Trojaner-Board
Seite 2 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Malwarebytes Anti-Malware -hat mir geholfen! (https://www.trojaner-board.de/94253-malwarebytes-anti-malware-hat-mir-geholfen.html)

cosinus 30.12.2010 23:06
Ähm wie ich eben schon andeutete ist das Enddarmprodukt nicht gerade dünnflüssig :balla:
Bevor wir unnötig Zeit verschwenden (CF hat ne Menge shice gelöscht, OSAM geht net :( ) - was hälst du von einer ordentlichen Datensicherung mit anschließendem format c: ? :rolleyes:

cube 30.12.2010 23:32
Tja format c:
Hab ne Menge Programme drauf, für die ich keine Installations CD oder DVD mehr habe. Mir wird schon schlecht wenn ich nur an das B...programm denke-da muss extra einer antreten und wieder aufspieln... ...das hat mich immer davon abgehalten eine neuere, schnellere Kiste anzuschaffen...
so lassen wies momentan is können wir nicht?
Gute Nacht
M.

cosinus 31.12.2010 00:37
Müssen tut man garnichts. Aber wenn wichtige Logs schon nicht erstellt werden können, kann ich deine Kiste niemals für sauber erklären.

cube 02.01.2011 16:03
Hallo arne,
also hab noch ein rumprobiert und ich denke ich habs hinbekommen. (Problem war, dass Mc Afee die .exe des osam jedesmal rausgelöscht hat)
Hier die logdatei:
OSAM Logfile:
Code:
Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 15:55:47 on 02.01.2011

OS: Windows XP Home Edition Service Pack 3 (Build 2600)
Default Browser: Mozilla Corporation Firefox 3.5.16

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Control Panel Objects]
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"QuickTime" - "Apple Inc." - C:\Programme\QuickTime\QTSystem\QuickTime.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"actser" (actser) - "Siemens AG" - C:\WINDOWS\System32\drivers\actser.sys
"AMD Athlon64-Prozessortreiber" (AmdK8) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\AmdK8.sys
"ASAPIW2K" (ASAPIW2k) - "Pinnacle Systems GmbH" - C:\WINDOWS\System32\drivers\ASAPIW2k.sys
"ASNDIS5 Protocol Driver" (ASNDIS5) - "Printing Communications Assoc., Inc. (PCAUSA)" - C:\WINDOWS\System32\ASNDIS5.SYS
"ASUS 802.11b/g Driver for Windows XP" (W8100PCI) - "Marvell Semiconductor, Inc" - C:\WINDOWS\System32\DRIVERS\mrv8k51.sys
"ATI Remote Wonder II" (ATI Remote Wonder II) - "Jungo" - C:\WINDOWS\System32\drivers\ATIRWVD.SYS
"ATI Wireless Remote Receiver V2.36" (X10UIF) - "X10 Wireless Technology, Inc." - C:\WINDOWS\System32\Drivers\x10uif.sys
"Auerswald CAPI2.0 Device" (aucapi) - "Auerswald GmbH & Co.KG                        " - C:\WINDOWS\System32\DRIVERS\aucapi.sys
"Auerswald ISDN USB Driver" (auusb) - "Auerswald GmbH & Co.KG                        " - C:\WINDOWS\System32\DRIVERS\auusb.sys
"catchme" (catchme) - ? - C:\DOKUME~1\Markus\LOKALE~1\Temp\catchme.sys  (File not found)
"Changer" (Changer) - ? - C:\WINDOWS\system32\drivers\Changer.sys  (File not found)
"cpuz132" (cpuz132) - "Windows (R) Codename Longhorn DDK provider" - C:\WINDOWS\system32\drivers\cpuz132_x32.sys
"HSFHWBS2" (HSFHWBS2) - "Conexant Systems, Inc." - C:\WINDOWS\System32\DRIVERS\HSFHWBS2.sys
"HSF_DP" (HSF_DP) - "Conexant Systems, Inc." - C:\WINDOWS\System32\DRIVERS\HSF_DP.sys
"i2omgmt" (i2omgmt) - ? - C:\WINDOWS\system32\drivers\i2omgmt.sys  (File not found)
"Infineon ADM851X USB To Fast Ethernet MII Adapter Driver" (ADM851X) - "Infineon Technologies AG" - C:\WINDOWS\System32\DRIVERS\ADM851X.SYS
"Inmax USB IMT-0521 Smartcard Reader" (IMT0521) - "Inmax Technology Corp." - C:\WINDOWS\System32\Drivers\IMT0521.sys
"kbeepm" (kbeepm) - ? - C:\DOKUME~1\Admin\LOKALE~1\Temp\kbeepm.sys  (File not found)
"lbrtfdc" (lbrtfdc) - ? - C:\WINDOWS\system32\drivers\lbrtfdc.sys  (File not found)
"McAfee Inc." (mfeavfk01) - ? - C:\WINDOWS\system32\drivers\mfeavfk01.sys  (File not found)
"NTSIM" (NTSIM) - "VIA Networking Technologies, Inc.      " - C:\WINDOWS\System32\ntsim.sys
"PADUS ASPI SHELL" (pfc) - "Padus, Inc." - C:\WINDOWS\System32\drivers\pfc.sys
"PCIDump" (PCIDump) - ? - C:\WINDOWS\system32\drivers\PCIDump.sys  (File not found)
"PDCOMP" (PDCOMP) - ? - C:\WINDOWS\system32\drivers\PDCOMP.sys  (File not found)
"PDFRAME" (PDFRAME) - ? - C:\WINDOWS\system32\drivers\PDFRAME.sys  (File not found)
"PDRELI" (PDRELI) - ? - C:\WINDOWS\system32\drivers\PDRELI.sys  (File not found)
"PDRFRAME" (PDRFRAME) - ? - C:\WINDOWS\system32\drivers\PDRFRAME.sys  (File not found)
"PxHelp20" (PxHelp20) - "Sonic Solutions" - C:\WINDOWS\System32\DRIVERS\PxHelp20.sys
"SCR33X USB Smart Card Reader" (SCR33X USB Smart Card Reader) - "SCM Microsystems Inc." - C:\WINDOWS\System32\DRIVERS\SCR33X2K.sys
"Service for Realtek AC97 Audio (WDM)" (ALCXWDM) - "Realtek Semiconductor Corp." - C:\WINDOWS\System32\drivers\ALCXWDM.SYS
"Service for WDM 3D Audio Driver" (ALCXSENS) - "Sensaura Ltd" - C:\WINDOWS\System32\drivers\ALCXSENS.SYS
"StreamDispatcher" (StreamDispatcher) - "Conexant Systems, Inc." - C:\WINDOWS\System32\DRIVERS\strmdisp.sys
"U3sHlpDr" (U3sHlpDr) - ? - C:\WINDOWS\System32\Drivers\U3sHlpDr.sys  (File found, but it contains no detailed information)
"VIA Rhine Family Fast Ethernet Adapter Driver Service" (FETNDISB) - "VIA Technologies, Inc.              " - C:\WINDOWS\System32\DRIVERS\fetnd5b.sys
"WAN Miniport (ATW)" (wanatw) - ? - C:\WINDOWS\System32\DRIVERS\wanatw4.sys  (File not found)
"WDICA" (WDICA) - ? - C:\WINDOWS\system32\drivers\WDICA.sys  (File not found)
"winachsf" (winachsf) - "Conexant Systems, Inc." - C:\WINDOWS\System32\DRIVERS\HSF_CNXT.sys

