temp\DDM\Settings\TatsaechlichLiebe2.avi.ddr
c:\users\***\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\c97d846098ea98af8c8c21334ad5e758..ddp
c:\users\***\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\FILE4B5A0D8819F2C.plong.ddp
c:\users\***\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\Tatsaechlich.Liebe.German.2003.mp3.XViD.avi.ddp
c:\users\***\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\Tatsaechlich.Liebe_cd1.avi.ddp
c:\users\***\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\Tatsaechlich.Liebe_cd2.avi.ddp
c:\users\***\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\TatsaechlichLiebe1.avi(2).ddp
c:\users\***\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\TatsaechlichLiebe1.avi(3).ddp
c:\users\***\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\TatsaechlichLiebe1.avi.ddp
c:\users\***\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\TatsaechlichLiebe2.avi(2).ddp
c:\users\***\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\TatsaechlichLiebe2.avi.ddp

.
(((((((((((((((((((((((   Dateien erstellt von 2010-12-13 bis 2011-01-13  ))))))))))))))))))))))))))))))
.

2011-01-13 14:06 . 2011-01-13 14:06	--------	d-----w-	c:\program files\CCleaner
2011-01-12 22:02 . 2011-01-12 22:02	--------	d-----w-	C:\_OTL
2011-01-12 18:29 . 2010-10-16 04:34	573440	----a-w-	c:\windows\system32\odbc32.dll
2011-01-12 18:29 . 2010-10-16 04:33	372736	----a-w-	c:\program files\Common Files\System\ado\msadox.dll
2011-01-12 18:29 . 2010-10-16 04:33	352256	----a-w-	c:\program files\Common Files\System\ado\msadomd.dll
2011-01-12 18:29 . 2010-10-16 04:33	987136	----a-w-	c:\program files\Common Files\System\ado\msado15.dll
2011-01-12 18:29 . 2010-10-16 04:33	208896	----a-w-	c:\program files\Common Files\System\msadc\msadco.dll
2011-01-11 16:25 . 2010-11-10 04:33	6273872	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{0B155819-88D2-485E-9FA0-76F58012AE81}\mpengine.dll
2011-01-11 16:23 . 2011-01-11 16:23	388096	----a-r-	c:\users\***\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-01-11 16:23 . 2011-01-11 16:23	--------	d-----w-	c:\program files\Trend Micro
2011-01-10 17:56 . 2011-01-10 17:56	--------	d-----w-	c:\users\***\AppData\Roaming\Malwarebytes
2011-01-10 17:55 . 2010-12-20 17:09	38224	----a-w-	c:\windows\system32\drivers\mbamswissarmy.sys
2011-01-10 17:55 . 2011-01-10 17:55	--------	d-----w-	c:\programdata\Malwarebytes
2011-01-10 17:54 . 2011-01-10 17:55	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2011-01-10 17:54 . 2010-12-20 17:08	20952	----a-w-	c:\windows\system32\drivers\mbam.sys
2011-01-10 13:02 . 2011-01-10 13:02	--------	d-----w-	c:\users\***\AppData\Roaming\Avira
2011-01-09 11:19 . 2011-01-09 11:19	--------	d-----w-	c:\users\***\AppData\Roaming\CyberLink
2011-01-09 11:19 . 2011-01-09 11:19	--------	d-----w-	c:\users\Public\CyberLink
2011-01-07 14:28 . 2011-01-07 14:37	--------	d-----w-	C:\Türkisch
2011-01-07 14:23 . 2011-01-10 17:29	--------	d-----w-	c:\program files\audiograbber
2011-01-07 14:23 . 2011-01-10 17:29	--------	d-----w-	c:\windows\uninstall
2011-01-07 08:10 . 2011-01-07 08:10	--------	d-----w-	c:\users\***\AppData\Roaming\Canneverbe Limited
2011-01-07 08:10 . 2011-01-07 08:10	--------	d-----w-	c:\programdata\Canneverbe Limited
2011-01-07 08:10 . 2011-01-07 08:10	--------	d-----w-	c:\program files\CDBurnerXP
2011-01-01 10:06 . 2011-01-01 10:06	176488	----a-w-	c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10136.bin
2010-12-16 21:42 . 2010-03-15 10:31	165376	----a-w-	c:\windows\system32\unrar.dll
2010-12-16 21:42 . 2010-01-17 16:18	151552	----a-w-	c:\windows\system32\ac3acm.acm
2010-12-16 21:42 . 2006-10-18 19:05	232448	----a-w-	c:\windows\system32\mp3fhg.acm
2010-12-16 21:42 . 2010-11-03 19:08	237568	----a-w-	c:\windows\system32\yv12vfw.dll
2010-12-16 21:42 . 2010-06-08 17:10	790528	----a-w-	c:\windows\system32\xvidcore.dll
2010-12-16 21:42 . 2010-06-08 17:10	134144	----a-w-	c:\windows\system32\xvidvfw.dll
2010-12-16 21:42 . 2010-11-24 08:00	108032	----a-w-	c:\windows\system32\ff_vfw.dll
2010-12-16 21:42 . 2010-12-16 21:43	--------	d-----w-	c:\program files\K-Lite Codec Pack
2010-12-16 21:29 . 2010-12-16 21:29	--------	d-----w-	c:\users\***\AppData\Roaming\DivX
2010-12-16 21:28 . 2010-12-16 21:28	--------	d-----w-	c:\program files\Common Files\PX Storage Engine

.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-31 17:27 . 2010-08-27 09:14	135096	----a-w-	c:\windows\system32\drivers\avipbb.sys
2010-11-22 19:09 . 2010-08-27 09:14	61960	----a-w-	c:\windows\system32\drivers\avgntflt.sys
2010-11-12 00:44 . 2010-11-12 00:44	94208	----a-w-	c:\windows\system32\dpl100.dll
2010-11-08 22:57 . 2010-11-08 22:57	353592	----a-w-	c:\windows\system32\DivXControlPanelApplet.cpl
2010-10-19 09:41 . 2010-08-27 09:31	222080	------w-	c:\windows\system32\MpSigStub.exe
.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-08-07 186904]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-08-13 98304]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-08-05 7703072]
"UpdateP2GShortCut"="c:\program files\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-12-03 218408]
"EnergyUtility"="c:\program files\Lenovo\Energy Management\utility.exe" [2009-09-01 4114288]
"Energy Management"="c:\program files\Lenovo\Energy Management\Energy Management.exe" [2009-06-25 5064520]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-11-03 281768]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer3"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
backup=c:\windows\pss\Bluetooth.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^VPN Client.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\VPN Client.lnk
backup=c:\windows\pss\VPN Client.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^Users^***^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk]
path=c:\users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk
backup=c:\windows\pss\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-09-20 21:07	932288	----a-r-	c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-09-23 02:47	35760	----a-w-	c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivX Download Manager]
2010-12-08 21:15	63360	----a-w-	c:\program files\DivX\DivX Plus Web Player\DDMService.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2010-12-09 19:28	1226608	----a-w-	c:\program files\DivX\DivX Update\DivXUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-09-24 00:10	421160	----a-w-	c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-09-08 09:17	421888	----a-w-	c:\program files\QuickTime\QTTask.exe

