Trojaner-Board - Malware? Neu im Firmennetzwerk

Kann das OSAM nicht runterladen. Zeigt mir immer einen Fehler, dass die Quelldatei nicht gelesen werden kann.

Hier mal der Gmer Log:

Code:

GMER 1.0.15.15570 - hxxp://www.gmer.net

Rootkit scan 2011-03-24 18:24:34

Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 WDC_WD50 rev.01.0

Running: g2m3e4r.exe; Driver: C:\Users\ZED\AppData\Local\Temp\fgtdapod.sys
 
 

---- Kernel code sections - GMER 1.0.15 ----
 

.text           ntkrnlpa.exe!ZwSaveKey + 13C1                                                                                               82C4D339 1 Byte  [06]

.text           ntkrnlpa.exe!KiDispatchInterrupt + 5A2                                                                                      82C86D52 19 Bytes  [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}

?               C:\Windows\System32\Drivers\SafeBoot.sys                                                                                    Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird.
 

---- User code sections - GMER 1.0.15 ----
 

.text           C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[2704] kernel32.dll!SetUnhandledExceptionFilter                          77013D01 4 Bytes  [C2, 04, 00, 00]
 

---- User IAT/EAT - GMER 1.0.15 ----
 

IAT             C:\Program Files\Lenovo\System Update\SUService.exe[5052] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress]   [7536FFF6] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)

IAT             C:\Program Files\Lenovo\System Update\SUService.exe[5052] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress]     [7536FFF6] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)

IAT             C:\Program Files\Lenovo\System Update\SUService.exe[5052] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress]    [7536FFF6] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)

IAT             C:\Program Files\Lenovo\System Update\SUService.exe[5052] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress]  [7536FFF6] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)

IAT             C:\Program Files\Lenovo\System Update\SUService.exe[5052] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!GetProcAddress]   [7536FFF6] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)

IAT             C:\Program Files\Lenovo\System Update\SUService.exe[5052] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress]   [7536FFF6] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
 

---- Devices - GMER 1.0.15 ----
 

AttachedDevice  \Driver\kbdclass \Device\KeyboardClass0                                                                                     Wdf01000.sys (Kernelmodustreiber-Frameworklaufzeit/Microsoft Corporation)

AttachedDevice  \Driver\kbdclass \Device\KeyboardClass1                                                                                     Wdf01000.sys (Kernelmodustreiber-Frameworklaufzeit/Microsoft Corporation)
 

Device          \Driver\ACPI_HAL \Device\00000050                                                                                           halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)
 

AttachedDevice  \Driver\volmgr \Device\HarddiskVolume1                                                                                      fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

AttachedDevice  \Driver\volmgr \Device\HarddiskVolume2                                                                                      fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

AttachedDevice  \Driver\volmgr \Device\HarddiskVolume3                                                                                      fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

AttachedDevice  \Driver\volmgr \Device\HarddiskVolume4                                                                                      fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

AttachedDevice  \Driver\volmgr \Device\HarddiskVolume5                                                                                      fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

AttachedDevice  \FileSystem\fastfat \Fat                                                                                                    fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation)
 

---- Registry - GMER 1.0.15 ----
 

Reg             HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\002269c5db1d                                                 

Reg             HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\002269c5db1d@001fe49bd549                                    0x1E 0x06 0xB7 0x70 ...

Reg             HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\002269c5db1d (not active ControlSet)                             

Reg             HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\002269c5db1d@001fe49bd549                                        0x1E 0x06 0xB7 0x70 ...
 

---- EOF - GMER 1.0.15 ----

Danke

MBRcheck sagt mir:
Found non-standard or infected MBR. enter Y for more options or N for exit. Hab jetzt mal N gedrückt.