[Explorer]
-----( HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components )-----
{89B4C1CD-B018-4511-B0A1-5476DBF70820} "StubPath" - "Microsoft Corporation" - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.dll
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" - ? - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
-----( HKLM\Software\Classes\Protocols\Filter )-----
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
-----( HKLM\Software\Classes\Protocols\Handler )-----
{5513F07E-936B-4E52-9B00-067394E91CC5} "McAfee SACore Protocol Handler" - "McAfee, Inc." - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
{5513F07E-936B-4E52-9B00-067394E91CC5} "McAfee SACore Protocol Handler" - "McAfee, Inc." - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
{0A9007C0-4076-11D3-8789-0000F8105754} "Microsoft Infotech Storage Protocol for IE 4.0" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\msitss.dll
{CD00020A-8B95-11D1-82DB-00C04FB1625D} "Microsoft PKM KnowledgePluggable Class" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Folders\PKMCDO.DLL
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{23170F69-40C1-278A-1000-000100020000} "7-Zip Shell Extension" - "Igor Pavlov" - C:\Programme\7-Zip\7-zip.dll
{42071714-76d4-11d1-8b24-00a0c9068ff3} "CPL-Erweiterung für Anzeigeverschiebung" - ? - deskpan.dll  (File not found)
{1D2680C9-0E2A-469d-B787-065558BC7D43} "Fusion Cache" - "Microsoft Corporation" - c:\WINDOWS\system32\mscoree.dll
{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} "iTunes" - "Apple Inc." - C:\Programme\iTunes\iTunesMiniPlayer.dll
{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} "Kontextmenü für die Verschlüsselung" - ? -  (File not found | COM-object registry key not found)
{32683183-48a0-441b-a342-7c2a440a9478} "Media Band" - ? -  (File not found | COM-object registry key not found)
{BB7DF450-F119-11CD-8465-00AA00425D90} "Microsoft Access Custom Icon Handler" - ? - C:\Programme\Office\  (File not found)
{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Programme\Microsoft Office\Office10\msohev.dll
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "OpenOffice.org Column Handler" - ? - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{087B3AE3-E237-4467-B8DB-5A38AB959AC9} "OpenOffice.org Infotip Handler" - ? - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{63542C48-9552-494A-84F7-73AA6A7C99C1} "OpenOffice.org Property Sheet Handler" - ? - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{3B092F0C-7696-40E3-A80F-68D74DA84210} "OpenOffice.org Thumbnail Viewer" - ? - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{0006F045-0000-0000-C000-000000000046} "Outlook-Dateisymbolerweiterung" - "Microsoft Corporation" - C:\PROGRA~1\Office\OLKFSTUB.DLL
{E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} "Shell Icon Handler for Application References" - "Microsoft Corporation" - c:\WINDOWS\system32\dfshim.dll
{764BF0E1-F219-11ce-972D-00AA00A14F56} "Shellerweiterungen für die Dateikomprimierung" - ? -  (File not found | COM-object registry key not found)
{e82a2d71-5b2f-43a0-97b8-81be15854de8} "ShellLink for Application References" - "Microsoft Corporation" - c:\WINDOWS\system32\dfshim.dll
{ED65AC21-B24F-11d3-BA80-00C0CA16AA37} "Siemens Device" - ? -  (File not found | COM-object registry key not found)
{ED65AC22-B24F-11d3-BA80-00C0CA16AA37} "Siemens Device ContextMenuHandler" - ? -  (File not found | COM-object registry key not found)
{ED65AC23-B24F-11d3-BA80-00C0CA16AA37} "Siemens SX1 PropertySheetHandler" - ? -  (File not found | COM-object registry key not found)
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} "Webordner" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - ? - C:\Programme\WinRAR\rarext.dll  (File found, but it contains no detailed information)

[Internet Explorer]
-----( HKCU\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars )-----
{32683183-48a0-441b-a342-7c2a440a9478} "{32683183-48a0-441b-a342-7c2a440a9478}" - ? -  (File not found | COM-object registry key not found)
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
<binary data> "&Google" - "Google Germany GmbH" - c:\programme\google\googletoolbar1.dll
<binary data> "Ask.com Toolbar" - "Ask.com" - C:\Programme\Ask.com\GenericAskToolbar.dll
ITBar7Height "ITBar7Height" - ? -  (File not found | COM-object registry key not found)
<binary data> "ITBar7Layout" - ? -  (File not found | COM-object registry key not found)
<binary data> "ITBarLayout" - ? -  (File not found | COM-object registry key not found)
-----( HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks )-----
{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} "McAfee SiteAdvisor Toolbar" - "McAfee, Inc." - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_20" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_20.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} "Java Plug-in 1.6.0_20" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_20.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_20" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_20.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
{4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} "McAfee.com Operating System Class" - "McAfee, Inc" - C:\WINDOWS\System32\mcinsctl.dll / hxxp://download.mcafee.com/molbin/shared/mcinsctl/de/4,0,0,90/mcinsctl.cab
{D27CDB6E-AE6D-11CF-96B8-444553540000} "Shockwave Flash Object" - "Adobe Systems, Inc." - C:\WINDOWS\system32\Macromed\Flash\Flash10d.ocx / hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
{44226DFF-747E-4edc-B30C-78752E50CD0C} "ATI TV" - "ATI Technologies Inc." - C:\Programme\ATI Multimedia\tv\EXPLBAR.DLL
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )-----
<binary data> "&Google" - "Google Germany GmbH" - c:\programme\google\googletoolbar1.dll
<binary data> "Ask.com Toolbar" - "Ask.com" - C:\Programme\Ask.com\GenericAskToolbar.dll
{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} "McAfee SiteAdvisor Toolbar" - "McAfee, Inc." - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} "Adobe PDF Reader" - "Adobe Systems Incorporated" - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
{D4027C7F-154A-4066-A1AD-4243D8127440} "Ask.com Toolbar" - "Ask.com" - C:\Programme\Ask.com\GenericAskToolbar.dll
{AA58ED58-01DD-4d91-8333-CF10577473F7} "Google Toolbar Helper" - "Google Germany GmbH" - c:\programme\google\googletoolbar1.dll
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} "Google Toolbar Notifier BHO" - "Google Inc." - C:\Programme\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jp2ssv.dll
{E7E6F031-17CE-4C07-BC86-EABFE594F69C} "JQSIEStartDetectorImpl Class" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
{B164E929-A1B6-4A06-B104-2CD0E90A88FF} "McAfee SiteAdvisor BHO" - "McAfee, Inc." - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
{12FC9A49-CFE0-49AA-BE9E-8F4EEAFC9443} "metaspinner media GmbH" - ? - C:\PROGRA~1\klickTel\EBAYST~1\IEBUTT~2.DLL  (File found, but it contains no detailed information)
{7DB2D5A0-7241-4E79-B68D-6309F01C5231} "scriptproxy" - "McAfee, Inc." - C:\Programme\Gemeinsame Dateien\McAfee\SystemCore\ScriptSn.20101115212251.dll
{74A0AC27-3753-4080-B94E-557CC43E9E8B} "{74A0AC27-3753-4080-B94E-557CC43E9E8B}" - ? -  (File not found | COM-object registry key not found)