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 Bridge0;Bridge0;c:\windows\system32\drivers\WDBridge.sys [2009-07-28 63240]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-04-07 29472]
R3 k57nd60x;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60x.sys [2009-07-13 229888]
R3 Lenovo ReadyComm AppSvc;Lenovo ReadyComm AppSvc;c:\program files\Lenovo\ReadyComm\AppSvc.exe [2009-07-28 414984]
R3 Lenovo ReadyComm ConnSvc;Lenovo ReadyComm ConnSvc;c:\program files\Lenovo\ReadyComm\ConnSvc.exe [2009-07-28 472328]
R3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]
R3 PS_MDP;ReadyComm Presentation Space Helper Service;c:\windows\System32\IgrsSvcs.exe [2009-07-14 20992]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-06-26 169472]
R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x]
R3 WinRing0_1_2_0;WinRing0_1_2_0;d:\test\ECECECEC\WinRing0.sys [x]
R3 wsvd;wsvd;c:\windows\system32\DRIVERS\wsvd.sys [2009-07-21 81704]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-08-27 691696]
S1 funfrm;funfrm; [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-08-13 172032]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2010-11-03 135336]
S2 IGRS;IGRS;c:\program files\Lenovo\ReadyComm\common\IGRS.exe [2009-07-14 38152]
S2 ReadyComm.DirectRouter;ReadyComm.DirectRouter;c:\windows\System32\IgrsSvcs.exe [2009-07-14 20992]
S3 ACPIVPC;Lenovo Virtual Power Controller Driver;c:\windows\system32\DRIVERS\AcpiVpc.sys [2009-05-19 21520]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2010-06-23 275048]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]
S3 wdmirror;wdmirror;c:\windows\system32\DRIVERS\WDMirror.sys [2009-07-16 11792]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation	REG_MULTI_SZ   	SSDPSRV upnphost SCardSvr TBS FontCache fdrespub AppIDSvc QWAVE wcncsvc SensrSvc Mcx2Svc
IgrsSvcs	REG_MULTI_SZ   	ReadyComm.DirectRouter PS_MDP
.
Inhalt des "geplante Tasks" Ordners

2011-01-13 c:\windows\Tasks\Auf Updates für Windows Live Toolbar prüfen.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-02-12 15:54]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://lenovo.live.com/
mStart Page = hxxp://lenovo.live.com/
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://g.msn.de/0SEDEDE/SAOS01?FORM=TOOLBR
IE: Bild an &Bluetooth-Gerät senden... - c:\program files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Seite an &Bluetooth-Gerät senden... - c:\program files\Lenovo\Bluetooth Software\btsendto_ie.htm
FF - ProfilePath - c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\m8mjalqu.default\
FF - prefs.js: browser.search.selectedEngine - Wikipedia (de)
FF - prefs.js: browser.startup.homepage - hxxp://sn134w.snt134.mail.live.com/default.aspx?wa=wsignin1.0
FF - prefs.js: network.proxy.type - 0
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: DownThemAll!: {DDC359D1-844A-42a7-9AA1-88A850A938A8} - %profile%\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
FF - Ext: DivX Plus Web Player HTML5 &lt;video&gt;: {23fcfd51-4958-4f00-80a3-ae97e717ed8b} - c:\program files\DivX\DivX Plus Web Player\firefox\html5video
FF - Ext: DivX HiQ: {6904342A-8307-11DF-A508-4AE2DFD72085} - c:\program files\DivX\DivX Plus Web Player\firefox\wpa
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -

Toolbar-Locked - (no file)
HKLM-Run-SynTPEnh - %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
MSConfigStartUp-VeriFaceManager - c:\program files\Lenovo\VeriFace\PManage.exe


.
--------------------- Gesperrte Registrierungsschluessel ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2011-01-13  15:45:15
ComboFix-quarantined-files.txt  2011-01-13 14:45

Vor Suchlauf: 9 Verzeichnis(se), 232.159.907.840 Bytes frei
Nach Suchlauf: 13 Verzeichnis(se), 232.621.613.056 Bytes frei

- - End Of File - - 1D3F6DB6734B2B6719D8BBCE2BA896CB
         
--- --- ---

Alt 13.01.2011, 14:52   #11
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
misc.exe 'TR/Dropper.Gen' [trojan] gefunden - Standard

misc.exe 'TR/Dropper.Gen' [trojan] gefunden



Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.


Downloade Dir danach bitte MBRCheck (by a_d_13) und speichere die Datei auf dem Desktop.
  • Doppelklick auf die MBRCheck.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Das Tool braucht nur wenige Sekunden.
  • Danach solltest du eine MBRCheck_<Datum>_<Uhrzeit>.txt auf dem Desktop finden.
Poste mir bitte den Inhalt des .txt Dokumentes
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 13.01.2011, 15:34   #12
dr.beir
 
misc.exe 'TR/Dropper.Gen' [trojan] gefunden - Standard

misc.exe 'TR/Dropper.Gen' [trojan] gefunden



so, zunächst GMER

GMER Logfile:
Code:
ATTFilter
GMER 1.0.15.15530 - hxxp://www.gmer.net
Rootkit scan 2011-01-13 16:32:50
Windows 6.1.7600  Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 ST932032 rev.0010
Running: bii0vrsd.exe; Driver: C:\Users\***\AppData\Local\Temp\uglcrpoc.sys