Hier das Log:

Code:

MBRCheck, version 1.2.3

(c) 2010, AD
 

Command-line:                        

Windows Version:                Windows 7 Ultimate Edition

Windows Information:                Service Pack 1 (build 7601), 32-bit

Base Board Manufacturer:        LENOVO

BIOS Manufacturer:                LENOVO

System Manufacturer:                LENOVO

System Product Name:                77333GG

Logical Drives Mask:                0x0000007c
 

Kernel Drivers (total 212):

  0x82C0F000 \SystemRoot\system32\ntkrnlpa.exe

  0x83021000 \SystemRoot\system32\halmacpi.dll

  0x80BA8000 \SystemRoot\system32\kdcom.dll

  0x83222000 \SystemRoot\system32\mcupdate_GenuineIntel.dll

  0x832A7000 \SystemRoot\system32\PSHED.dll

  0x832B8000 \SystemRoot\system32\BOOTVID.dll

  0x832C0000 \SystemRoot\system32\CLFS.SYS

  0x83302000 \SystemRoot\system32\CI.dll

  0x88C27000 \SystemRoot\system32\drivers\Wdf01000.sys

  0x88C98000 \SystemRoot\system32\drivers\WDFLDR.SYS

  0x88CA6000 \SystemRoot\system32\drivers\ACPI.sys

  0x88CEE000 \SystemRoot\system32\drivers\WMILIB.SYS

  0x88CF7000 \SystemRoot\system32\drivers\msisadrv.sys

  0x88CFF000 \SystemRoot\system32\drivers\pci.sys

  0x88D29000 \SystemRoot\system32\drivers\vdrvroot.sys

  0x88D34000 \SystemRoot\System32\drivers\partmgr.sys

  0x88D45000 \SystemRoot\system32\DRIVERS\compbatt.sys

  0x88D4D000 \SystemRoot\system32\DRIVERS\BATTC.SYS

  0x88D58000 \SystemRoot\system32\drivers\volmgr.sys

  0x88D68000 \SystemRoot\System32\drivers\volmgrx.sys

  0x88DB3000 \SystemRoot\system32\drivers\intelide.sys

  0x88DBA000 \SystemRoot\system32\drivers\PCIIDEX.SYS

  0x88DC8000 \SystemRoot\system32\DRIVERS\pcmcia.sys

  0x88C00000 \SystemRoot\System32\drivers\mountmgr.sys

  0x833AD000 \SystemRoot\system32\drivers\vmbus.sys

  0x833D7000 \SystemRoot\system32\drivers\winhv.sys

  0x88E15000 \SystemRoot\system32\DRIVERS\iaStor.sys

  0x88EEF000 \SystemRoot\system32\drivers\atapi.sys

  0x88EF8000 \SystemRoot\system32\drivers\ataport.SYS

  0x88F1B000 \SystemRoot\system32\drivers\msahci.sys

  0x88F25000 \SystemRoot\system32\drivers\amdxata.sys

  0x88F2E000 \SystemRoot\System32\Drivers\SBAlg.sys

  0x88F39000 \SystemRoot\system32\drivers\fltmgr.sys

  0x88F6D000 \SystemRoot\system32\drivers\fileinfo.sys

  0x88F7E000 \SystemRoot\System32\Drivers\SbFsLock.sys

  0x89001000 \SystemRoot\System32\Drivers\Ntfs.sys

  0x89130000 \SystemRoot\System32\Drivers\msrpc.sys

  0x8915B000 \SystemRoot\System32\Drivers\ksecdd.sys

  0x8916E000 \SystemRoot\System32\Drivers\cng.sys

  0x891CB000 \SystemRoot\System32\drivers\pcw.sys

  0x891D9000 \SystemRoot\System32\Drivers\Fs_Rec.sys

  0x89224000 \SystemRoot\system32\drivers\ndis.sys

  0x892DB000 \SystemRoot\system32\drivers\NETIO.SYS

  0x89319000 \SystemRoot\System32\Drivers\ksecpkg.sys

  0x89405000 \SystemRoot\System32\drivers\tcpip.sys

  0x8954F000 \SystemRoot\System32\drivers\fwpkclnt.sys

  0x89580000 \SystemRoot\system32\drivers\vmstorfl.sys

  0x89589000 \SystemRoot\system32\drivers\volsnap.sys

  0x895C8000 \SystemRoot\System32\Drivers\spldr.sys

  0x895D0000 \SystemRoot\System32\Drivers\SafeBoot.sys

  0x8933E000 \SystemRoot\System32\drivers\rdyboost.sys