[Logon]
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----
"swg" - "Google Inc." - "C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

[Print Monitors]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----
"avm:" - "AVM Berlin GmbH" - C:\WINDOWS\system32\avmprmon.dll
"Canon BJ Language Monitor S400" - "CANON INC." - C:\WINDOWS\system32\CNMLM2P.DLL

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
".NET Runtime Optimization Service v2.0.50727_X86" (clr_optimization_v2.0.50727_32) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
"Anwendungsverwaltung" (AppMgmt) - ? - C:\WINDOWS\System32\appmgmts.dll  (File not found)
"Apple Mobile Device" (Apple Mobile Device) - "Apple Inc." - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe
"ASP.NET-Zustandsdienst" (aspnet_state) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
"Ati HotKey Poller" (Ati HotKey Poller) - "ATI Technologies Inc." - C:\WINDOWS\System32\Ati2evxx.exe
"ATI Smart" (ATI Smart) - ? - C:\WINDOWS\system32\ati2sgag.exe
"AVM IGD CTRL Service" (IGDCTRL) - "AVM Berlin" - C:\Programme\FRITZ!DSL\IGDCTRL.EXE
"Canon Camera Access Library 8" (CCALib8) - "Canon Inc." - C:\Programme\Canon\CAL\CALMAIN.exe
"Dienst "Bonjour"" (Bonjour Service) - "Apple Inc." - C:\Programme\Bonjour\mDNSResponder.exe
"Google Updater Service" (gusvc) - "Google" - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
"iPod-Dienst" (iPod Service) - "Apple Inc." - C:\Programme\iPod\bin\iPodService.exe
"Java Quick Starter" (JavaQuickStarterService) - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jqs.exe
"McAfee Firewall Core Service" (mfefire) - "McAfee, Inc." - C:\Programme\Gemeinsame Dateien\McAfee\SystemCore\mfefire.exe
"McAfee Network Agent" (McNASvc) - "McAfee, Inc." - C:\Programme\Gemeinsame Dateien\McAfee\McSvcHost\McSvHost.exe
"McAfee Personal Firewall-Dienst" (McMPFSvc) - "McAfee, Inc." - C:\Programme\Gemeinsame Dateien\Mcafee\McSvcHost\McSvHost.exe
"McAfee Proxy Service" (McProxy) - "McAfee, Inc." - C:\Programme\Gemeinsame Dateien\McAfee\McSvcHost\McSvHost.exe
"McAfee Scanner" (McODS) - "McAfee, Inc." - C:\Programme\McAfee\VirusScan\mcods.exe
"McAfee Services" (mcmscsvc) - "McAfee, Inc." - C:\Programme\Gemeinsame Dateien\McAfee\McSvcHost\McSvHost.exe
"McAfee SiteAdvisor Service" (McAfee SiteAdvisor Service) - "McAfee, Inc." - C:\Programme\McAfee\SiteAdvisor\McSACore.exe
"McAfee Validation Trust Protection Service" (mfevtp) - "McAfee, Inc." - C:\Programme\Gemeinsame Dateien\McAfee\SystemCore\mfevtps.exe
"McAfee VirusScan Announcer" (McNaiAnn) - "McAfee, Inc." - C:\Programme\Gemeinsame Dateien\McAfee\McSvcHost\McSvHost.exe
"McShield" (McShield) - "McAfee, Inc." - C:\Programme\Gemeinsame Dateien\McAfee\SystemCore\mcshield.exe
"Windows CardSpace" (idsvc) - "Microsoft Corporation" - c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
"Windows Presentation Foundation Font Cache 3.0.0.0" (FontCache3.0.0.0) - "Microsoft Corporation" - c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe

[Winlogon]
-----( HKCU\Control Panel\IOProcs )-----
"MVB" - ? - mvfs32.dll  (File not found)
-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions )-----
{c6dc5466-785a-11d2-84d0-00c04fb169f7} "Softwareinstallation" - ? - appmgmts.dll  (File not found)

[Winsock Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )-----
"mdnsNSP" - "Apple Inc." - C:\Programme\Bonjour\mdnsNSP.dll

===[ Logfile end ]=========================================[ Logfile end ]===
--- --- ---

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru

Hier die logs von MBR Check:
MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows XP Home Edition
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x000001bd