---- Kernel code sections - GMER 1.0.15 ----

.text           ntkrnlpa.exe!ZwSaveKeyEx + 13AD                                                                                     83251599 1 Byte  [06]
.text           ntkrnlpa.exe!KiDispatchInterrupt + 5A2                                                                              83275F52 19 Bytes  [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
?               System32\Drivers\spfi.sys                                                                                           Das System kann den angegebenen Pfad nicht finden. !
.text           C:\windows\system32\DRIVERS\atikmdag.sys                                                                            section is writeable [0x90E36000, 0x2DE45A, 0xE8000020]
.text           USBPORT.SYS!DllUnload                                                                                               90549CA0 5 Bytes  JMP 8716C1D8 
.text           aife30ni.SYS                                                                                                        95D20000 12 Bytes  [44, 38, 62, 83, EE, 36, 62, ...] {INC ESP; CMP [EDX-0x7d], AH; OUT DX, AL ; BOUND EAX, SS:[EBX-0x7c9de860]}
.text           aife30ni.SYS                                                                                                        95D2000D 9 Bytes  [17, 62, 83, 48, 3B, 62, 83, ...] {POP SS; BOUND EAX, [EBX-0x7c9dc4b8]; ADD [EAX], AL}
.text           aife30ni.SYS                                                                                                        95D20017 20 Bytes  [00, DE, 67, 53, 8B, E6, 65, ...]
.text           aife30ni.SYS                                                                                                        95D2002C 149 Bytes  [00, 00, 00, 00, D0, C1, 24, ...]
.text           aife30ni.SYS                                                                                                        95D200C3 8 Bytes  [00, 00, 00, 00, 00, 00, 00, ...] {ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL}
.text           ...                                                                                                                 
?               C:\Users\***\AppData\Local\Temp\catchme.sys                                                                       Das System kann die angegebene Datei nicht finden. !
?               C:\windows\system32\Drivers\PROCEXP113.SYS                                                                          Das System kann die angegebene Datei nicht finden. !

---- Devices - GMER 1.0.15 ----

Device          \FileSystem\Ntfs \Ntfs                                                                                              857461F8

AttachedDevice  \Driver\kbdclass \Device\KeyboardClass0                                                                             Wdf01000.sys (Kernelmodustreiber-Frameworklaufzeit/Microsoft Corporation)
AttachedDevice  \Driver\kbdclass \Device\KeyboardClass1                                                                             Wdf01000.sys (Kernelmodustreiber-Frameworklaufzeit/Microsoft Corporation)

Device          \Driver\volmgr \Device\VolMgrControl                                                                                857421F8
Device          \Driver\usbuhci \Device\USBPDO-0                                                                                    8716D1F8
Device          \Driver\usbuhci \Device\USBPDO-1                                                                                    8716D1F8
Device          \Driver\usbehci \Device\USBPDO-2                                                                                    86F98500
Device          \Driver\usbuhci \Device\USBPDO-3                                                                                    8716D1F8
Device          \Driver\ACPI_HAL \Device\00000054                                                                                   halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)
Device          \Driver\usbuhci \Device\USBPDO-4                                                                                    8716D1F8
Device          \Driver\usbuhci \Device\USBPDO-5                                                                                    8716D1F8
Device          \Driver\usbehci \Device\USBPDO-6                                                                                    86F98500
Device          \Driver\volmgr \Device\HarddiskVolume1                                                                              857421F8

AttachedDevice  \Driver\volmgr \Device\HarddiskVolume1                                                                              fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

Device          \Driver\volmgr \Device\HarddiskVolume2                                                                              857421F8

AttachedDevice  \Driver\volmgr \Device\HarddiskVolume2                                                                              fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

Device          \Driver\cdrom \Device\CdRom0                                                                                        86FA51F8
Device          \Driver\NetBT \Device\NetBT_Tcpip_{8DF567B3-143D-486E-B44A-A5CFDA5EE607}                                            870951F8
Device          \Driver\iaStor \Device\Ide\iaStor0                                                                                  [8B6CD390] \SystemRoot\system32\DRIVERS\iaStor.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device          \Driver\iaStor \Device\Ide\IAAStorageDevice-0                                                                       [8B6CD390] \SystemRoot\system32\DRIVERS\iaStor.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device          \Driver\iaStor \Device\Ide\IAAStorageDevice-1                                                                       [8B6CD390] \SystemRoot\system32\DRIVERS\iaStor.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device          \Driver\cdrom \Device\CdRom1                                                                                        86FA51F8
Device          \Driver\volmgr \Device\HarddiskVolume4                                                                              857421F8

AttachedDevice  \Driver\volmgr \Device\HarddiskVolume4                                                                              fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

Device          \Driver\NetBT \Device\NetBt_Wins_Export                                                                             870951F8
Device          \Driver\sptd \Device\960091690                                                                                      spfi.sys
Device          \Driver\PCI_PNP1687 \Device\0000005e                                                                                spfi.sys
Device          \Driver\NetBT \Device\NetBT_Tcpip_{EE7A80B1-DA67-4B7C-8DFA-F50F0228AFF3}                                            870951F8
Device          \Driver\usbuhci \Device\USBFDO-0                                                                                    8716D1F8
Device          \Driver\usbuhci \Device\USBFDO-1                                                                                    8716D1F8
Device          \Driver\usbehci \Device\USBFDO-2                                                                                    86F98500
Device          \Driver\usbuhci \Device\USBFDO-3                                                                                    8716D1F8
Device          \Driver\usbuhci \Device\USBFDO-4                                                                                    8716D1F8
Device          \Driver\usbuhci \Device\USBFDO-5                                                                                    8716D1F8
Device          \Driver\usbehci \Device\USBFDO-6                                                                                    86F98500
Device          \Driver\aife30ni \Device\Scsi\aife30ni1Port1Path0Target0Lun0                                                        8717A1F8
Device          \Driver\aife30ni \Device\Scsi\aife30ni1                                                                             8717A1F8

---- Registry - GMER 1.0.15 ----

Reg             HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\002269ec2d88                                         
Reg             HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0c6076b70643                                         
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s1                                                                  771343423
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s2                                                                  285507792
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@h0                                                                  1
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC                                    
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0                                 C:\Program Files\DAEMON Tools Lite\
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0                                 0x00 0x00 0x00 0x00 ...
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                 0
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                              0xAC 0xAB 0x6B 0x75 ...
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001                           
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0                        0x20 0x01 0x00 0x00 ...
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12                     0xCE 0x32 0xFA 0x8F ...
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0                      
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12                0xA1 0xFC 0x53 0x5A ...
Reg             HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\002269ec2d88 (not active ControlSet)                     
Reg             HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0c6076b70643 (not active ControlSet)                     
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)                
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0                                     C:\Program Files\DAEMON Tools Lite\
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0                                     0x00 0x00 0x00 0x00 ...
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                     0
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                                  0xAC 0xAB 0x6B 0x75 ...
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)       
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0                            0x20 0x01 0x00 0x00 ...
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12                         0xCE 0x32 0xFA 0x8F ...
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)  
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12                    0xA1 0xFC 0x53 0x5A ...