  0x895E9000 \SystemRoot\System32\Drivers\mup.sys

  0x8936B000 \SystemRoot\System32\drivers\hwpolicy.sys

  0x89373000 \SystemRoot\System32\DRIVERS\fvevol.sys

  0x893A5000 \SystemRoot\system32\DRIVERS\disk.sys

  0x893B6000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS

  0x8DAFC000 \SystemRoot\system32\drivers\cdrom.sys

  0x8DB1B000 \SystemRoot\System32\Drivers\Null.SYS

  0x8DB22000 \SystemRoot\System32\Drivers\Beep.SYS

  0x8DB29000 \SystemRoot\system32\DRIVERS\ehdrv.sys

  0x8DB48000 \SystemRoot\System32\drivers\vga.sys

  0x8DB54000 \SystemRoot\System32\drivers\VIDEOPRT.SYS

  0x8DB75000 \SystemRoot\System32\drivers\watchdog.sys

  0x8DB82000 \SystemRoot\System32\DRIVERS\RDPCDD.sys

  0x8DB8A000 \SystemRoot\system32\drivers\rdpencdd.sys

  0x8DB92000 \SystemRoot\system32\drivers\rdprefmp.sys

  0x8DB9A000 \SystemRoot\System32\Drivers\Msfs.SYS

  0x8DBA5000 \SystemRoot\System32\Drivers\Npfs.SYS

  0x8DBB3000 \SystemRoot\system32\DRIVERS\tdx.sys

  0x8DBCA000 \SystemRoot\system32\DRIVERS\TDI.SYS

  0x88F80000 \SystemRoot\system32\drivers\afd.sys

  0x8F00E000 \SystemRoot\System32\DRIVERS\netbt.sys

  0x8F040000 \SystemRoot\system32\DRIVERS\wfplwf.sys

  0x8F047000 \SystemRoot\system32\DRIVERS\pacer.sys

  0x8F066000 \SystemRoot\system32\DRIVERS\netbios.sys

  0x8F074000 \SystemRoot\system32\DRIVERS\wanarp.sys

  0x8F087000 \SystemRoot\system32\drivers\termdd.sys

  0x8F098000 \SystemRoot\System32\Drivers\SbRegFlt.SYS

  0x8F09F000 \SystemRoot\System32\Drivers\SbFlop.SYS

  0x8F0A8000 \SystemRoot\System32\Drivers\RsvLock.SYS

  0x8F0B1000 \SystemRoot\system32\DRIVERS\rdbss.sys

  0x8F0F2000 \SystemRoot\system32\drivers\nsiproxy.sys

  0x8F0FC000 \SystemRoot\system32\drivers\mssmbios.sys

  0x8F106000 \SystemRoot\system32\DRIVERS\smiif32.sys

  0x8F108000 \SystemRoot\System32\drivers\discache.sys

  0x8F114000 \SystemRoot\system32\drivers\csc.sys

  0x8F178000 \SystemRoot\System32\Drivers\dfsc.sys

  0x8F190000 \SystemRoot\system32\DRIVERS\blbdrive.sys

  0x8F19E000 \SystemRoot\system32\DRIVERS\tunnel.sys

  0x8F1BF000 \SystemRoot\system32\DRIVERS\intelppm.sys

  0x90201000 \SystemRoot\system32\DRIVERS\igdkmd32.sys

  0x90705000 \SystemRoot\System32\drivers\dxgkrnl.sys

  0x907BC000 \SystemRoot\System32\drivers\dxgmms1.sys

  0x8EC13000 \SystemRoot\system32\DRIVERS\e1e6032.sys

  0x8EC4B000 \SystemRoot\system32\DRIVERS\usbuhci.sys

  0x8EC56000 \SystemRoot\system32\DRIVERS\USBPORT.SYS

  0x8ECA1000 \SystemRoot\system32\DRIVERS\usbehci.sys

  0x8ECB0000 \SystemRoot\system32\drivers\HDAudBus.sys

  0x91E0C000 \SystemRoot\system32\DRIVERS\NETwLv32.sys

  0x9246B000 \SystemRoot\system32\drivers\1394ohci.sys

  0x92498000 \SystemRoot\system32\drivers\i8042prt.sys

  0x924B0000 \SystemRoot\system32\drivers\kbdclass.sys

  0x924BD000 \SystemRoot\system32\DRIVERS\SynTP.sys

  0x924F8000 \SystemRoot\system32\DRIVERS\USBD.SYS

  0x924FA000 \SystemRoot\system32\drivers\mouclass.sys

  0x92507000 \SystemRoot\system32\drivers\tpm.sys

  0x92513000 \SystemRoot\system32\DRIVERS\CmBatt.sys

  0x92517000 \SystemRoot\system32\DRIVERS\ibmpmdrv.sys

  0x9251C000 \SystemRoot\system32\drivers\wmiacpi.sys

  0x92525000 \SystemRoot\system32\drivers\CompositeBus.sys