Kernel Drivers (total 147):
0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
0x806D1000 \WINDOWS\system32\hal.dll
0xF8A26000 \WINDOWS\system32\KDCOM.DLL
0xF8936000 \WINDOWS\system32\BOOTVID.dll
0xF83F6000 ACPI.sys
0xF8A28000 \WINDOWS\System32\DRIVERS\WMILIB.SYS
0xF83E5000 pci.sys
0xF8526000 isapnp.sys
0xF8536000 ohci1394.sys
0xF8546000 \WINDOWS\System32\DRIVERS\1394BUS.SYS
0xF8A2A000 viaide.sys
0xF87A6000 \WINDOWS\System32\DRIVERS\PCIIDEX.SYS
0xF8556000 MountMgr.sys
0xF83C6000 ftdisk.sys
0xF87AE000 PartMgr.sys
0xF8566000 VolSnap.sys
0xF83AE000 atapi.sys
0xF8576000 disk.sys
0xF8586000 \WINDOWS\System32\DRIVERS\CLASSPNP.SYS
0xF838E000 fltmgr.sys
0xF837C000 sr.sys
0xF831F000 mfehidk.sys
0xF87B6000 PxHelp20.sys
0xF8308000 KSecDD.sys
0xF827B000 Ntfs.sys
0xF824E000 NDIS.sys
0xF8596000 sbp2port.sys
0xF8234000 Mup.sys
0xF85A6000 gagp30kx.sys
0xF85D6000 \SystemRoot\System32\DRIVERS\nic1394.sys
0xF7C92000 \SystemRoot\System32\DRIVERS\ati2mtag.sys
0xF7C7E000 \SystemRoot\System32\DRIVERS\VIDEOPRT.SYS
0xF7C52000 \SystemRoot\System32\DRIVERS\HSFHWBS2.sys
0xF7B43000 \SystemRoot\System32\DRIVERS\HSF_DP.sys
0xF7AAB000 \SystemRoot\System32\DRIVERS\HSF_CNXT.sys
0xF889E000 \SystemRoot\System32\Drivers\Modem.SYS
0xF7A6C000 \SystemRoot\System32\DRIVERS\mrv8k51.sys
0xF88A6000 \SystemRoot\system32\drivers\ASAPIW2k.sys
0xF89EE000 \SystemRoot\system32\drivers\pfc.sys
0xF7D99000 \SystemRoot\System32\DRIVERS\cdrom.sys
0xF7D89000 \SystemRoot\System32\DRIVERS\redbook.sys
0xF7A49000 \SystemRoot\System32\DRIVERS\ks.sys
0xF88AE000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0xF7D79000 \SystemRoot\System32\DRIVERS\imapi.sys
0xF88B6000 \SystemRoot\System32\DRIVERS\usbuhci.sys
0xF7A25000 \SystemRoot\System32\DRIVERS\USBPORT.SYS
0xF88BE000 \SystemRoot\System32\DRIVERS\usbehci.sys
0xF7D69000 \SystemRoot\System32\DRIVERS\i8042prt.sys
0xF88C6000 \SystemRoot\System32\DRIVERS\kbdclass.sys
0xF88CE000 \SystemRoot\System32\DRIVERS\mouclass.sys
0xF88D6000 \SystemRoot\System32\DRIVERS\fdc.sys
0xF7D59000 \SystemRoot\System32\DRIVERS\serial.sys
0xF89FA000 \SystemRoot\System32\DRIVERS\serenum.sys
0xF79B3000 \SystemRoot\system32\drivers\ALCXWDM.SYS
0xF798F000 \SystemRoot\system32\drivers\portcls.sys
0xF85E6000 \SystemRoot\system32\drivers\drmk.sys
0xF792D000 \SystemRoot\system32\drivers\ALCXSENS.SYS
0xF85F6000 \SystemRoot\System32\DRIVERS\fetnd5b.sys
0xF8606000 \SystemRoot\System32\DRIVERS\processr.sys
0xF78FB000 \SystemRoot\System32\DRIVERS\aucapi.sys
0xF8B90000 \SystemRoot\System32\DRIVERS\audstub.sys
0xF78E7000 \SystemRoot\system32\DRIVERS\mfendisk.sys
0xF8616000 \SystemRoot\System32\DRIVERS\rasl2tp.sys
0xF8A02000 \SystemRoot\System32\DRIVERS\ndistapi.sys
0xF78D0000 \SystemRoot\System32\DRIVERS\ndiswan.sys
0xF8626000 \SystemRoot\System32\DRIVERS\raspppoe.sys
0xF8636000 \SystemRoot\System32\DRIVERS\raspptp.sys
0xF88DE000 \SystemRoot\System32\DRIVERS\TDI.SYS
0xF7897000 \SystemRoot\System32\DRIVERS\psched.sys
0xF8646000 \SystemRoot\System32\DRIVERS\msgpc.sys
0xF7873000 \SystemRoot\system32\drivers\mfeavfk.sys
0xF7828000 \SystemRoot\system32\drivers\mfefirek.sys
0xF88EE000 \SystemRoot\System32\DRIVERS\ptilink.sys
0xF88F6000 \SystemRoot\System32\DRIVERS\raspti.sys
0xF8656000 \SystemRoot\System32\DRIVERS\termdd.sys
0xF8A64000 \SystemRoot\System32\DRIVERS\swenum.sys
0xF77A2000 \SystemRoot\System32\DRIVERS\update.sys
0xF8204000 \SystemRoot\System32\DRIVERS\mssmbios.sys
0xF8696000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xF89C6000 \SystemRoot\system32\drivers\MODEMCSA.sys
0xF86D6000 \SystemRoot\System32\DRIVERS\usbhub.sys
0xF8A68000 \SystemRoot\System32\DRIVERS\USBD.SYS
0xF8A6C000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xF8BE3000 \SystemRoot\System32\Drivers\Null.SYS
0xF8A6E000 \SystemRoot\System32\Drivers\Beep.SYS
0xF8906000 \SystemRoot\System32\drivers\vga.sys
0xF8A70000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xF8A72000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xF890E000 \SystemRoot\System32\Drivers\Msfs.SYS
0xF8916000 \SystemRoot\System32\Drivers\Npfs.SYS
0xF89CE000 \SystemRoot\System32\DRIVERS\rasacd.sys
0xB6679000 \SystemRoot\System32\DRIVERS\ipsec.sys
0xB6620000 \SystemRoot\System32\DRIVERS\tcpip.sys
0xB660D000 \SystemRoot\system32\drivers\mfetdi2k.sys
0xB65E7000 \SystemRoot\System32\DRIVERS\ipnat.sys
0xB65BF000 \SystemRoot\System32\DRIVERS\netbt.sys
0xB659D000 \SystemRoot\System32\drivers\afd.sys
0xF86F6000 \SystemRoot\System32\DRIVERS\netbios.sys
0xB6572000 \SystemRoot\System32\DRIVERS\rdbss.sys
0xB6502000 \SystemRoot\System32\DRIVERS\mrxsmb.sys
0xF8716000 \SystemRoot\System32\Drivers\Fips.SYS
0xF8726000 \SystemRoot\System32\DRIVERS\wanarp.sys
0xF8736000 \SystemRoot\System32\DRIVERS\arp1394.sys
0xF8926000 \SystemRoot\System32\DRIVERS\USBSTOR.SYS
0xF8746000 \SystemRoot\System32\Drivers\IMT0521.sys
0xF78C0000 \SystemRoot\System32\Drivers\SMCLIB.SYS
0xF892E000 \SystemRoot\System32\DRIVERS\usbccgp.sys
0xF78BC000 \SystemRoot\System32\DRIVERS\sfloppy.sys
0xF87CE000 \SystemRoot\System32\DRIVERS\usbprint.sys
0xF78B8000 \SystemRoot\system32\DRIVERS\BrScnUsb.sys
0xF78B4000 \SystemRoot\System32\Drivers\BrUsbSer.sys
0xF8756000 \SystemRoot\System32\Drivers\BrSerIf.sys
0xB6416000 \SystemRoot\System32\Drivers\Fastfat.SYS
0xB63FE000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xF8AC6000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xB64E6000 \SystemRoot\System32\drivers\Dxapi.sys
0xF882E000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xF8BBA000 \SystemRoot\System32\drivers\dxgthk.sys
0xB6775000 \SystemRoot\System32\DRIVERS\ATINTTXX.sys
0xB6765000 \SystemRoot\System32\DRIVERS\STREAM.SYS
0xF8836000 \SystemRoot\System32\DRIVERS\atinmdxx.sys
0xB63EB000 \SystemRoot\System32\DRIVERS\atinxsxx.sys
0xB6755000 \SystemRoot\System32\DRIVERS\atinraxx.sys
0xB63CE000 \SystemRoot\System32\DRIVERS\atinrvxx.sys
0xB63B9000 \SystemRoot\System32\DRIVERS\atintuxx.sys
0xBF012000 \SystemRoot\System32\ati2dvag.dll
0xBF048000 \SystemRoot\System32\ati2cqag.dll
0xBF080000 \SystemRoot\System32\ati3duag.dll
0xBF24E000 \SystemRoot\System32\ativvaxx.dll
0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
0xB62A9000 \SystemRoot\System32\DRIVERS\ndisuio.sys
0xB5FCC000 \SystemRoot\System32\DRIVERS\mrxdav.sys
0xB5EEF000 \SystemRoot\system32\drivers\wdmaud.sys
0xF8766000 \SystemRoot\system32\drivers\sysaudio.sys
0xB604D000 \??\C:\WINDOWS\system32\drivers\cpuz132_x32.sys
0xB5C29000 \SystemRoot\System32\DRIVERS\srv.sys
0xB5E84000 \SystemRoot\System32\DRIVERS\mdmxsdk.sys
0xF87D6000 \SystemRoot\System32\DRIVERS\strmdisp.sys
0xF8A3E000 \??\C:\WINDOWS\System32\Drivers\U3sHlpDr.sys
0xB60B1000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xB5278000 \SystemRoot\System32\Drivers\HTTP.sys
0xB5864000 \SystemRoot\system32\drivers\cfwids.sys
0xB45F0000 \SystemRoot\system32\drivers\mfeapfk.sys
0xB5A16000 \SystemRoot\system32\drivers\mfebopk.sys
0x7C910000 \WINDOWS\system32\ntdll.dll