---- EOF - GMER 1.0.15 ----
         
--- --- ---

und hier das OSAM log

OSAM Logfile:
Code:
ATTFilter
Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 16:40:29 on 13.01.2011

OS: Windows 7 Home Premium Edition (Build 7600), 32-bit
Default Browser: Mozilla Corporation Firefox 3.6.13

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Common]
-----( %SystemRoot%\Tasks )-----
"Auf Updates für Windows Live Toolbar prüfen.job" - "Microsoft Corporation" - C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE

[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"DivXControlPanelApplet.cpl" - "DivX, Inc." - C:\windows\system32\DivXControlPanelApplet.cpl
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"mlcfg32.cpl" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\MLCFG32.CPL
"QuickTime" - "Apple Inc." - C:\Program Files\QuickTime\QTSystem\QuickTime.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"aife30ni" (aife30ni) - "Microsoft Corporation" - C:\windows\system32\drivers\aife30ni.sys  (Hidden registry entry, rootkit activity | File signed by Microsoft)
"avgntflt" (avgntflt) - "Avira GmbH" - C:\windows\System32\DRIVERS\avgntflt.sys
"avipbb" (avipbb) - "Avira GmbH" - C:\windows\System32\DRIVERS\avipbb.sys
"Bridge0" (Bridge0) - "Lenovo" - C:\windows\System32\drivers\WDBridge.sys
"catchme" (catchme) - ? - C:\Users\***\AppData\Local\Temp\catchme.sys  (File not found)
"Cisco Systems Inc. IPSec Driver" (CVPNDRVA) - "Cisco Systems, Inc." - C:\windows\system32\Drivers\CVPNDRVA.sys
"funfrm" (funfrm) - ? - C:\windows\system32\drivers\funfrm.sys
"mbr" (mbr) - ? - C:\cofi\mbr.sys  (Hidden registry entry, rootkit activity | File not found)
"Realtek IR Driver" (RtsUIR) - ? - C:\windows\System32\DRIVERS\Rts516xIR.sys  (File not found)
"Realtek Smartcard Reader Driver" (USBCCID) - ? - C:\windows\System32\DRIVERS\RtsUCcid.sys  (File not found)
"sptd" (sptd) - "Duplex Secure Ltd." - C:\windows\System32\Drivers\sptd.sys  (File is exclusively opened, access blocked)
"ssmdrv" (ssmdrv) - "Avira GmbH" - C:\windows\System32\DRIVERS\ssmdrv.sys
"uglcrpoc" (uglcrpoc) - ? - C:\Users\***\AppData\Local\Temp\uglcrpoc.sys  (Hidden registry entry, rootkit activity | File not found)
"WimFltr" (WimFltr) - "Microsoft Corporation" - C:\windows\System32\DRIVERS\wimfltr.sys
"WinRing0_1_2_0" (WinRing0_1_2_0) - ? - D:\test\ECECECEC\WinRing0.sys  (File not found)

[Explorer]
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
-----( HKLM\Software\Classes\Protocols\Filter )-----
{807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
-----( HKLM\Software\Classes\Protocols\Handler )-----
{32505114-5902-49B2-880A-1F7738E5A384} "Data Page Plugable Protocal mso-offdap11 Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL
{314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
{88FED34C-F0CA-4636-A375-3CB6248B04CD} "Local Groove Web Services Protocol" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )-----
{B5A7F190-DDA6-4420-B3BA-52453494E6CD} "Groove GFS Stub Execution Hook" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{AEB6717E-7E19-11d0-97EE-00C04FD91972} "{AEB6717E-7E19-11d0-97EE-00C04FD91972}" - ? -   (File not found | COM-object registry key not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{23170F69-40C1-278A-1000-000100020000} "7-Zip Shell Extension" - "Igor Pavlov" - C:\Program Files\7-Zip\7-zip.dll
{872A9397-E0D6-4e28-B64D-52B8D0A7EA35} "DisplayCplExt Class" - "Advanced Micro Devices, Inc." - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\atiamaxx.dll
{D8D1CE8C-B1EB-4E95-B63B-1531BA60E992} "DivX Property Handler" - "DivX, Inc." - C:\Program Files\DivX\DivX Plus Media Foundation Components\DivXPropertyHandler.dll
{83238FAE-D346-4E12-8734-D42F7554B3E6} "DivX Thumbnail Provider" - "DivX, Inc." - C:\Program Files\DivX\DivX Plus Media Foundation Components\DivXThumbnailProvider.dll
{99FD978C-D287-4F50-827F-B2C658EDA8E7} "Groove Explorer Icon Overlay 1 (GFS Unread Stub)" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} "Groove Explorer Icon Overlay 2 (GFS Stub)" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{920E6DB1-9907-4370-B3A0-BAFC03D81399} "Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{16F3DD56-1AF5-4347-846D-7C10C4192619} "Groove Explorer Icon Overlay 3 (GFS Folder)" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{2916C86E-86A6-43FE-8112-43ABE6BF8DCC} "Groove Explorer Icon Overlay 4 (GFS Unread Mark)" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{2A541AE1-5BF6-4665-A8A3-CFA9672E4291} "Groove Folder Synchronization" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{72853161-30C5-4D22-B7F9-0BBC1D38A37E} "Groove GFS Browser Helper" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{6C467336-8281-4E60-8204-430CED96822D} "Groove GFS Context Menu Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{B5A7F190-DDA6-4420-B3BA-52453494E6CD} "Groove GFS Stub Execution Hook" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{A449600E-1DC6-4232-B948-9BD794D62056} "Groove GFS Stub Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{387E725D-DC16-4D76-B310-2C93ED4752A0} "Groove XML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} "iTunes" - "Apple Inc." - C:\Program Files\iTunes\iTunesMiniPlayer.dll
{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\msohevi.dll
{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C} "Microsoft Office OneNote Namespace Extension for Windows Desktop Search" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\ONFILTER.DLL
{00020D75-0000-0000-C000-000000000046} "Microsoft Office Outlook" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\MLSHEXT.DLL
{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{7842554E-6BED-11D2-8CDB-B05550C10000} "Monitor Class" - "Broadcom Corporation." - C:\Program Files\Lenovo\Bluetooth Software\btncopy.dll
{0006F045-0000-0000-C000-000000000046} "Outlook File Icon Extension" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\OLKFSTUB.DLL
{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\shlext.dll
{5E2121EE-0300-11D4-8D3B-444553540000} "SimpleShlExt Class" - "Advanced Micro Devices, Inc." - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\atiacmxx.dll
{771C7324-DA80-49D3-8017-753B0AF60951} "VeriFace Enc" - ? -   (File not found | COM-object registry key not found)
{DF4F5AE4-E795-4C12-BC26-7726C27F71AE} "VeriFace file icon extension" - ? -   (File not found | COM-object registry key not found)
{2d3dd4c0-3bd7-11d2-821e-444553540000} "WdmidleDeviceShellExtension" - ? - c:\program files\lenovo\energy management\powcpl.dll  (File found, but it contains no detailed information)