  0x92532000 \SystemRoot\system32\DRIVERS\AgileVpn.sys

  0x92544000 \SystemRoot\system32\DRIVERS\rasl2tp.sys

  0x9255C000 \SystemRoot\system32\DRIVERS\ndistapi.sys

  0x92567000 \SystemRoot\system32\DRIVERS\ndiswan.sys

  0x92589000 \SystemRoot\system32\DRIVERS\raspppoe.sys

  0x925A1000 \SystemRoot\system32\DRIVERS\raspptp.sys

  0x925B8000 \SystemRoot\system32\DRIVERS\rassstp.sys

  0x925CF000 \SystemRoot\system32\DRIVERS\rdpbus.sys

  0x925D9000 \SystemRoot\system32\DRIVERS\psadd.sys

  0x925DF000 \SystemRoot\system32\drivers\swenum.sys

  0x8ECCF000 \SystemRoot\system32\drivers\ks.sys

  0x925E1000 \SystemRoot\system32\DRIVERS\umbus.sys

  0x8ED03000 \SystemRoot\system32\drivers\usbhub.sys

  0x925EF000 \SystemRoot\System32\Drivers\NDProxy.SYS

  0x8ED47000 \SystemRoot\system32\drivers\ADIHdAud.sys

  0x8EDAA000 \SystemRoot\system32\drivers\portcls.sys

  0x8EDD9000 \SystemRoot\system32\drivers\drmk.sys

  0x97438000 \SystemRoot\system32\DRIVERS\HSXHWAZL.sys

  0x97475000 \SystemRoot\system32\DRIVERS\HSX_DPV.sys

  0x97600000 \SystemRoot\system32\DRIVERS\HSX_CNXT.sys

  0x976B4000 \SystemRoot\system32\drivers\modem.sys

  0x82060000 \SystemRoot\System32\win32k.sys

  0x976C1000 \SystemRoot\System32\drivers\Dxapi.sys

  0x976CB000 \SystemRoot\System32\Drivers\crashdmp.sys

  0x976D8000 \SystemRoot\System32\Drivers\dump_iaStor.sys

  0x977B2000 \SystemRoot\System32\Drivers\dump_SbHiber.sys

  0x977B3000 \SystemRoot\System32\Drivers\dump_dumpfve.sys

  0x977C4000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS

  0x977DB000 \SystemRoot\system32\DRIVERS\monitor.sys

  0x822C0000 \SystemRoot\System32\TSDDD.dll

  0x977E6000 \SystemRoot\System32\Drivers\LenovoRd.sys

  0x97578000 \SystemRoot\System32\Drivers\SMCLIB.SYS

  0x97583000 \SystemRoot\System32\DRIVERS\scfilter.sys

  0x822F0000 \SystemRoot\System32\cdd.dll

  0x82310000 \SystemRoot\System32\ATMFD.DLL

  0x9758F000 \SystemRoot\system32\drivers\luafv.sys

  0x8DA00000 \SystemRoot\system32\DRIVERS\eamonm.sys

  0x975AA000 \SystemRoot\system32\drivers\WudfPf.sys

  0x975C4000 \SystemRoot\system32\drivers\WinUSB.sys

  0x975CD000 \SystemRoot\system32\DRIVERS\WUDFRd.sys

  0x975EE000 \SystemRoot\system32\DRIVERS\lltdio.sys

  0x8DAA6000 \SystemRoot\system32\DRIVERS\nwifi.sys

  0x97400000 \SystemRoot\system32\DRIVERS\ndisuio.sys

  0x97410000 \SystemRoot\system32\DRIVERS\rspndr.sys

  0x8F1D1000 \SystemRoot\System32\Drivers\fastfat.SYS

  0x98C03000 \SystemRoot\system32\drivers\HTTP.sys

  0x98C88000 \SystemRoot\system32\DRIVERS\bowser.sys

  0x98CA1000 \SystemRoot\System32\drivers\mpsdrv.sys

  0x98CB3000 \SystemRoot\system32\DRIVERS\mrxsmb.sys

  0x98CD6000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys

  0x98D11000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys

  0x98D44000 \SystemRoot\system32\DRIVERS\epfwwfpr.sys

  0x98D5D000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys

  0x98D61000 \SystemRoot\system32\drivers\peauth.sys

  0x98D2C000 \SystemRoot\System32\Drivers\secdrv.SYS

  0x8DBD6000 \SystemRoot\System32\DRIVERS\srvnet.sys

  0x980A8000 \SystemRoot\System32\drivers\tcpipreg.sys

  0x980B5000 \??\C:\Program Files\Common Files\Realtime Soft\UltraMonMirrorDrv\x32\UltraMonUtility.sys