Processes (total 39):
0 System Idle Process
4 System
1156 C:\WINDOWS\system32\smss.exe
1296 csrss.exe
1324 C:\WINDOWS\system32\winlogon.exe
1368 C:\WINDOWS\system32\services.exe
1380 C:\WINDOWS\system32\lsass.exe
1536 C:\WINDOWS\system32\svchost.exe
1632 svchost.exe
1668 C:\WINDOWS\system32\svchost.exe
1712 svchost.exe
1916 svchost.exe
588 C:\WINDOWS\explorer.exe
764 C:\WINDOWS\system32\spoolsv.exe
812 scardsvr.exe
872 svchost.exe
916 C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe
940 C:\Programme\Bonjour\mDNSResponder.exe
992 C:\Programme\FRITZ!DSL\IGDCTRL.EXE
1124 C:\Programme\java\jre6\bin\jqs.exe
1196 C:\Programme\McAfee\SiteAdvisor\McSACore.exe
1224 C:\Programme\Gemeinsame Dateien\McAfee\McSvcHost\McSvHost.exe
1344 C:\Programme\Gemeinsame Dateien\McAfee\SystemCore\mfevtps.exe
1740 C:\WINDOWS\system32\svchost.exe
1884 C:\WINDOWS\system32\svchost.exe
1992 C:\Programme\Gemeinsame Dateien\McAfee\SystemCore\mcshield.exe
136 C:\Programme\Gemeinsame Dateien\McAfee\SystemCore\mfefire.exe
2060 C:\Programme\Canon\CAL\CALMAIN.exe
2776 alg.exe
3452 C:\WINDOWS\system32\ctfmon.exe
3508 C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
3768 C:\Programme\OpenOffice.org 3\program\soffice.exe
3980 C:\Programme\OpenOffice.org 3\program\soffice.bin
2324 C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
2308 C:\WINDOWS\system32\svchost.exe
492 C:\Dokumente und Einstellungen\Markus\Eigene Dateien\Downloads\osam\osam.exe
3024 C:\Programme\Mozilla Firefox\firefox.exe
3788 C:\WINDOWS\system32\notepad.exe
3496 C:\Dokumente und Einstellungen\Markus\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000039`21180c00 (FAT32)

PhysicalDrive0 Model Number: Maxtor7Y250P0, Rev: YAR41BW0

Size Device Name MBR Status
--------------------------------------------
233 GB \\.\PhysicalDrive0 Windows XP MBR code detected
SHA1: ADFE55CD0C6ED2E00B22375835E4C2736CE9AD11


Done!

Hoffe Du kannst was damit anfangen
Noch ein gutes neues Jahr
Markus

cosinus 02.01.2011 16:06
Zitat:
"kbeepm" (kbeepm) - ? - C:\DOKUME~1\Admin\LOKALE~1\Temp\kbeepm.sys (File not found)
Bitte mit OSAM deaktivieren und löschen (beachte dazu die Anleitung zu OSAM)

cube 02.01.2011 17:26
Was für eine Aktion! Muss jedesmal den Mc Afee komplett deativieren, sonst haut er sofort die .exe raus. Als vertraute Datei nimmt ers nicht!
Die Logdatei vom löschen hab ich leider nicht hinbekommen, aber eine neue allg. log:
OSAM Logfile:
Code:
Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 17:16:37 on 02.01.2011

OS: Windows XP Home Edition Service Pack 3 (Build 2600)
Default Browser: Mozilla Corporation Firefox 3.5.16

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Control Panel Objects]
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"QuickTime" - "Apple Inc." - C:\Programme\QuickTime\QTSystem\QuickTime.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"actser" (actser) - "Siemens AG" - C:\WINDOWS\System32\drivers\actser.sys
"AMD Athlon64-Prozessortreiber" (AmdK8) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\AmdK8.sys
"ASAPIW2K" (ASAPIW2k) - "Pinnacle Systems GmbH" - C:\WINDOWS\System32\drivers\ASAPIW2k.sys
"ASNDIS5 Protocol Driver" (ASNDIS5) - "Printing Communications Assoc., Inc. (PCAUSA)" - C:\WINDOWS\System32\ASNDIS5.SYS
"ASUS 802.11b/g Driver for Windows XP" (W8100PCI) - "Marvell Semiconductor, Inc" - C:\WINDOWS\System32\DRIVERS\mrv8k51.sys
"ATI Remote Wonder II" (ATI Remote Wonder II) - "Jungo" - C:\WINDOWS\System32\drivers\ATIRWVD.SYS
"ATI Wireless Remote Receiver V2.36" (X10UIF) - "X10 Wireless Technology, Inc." - C:\WINDOWS\System32\Drivers\x10uif.sys
"Auerswald CAPI2.0 Device" (aucapi) - "Auerswald GmbH & Co.KG                        " - C:\WINDOWS\System32\DRIVERS\aucapi.sys
"Auerswald ISDN USB Driver" (auusb) - "Auerswald GmbH & Co.KG                        " - C:\WINDOWS\System32\DRIVERS\auusb.sys
"catchme" (catchme) - ? - C:\DOKUME~1\Markus\LOKALE~1\Temp\catchme.sys  (File not found)
"Changer" (Changer) - ? - C:\WINDOWS\system32\drivers\Changer.sys  (File not found)
"cpuz132" (cpuz132) - "Windows (R) Codename Longhorn DDK provider" - C:\WINDOWS\system32\drivers\cpuz132_x32.sys
"HSFHWBS2" (HSFHWBS2) - "Conexant Systems, Inc." - C:\WINDOWS\System32\DRIVERS\HSFHWBS2.sys
"HSF_DP" (HSF_DP) - "Conexant Systems, Inc." - C:\WINDOWS\System32\DRIVERS\HSF_DP.sys
"i2omgmt" (i2omgmt) - ? - C:\WINDOWS\system32\drivers\i2omgmt.sys  (File not found)
"Infineon ADM851X USB To Fast Ethernet MII Adapter Driver" (ADM851X) - "Infineon Technologies AG" - C:\WINDOWS\System32\DRIVERS\ADM851X.SYS
"Inmax USB IMT-0521 Smartcard Reader" (IMT0521) - "Inmax Technology Corp." - C:\WINDOWS\System32\Drivers\IMT0521.sys
"lbrtfdc" (lbrtfdc) - ? - C:\WINDOWS\system32\drivers\lbrtfdc.sys  (File not found)
"McAfee Inc." (mfeavfk01) - ? - C:\WINDOWS\system32\drivers\mfeavfk01.sys  (File not found)
"NTSIM" (NTSIM) - "VIA Networking Technologies, Inc.      " - C:\WINDOWS\System32\ntsim.sys
"PADUS ASPI SHELL" (pfc) - "Padus, Inc." - C:\WINDOWS\System32\drivers\pfc.sys
"PCIDump" (PCIDump) - ? - C:\WINDOWS\system32\drivers\PCIDump.sys  (File not found)
"PDCOMP" (PDCOMP) - ? - C:\WINDOWS\system32\drivers\PDCOMP.sys  (File not found)
"PDFRAME" (PDFRAME) - ? - C:\WINDOWS\system32\drivers\PDFRAME.sys  (File not found)
"PDRELI" (PDRELI) - ? - C:\WINDOWS\system32\drivers\PDRELI.sys  (File not found)
"PDRFRAME" (PDRFRAME) - ? - C:\WINDOWS\system32\drivers\PDRFRAME.sys  (File not found)
"PxHelp20" (PxHelp20) - "Sonic Solutions" - C:\WINDOWS\System32\DRIVERS\PxHelp20.sys
"SCR33X USB Smart Card Reader" (SCR33X USB Smart Card Reader) - "SCM Microsystems Inc." - C:\WINDOWS\System32\DRIVERS\SCR33X2K.sys
"Service for Realtek AC97 Audio (WDM)" (ALCXWDM) - "Realtek Semiconductor Corp." - C:\WINDOWS\System32\drivers\ALCXWDM.SYS
"Service for WDM 3D Audio Driver" (ALCXSENS) - "Sensaura Ltd" - C:\WINDOWS\System32\drivers\ALCXSENS.SYS
"StreamDispatcher" (StreamDispatcher) - "Conexant Systems, Inc." - C:\WINDOWS\System32\DRIVERS\strmdisp.sys
"U3sHlpDr" (U3sHlpDr) - ? - C:\WINDOWS\System32\Drivers\U3sHlpDr.sys  (File found, but it contains no detailed information)
"VIA Rhine Family Fast Ethernet Adapter Driver Service" (FETNDISB) - "VIA Technologies, Inc.              " - C:\WINDOWS\System32\DRIVERS\fetnd5b.sys
"WAN Miniport (ATW)" (wanatw) - ? - C:\WINDOWS\System32\DRIVERS\wanatw4.sys  (File not found)
"WDICA" (WDICA) - ? - C:\WINDOWS\system32\drivers\WDICA.sys  (File not found)
"winachsf" (winachsf) - "Conexant Systems, Inc." - C:\WINDOWS\System32\DRIVERS\HSF_CNXT.sys