[Internet Explorer]
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
ITBar7Height "ITBar7Height" - ? -   (File not found | COM-object registry key not found)
<binary data> "ITBar7Layout" - ? -   (File not found | COM-object registry key not found)
<binary data> "Windows Live Toolbar" - "Microsoft Corporation" - C:\Program Files\Windows Live Toolbar\msntb.dll
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{E2883E8F-472F-4FB0-9522-AC9BF37916A7} "{E2883E8F-472F-4FB0-9522-AC9BF37916A7}" - ? -   (File not found | COM-object registry key not found) / hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
"@C:\Program Files\Lenovo\Bluetooth Software\btrez.dll,-4015" - ? - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm
{48E73304-E1D6-4330-914C-F5F514E3486C} "An OneNote senden" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
{FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )-----
<binary data> "Windows Live Toolbar" - "Microsoft Corporation" - C:\Program Files\Windows Live Toolbar\msntb.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
{593DDEC6-7468-4cdd-90E1-42DADAA222E9} "DivX HiQ" - "DivX, LLC" - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
{326E768D-4182-46FD-9C16-1449A49795F4} "DivX Plus Web Player HTML5 <video>" - "DivX, LLC" - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
{72853161-30C5-4D22-B7F9-0BBC1D38A37E} "Groove GFS Browser Helper" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} "Windows Live Toolbar Helper" - "Microsoft Corporation" - C:\Program Files\Windows Live Toolbar\msntb.dll

[Logon]
-----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )-----
"StartupPrograms" - ? - rdpclip  (File not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"avgnt" - "Avira GmbH" - "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
"Energy Management" - "Lenovo (Beijing) Limited" - C:\Program Files\Lenovo\Energy Management\Energy Management.exe
"EnergyUtility" - "Lenovo(beijing) Limited" - C:\Program Files\Lenovo\Energy Management\utility.exe
"GrooveMonitor" - "Microsoft Corporation" - "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
"IAAnotif" - "Intel Corporation" - C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
"StartCCC" - "Advanced Micro Devices, Inc." - "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
"UpdateP2GShortCut" - "CyberLink Corp." - "C:\Program Files\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files\Lenovo\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\5.0"

[Print Monitors]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----
"Send To Microsoft OneNote Monitor" - "Microsoft Corporation" - C:\windows\system32\msonpmon.dll

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"Apple Mobile Device" (Apple Mobile Device) - "Apple Inc." - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
"Avira AntiVir Guard" (AntiVirService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
"Avira AntiVir Planer" (AntiVirSchedulerService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\sched.exe
"Bluetooth Service" (btwdins) - "Broadcom Corporation." - C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe
"Cisco Systems, Inc. VPN Service" (CVPND) - "Cisco Systems, Inc." - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
"Dienst "Bonjour"" (Bonjour Service) - "Apple Inc." - C:\Program Files\Bonjour\mDNSResponder.exe
"IGRS" (IGRS) - "Lenovo Group Limited" - C:\Program Files\Lenovo\ReadyComm\common\IGRS.exe
"Intel(R) Matrix Storage Event Monitor" (IAANTMON) - "Intel Corporation" - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
"iPod-Dienst" (iPod Service) - "Apple Inc." - C:\Program Files\iPod\bin\iPodService.exe
"Lenovo ReadyComm AppSvc" (Lenovo ReadyComm AppSvc) - "Lenovo Group Limited" - C:\Program Files\Lenovo\ReadyComm\AppSvc.exe
"Lenovo ReadyComm ConnSvc" (Lenovo ReadyComm ConnSvc) - "Lenovo Group Limited" - C:\Program Files\Lenovo\ReadyComm\ConnSvc.exe
"Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
"Microsoft Office Diagnostics Service" (odserv) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
"Microsoft Office Groove Audit Service" (Microsoft Office Groove Audit Service) - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
"Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
"SQL Server (MSSMLBIZ)" (MSSQL$MSSMLBIZ) - "Microsoft Corporation" - c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
"SQL Server VSS Writer" (SQLWriter) - "Microsoft Corporation" - c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
"SQL Server-Startdienst für Business Contact Manager" (BcmSqlStartupSvc) - "Microsoft Corporation" - C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe

[Winsock Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )-----
"mdnsNSP" - "Apple Inc." - C:\Program Files\Bonjour\mdnsNSP.dll

===[ Logfile end ]=========================================[ Logfile end ]===
         
--- --- ---

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru[/QUOTE]


...und MBRcheck

Zitat:
MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows 7 Home Premium Edition
Windows Information: (build 7600), 32-bit
Base Board Manufacturer: LENOVO
BIOS Manufacturer: LENOVO
System Manufacturer: LENOVO
System Product Name: 3389
Logical Drives Mask: 0x0000003c