  0x980B8000 \SystemRoot\system32\DRIVERS\xaudio.sys

  0x980C0000 \SystemRoot\System32\DRIVERS\srv2.sys

  0x9810F000 \SystemRoot\System32\DRIVERS\srv.sys

  0x98160000 \SystemRoot\system32\DRIVERS\LVPr2Mon.sys

  0x98165000 \SystemRoot\system32\DRIVERS\WSDPrint.sys

  0x77190000 \Windows\System32\ntdll.dll

  0x47A20000 \Windows\System32\smss.exe

  0x773D0000 \Windows\System32\apisetschema.dll

  0x00FA0000 \Windows\System32\autochk.exe

  0x773A0000 \Windows\System32\sechost.dll

  0x77390000 \Windows\System32\nsi.dll

  0x772F0000 \Windows\System32\usp10.dll

  0x770E0000 \Windows\System32\rpcrt4.dll

  0x772E0000 \Windows\System32\lpk.dll

  0x76490000 \Windows\System32\shell32.dll

  0x76290000 \Windows\System32\iertutil.dll

  0x76240000 \Windows\System32\Wldap32.dll

  0x76140000 \Windows\System32\wininet.dll

  0x760A0000 \Windows\System32\advapi32.dll

  0x75FD0000 \Windows\System32\msctf.dll

  0x75F70000 \Windows\System32\difxapi.dll

  0x75EE0000 \Windows\System32\oleaut32.dll

  0x75E50000 \Windows\System32\clbcatq.dll

  0x75CF0000 \Windows\System32\ole32.dll

  0x75C20000 \Windows\System32\user32.dll

  0x75BD0000 \Windows\System32\gdi32.dll

  0x772D0000 \Windows\System32\normaliz.dll

  0x75AF0000 \Windows\System32\kernel32.dll

  0x75A90000 \Windows\System32\shlwapi.dll

  0x75A60000 \Windows\System32\imagehlp.dll

  0x75920000 \Windows\System32\urlmon.dll

  0x758E0000 \Windows\System32\ws2_32.dll

  0x75740000 \Windows\System32\setupapi.dll

  0x75720000 \Windows\System32\imm32.dll

  0x75670000 \Windows\System32\msvcrt.dll

  0x755F0000 \Windows\System32\comdlg32.dll

  0x755E0000 \Windows\System32\psapi.dll

  0x755B0000 \Windows\System32\cfgmgr32.dll

  0x75520000 \Windows\System32\comctl32.dll

  0x75400000 \Windows\System32\crypt32.dll

  0x753D0000 \Windows\System32\wintrust.dll

  0x753B0000 \Windows\System32\devobj.dll

  0x75360000 \Windows\System32\KernelBase.dll

  0x75350000 \Windows\System32\msasn1.dll
 

Processes (total 78):