[Explorer]
-----( HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components )-----
{89B4C1CD-B018-4511-B0A1-5476DBF70820} "StubPath" - "Microsoft Corporation" - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.dll
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" - ? - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
-----( HKLM\Software\Classes\Protocols\Filter )-----
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
-----( HKLM\Software\Classes\Protocols\Handler )-----
{5513F07E-936B-4E52-9B00-067394E91CC5} "McAfee SACore Protocol Handler" - "McAfee, Inc." - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
{5513F07E-936B-4E52-9B00-067394E91CC5} "McAfee SACore Protocol Handler" - "McAfee, Inc." - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
{0A9007C0-4076-11D3-8789-0000F8105754} "Microsoft Infotech Storage Protocol for IE 4.0" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\msitss.dll
{CD00020A-8B95-11D1-82DB-00C04FB1625D} "Microsoft PKM KnowledgePluggable Class" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Folders\PKMCDO.DLL
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{23170F69-40C1-278A-1000-000100020000} "7-Zip Shell Extension" - "Igor Pavlov" - C:\Programme\7-Zip\7-zip.dll
{42071714-76d4-11d1-8b24-00a0c9068ff3} "CPL-Erweiterung für Anzeigeverschiebung" - ? - deskpan.dll  (File not found)
{1D2680C9-0E2A-469d-B787-065558BC7D43} "Fusion Cache" - "Microsoft Corporation" - c:\WINDOWS\system32\mscoree.dll
{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} "iTunes" - "Apple Inc." - C:\Programme\iTunes\iTunesMiniPlayer.dll
{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} "Kontextmenü für die Verschlüsselung" - ? -  (File not found | COM-object registry key not found)
{32683183-48a0-441b-a342-7c2a440a9478} "Media Band" - ? -  (File not found | COM-object registry key not found)
{BB7DF450-F119-11CD-8465-00AA00425D90} "Microsoft Access Custom Icon Handler" - ? - C:\Programme\Office\  (File not found)
{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Programme\Microsoft Office\Office10\msohev.dll
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "OpenOffice.org Column Handler" - ? - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{087B3AE3-E237-4467-B8DB-5A38AB959AC9} "OpenOffice.org Infotip Handler" - ? - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{63542C48-9552-494A-84F7-73AA6A7C99C1} "OpenOffice.org Property Sheet Handler" - ? - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{3B092F0C-7696-40E3-A80F-68D74DA84210} "OpenOffice.org Thumbnail Viewer" - ? - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{0006F045-0000-0000-C000-000000000046} "Outlook-Dateisymbolerweiterung" - "Microsoft Corporation" - C:\PROGRA~1\Office\OLKFSTUB.DLL
{E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} "Shell Icon Handler for Application References" - "Microsoft Corporation" - c:\WINDOWS\system32\dfshim.dll
{764BF0E1-F219-11ce-972D-00AA00A14F56} "Shellerweiterungen für die Dateikomprimierung" - ? -  (File not found | COM-object registry key not found)
{e82a2d71-5b2f-43a0-97b8-81be15854de8} "ShellLink for Application References" - "Microsoft Corporation" - c:\WINDOWS\system32\dfshim.dll
{ED65AC21-B24F-11d3-BA80-00C0CA16AA37} "Siemens Device" - ? -  (File not found | COM-object registry key not found)
{ED65AC22-B24F-11d3-BA80-00C0CA16AA37} "Siemens Device ContextMenuHandler" - ? -  (File not found | COM-object registry key not found)
{ED65AC23-B24F-11d3-BA80-00C0CA16AA37} "Siemens SX1 PropertySheetHandler" - ? -  (File not found | COM-object registry key not found)
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} "Webordner" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - ? - C:\Programme\WinRAR\rarext.dll  (File found, but it contains no detailed information)