Kernel Drivers (total 191):
0x8320E000 \SystemRoot\system32\ntkrnlpa.exe
0x8361E000 \SystemRoot\system32\halmacpi.dll
0x80BC5000 \SystemRoot\system32\kdcom.dll
0x8B207000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x8B27F000 \SystemRoot\system32\PSHED.dll
0x8B290000 \SystemRoot\system32\BOOTVID.dll
0x8B298000 \SystemRoot\system32\CLFS.SYS
0x8B2DA000 \SystemRoot\system32\CI.dll
0x8B385000 \SystemRoot\system32\drivers\Wdf01000.sys
0x8B42A000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x8B438000 \SystemRoot\System32\Drivers\spfi.sys
0x8B52B000 \SystemRoot\System32\Drivers\WMILIB.SYS
0x8B534000 \SystemRoot\System32\Drivers\SCSIPORT.SYS
0x8B55A000 \SystemRoot\system32\DRIVERS\ACPI.sys
0x8B5A2000 \SystemRoot\system32\DRIVERS\msisadrv.sys
0x8B5AA000 \SystemRoot\system32\DRIVERS\vdrvroot.sys
0x8B5B5000 \SystemRoot\system32\DRIVERS\pci.sys
0x8B5DF000 \SystemRoot\System32\drivers\partmgr.sys
0x8B5F0000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x8B400000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x8B40B000 \SystemRoot\system32\DRIVERS\volmgr.sys
0x8B622000 \SystemRoot\System32\drivers\volmgrx.sys
0x8B66D000 \SystemRoot\System32\drivers\mountmgr.sys
0x8B683000 \SystemRoot\system32\DRIVERS\iaStor.sys
0x8B75D000 \SystemRoot\system32\DRIVERS\amdxata.sys
0x8B766000 \SystemRoot\system32\drivers\fltmgr.sys
0x8B79A000 \SystemRoot\system32\drivers\fileinfo.sys
0x8B816000 \SystemRoot\System32\Drivers\Ntfs.sys
0x8B945000 \SystemRoot\System32\Drivers\msrpc.sys
0x8B970000 \SystemRoot\System32\Drivers\ksecdd.sys
0x8B983000 \SystemRoot\System32\Drivers\cng.sys
0x8B9E0000 \SystemRoot\System32\drivers\pcw.sys
0x8B9EE000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x8BA11000 \SystemRoot\system32\drivers\ndis.sys
0x8BAC8000 \SystemRoot\system32\drivers\NETIO.SYS
0x8BB06000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x8BB2B000 \SystemRoot\system32\DRIVERS\volsnap.sys
0x8BB6A000 \SystemRoot\System32\Drivers\spldr.sys
0x8BB72000 \SystemRoot\System32\drivers\rdyboost.sys
0x8BB9F000 \SystemRoot\System32\Drivers\mup.sys
0x8BBAF000 \SystemRoot\System32\drivers\hwpolicy.sys
0x8BBB7000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x8BBE9000 \SystemRoot\system32\DRIVERS\disk.sys
0x8B7AB000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
0x8FB1B000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x8FB3A000 \SystemRoot\System32\Drivers\Null.SYS
0x8FB41000 \SystemRoot\System32\Drivers\Beep.SYS
0x8FB48000 \SystemRoot\System32\drivers\vga.sys
0x8FB54000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x8FB75000 \SystemRoot\System32\drivers\watchdog.sys
0x8FB82000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x8FB8A000 \SystemRoot\system32\drivers\rdpencdd.sys
0x8FB92000 \SystemRoot\system32\drivers\rdprefmp.sys
0x8FB9A000 \SystemRoot\System32\Drivers\Msfs.SYS
0x8FBA5000 \SystemRoot\System32\Drivers\Npfs.SYS
0x8F81B000 \SystemRoot\System32\drivers\tcpip.sys
0x8F964000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x8F995000 \SystemRoot\system32\DRIVERS\tdx.sys
0x8F9AC000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x8F9B7000 \SystemRoot\System32\DRIVERS\netbt.sys
0x90012000 \SystemRoot\system32\drivers\afd.sys
0x9006C000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x90073000 \SystemRoot\system32\DRIVERS\pacer.sys
0x90092000 \SystemRoot\system32\DRIVERS\vwififlt.sys
0x900A3000 \SystemRoot\system32\DRIVERS\netbios.sys
0x900B1000 \SystemRoot\System32\Drivers\funfrm.SYS
0x900C2000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x900D5000 \SystemRoot\system32\DRIVERS\termdd.sys
0x900E5000 \SystemRoot\system32\DRIVERS\ssmdrv.sys
0x900EB000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x9012C000 \SystemRoot\system32\drivers\nsiproxy.sys
0x90136000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x90140000 \SystemRoot\System32\drivers\discache.sys
0x9014C000 \SystemRoot\System32\Drivers\dfsc.sys
0x90164000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x90172000 \SystemRoot\system32\DRIVERS\avipbb.sys
0x90198000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x90E35000 \SystemRoot\system32\DRIVERS\atikmdag.sys
0x9040B000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x904C2000 \SystemRoot\System32\drivers\dxgmms1.sys
0x904FB000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x9051A000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x90525000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x90570000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x9057F000 \SystemRoot\system32\DRIVERS\Rt86win7.sys
0x95A2B000 \SystemRoot\system32\DRIVERS\bcmwl6.sys
0x95C92000 \SystemRoot\system32\DRIVERS\vwifibus.sys
0x95C9C000 \SystemRoot\system32\DRIVERS\AcpiVpc.sys
0x95CAB000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x95CAF000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x95CC7000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x95CD4000 \SystemRoot\system32\DRIVERS\SynTP.sys
0x95D0A000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x95D0C000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x95D19000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0x95D1F000 \SystemRoot\System32\Drivers\aife30ni.SYS
0x95D58000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x95D6A000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
0x95D77000 \SystemRoot\system32\DRIVERS\dne2000.sys
0x95DA4000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x95DB6000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x95DCE000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x95DD9000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x95A00000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x905C4000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x905DB000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x95A18000 \SystemRoot\system32\DRIVERS\WDMirror.sys
0x95A1F000 \SystemRoot\system32\DRIVERS\swenum.sys
0x91375000 \SystemRoot\system32\DRIVERS\ks.sys
0x905F2000 \SystemRoot\system32\DRIVERS\umbus.sys
0x913A9000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x90E00000 \SystemRoot\system32\drivers\RtHDMIV.sys
0x901B9000 \SystemRoot\system32\drivers\portcls.sys
0x8F800000 \SystemRoot\system32\drivers\drmk.sys
0x96E17000 \SystemRoot\system32\drivers\RTKVHDA.sys
0x970B4000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x992A0000 \SystemRoot\System32\win32k.sys
0x970C5000 \SystemRoot\System32\drivers\Dxapi.sys
0x970CF000 \SystemRoot\System32\Drivers\crashdmp.sys
0x970DC000 \SystemRoot\System32\Drivers\dump_iaStor.sys
0x971B6000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x971C7000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x8CC24000 \SystemRoot\system32\DRIVERS\snp2uvc.sys
0x8CDD2000 \SystemRoot\system32\DRIVERS\STREAM.SYS
0x8CDE0000 \SystemRoot\system32\DRIVERS\sncduvc.SYS
0x8CDE7000 \SystemRoot\system32\DRIVERS\monitor.sys
0x99500000 \SystemRoot\System32\TSDDD.dll
0x8CC00000 \SystemRoot\system32\drivers\luafv.sys
0x971DE000 \SystemRoot\system32\DRIVERS\avgntflt.sys
0x8FBB3000 \SystemRoot\system32\drivers\WudfPf.sys
0x96E00000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x8FA00000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x90E25000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x913ED000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x8FA46000 \SystemRoot\system32\drivers\HTTP.sys
0x8FACB000 \SystemRoot\system32\DRIVERS\bowser.sys
0x901E8000 \SystemRoot\System32\drivers\mpsdrv.sys
0x8FAE4000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x9D222000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x9D266000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x9D299000 \??\C:\windows\system32\Drivers\CVPNDRVA.sys
0x9D329000 \SystemRoot\system32\drivers\peauth.sys
0x9D3C0000 \SystemRoot\System32\Drivers\secdrv.SYS
0x9D3CA000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x9D3EB000 \SystemRoot\System32\drivers\tcpipreg.sys
0x9EA20000 \SystemRoot\System32\DRIVERS\srv2.sys
0x9EA6F000 \SystemRoot\System32\DRIVERS\srv.sys
0x9EBAB000 \??\C:\Users\Rieke\AppData\Local\Temp\catchme.sys
0x9EBB3000 \??\C:\windows\system32\Drivers\PROCEXP113.SYS
0x99200000 \SystemRoot\System32\cdd.dll
0x9EBBC000 \??\C:\Users\Rieke\AppData\Local\Temp\uglcrpoc.sys
0x77050000 \Windows\System32\ntdll.dll
0x47FA0000 \Windows\System32\smss.exe
0x77290000 \Windows\System32\apisetschema.dll
0x00A60000 \Windows\System32\autochk.exe
0x771D0000 \Windows\System32\rpcrt4.dll
0x77190000 \Windows\System32\ws2_32.dll
0x10000000 \Program Files\DAEMON Tools Lite\Engine.dll
0x77000000 \Windows\System32\gdi32.dll
0x76F80000 \Windows\System32\comdlg32.dll
0x76EE0000 \Windows\System32\advapi32.dll
0x76EC0000 \Windows\System32\sechost.dll
0x76E90000 \Windows\System32\imagehlp.dll
0x76E70000 \Windows\System32\imm32.dll
0x76DA0000 \Windows\System32\user32.dll
0x76D00000 \Windows\System32\usp10.dll
0x76C70000 \Windows\System32\clbcatq.dll
0x76C10000 \Windows\System32\difxapi.dll
0x76B80000 \Windows\System32\oleaut32.dll
0x76B30000 \Windows\System32\Wldap32.dll
0x769D0000 \Windows\System32\ole32.dll
0x76970000 \Windows\System32\shlwapi.dll
0x76960000 \Windows\System32\nsi.dll
0x76860000 \Windows\System32\wininet.dll
0x76790000 \Windows\System32\msctf.dll
0x76780000 \Windows\System32\normaliz.dll
0x76770000 \Windows\System32\psapi.dll
0x765D0000 \Windows\System32\setupapi.dll
0x75980000 \Windows\System32\shell32.dll
0x758D0000 \Windows\System32\msvcrt.dll
0x757F0000 \Windows\System32\kernel32.dll
0x755F0000 \Windows\System32\iertutil.dll
0x755E0000 \Windows\System32\lpk.dll
0x754A0000 \Windows\System32\urlmon.dll
0x75480000 \Windows\System32\devobj.dll
0x75360000 \Windows\System32\crypt32.dll
0x75310000 \Windows\System32\KernelBase.dll
0x75280000 \Windows\System32\comctl32.dll
0x75250000 \Windows\System32\wintrust.dll
0x75220000 \Windows\System32\cfgmgr32.dll
0x75210000 \Windows\System32\msasn1.dll