       0 System Idle Process

       4 System

     312 C:\Windows\System32\smss.exe

     412 csrss.exe

     464 C:\Windows\System32\wininit.exe

     476 csrss.exe

     528 C:\Windows\System32\services.exe

     544 C:\Windows\System32\lsass.exe

     552 C:\Windows\System32\lsm.exe

     628 C:\Windows\System32\winlogon.exe

     716 C:\Windows\System32\svchost.exe

     776 C:\Windows\System32\ibmpmsvc.exe

     832 C:\Windows\System32\svchost.exe

     896 C:\Windows\System32\svchost.exe

     972 C:\Windows\System32\svchost.exe

    1028 C:\Windows\System32\svchost.exe

    1100 C:\Windows\System32\audiodg.exe

    1184 C:\Windows\System32\svchost.exe

    1320 WUDFHost.exe

    1416 C:\Windows\System32\svchost.exe

    1504 C:\Windows\System32\wlanext.exe

    1512 C:\Windows\System32\conhost.exe

    1588 C:\Windows\System32\spoolsv.exe

    1644 C:\Windows\System32\svchost.exe

    1676 C:\Windows\System32\svchost.exe

    1760 C:\Program Files\McAfee\Endpoint Encryption for PC\SbClientManager.exe

    1788 C:\Program Files\Lenovo\HOTKEY\tphkload.exe

    1808 C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe

    1852 C:\Windows\System32\AEADISRV.EXE

    1876 C:\Windows\System32\svchost.exe

    1932 C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe

    2016 C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe

     112 C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe

     340 C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe

     848 C:\Windows\System32\svchost.exe

    1668 C:\Windows\System32\drivers\XAudio.exe

    1904 C:\Program Files\Intel\WiFi\bin\EvtEng.exe

    2604 unsecapp.exe

    2760 WmiPrvSE.exe

    2772 WUDFHost.exe

    3116 C:\Windows\System32\taskhost.exe

    3180 C:\PROGRA~1\Lenovo\VIRTSCRL\virtscrl.exe

    3248 C:\Windows\System32\dwm.exe

    3280 C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe

    3328 C:\Windows\explorer.exe

    3364 C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe

    3376 C:\Program Files\Lenovo\ZOOM\TpScrex.exe

    3492 C:\Windows\System32\igfxtray.exe

    3508 C:\Windows\System32\hkcmd.exe

    3524 C:\Windows\System32\igfxpers.exe

    3576 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

    3608 C:\Program Files\Analog Devices\Core\smax4pnp.exe

    3636 C:\Windows\System32\igfxsrvc.exe

    3676 C:\Program Files\Adobe\Acrobat 10.0\Acrobat\acrotray.exe

    3708 C:\Program Files\Common Files\Java\Java Update\jusched.exe

    3756 C:\Program Files\SafeBoot Tray Manager\SbTrayManager.exe

    3792 C:\Program Files\McAfee\Endpoint Encryption for PC\SbTokWatch.exe

    3848 C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

    3992 C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe

    4032 C:\Program Files\Skype\Phone\Skype.exe

    4092 C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

    2220 C:\Users\ZED\AppData\Roaming\Dropbox\bin\Dropbox.exe

    3276 C:\Program Files\Skype\Plugin Manager\skypePM.exe

    3324 C:\Windows\System32\SearchIndexer.exe

    4064 C:\Program Files\Windows Media Player\wmpnetwk.exe

     860 C:\Windows\System32\svchost.exe

    4564 C:\Program Files\Lenovo\System Update\SUService.exe

    4744 C:\Windows\System32\svchost.exe

    5268 C:\Program Files\Mozilla Firefox\firefox.exe

    5628 C:\Program Files\Mozilla Firefox\plugin-container.exe

    5904 C:\Windows\servicing\TrustedInstaller.exe

    5756 C:\Windows\System32\dllhost.exe

     952 C:\Windows\System32\SearchProtocolHost.exe

    1892 C:\Windows\System32\SearchFilterHost.exe

    5148 dllhost.exe

    5076 dllhost.exe

    5176 C:\Users\ZED\Desktop\MBRCheck.exe

    5012 C:\Windows\System32\conhost.exe
 

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000005`9b800000  (NTFS)

\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000014`74d00000  (NTFS)

\\.\F: --> \\.\PhysicalDrive0 at offset 0x00000036`cd600000  (NTFS)
 

PhysicalDrive0 Model Number: WDCWD5000BEVT-00ZAT0, Rev: 01.01A01
 

      Size  Device Name          MBR Status

  --------------------------------------------

    465 GB  \\.\PhysicalDrive0   Unknown MBR code

            SHA1: 13FE1A47F7B13946BC59202B8F5D7055B62052F3
 
 

Found non-standard or infected MBR.

Enter 'Y' and hit ENTER for more options, or 'N' to exit: 
 

Done!