[Internet Explorer]
-----( HKCU\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars )-----
{32683183-48a0-441b-a342-7c2a440a9478} "{32683183-48a0-441b-a342-7c2a440a9478}" - ? -  (File not found | COM-object registry key not found)
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
<binary data> "&Google" - "Google Germany GmbH" - c:\programme\google\googletoolbar1.dll
<binary data> "Ask.com Toolbar" - "Ask.com" - C:\Programme\Ask.com\GenericAskToolbar.dll
ITBar7Height "ITBar7Height" - ? -  (File not found | COM-object registry key not found)
<binary data> "ITBar7Layout" - ? -  (File not found | COM-object registry key not found)
<binary data> "ITBarLayout" - ? -  (File not found | COM-object registry key not found)
-----( HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks )-----
{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} "McAfee SiteAdvisor Toolbar" - "McAfee, Inc." - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_20" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_20.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} "Java Plug-in 1.6.0_20" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_20.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_20" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_20.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
{4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} "McAfee.com Operating System Class" - "McAfee, Inc" - C:\WINDOWS\System32\mcinsctl.dll / hxxp://download.mcafee.com/molbin/shared/mcinsctl/de/4,0,0,90/mcinsctl.cab
{D27CDB6E-AE6D-11CF-96B8-444553540000} "Shockwave Flash Object" - "Adobe Systems, Inc." - C:\WINDOWS\system32\Macromed\Flash\Flash10d.ocx / hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
{44226DFF-747E-4edc-B30C-78752E50CD0C} "ATI TV" - "ATI Technologies Inc." - C:\Programme\ATI Multimedia\tv\EXPLBAR.DLL
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )-----
<binary data> "&Google" - "Google Germany GmbH" - c:\programme\google\googletoolbar1.dll
<binary data> "Ask.com Toolbar" - "Ask.com" - C:\Programme\Ask.com\GenericAskToolbar.dll
{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} "McAfee SiteAdvisor Toolbar" - "McAfee, Inc." - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} "Adobe PDF Reader" - "Adobe Systems Incorporated" - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
{D4027C7F-154A-4066-A1AD-4243D8127440} "Ask.com Toolbar" - "Ask.com" - C:\Programme\Ask.com\GenericAskToolbar.dll
{AA58ED58-01DD-4d91-8333-CF10577473F7} "Google Toolbar Helper" - "Google Germany GmbH" - c:\programme\google\googletoolbar1.dll
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} "Google Toolbar Notifier BHO" - "Google Inc." - C:\Programme\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jp2ssv.dll
{E7E6F031-17CE-4C07-BC86-EABFE594F69C} "JQSIEStartDetectorImpl Class" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
{B164E929-A1B6-4A06-B104-2CD0E90A88FF} "McAfee SiteAdvisor BHO" - "McAfee, Inc." - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
{12FC9A49-CFE0-49AA-BE9E-8F4EEAFC9443} "metaspinner media GmbH" - ? - C:\PROGRA~1\klickTel\EBAYST~1\IEBUTT~2.DLL  (File found, but it contains no detailed information)
{7DB2D5A0-7241-4E79-B68D-6309F01C5231} "scriptproxy" - "McAfee, Inc." - C:\Programme\Gemeinsame Dateien\McAfee\SystemCore\ScriptSn.20101115212251.dll
{74A0AC27-3753-4080-B94E-557CC43E9E8B} "{74A0AC27-3753-4080-B94E-557CC43E9E8B}" - ? -  (File not found | COM-object registry key not found)

[Logon]
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----
"swg" - "Google Inc." - "C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

[Print Monitors]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----
"avm:" - "AVM Berlin GmbH" - C:\WINDOWS\system32\avmprmon.dll
"Canon BJ Language Monitor S400" - "CANON INC." - C:\WINDOWS\system32\CNMLM2P.DLL

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
".NET Runtime Optimization Service v2.0.50727_X86" (clr_optimization_v2.0.50727_32) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
"Anwendungsverwaltung" (AppMgmt) - ? - C:\WINDOWS\System32\appmgmts.dll  (File not found)
"Apple Mobile Device" (Apple Mobile Device) - "Apple Inc." - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe
"ASP.NET-Zustandsdienst" (aspnet_state) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
"Ati HotKey Poller" (Ati HotKey Poller) - "ATI Technologies Inc." - C:\WINDOWS\System32\Ati2evxx.exe
"ATI Smart" (ATI Smart) - ? - C:\WINDOWS\system32\ati2sgag.exe
"AVM IGD CTRL Service" (IGDCTRL) - "AVM Berlin" - C:\Programme\FRITZ!DSL\IGDCTRL.EXE
"Canon Camera Access Library 8" (CCALib8) - "Canon Inc." - C:\Programme\Canon\CAL\CALMAIN.exe
"Dienst "Bonjour"" (Bonjour Service) - "Apple Inc." - C:\Programme\Bonjour\mDNSResponder.exe
"Google Updater Service" (gusvc) - "Google" - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
"iPod-Dienst" (iPod Service) - "Apple Inc." - C:\Programme\iPod\bin\iPodService.exe
"Java Quick Starter" (JavaQuickStarterService) - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jqs.exe
"McAfee Firewall Core Service" (mfefire) - "McAfee, Inc." - C:\Programme\Gemeinsame Dateien\McAfee\SystemCore\mfefire.exe
"McAfee Network Agent" (McNASvc) - "McAfee, Inc." - C:\Programme\Gemeinsame Dateien\McAfee\McSvcHost\McSvHost.exe
"McAfee Personal Firewall-Dienst" (McMPFSvc) - "McAfee, Inc." - C:\Programme\Gemeinsame Dateien\Mcafee\McSvcHost\McSvHost.exe
"McAfee Proxy Service" (McProxy) - "McAfee, Inc." - C:\Programme\Gemeinsame Dateien\McAfee\McSvcHost\McSvHost.exe
"McAfee Scanner" (McODS) - "McAfee, Inc." - C:\Programme\McAfee\VirusScan\mcods.exe
"McAfee Services" (mcmscsvc) - "McAfee, Inc." - C:\Programme\Gemeinsame Dateien\McAfee\McSvcHost\McSvHost.exe
"McAfee SiteAdvisor Service" (McAfee SiteAdvisor Service) - "McAfee, Inc." - C:\Programme\McAfee\SiteAdvisor\McSACore.exe
"McAfee Validation Trust Protection Service" (mfevtp) - "McAfee, Inc." - C:\Programme\Gemeinsame Dateien\McAfee\SystemCore\mfevtps.exe
"McAfee VirusScan Announcer" (McNaiAnn) - "McAfee, Inc." - C:\Programme\Gemeinsame Dateien\McAfee\McSvcHost\McSvHost.exe
"McShield" (McShield) - "McAfee, Inc." - C:\Programme\Gemeinsame Dateien\McAfee\SystemCore\mcshield.exe
"Windows CardSpace" (idsvc) - "Microsoft Corporation" - c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
"Windows Presentation Foundation Font Cache 3.0.0.0" (FontCache3.0.0.0) - "Microsoft Corporation" - c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe

[Winlogon]
-----( HKCU\Control Panel\IOProcs )-----
"MVB" - ? - mvfs32.dll  (File not found)
-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions )-----
{c6dc5466-785a-11d2-84d0-00c04fb169f7} "Softwareinstallation" - ? - appmgmts.dll  (File not found)

[Winsock Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )-----
"mdnsNSP" - "Apple Inc." - C:\Programme\Bonjour\mdnsNSP.dll

===[ Logfile end ]=========================================[ Logfile end ]===
--- --- ---

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru

cosinus 02.01.2011 19:30
Gut. Probier GMER bitte nochmal aus.

cube 02.01.2011 22:28
Hab GMER ein paar mal laufen lassen. Geht jedesmal bis zu den Files dann ist Schluß.
Hier die logs:
GMER Logfile:
Code:
GMER 1.0.15.15530 - hxxp://www.gmer.net
Rootkit scan 2011-01-02 21:14:31
Windows 5.1.2600 Service Pack 3
Running: dxcc149w.exe; Driver: C:\DOKUME~1\Markus\LOKALE~1\Temp\kwkcikod.sys