Processes (total 64):
0 System Idle Process
4 System
276 C:\Windows\System32\smss.exe
420 csrss.exe
496 C:\Windows\System32\wininit.exe
544 C:\Windows\System32\services.exe
568 C:\Windows\System32\lsass.exe
576 C:\Windows\System32\lsm.exe
720 C:\Windows\System32\svchost.exe
824 C:\Windows\System32\svchost.exe
872 C:\Windows\System32\atiesrxx.exe
944 C:\Windows\System32\svchost.exe
1004 C:\Windows\System32\svchost.exe
1032 C:\Windows\System32\svchost.exe
1220 C:\Windows\System32\svchost.exe
1480 C:\Windows\System32\svchost.exe
1576 C:\Windows\System32\wlanext.exe
1588 C:\Windows\System32\conhost.exe
1632 C:\Windows\System32\spoolsv.exe
1652 C:\Windows\System32\taskeng.exe
1704 C:\Program Files\Avira\AntiVir Desktop\sched.exe
1724 C:\Windows\System32\svchost.exe
1784 C:\Windows\System32\lpksetup.exe
316 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
492 C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
840 C:\Program Files\Bonjour\mDNSResponder.exe
1128 C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe
1316 C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
1360 C:\Program Files\Lenovo\ReadyComm\common\IGRS.exe
608 C:\Windows\System32\IgrsSvcs.exe
1024 C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
1960 C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
3328 C:\Windows\System32\svchost.exe
284 WmiPrvSE.exe
3148 C:\Windows\System32\svchost.exe
3440 C:\Windows\System32\SearchIndexer.exe
1764 C:\Program Files\Windows Media Player\wmpnetwk.exe
2664 C:\Program Files\Avira\AntiVir Desktop\avguard.exe
548 C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
3164 C:\Windows\System32\conhost.exe
5700 csrss.exe
1216 C:\Windows\System32\winlogon.exe
3204 C:\Windows\System32\atieclxx.exe
4384 C:\Windows\System32\dwm.exe
1924 C:\Windows\System32\taskhost.exe
2216 C:\Windows\explorer.exe
4108 C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
5776 C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
5180 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
6092 C:\Program Files\Lenovo\Energy Management\utility.exe
3452 C:\Program Files\Lenovo\Energy Management\Energy Management.exe
4156 C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
3108 C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
1832 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
4756 C:\Windows\System32\audiodg.exe
2572 C:\Program Files\Internet Explorer\iexplore.exe
5704 C:\Program Files\Internet Explorer\iexplore.exe
1160 C:\Windows\System32\SearchProtocolHost.exe
5688 C:\Windows\System32\SearchFilterHost.exe
5208 C:\Program Files\Internet Explorer\iexplore.exe
2976 dllhost.exe
2144 dllhost.exe
3176 C:\Users\Rieke\Desktop\MBRCheck.exe
4896 C:\Windows\System32\conhost.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`0c900000 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x0000003f`45d28000 (NTFS)