Ahh. Danke. Das erklärts ;)

Code:

Report of OSAM: Autorun Manager v5.0.11926.0

hxxp://www.online-solutions.ru/en/

Saved at 21:31:18 on 24.03.2011
 

OS: Windows 7 Ultimate Edition Service Pack 1 (Build 7601), 32-bit

Default Browser: Mozilla Corporation Firefox 4.0
 

Scanner Settings

[x] Rootkits detection (hidden registry)

[x] Rootkits detection (hidden files)

[x] Retrieve files information

[x] Check Microsoft signatures
 

Filters

[ ] Trusted entries

[ ] Empty entries

[x] Hidden registry entries (rootkit activity)

[x] Exclusively opened files

[x] Not found files

[x] Files without detailed information

[x] Existing files

[ ] Non-startable services

[ ] Non-startable drivers

[x] Active entries

[x] Disabled entries
 
 

[Control Panel Objects]

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----

"PROSet Tools" - "Intel(R) Corporation" - C:\Program Files\Intel\WiFi\bin\iproset.cpl

"QuickTime" - "Apple Inc." - C:\Program Files\QuickTime\QTSystem\QuickTime.cpl
 

[Drivers]

-----( HKLM\SYSTEM\CurrentControlSet\Services )-----

"@%SystemRoot%\system32\drivers\tsusbhub.sys,-1" (tsusbhub) - ? - C:\Windows\System32\drivers\tsusbhub.sys  (File not found)

"adfs" (adfs) - ? - C:\Windows\system32\drivers\adfs.sys  (File not found)

"catchme" (catchme) - ? - C:\Users\ZED\AppData\Local\Temp\catchme.sys  (File not found)

"Huawei DataCard USB Modem and USB Serial" (hwdatacard) - ? - C:\Windows\System32\DRIVERS\ewusbmdm.sys  (File not found)

"RsvLock" (RsvLock) - "McAfee, Inc." - C:\Windows\system32\drivers\RsvLock.sys

"SafeBoot" (SafeBoot) - "McAfee, Inc." - C:\Windows\system32\drivers\SafeBoot.sys  (File is exclusively opened, access blocked)

"SBAlg" (SBAlg) - "SafeBoot N.V." - C:\Windows\system32\drivers\SBAlg.sys

"SbFlop" (SbFlop) - "McAfee, Inc." - C:\Windows\system32\drivers\SbFlop.sys

"SbFsLock" (SbFsLock) - "McAfee, Inc." - C:\Windows\system32\drivers\SbFsLock.sys

"SbRegFlt" (SbRegFlt) - "McAfee, Inc." - C:\Windows\system32\drivers\SbRegFlt.sys

"Synth3dVsc" (Synth3dVsc) - ? - C:\Windows\System32\drivers\synth3dvsc.sys  (File not found)

"UltraMon Utility Driver" (UltraMonUtility) - "Realtime Soft Ltd" - C:\Program Files\Common Files\Realtime Soft\UltraMonMirrorDrv\x32\UltraMonUtility.sys

"VGPU" (VGPU) - ? - C:\Windows\System32\drivers\rdvgkmd.sys  (File not found)
 

[Explorer]

-----( HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----

{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? -   (File not found | COM-object registry key not found)

{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? -   (File not found | COM-object registry key not found)

{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? -   (File not found | COM-object registry key not found)

-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----

{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll

-----( HKLM\Software\Classes\Protocols\Filter )-----

{807573E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

-----( HKLM\Software\Classes\Protocols\Handler )-----

{314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll

{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )-----

{AEB6717E-7E19-11d0-97EE-00C04FD91972} "{AEB6717E-7E19-11d0-97EE-00C04FD91972}" - ? -   (File not found | COM-object registry key not found)

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----

{B089FE88-FB52-11D3-BDF1-0050DA34150D} "ESET Smart Security - Context Menu Shell Extension" - "ESET" - C:\Program Files\ESET\ESET NOD32 Antivirus\shellExt.dll

{3B52CC4A-19E9-43F5-A626-F89267A5E43F} "ThumbExtractor Class" - ? - C:\Program Files\ThumbView_Lite 1.0\ThumbView_Lite.dll  (File not found)
 

[Internet Explorer]

-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----

<binary data> "Adobe PDF" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

ITBar7Height "ITBar7Height" - ? -   (File not found | COM-object registry key not found)

<binary data> "ITBar7Layout" - ? -   (File not found | COM-object registry key not found)

<binary data> "{C840E246-6B95-475E-9BD7-CAA1C7ECA9F2}" - ? -   (File not found | COM-object registry key not found)

-----( HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks )-----

{c840e246-6b95-475e-9bd7-caa1c7eca9f2} "{c840e246-6b95-475e-9bd7-caa1c7eca9f2}" - ? -   (File not found | COM-object registry key not found)