---- System - GMER 1.0.15 ----

Code  mfehidk.sys (McAfee Link Driver/McAfee, Inc.)  ZwCreateKey [0xF83520E0]
Code  mfehidk.sys (McAfee Link Driver/McAfee, Inc.)  ZwDeleteKey [0xF83520F4]
Code  mfehidk.sys (McAfee Link Driver/McAfee, Inc.)  ZwDeleteValueKey [0xF8352120]
Code  mfehidk.sys (McAfee Link Driver/McAfee, Inc.)  ZwOpenKey [0xF83520CC]
Code  mfehidk.sys (McAfee Link Driver/McAfee, Inc.)  ZwOpenProcess [0xF83520A4]
Code  mfehidk.sys (McAfee Link Driver/McAfee, Inc.)  ZwOpenThread [0xF83520B8]
Code  mfehidk.sys (McAfee Link Driver/McAfee, Inc.)  ZwRenameKey [0xF835210A]
Code  mfehidk.sys (McAfee Link Driver/McAfee, Inc.)  ZwSetSecurityObject [0xF835214C]
Code  mfehidk.sys (McAfee Link Driver/McAfee, Inc.)  ZwSetValueKey [0xF8352136]
Code  mfehidk.sys (McAfee Link Driver/McAfee, Inc.)  NtOpenProcess
Code  mfehidk.sys (McAfee Link Driver/McAfee, Inc.)  NtOpenThread
Code  mfehidk.sys (McAfee Link Driver/McAfee, Inc.)  NtSetSecurityObject

---- EOF - GMER 1.0.15 ----
--- --- ---
GMER Logfile:
Code:
GMER 1.0.15.15530 - hxxp://www.gmer.net
Rootkit scan 2011-01-02 21:13:59
Windows 5.1.2600 Service Pack 3
Running: dxcc149w.exe; Driver: C:\DOKUME~1\Markus\LOKALE~1\Temp\kwkcikod.sys


---- Kernel code sections - GMER 1.0.15 ----

PAGE  ntkrnlpa.exe!NtSetSecurityObject                                                              805B6040 5 Bytes  JMP F8352150 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE  ntkrnlpa.exe!NtOpenProcess                                                                    805C1316 5 Bytes  JMP F83520A8 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE  ntkrnlpa.exe!NtOpenThread                                                                    805C15A2 5 Bytes  JMP F83520BC mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE  ntkrnlpa.exe!ZwSetValueKey                                                                    806188B6 7 Bytes  JMP F835213A mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE  ntkrnlpa.exe!ZwRenameKey                                                                      80619D66 7 Bytes  JMP F835210E mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE  ntkrnlpa.exe!ZwCreateKey                                                                      8061A344 5 Bytes  JMP F83520E4 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE  ntkrnlpa.exe!ZwDeleteKey                                                                      8061A7E0 7 Bytes  JMP F83520F8 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE  ntkrnlpa.exe!ZwDeleteValueKey                                                                8061A9B0 7 Bytes  JMP F8352124 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE  ntkrnlpa.exe!ZwOpenKey                                                                        8061B722 5 Bytes  JMP F83520D0 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
init  C:\WINDOWS\system32\drivers\ALCXSENS.SYS                                                      entry point in "init" section [0xF73BFA80]

---- User code sections - GMER 1.0.15 ----

.text  C:\Programme\Gemeinsame Dateien\McAfee\McSvcHost\McSvHost.exe[964] kernel32.dll!LoadLibraryA  7C801D7B 5 Bytes  JMP 62419A20 C:\Programme\Gemeinsame Dateien\McAfee\McProxy\mcproxy.dll (McAfee Proxy Service Module/McAfee, Inc.)
.text  C:\Programme\Gemeinsame Dateien\McAfee\McSvcHost\McSvHost.exe[964] kernel32.dll!LoadLibraryW  7C80AEEB 5 Bytes  JMP 62419AE2 C:\Programme\Gemeinsame Dateien\McAfee\McProxy\mcproxy.dll (McAfee Proxy Service Module/McAfee, Inc.)

---- EOF - GMER 1.0.15 ----
--- --- ---
GMER Logfile:
Code:
GMER 1.0.15.15530 - hxxp://www.gmer.net
Rootkit scan 2011-01-02 21:12:44
Windows 5.1.2600 Service Pack 3
Running: dxcc149w.exe; Driver: C:\DOKUME~1\Markus\LOKALE~1\Temp\kwkcikod.sys


---- User IAT/EAT - GMER 1.0.15 ----

IAT  C:\Programme\Gemeinsame Dateien\McAfee\SystemCore\mfevtps.exe[1012] @ C:\WINDOWS\system32\CRYPT32.dll [ADVAPI32.dll!RegQueryValueExW]  [00407740] C:\Programme\Gemeinsame Dateien\McAfee\SystemCore\mfevtps.exe (McAfee Process Validation Service/McAfee, Inc.)
IAT  C:\Programme\Gemeinsame Dateien\McAfee\SystemCore\mfevtps.exe[1012] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryA]      [004077A0] C:\Programme\Gemeinsame Dateien\McAfee\SystemCore\mfevtps.exe (McAfee Process Validation Service/McAfee, Inc.)

---- EOF - GMER 1.0.15 ----
--- --- ---
GMER Logfile:
Code:
GMER 1.0.15.15530 - hxxp://www.gmer.net
Rootkit scan 2011-01-02 21:15:03
Windows 5.1.2600 Service Pack 3
Running: dxcc149w.exe; Driver: C:\DOKUME~1\Markus\LOKALE~1\Temp\kwkcikod.sys


---- Devices - GMER 1.0.15 ----

AttachedDevice  \FileSystem\Ntfs \Ntfs      mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
AttachedDevice  \Driver\Tcpip \Device\Ip    mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice  \Driver\Tcpip \Device\Tcp    mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice  \Driver\Tcpip \Device\Udp    mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice  \Driver\Tcpip \Device\RawIp  mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice  \FileSystem\Fastfat \Fat    mfehidk.sys (McAfee Link Driver/McAfee, Inc.)

---- EOF - GMER 1.0.15 ----
--- --- ---


GMER 1.0.15.15530 - hxxp://www.gmer.net
Rootkit quick scan 2011-01-02 21:45:51
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 Maxtor_7Y250P0 rev.YAR41BW0
Running: dxcc149w.exe; Driver: C:\DOKUME~1\Markus\LOKALE~1\Temp\kwkcikod.sys


---- System - GMER 1.0.15 ----

Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwCreateKey [0xF83520E0]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwDeleteKey [0xF83520F4]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwDeleteValueKey [0xF8352120]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenKey [0xF83520CC]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenProcess [0xF83520A4]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenThread [0xF83520B8]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwRenameKey [0xF835210A]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwSetSecurityObject [0xF835214C]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwSetValueKey [0xF8352136]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtOpenProcess
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtOpenThread
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtSetSecurityObject

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
AttachedDevice \FileSystem\Fastfat \Fat mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Ip mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Udp mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)

---- EOF - GMER 1.0.15 ----
Danke für die Hilfe
Markus

cosinus 03.01.2011 09:16
Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SASW und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!

cube 09.01.2011 22:29
Hallo Arne,
sorry hat ein wenig gedauert, letzte Woche war die Hölle los.
Hier mal das log von Malware:
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 5480

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

09.01.2011 22:16:56
mbam-log-2011-01-09 (22-16-56).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 435202
Laufzeit: 3 Stunde(n), 17 Minute(n), 50 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

Jetzt ist SASW dran
Gruß


Alle Zeitangaben in WEZ +1. Es ist jetzt 04:22 Uhr.
Seite 2 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131