PhysicalDrive0 Model Number: ST9320325AS, Rev: 0010LVM1

Size Device Name MBR Status
--------------------------------------------
298 GB \\.\PhysicalDrive0 Windows 7 MBR code detected
SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79


Done!

Geändert von dr.beir (13.01.2011 um 15:45 Uhr)

Alt 13.01.2011, 18:28   #13
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
misc.exe 'TR/Dropper.Gen' [trojan] gefunden - Standard

misc.exe 'TR/Dropper.Gen' [trojan] gefunden



Zitat:
WinRing0_1_2_0" (WinRing0_1_2_0) - ? - D:\test\ECECECEC\WinRing0.sys
Sagt dir der Pfad was?
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 13.01.2011, 18:42   #14
dr.beir
 
misc.exe 'TR/Dropper.Gen' [trojan] gefunden - Standard

misc.exe 'TR/Dropper.Gen' [trojan] gefunden



Nein, sagt mir nichts. Der Ordner D:\test exisitert auch gar nicht.

Alt 13.01.2011, 19:10   #15
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
misc.exe 'TR/Dropper.Gen' [trojan] gefunden - Standard

misc.exe 'TR/Dropper.Gen' [trojan] gefunden



Dann lösch diesen Eintrag mit OSAM bitte
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Antwort

Themen zu misc.exe 'TR/Dropper.Gen' [trojan] gefunden
adobe, antivir, antivir guard, avg, avira, bho, bonjour, browser, desktop, explorer, firewall ausgeschaltet, hijack, hijackthis, internet, internet explorer, langsam, lenovo, performance, programm, realtek, software, system, tr/dropper.gen, trojan, virus, windows



Ähnliche Themen: misc.exe 'TR/Dropper.Gen' [trojan] gefunden


  1. 'TR/Dropper.Gen' [trojan] gefunden. Zugriff erlaubt ?
    Plagegeister aller Art und deren Bekämpfung - 09.05.2014 (1)
  2. Trojan-Dropper.Win32.Injector.jspw gefunden
    Log-Analyse und Auswertung - 28.12.2013 (9)
  3. Mehrere Trojaner gefunden ! TRojan.BTSoft,TR/Dropper.PE4.Festplatte formatieren ?
    Log-Analyse und Auswertung - 09.07.2012 (3)
  4. FixCamera.exe (Trojan.Dropper) per Malwarebytes gefunden
    Plagegeister aller Art und deren Bekämpfung - 25.05.2012 (4)
  5. 'TR/Dropper.Gen' [trojan] gefunden.
    Log-Analyse und Auswertung - 29.01.2012 (19)
  6. 1.Virus oder unerwünschtes Programm 'TR/Dropper.Gen' [trojan] gefunden...
    Plagegeister aller Art und deren Bekämpfung - 26.03.2011 (25)
  7. Trojan.BHO, Spyware.Passwords.XGen, Trojan.Dropper und Trojan.Agent mit Malware gefunden
    Plagegeister aller Art und deren Bekämpfung - 20.12.2010 (9)
  8. Trojan.Dropper.PGen gefunden und mit MBAM entfernt, jetzt alles sauber?
    Log-Analyse und Auswertung - 17.11.2010 (6)
  9. Trojan.Dropper gefunden
    Plagegeister aller Art und deren Bekämpfung - 09.10.2010 (5)
  10. TR/Dropper.Gen' [trojan] von Antivir gefunden - was nun?
    Plagegeister aller Art und deren Bekämpfung - 26.08.2010 (17)
  11. Diverse Trojaner vom Typ Trojan.Rodecap, Trojan.Dropper und Trojan.Agent! Brauche dringend Hilfe!
    Log-Analyse und Auswertung - 09.08.2010 (16)
  12. Trojan.Dropper gefunden - angebl beseitigt GMER meldet Rootkit
    Plagegeister aller Art und deren Bekämpfung - 10.05.2010 (3)
  13. 'TR/Dropper.Gen' [trojan] gefunden.
    Plagegeister aller Art und deren Bekämpfung - 31.12.2009 (3)
  14. TR/Dropper.Gen' [trojan] gefunden.
    Log-Analyse und Auswertung - 06.10.2009 (29)
  15. TR/Dropper.Gen' [trojan] und andere Viren gefunden
    Log-Analyse und Auswertung - 03.05.2009 (0)
  16. Trojan horse.dropper.Agent.MIU gefunden, nach Löschung wieder aufgetreten
    Plagegeister aller Art und deren Bekämpfung - 15.04.2009 (1)
  17. Habe Trojan- Dropper gefunden
    Plagegeister aller Art und deren Bekämpfung - 15.03.2008 (8)

Zum Thema misc.exe 'TR/Dropper.Gen' [trojan] gefunden - Hallo, seit 2 Tagen ist mein Laptop extrem langsam und braucht ab und zu 20 minuten bis er hochgefahren ist. Antivir hat folgendes gefunden. In der Datei 'C:\Windows\Installer\{90A40407-6000-11D3-8CFE-0150048383C9}\misc.exe' wurde ein - misc.exe 'TR/Dropper.Gen' [trojan] gefunden...
Archiv
Du betrachtest: misc.exe 'TR/Dropper.Gen' [trojan] gefunden auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.