-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----

{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_24" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} "Java Plug-in 1.6.0_24" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_24" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_24.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

{E2883E8F-472F-4FB0-9522-AC9BF37916A7} "{E2883E8F-472F-4FB0-9522-AC9BF37916A7}" - ? -   (File not found | COM-object registry key not found) / hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----

{48E73304-E1D6-4330-914C-F5F514E3486C} "ClsidExtension" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll

{FFFDC614-B694-4AE6-AB38-5D6374584B52} "Verknüpfte &OneNote-Notizen" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )-----

<binary data> "Adobe PDF" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----

{AE7CD045-E861-484f-8273-0445EE161910} "Adobe PDF Conversion Toolbar Helper" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

{bf00e119-21a3-4fd1-b178-3b8537e75c92} "IeMonitorBho Class" - "Megaupload Limited" - C:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll

{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll

{B4F3A835-0E21-4959-BA22-42B3008E02FF} "Office Document Cache Handler" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL

{F4971EE7-DAA0-4053-9964-665D8EE6A077} "SmartSelect Class" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
 

[Logon]

-----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )-----

"desktop.ini" - ? - C:\Users\ZED\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini

"Dropbox.lnk" - ? - C:\Users\ZED\AppData\Roaming\Dropbox\bin\Dropbox.exe  (Shortcut exists | File exists)

-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----

"Anleitung.exe" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Anleitung.exe

"desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini

-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----

"Skype" - "Skype Technologies S.A." - "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----

"Acrobat Assistant 8.0" - "Adobe Systems Inc." - "C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"

"Adobe Acrobat Speed Launcher" - "Adobe Systems Incorporated" - "C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"

"AdobeAAMUpdater-1.0" - "Adobe Systems Incorporated" - "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"

"egui" - "ESET" - "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice

"SafeBootTokenWatcher" - "McAfee, Inc." - "C:\Program Files\McAfee\Endpoint Encryption for PC\SbTokWatch.exe"

"SafeBootTrayManager" - ? - "C:\Program Files\SafeBoot Tray Manager\SbTrayManager.exe"  (File found, but it contains no detailed information)

"SB_EN_Script" - ? - F:\Partners\vbs\PARTNE~1.VBS

"SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
 

[Network Providers]

-----( HKLM\SYSTEM\CurrentControlSet\Control\NetworkProvider\Order )-----

"SafeBoot Network Provider" - "McAfee, Inc." - C:\Windows\system32\SbNp.DLL
 

[Services]

-----( HKLM\SYSTEM\CurrentControlSet\Services )-----

"Akamai NetSession Interface" (Akamai) - ? - c:\program files\common files\akamai\netsession_win_d76cf65.dll  (File found, but it contains no detailed information)

"Anzeige am Bildschirm" (TPHKSVC) - "Lenovo Group Limited" - C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe

"ESET HTTP Server" (EhttpSrv) - "ESET" - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe

"ESET Service" (ekrn) - "ESET" - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe

"Intel(R) PROSet/Wireless Event Log" (EvtEng) - "Intel(R) Corporation" - C:\Program Files\Intel\WiFi\bin\EvtEng.exe

"Intel(R) PROSet/Wireless Registry Service" (RegSrvc) - "Intel(R) Corporation" - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe

"Lenovo Auto Scroll" (Lenovo.VIRTSCRLSVC) - "Lenovo Group Limited" - C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe

"Lenovo Hotkey Client Loader" (TPHKLOAD) - "Lenovo Group Limited" - C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe

"Lenovo Microphone Mute" (LENOVO.MICMUTE) - "Lenovo Group Limited" - C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe

"Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

"Office  Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE

"Office Software Protection Platform" (osppsvc) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

"Process Monitor" (LVPrcSrv) - "Logitech Inc." - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe

"SafeBoot Client Manager" (SafeBootClientManager) - "McAfee, Inc." - C:\Program Files\McAfee\Endpoint Encryption for PC\SbClientManager.exe

"SwitchBoard" (SwitchBoard) - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

"System Update" (SUService) - "Lenovo Group Limited" - C:\Program Files\Lenovo\System Update\SUService.exe
 

===[ Logfile end ]=========================================[ Logfile end ]===
 

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru